Connect Matrix Synapse and Matrix Static with guest account

2020-07-03 10:11:34 +05:00 · 2020-07-03 10:11:34 +05:00 · c640e7bc20
commit c640e7bc20
parent 8722757b34
9 changed files with 103 additions and 51 deletions
--- a/inventories/production/host_vars/matrix.crypto-libertarian.com.yml
+++ b/inventories/production/host_vars/matrix.crypto-libertarian.com.yml
@ -16,13 +16,14 @@ common__certbot__pre_hook: null

 common__nginx__state: null

-matrix__synapse__ssl_cert: '/etc/letsencrypt/live/matrix.crypto-libertarian.com/fullchain.pem'
-matrix__synapse__ssl_key:  '/etc/letsencrypt/live/matrix.crypto-libertarian.com/privkey.pem'
+matrix__site_host: 'crypto-libertarian.com'
+matrix__base_host: 'matrix.crypto-libertarian.com'
+matrix__site_url: 'https://crypto-libertarian.com'
+matrix__base_url: 'https://matrix.crypto-libertarian.com'
+matrix__admin_contact: 'mailto:kotovalexarian@gmail.com'

-matrix__synapse__server_name: 'crypto-libertarian.com'
-matrix__synapse__server_host: 'matrix.crypto-libertarian.com'
-matrix__synapse__baseurl: 'https://matrix.crypto-libertarian.com'
-matrix__synapse__admin_contact: 'mailto:kotovalexarian@gmail.com'
+matrix__nginx__ssl_cert: '/etc/letsencrypt/live/matrix.crypto-libertarian.com/fullchain.pem'
+matrix__nginx__ssl_key:  '/etc/letsencrypt/live/matrix.crypto-libertarian.com/privkey.pem'

 matrix__synapse__signing_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
@ -63,3 +64,28 @@ matrix__synapse__form_secret: !vault |
  61333335343165383332363336633133343665353362623731353134346561613337643932313566
  32613930393162373434303765653662356234666262373533313333393165656632333339383037
  306461653937343264356662373534313965
+
+matrix__static__user_id: '@1:crypto-libertarian.com'
+
+matrix__static__access_token: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  62313661366162333133653933653431633466643333616631393839373166366333316634363331
+  3834353933336264356633323563313262343461303862640a366263383835333265346230383662
+  62366130303835313236353231363230626534663563666163333666326463343863663635373435
+  6136633032353330640a333935633235303930626435626237366437616164356338306537346438
+  61323239393863353939313562623761633339336330336630323463353863383134353333343630
+  65643133363231323764316132343739326134636138656237323337326539316561386531313931
+  61363033326264376231386232343931353832353832646166656462303737613933666231623565
+  38326230653931376263366563323833643966643161383336613338623232363439636331346532
+  34333562653365323732663239326464323336336530353232376537323963643035636363323833
+  36346431363161383464663238623862366130663837636637653031323230613164323131326239
+  34333133663835633564386634373739313139373261313935393261316432373634666639613835
+  32653035633433643132396536636163316139363333363437333363616661393130646137303163
+  65326435643563613837646130646262376437636564323161303638613565346664623738343036
+  66383662383234373833646136356465386363666539656266323133313134663264643534663261
+  62316131633636646530393939373135613633303538346631353261346262643438366161306435
+  39326538333135666533343261326361613632313164396431623734356431343932656432313238
+  36346563616234373962373661316238316131626636316163323631303038636335643761636230
+  63383835616238666165363435393938396431343264616465303161323763363832386432386330
+  39653438646339666130633162636364343230656134366162393531393135653831303635316236
+  65333231306535306239
--- a/roles/matrix/defaults/main.yml
+++ b/roles/matrix/defaults/main.yml
@ -1,13 +1,17 @@
 ---
-matrix__synapse__ssl_cert: '/etc/letsencrypt/live/matrix.example.com/fullchain.pem'
-matrix__synapse__ssl_key:  '/etc/letsencrypt/live/matrix.example.com/privkey.pem'
+matrix__site_host: 'example.com'
+matrix__base_host: 'matrix.example.com'
+matrix__site_url: 'https://example.com'
+matrix__base_url: 'https://matrix.example.com'
+matrix__admin_contact: 'mailto:user@example.com'

-matrix__synapse__server_name: 'example.com'
-matrix__synapse__server_host: 'matrix.example.com'
-matrix__synapse__baseurl: 'https://matrix.example.com'
-matrix__synapse__admin_contact: 'mailto:user@example.com'
+matrix__nginx__ssl_cert: '/etc/letsencrypt/live/matrix.example.com/fullchain.pem'
+matrix__nginx__ssl_key:  '/etc/letsencrypt/live/matrix.example.com/privkey.pem'

 matrix__synapse__signing_key:     ''
 matrix__synapse__reg_secret:      ''
 matrix__synapse__macaroon_secret: ''
 matrix__synapse__form_secret:     ''
+
+matrix__static__user_id: ''
+matrix__static__access_token: ''
--- a/roles/matrix/tasks/nginx.yml
+++ b/roles/matrix/tasks/nginx.yml
@ -5,8 +5,8 @@

 - name: Create Nginx server configuration
  template:
-    src: '../templates/nginx/synapse.conf'
-    dest: '/etc/nginx/sites-available/synapse.conf'
+    src: '../templates/nginx/matrix.conf'
+    dest: '/etc/nginx/sites-available/matrix.conf'
    mode: 'u=rw,g=rw,o=r'
    owner: root
    group: root
@ -15,8 +15,8 @@
 - name: Enable Nginx server configuration
  file:
    state: link
-    src: '/etc/nginx/sites-available/synapse.conf'
-    dest: '/etc/nginx/sites-enabled/synapse.conf'
+    src: '/etc/nginx/sites-available/matrix.conf'
+    dest: '/etc/nginx/sites-enabled/matrix.conf'
    owner: root
    group: root
  notify: Restart Nginx
--- a/roles/matrix/tasks/static.yml
+++ b/roles/matrix/tasks/static.yml
@ -24,3 +24,11 @@
    group: '{{ matrix__static__group }}'
  with_items:
    - '{{ matrix__static__conf_dir }}'
+
+- name: Create Matrix Static config
+  template:
+    src: '../templates/static/config.json'
+    dest: '{{ matrix__static__conf_file }}'
+    mode: 'u=rw,g=rw,o='
+    owner: '{{ matrix__static__user }}'
+    group: '{{ matrix__static__group }}'
--- a/roles/matrix/templates/nginx/matrix.conf
+++ b/roles/matrix/templates/nginx/matrix.conf
@ -0,0 +1,36 @@
+server {
+  listen 443      ssl;
+  listen [::]:443 ssl;
+
+  server_name {{ matrix__base_host }};
+
+  ssl_certificate     {{ matrix__nginx__ssl_cert }};
+  ssl_certificate_key {{ matrix__nginx__ssl_key }};
+
+  location /_matrix {
+    proxy_pass http://localhost:8008;
+    proxy_set_header X-Forwarded-For $remote_addr;
+
+    client_max_body_size 10M;
+  }
+
+  location / {
+    proxy_pass http://localhost:8000;
+    proxy_set_header X-Forwarded-For $remote_addr;
+  }
+}
+
+server {
+  listen 8448      ssl;
+  listen [::]:8448 ssl;
+
+  server_name {{ matrix__base_host }};
+
+  ssl_certificate     {{ matrix__nginx__ssl_cert }};
+  ssl_certificate_key {{ matrix__nginx__ssl_key }};
+
+  location / {
+    proxy_pass http://localhost:8008;
+    proxy_set_header X-Forwarded-For $remote_addr;
+  }
+}
--- a/roles/matrix/templates/nginx/synapse.conf
+++ b/roles/matrix/templates/nginx/synapse.conf
@ -1,31 +0,0 @@
-server {
-  listen 443      ssl;
-  listen [::]:443 ssl;
-
-  server_name {{ matrix__synapse__server_host }};
-
-  ssl_certificate     {{ matrix__synapse__ssl_cert }};
-  ssl_certificate_key {{ matrix__synapse__ssl_key }};
-
-  location /_matrix {
-    proxy_pass http://localhost:8008;
-    proxy_set_header X-Forwarded-For $remote_addr;
-
-    client_max_body_size 10M;
-  }
-}
-
-server {
-  listen 8448      ssl;
-  listen [::]:8448 ssl;
-
-  server_name {{ matrix__synapse__server_host }};
-
-  ssl_certificate     {{ matrix__synapse__ssl_cert }};
-  ssl_certificate_key {{ matrix__synapse__ssl_key }};
-
-  location / {
-    proxy_pass http://localhost:8008;
-    proxy_set_header X-Forwarded-For $remote_addr;
-  }
-}
--- a/roles/matrix/templates/static/config.json
+++ b/roles/matrix/templates/static/config.json
@ -0,0 +1,7 @@
+{
+  "access_token": "{{ matrix__static__access_token }}",
+  "device_id": "guest_device",
+  "home_server": "{{ matrix__base_url }}",
+  "refresh_token": "",
+  "user_id": "{{ matrix__static__user_id }}"
+}
--- a/roles/matrix/templates/synapse/config.yml
+++ b/roles/matrix/templates/synapse/config.yml
@ -13,7 +13,7 @@
 # e.g. matrix.org, localhost:8080, etc.
 # This is also the last part of your UserID.
 #
-server_name: '{{ matrix__synapse__server_name }}'
+server_name: '{{ matrix__site_host }}'

 # When running as a daemon, the file to store the pid in
 #
@ -35,7 +35,7 @@ pid_file: '{{ matrix__synapse__pid_file }}'
 # use synapse with a reverse proxy, this should be the URL to reach
 # synapse via the proxy.
 #
-public_baseurl: '{{ matrix__synapse__baseurl }}'
+public_baseurl: '{{ matrix__base_url }}'

 # Set the soft limit on the number of file descriptors synapse can use
 # Zero is used to indicate synapse should set the soft limit to the
@ -256,7 +256,7 @@ listeners:

 # How to reach the server admin, used in ResourceLimitError
 #
-admin_contact: '{{ matrix__synapse__admin_contact }}'
+admin_contact: '{{ matrix__admin_contact }}'

 # Global blocking
 #
@ -1119,7 +1119,7 @@ registration_shared_secret: '{{ matrix__synapse__reg_secret }}'
 # participate in rooms hosted on this server which have been made
 # accessible to anonymous users.
 #
-#allow_guest_access: false
+allow_guest_access: true

 # The identity server which we suggest that clients should use when users log
 # in on this server.
--- a/roles/matrix/vars/main.yml
+++ b/roles/matrix/vars/main.yml
@ -30,4 +30,6 @@ matrix__synapse__db_file:       '{{ matrix__synapse__lib_dir  }}/homeserver.db'
 matrix__synapse__log_file:      '{{ matrix__synapse__log_dir  }}/homeserver.log'
 matrix__synapse__pid_file:      '{{ matrix__synapse__run_dir  }}/homeserver.pid'

+matrix__static__conf_file: '{{ matrix__static__conf_dir }}/config.json'
+
 matrix__synapse__service_file: '/etc/systemd/system/{{ matrix__synapse__service }}.service'