Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
a841a2c5
Verified
Commit
a841a2c5
authored
Feb 14, 2021
by
Jan Alexander Steffens (heftig)
Browse files
matrix: Avoid using maps of maps with free keys
Prefer using lists of maps with consistent keys.
parent
ccf39d78
Changes
5
Expand all
Hide whitespace changes
Inline
Side-by-side
group_vars/all/vault_matrix.yml
View file @
a841a2c5
This diff is collapsed.
Click to expand it.
roles/matrix/defaults/main.yml
View file @
a841a2c5
---
matrix_nginx_config
:
federation_reader
:
-
name
:
federation_reader
port
:
8011
locations
:
-
"
~
^/_matrix/federation/v1/event/"
...
...
@@ -26,7 +26,7 @@ matrix_nginx_config:
-
"
~
^/_matrix/federation/v1/get_groups_publicised$"
-
"
~
^/_matrix/key/v2/query"
-
"
~
^/_matrix/federation/v1/send/"
# Don't load balance
media_repository
:
-
name
:
media_repository
port
:
8013
locations
:
-
"
~
^/_matrix/media/"
...
...
@@ -35,7 +35,7 @@ matrix_nginx_config:
-
"
~
^/_synapse/admin/v1/user/.*/media.*$"
-
"
~
^/_synapse/admin/v1/media/.*$"
-
"
~
^/_synapse/admin/v1/quarantine_media/.*$"
homeserver
:
-
name
:
homeserver
port
:
8008
locations
:
-
"
/_matrix"
...
...
roles/matrix/templates/appservice-registration-irc.yaml.j2
View file @
a841a2c5
...
...
@@ -4,20 +4,20 @@ as_token: {{ vault_matrix_secrets.irc_as_token }}
namespaces
:
users
:
{
%
for network in vault_matrix_secrets.irc_networks
.values()
%
}
{
%
for network in vault_matrix_secrets.irc_networks %
}
-
exclusive
:
true
regex
:
'
@{{
network.name
|
regex_escape()
}}_.*:{{
matrix_server_name
|
regex_escape()
}}'
group_id
:
'
+{{
network.name
}}:{{
matrix_server_name
}}'
{
%
endfor %
}
aliases
:
{
%
for network in vault_matrix_secrets.irc_networks
.values()
%
}
{
%
for network in vault_matrix_secrets.irc_networks %
}
-
exclusive
:
true
regex
:
'
#{{
network.name
|
regex_escape()
}}_.*:{{
matrix_server_name
|
regex_escape()
}}'
{
%
endfor %
}
rooms
:
{
%
for room in vault_matrix_secrets | json_query("irc_networks
.*
[]
.mappings
.*
[]
.room") %
}
{
%
for room in vault_matrix_secrets | json_query("irc_networks
[]
.mappings
[]
.room") %
}
-
exclusive
:
false
regex
:
'
{{
room
|
regex_escape()
}}'
{
%
endfor %
}
...
...
roles/matrix/templates/irc-bridge.yaml.j2
View file @
a841a2c5
...
...
@@ -43,9 +43,9 @@ homeserver:
# Configuration specific to the IRC service
ircService:
servers:
{% for
address,
network in vault_matrix_secrets.irc_networks
.items()
%}
{% for network in vault_matrix_secrets.irc_networks %}
# The address of the server to connect to.
"{{ address }}":
"{{
network.
address }}":
# A human-readable short name. This is used to label IRC status rooms
# where matrix users control their connections.
# E.g. 'ExampleNet IRC Bridge status'.
...
...
@@ -270,8 +270,8 @@ ircService:
# 1:many mappings from IRC channels to room IDs on this IRC server.
# The matrix room must already exist. Your matrix client should expose
# the room ID in a "settings" page for the room.
{% for
channel,
mapping in network.mappings
.items()
%}
"{{ channel }}":
{% for mapping in network.mappings %}
"{{
mapping.
channel }}":
roomIds: ["{{ mapping.room }}"]
key: "{{ mapping.key }}"
{% endfor %}
...
...
roles/matrix/templates/nginx.d.conf.j2
View file @
a841a2c5
{% for
name,
config in matrix_nginx_config
.items()
%}
upstream matrix_{{ name }} {
{% for config in matrix_nginx_config %}
upstream matrix_{{
config.
name }} {
server 127.0.0.1:{{ config.port }};
}
...
...
@@ -32,12 +32,12 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ matrix_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ matrix_domain }}/chain.pem;
{% for
name,
config in matrix_nginx_config
.items()
%}
# {{ name }}
{% for config in matrix_nginx_config %}
# {{
config.
name }}
{% for location in config.locations %}
location {{ location }} {
access_log /var/log/nginx/{{ matrix_domain }}/access.log main;
proxy_pass http://matrix_{{ name }};
proxy_pass http://matrix_{{
config.
name }};
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 900s;
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment