Check DNS SRV record for _matrix-identity._tcp when mxisd enabled

roles/matrix-server/tasks/self_check/self_check_dns.yml

@@ -1,24 +1,28 @@
 ---
 
-# This requires the dnspython library and will fail with a friendly error when unavailable.
-- name: Check DNS SRV record
+- name: Determine DNS SRV records to check (Matrix)
   set_fact:
-    result_dig_srv: "{{ lookup('dig', ('_matrix._tcp.' + hostname_identity + './SRV'), 'flat=0', wantlist=False) }}"
+    dns_srv_record_checks:
+      - service_and_protocol: "_matrix._tcp"
+        domain: "{{ (hostname_identity + '.') }}"
+        expected_target: "{{ (hostname_matrix + '.') }}"
+        expected_port: 8448
 
-- name: Fail if DNS SRV record missing
-  fail:
-    msg: "It appears the DNS SRV record for {{ hostname_identity }} is not set up correctly (the record is missing). See the 'Configuring DNS' documentation for this playbook."
-  when: "result_dig_srv == 'NXDOMAIN'"
+- block:
+    - set_fact:
+        dns_srv_record_check_mxisd:
+          service_and_protocol: "_matrix-identity._tcp"
+          domain: "{{ (hostname_identity + '.') }}"
+          expected_target: "{{ (hostname_matrix + '.') }}"
+          expected_port: 443
 
-- name: Fail if DNS SRV record incorrect
-  fail:
-    msg: >
-      It appears the DNS SRV record for {{ hostname_identity }} is not set up correctly.
-      Expected it to point to `{{ (hostname_matrix + '.') }}` (port 8448).
-      Found it pointing to `{{ result_dig_srv.target }}` (port {{ result_dig_srv.port }}).
-      See the 'Configuring DNS' documentation for this playbook.
-  when: "result_dig_srv.target != (hostname_matrix + '.') or result_dig_srv.port != 8448"
+    - name: Determine domains that we require certificates for (mxisd)
+      set_fact:
+        dns_srv_record_checks: "{{ dns_srv_record_checks + [dns_srv_record_check_mxisd] }}"
+  when: "matrix_mxisd_enabled"
 
-- name: Report correct DNS SRV record
-  debug:
-    msg: "The DNS SRV record for {{ hostname_identity }} points to {{ hostname_matrix }}, as expected"
+- name: Perform DNS SRV checks
+  include_tasks: "{{ role_path }}/tasks/self_check/self_check_dns_srv.yml"
+  with_items: "{{ dns_srv_record_checks }}"
+  loop_control:
+    loop_var: dns_srv_record_check

roles/matrix-server/tasks/self_check/self_check_dns_srv.yml

@@ -0,0 +1,26 @@
+---
+
+# This requires the dnspython library and will fail with a friendly error when unavailable.
+- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }}
+  set_fact:
+    result_dig_srv: "{{ lookup('dig', (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain + '/SRV'), 'flat=0', wantlist=False) }}"
+
+- name: Fail if DNS SRV record missing
+  fail:
+    msg: "It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly (the record is missing). See the 'Configuring DNS' documentation for this playbook."
+  when: "result_dig_srv == 'NXDOMAIN'"
+
+- name: Fail if DNS SRV record incorrect
+  fail:
+    msg: >
+      It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
+      Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
+      Found it pointing to `{{ result_dig_srv.target }}` (port {{ result_dig_srv.port }}).
+      See the 'Configuring DNS' documentation for this playbook.
+  when: "result_dig_srv.target != dns_srv_record_check.expected_target or result_dig_srv.port != dns_srv_record_check.expected_port"
+
+- name: Report correct DNS SRV record
+  debug:
+    msg: >
+      The DNS SRV record for `{{ dns_srv_record_check.service_and_protocol }}` on `{{ dns_srv_record_check.domain }}`
+      points to `{{ result_dig_srv.target }}` (port {{ dns_srv_record_check.expected_port }}), as expected