bundles/matrix-synapse: auto-configure nginx vhost
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good

This commit is contained in:
Franzi 2021-07-17 12:38:04 +02:00
parent 574b3a833a
commit 32c0ad3bd6
Signed by: kunsi
GPG key ID: 12E3D2136B818350
4 changed files with 84 additions and 72 deletions

View file

@ -1,3 +1,5 @@
from json import dumps
defaults = { defaults = {
'apt': { 'apt': {
'repos': { 'repos': {
@ -19,9 +21,6 @@ defaults = {
'icinga2_api': { 'icinga2_api': {
'matrix-synapse': { 'matrix-synapse': {
'services': { 'services': {
'MATRIX-SYNAPSE HTTP ENDPOINT': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_http_url_for_string http://[::1]:20080/_matrix/static/ "Synapse is running"',
},
'MATRIX-SYNAPSE PROCESS': { 'MATRIX-SYNAPSE PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a synapse.app.homeserver -c 1:', 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a synapse.app.homeserver -c 1:',
'vars.notification.sms': True, 'vars.notification.sms': True,
@ -53,5 +52,78 @@ defaults = {
}, },
}, },
}, },
},
'zfs': {
'datasets': {
'tank/matrix-synapse': {
'mountpoint': '/var/lib/matrix-synapse',
'needed_by': {
'pkg_apt:matrix-synapse-py3',
},
},
},
},
} }
@metadata_reactor.provides(
'nginx/vhosts/matrix-synapse',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
locations = {
'/_matrix': {
'target': 'http://[::1]:20080',
},
'/_synapse': {
'target': 'http://[::1]:20080',
},
'/.well-known/matrix/client': {
'return': dumps({
'm.homeserver': {
'base_url': 'https://{}'.format(metadata.get('matrix-synapse/baseurl')),
},
'm.identity_server': {
'base_url': metadata.get('matrix-synapse/identity_server', 'https://matrix.org'),
},
**metadata.get('matrix-synapse/additional_client_config', {}),
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'return': dumps({
'm.server': '{}:443'.format(metadata.get('matrix-synapse/baseurl')),
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
}
if node.has_bundle('matrix-media-repo'):
locations['/_matrix/media'] = {
'target': 'http://localhost:20090',
'max_body_size': '{}M'.format(metadata.get('matrix-media-repo/upload_max_mb')),
# matrix-media-repo needs this to be the
# homeserver address.
'x_forwarded_host': metadata.get('matrix-synapse/server_name'),
}
return {
'nginx': {
'vhosts': {
'matrix-synapse': {
'domain': metadata.get('matrix-synapse/baseurl'),
'locations': locations,
'website_check_path': '/_matrix/static/',
'website_check_string': 'Synapse is running',
},
},
},
} }

View file

@ -1,24 +0,0 @@
location /.well-known/matrix/ {
types { } default_type "application/json";
alias /etc/matrix-synapse/wellknown/;
add_header Access-Control-Allow-Origin *;
}
location /_matrix {
proxy_pass http://[::1]:20080;
proxy_set_header Host "sophies-kitchen.eu";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /_matrix/media {
client_max_body_size 500M;
proxy_read_timeout 600s;
proxy_set_header Host "sophies-kitchen.eu";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:20090;
}

View file

@ -187,8 +187,8 @@ nodes['htz-cloud.miniserver'] = {
'webroot': '/var/www/sophies-kitchen.eu/_site/', 'webroot': '/var/www/sophies-kitchen.eu/_site/',
'extras': True, 'extras': True,
}, },
'matrix.sophies-kitchen.eu': { 'matrix-synapse': {
'extras': True, 'domain': 'matrix.sophies-kitchen.eu',
}, },
'webdump.sophies-kitchen.eu': { 'webdump.sophies-kitchen.eu': {
'webroot_config': { 'webroot_config': {

View file

@ -139,6 +139,11 @@ nodes['htz.ex42-1048908'] = {
'finallycoffee.eu', 'finallycoffee.eu',
'nyantec.com', 'nyantec.com',
}, },
'additional_client_config': {
'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
},
}, },
'mautrix-telegram': { 'mautrix-telegram': {
'version': 'v0.10.0', 'version': 'v0.10.0',
@ -246,49 +251,8 @@ nodes['htz.ex42-1048908'] = {
}, },
}, },
}, },
'matrix.franzi.business': { 'matrix-synapse': {
'ssl': '_.franzi.business', 'ssl': '_.franzi.business',
'locations': {
'/_matrix': {
'target': 'http://[::1]:20080',
},
'/_matrix/media': {
'target': 'http://localhost:20090',
'max_body_size': '500M',
# matrix-media-repo needs this to be the
# homeserver address.
'x_forwarded_host': 'franzi.business',
},
'/_synapse': {
'target': 'http://[::1]:20080',
},
'/.well-known/matrix/client': {
'return': json_dumps({
'm.homeserver': {
'base_url': 'https://matrix.franzi.business',
},
'm.identity_server': {
'base_url': 'https://matrix.org',
},
'im.vector.riot.jitsi': {
'preferredDomain': 'meet.ffmuc.net',
},
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'return': json_dumps({
'm.server': 'matrix.franzi.business:443',
}, sort_keys=True),
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
},
}, },
'mta-sts': { 'mta-sts': {
'domain': 'mta-sts.mx0.kunbox.net', 'domain': 'mta-sts.mx0.kunbox.net',