410a915a8a
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`, similar to how it's done in: - https://github.com/spantaleev/gitea-docker-ansible-deploy - https://github.com/spantaleev/nextcloud-docker-ansible-deploy In the near future, we'll be removing a lot of the shared role code from here and using upstream roles for it. Some of the core `matrix-*` roles have already been extracted out into other reusable roles: - https://github.com/devture/com.devture.ansible.role.postgres - https://github.com/devture/com.devture.ansible.role.systemd_docker_base - https://github.com/devture/com.devture.ansible.role.timesync - https://github.com/devture/com.devture.ansible.role.vars_preserver - https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages - https://github.com/devture/com.devture.ansible.role.playbook_help We just need to migrate to those.
74 lines
4.2 KiB
YAML
74 lines
4.2 KiB
YAML
---
|
|
|
|
- ansible.builtin.set_fact:
|
|
well_known_url_matrix: "https://{{ matrix_server_fqn_matrix }}{{ well_known_file_check.path }}"
|
|
well_known_url_identity: "https://{{ matrix_domain }}{{ well_known_file_check.path }}"
|
|
|
|
# These well-known files may be served without a `Content-Type: application/json` header,
|
|
# so we can't rely on the uri module's automatic parsing of JSON.
|
|
- name: Check .well-known on the matrix hostname
|
|
ansible.builtin.uri:
|
|
url: "{{ well_known_url_matrix }}"
|
|
follow_redirects: none
|
|
return_content: true
|
|
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
|
headers:
|
|
Origin: example.com
|
|
check_mode: false
|
|
register: result_well_known_matrix
|
|
ignore_errors: true
|
|
|
|
- name: Fail if .well-known not working on the matrix hostname
|
|
ansible.builtin.fail:
|
|
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_matrix }}"
|
|
when: "result_well_known_matrix.failed"
|
|
|
|
- name: Parse JSON for well-known payload at the matrix hostname
|
|
ansible.builtin.set_fact:
|
|
well_known_matrix_payload: "{{ result_well_known_matrix.content | from_json }}"
|
|
|
|
- name: Fail if .well-known not CORS-aware on the matrix hostname
|
|
ansible.builtin.fail:
|
|
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
|
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_matrix"
|
|
|
|
- name: Report working .well-known on the matrix hostname
|
|
ansible.builtin.debug:
|
|
msg: "well-known for {{ well_known_file_check.purpose }} is configured correctly for `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ well_known_url_matrix }}`)"
|
|
|
|
- name: Check .well-known on the identity hostname
|
|
ansible.builtin.uri:
|
|
url: "{{ well_known_url_identity }}"
|
|
follow_redirects: "{{ well_known_file_check.follow_redirects }}"
|
|
return_content: true
|
|
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
|
headers:
|
|
Origin: example.com
|
|
check_mode: false
|
|
register: result_well_known_identity
|
|
ignore_errors: true
|
|
|
|
- name: Fail if .well-known not working on the identity hostname
|
|
ansible.builtin.fail:
|
|
msg: "Failed checking that the well-known file for {{ well_known_file_check.purpose }} is configured at `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`). Is port 443 open in your firewall? Full error: {{ result_well_known_identity }}"
|
|
when: "result_well_known_identity.failed"
|
|
|
|
- name: Parse JSON for well-known payload at the identity hostname
|
|
ansible.builtin.set_fact:
|
|
well_known_identity_payload: "{{ result_well_known_identity.content | from_json }}"
|
|
|
|
- name: Fail if .well-known not CORS-aware on the identity hostname
|
|
ansible.builtin.fail:
|
|
msg: "The well-known file for {{ well_known_file_check.purpose }} on `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`) is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set. See docs/configuring-well-known.md"
|
|
when: "well_known_file_check.cors and 'access_control_allow_origin' not in result_well_known_identity"
|
|
|
|
# For people who manually copy the well-known file, try to detect if it's outdated
|
|
- name: Fail if well-known is different on matrix hostname and identity hostname
|
|
ansible.builtin.fail:
|
|
msg: "The well-known files for {{ well_known_file_check.purpose }} at `{{ matrix_server_fqn_matrix }}` and `{{ matrix_domain }}` are different. Perhaps you copied the file ({{ well_known_file_check.path }}) manually before and now it's outdated?"
|
|
when: "well_known_matrix_payload != well_known_identity_payload"
|
|
|
|
- name: Report working .well-known on the identity hostname
|
|
ansible.builtin.debug:
|
|
msg: "well-known for {{ well_known_file_check.purpose }} ({{ well_known_file_check.path }}) is configured correctly for `{{ matrix_domain }}` (checked endpoint: `{{ well_known_url_identity }}`)"
|