diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index 196483fc..767b36eb 100644 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -118,6 +118,10 @@ matrix_mxisd_synapsesql_enabled: true matrix_mxisd_synapsesql_type: postgresql matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }} +matrix_mxisd_dns_overwrite_enabled: true +matrix_mxisd_dns_overwrite_homeserver_client_name: "matrix-mxisd" +matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}" + # By default, we send mail through the `matrix-mailer` service. matrix_mxisd_threepid_medium_email_identity_from: "{{ matrix_mailer_sender_address }}" matrix_mxisd_threepid_medium_email_connectors_smtp_host: "matrix-mailer" @@ -126,6 +130,8 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 0 matrix_mxisd_systemd_wanted_services_list: | {{ + (['matrix-corporal.service'] if matrix_corporal_enabled else ['matrix-synapse.service']) + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + (['matrix-mailer.service'] if matrix_mailer_enabled else []) @@ -165,6 +171,10 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_mxisd_enabled } matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090" +matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_mxisd_enabled }}" +matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" +matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" + matrix_nginx_proxy_systemd_wanted_services_list: | {{ (['matrix-synapse.service']) diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml index 42440240..8970e2df 100644 --- a/roles/matrix-mxisd/defaults/main.yml +++ b/roles/matrix-mxisd/defaults/main.yml @@ -36,6 +36,13 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1 matrix_mxisd_threepid_medium_email_connectors_smtp_login: "" matrix_mxisd_threepid_medium_email_connectors_smtp_password: "" +# DNS overwrites are useful for telling mxisd how it can reach the homeserver directly. +# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd, +# so that mxisd can rewrite the original URL to one that would reach the homeserver. +matrix_mxisd_dns_overwrite_enabled: false +matrix_mxisd_dns_overwrite_homeserver_client_name: "matrix-mxisd" +matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008" + # Default mxisd configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -56,6 +63,15 @@ matrix_mxisd_configuration_yaml: | sqlite: database: /var/mxisd/mxisd.db + {% if matrix_mxisd_dns_overwrite_enabled %} + dns: + overwrite: + homeserver: + client: + - name: {{ matrix_mxisd_dns_overwrite_homeserver_client_name }} + value: {{ matrix_mxisd_dns_overwrite_homeserver_client_value }} + {% endif %} + {% if matrix_mxisd_matrixorg_forwarding_enabled %} forward: servers: ['matrix-org'] diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 4acceb77..ccc51ac8 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -24,6 +24,13 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "localhost:41081" +# Controls whether proxying for the User Directory Search API (`/_matrix/client/r0/user_directory/search`) should be done (on the matrix domain). +# This can be used to forward the API endpoint to another service, augmenting the functionality of Synapse's own User Directory Search. +# To learn more, see: https://github.com/kamax-matrix/mxisd/blob/master/docs/features/directory.md +matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false +matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-mxisd:8090" +matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "localhost:8090" + # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090" diff --git a/roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-synapse.conf.j2 index c1458878..34c9d0ab 100644 --- a/roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-synapse.conf.j2 @@ -74,6 +74,20 @@ server { } {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} + location /_matrix/client/r0/user_directory/search { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container }}; + {% endif %} + } + {% endif %} + {% for configuration_block in matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks %} {{- configuration_block }} {% endfor %}