Merge pull request #1 from spantaleev/master

Actualizo con los cambios en el repositorio base de Slavi.
4 years ago · eab32691d5
parent 69570de8a9 4543f026a4
commit eab32691d5
6 changed files with 50 additions and 7 deletions
--- a/docs/configuring-playbook-federation.md
+++ b/docs/configuring-playbook-federation.md
@ -17,6 +17,17 @@ matrix_synapse_federation_domain_whitelist:
 If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).


+## Exposing the room directory over federation
+
+By default, your server's public rooms directory is not exposed to other servers via federation.
+
+If you wish to expose it, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
+
+```yaml
+matrix_synapse_allow_public_rooms_over_federation: true
+```
+
+
 ## Disabling federation

 To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
--- a/docs/configuring-playbook-ma1sd.md
+++ b/docs/configuring-playbook-ma1sd.md
@ -72,6 +72,21 @@ To use a more custom configuration, you can define a `matrix_ma1sd_configuration
 and put your configuration in it.
 To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component.

+## Example: SMS verification
+
+If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration:
+
+```yaml
+matrix_ma1sd_configuration_extension_yaml: |
+  threepid:
+    medium:
+      msisdn:
+        connectors:
+          twilio:
+            account_sid: '<secret-SID>'
+            auth_token: '<secret-token>'
+            number: '+<msisdn-number>'
+```

 ## Troubleshooting

--- a/docs/configuring-playbook-own-webserver.md
+++ b/docs/configuring-playbook-own-webserver.md
@ -144,8 +144,7 @@ matrix_nginx_proxy_container_extra_arguments:
  - '--label "traefik.enable=true"'

  # The Nginx proxy container will receive traffic from these subdomains
-  # (Replace DOMAIN with your domain, e.g. example.com)
-  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`matrix.DOMAIN`,`riot.DOMAIN`,`dimension.DOMAIN`)"'
+  - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"'

  # (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
  - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
@ -161,8 +160,7 @@ matrix_synapse_container_extra_arguments:
  - '--label "traefik.enable=true"'

  # The Synapse container will receive traffic from this subdomain
-  # (Replace DOMAIN with your domain, e.g. example.com)
-  - '--label "traefik.http.routers.matrix-synapse.rule=Host(`matrix.DOMAIN`)"'
+  - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"'

  # (The 'synapse' entrypoint must bind to port 8448 in Traefik config)
  - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"'
--- a/docs/configuring-well-known.md
+++ b/docs/configuring-well-known.md
@ -48,12 +48,12 @@ If you're managing the base domain by yourself somehow, you'll need to set up se

 To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.

-You have 2 options when it comes to installing the files on the base domain's server:
+You have 3 options when it comes to installing the files on the base domain's server:


 ### (Option 1): **Copying the files manually** to your base domain's server

-**Hint**: Option 2 (below) is generally a better way to do this. Make sure to go with that one, if possible.
+**Hint**: Option 2 and 3 (below) are generally a better way to do this. Make sure to go with them, if possible.

 All you need to do is:

@ -65,7 +65,16 @@ This is relatively easy to do and possibly your only choice if you can only host
 It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.


-### (Option 2): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server
+### (Option 2): **Serving the base domain** from the Matrix server via the playbook
+
+If you don't need the base domain (e.g. `example.com`) for anything else (hosting a website, etc.), you can point it to the Matrix server's IP address and tell the playbook to configure it.
+
+This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 2 might be more suitable.
+
+See [Serving the base domain](configuring-playbook-base-domain-serving.md) to learn how the playbook can help you set it up.
+
+
+### (Option 3): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server

 This option is less fragile and generally better.

--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@ -56,6 +56,11 @@ matrix_integration_manager_ui_url: ~
 # See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
 matrix_riot_jitsi_preferredDomain: ''

+# Controls whether Riot should use End-to-End Encryption by default.
+# Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE.
+# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
+matrix_riot_e2ee_default: true
+
 # The Docker network that all services would be put into
 matrix_docker_network: "matrix"

--- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2
+++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2
@ -23,4 +23,9 @@
 		"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
 	}
 	{% endif %}
+	{% if not matrix_riot_e2ee_default %},
+	"im.vector.riot.e2ee": {
+		"default": false
+	}
+	{% endif %}
 }