From 19b66e404bae2ebb461d93579a6a44a7fffff3f6 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 30 Aug 2021 12:31:26 -0700 Subject: [PATCH] Add matrix well-known files Matrix can use some well-known uri's for configuration (rfc 8615). This commit: * Sets up fedora.im as a seperate side on proxies that redirects to getfedora.org and serves a server and client static matrix file. * gets fedora.im it's own ssl cert via letsencrypt so it's all valid (currently it points to proxies generically and gets the fedoraproject.org cert) * Adds config to serve matrix client/server well-known static files for fedoraproject.org site. Note that all the acutal contents of these files are empty for now, but once our matrix server is up we can fill them in properly and re-run the playbook. :) Signed-off-by: Kevin Fenzi --- playbooks/include/proxies-fedora-web.yml | 3 +++ playbooks/include/proxies-websites.yml | 8 +++++++ .../files/.well-known-matrix-client-fedora-im | 0 .../files/.well-known-matrix-server-fedora-im | 0 roles/fedora-web/fedora.im/files/matrix.conf | 7 ++++++ roles/fedora-web/fedora.im/tasks/main.yml | 23 +++++++++++++++++++ ...well-known-matrix-client-fedoraproject-org | 0 ...well-known-matrix-server-fedoraproject-org | 0 roles/fedora-web/main/files/matrix.conf | 2 ++ roles/fedora-web/main/tasks/main.yml | 21 +++++++++++++++++ 10 files changed, 64 insertions(+) create mode 100644 roles/fedora-web/fedora.im/files/.well-known-matrix-client-fedora-im create mode 100644 roles/fedora-web/fedora.im/files/.well-known-matrix-server-fedora-im create mode 100644 roles/fedora-web/fedora.im/files/matrix.conf create mode 100644 roles/fedora-web/fedora.im/tasks/main.yml create mode 100644 roles/fedora-web/main/files/.well-known-matrix-client-fedoraproject-org create mode 100644 roles/fedora-web/main/files/.well-known-matrix-server-fedoraproject-org create mode 100644 roles/fedora-web/main/files/matrix.conf diff --git a/playbooks/include/proxies-fedora-web.yml b/playbooks/include/proxies-fedora-web.yml index 8e60810751..b71cc5f703 100644 --- a/playbooks/include/proxies-fedora-web.yml +++ b/playbooks/include/proxies-fedora-web.yml @@ -63,3 +63,6 @@ - role: fedoraloveskde/website website: fedoraloveskde.org + + - role: fedora-web/fedora.im + website: fedora.im diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 7e59bc66da..1186362e76 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -1092,3 +1092,11 @@ server_aliases: [packages.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" + + - role: httpd/website + site_name: fedora.im + server_aliases: [stg.fedora.im] + sslonly: true + certbot: true + tags: + - fedora.im diff --git a/roles/fedora-web/fedora.im/files/.well-known-matrix-client-fedora-im b/roles/fedora-web/fedora.im/files/.well-known-matrix-client-fedora-im new file mode 100644 index 0000000000..e69de29bb2 diff --git a/roles/fedora-web/fedora.im/files/.well-known-matrix-server-fedora-im b/roles/fedora-web/fedora.im/files/.well-known-matrix-server-fedora-im new file mode 100644 index 0000000000..e69de29bb2 diff --git a/roles/fedora-web/fedora.im/files/matrix.conf b/roles/fedora-web/fedora.im/files/matrix.conf new file mode 100644 index 0000000000..43c6cfe334 --- /dev/null +++ b/roles/fedora-web/fedora.im/files/matrix.conf @@ -0,0 +1,7 @@ +Alias /.well-known/matrix/client /srv/web/fedora.im/.well-known-matrix-client-fedora-im +Alias /.well-known/matrix/server /srv/web/fedora.im/.well-known-matrix-server-fedora-im + +DocumentRoot /srv/web/fedora.im/ + +RewriteEngine On +RewriteRule (.*) https://getfedora.org [NE] diff --git a/roles/fedora-web/fedora.im/tasks/main.yml b/roles/fedora-web/fedora.im/tasks/main.yml new file mode 100644 index 0000000000..b0dd595123 --- /dev/null +++ b/roles/fedora-web/fedora.im/tasks/main.yml @@ -0,0 +1,23 @@ +- name: Copy some config files for {{website}} + copy: > + src={{item}} dest=/etc/httpd/conf.d/{{website}}/{{item}} + owner=root group=root mode=0644 + with_items: + - matrix.conf + notify: + - reload proxyhttpd + tags: + - fedora-web + - fedora-web/fedora.im + +- name: copy in some matrix files + copy: > + src={{item}} dest=/srv/web/fedora.im/{{item}} + owner=root group=root mode=0644 + with_items: + - .well-known-matrix-client-fedora-im + - .well-known-matrix-server-fedora-im + tags: + - fedora-web + - fedora-web/fedora.im + diff --git a/roles/fedora-web/main/files/.well-known-matrix-client-fedoraproject-org b/roles/fedora-web/main/files/.well-known-matrix-client-fedoraproject-org new file mode 100644 index 0000000000..e69de29bb2 diff --git a/roles/fedora-web/main/files/.well-known-matrix-server-fedoraproject-org b/roles/fedora-web/main/files/.well-known-matrix-server-fedoraproject-org new file mode 100644 index 0000000000..e69de29bb2 diff --git a/roles/fedora-web/main/files/matrix.conf b/roles/fedora-web/main/files/matrix.conf new file mode 100644 index 0000000000..306b7a81f5 --- /dev/null +++ b/roles/fedora-web/main/files/matrix.conf @@ -0,0 +1,2 @@ +Alias /.well-known/matrix/client /srv/web/.well-known-matrix-client-fedoraproject-org +Alias /.well-known/matrix/server /srv/web/.well-known-matrix-server-fedoraproject-org diff --git a/roles/fedora-web/main/tasks/main.yml b/roles/fedora-web/main/tasks/main.yml index d6d7f2bd38..56a5306bf6 100644 --- a/roles/fedora-web/main/tasks/main.yml +++ b/roles/fedora-web/main/tasks/main.yml @@ -25,6 +25,7 @@ - expires.conf - deflate.conf - mattdm-google-validate.conf + - matrix.conf notify: - reload proxyhttpd tags: @@ -105,3 +106,23 @@ tags: - fedora-web - fedora-web/main + +# setup some well-known files for matrix + +- name: Create a file for matrix clients + copy: dest=/srv/web/.well-known-matrix-client-fedoraproject-org src=.well-known-matrix-client-fedoraproject-org + owner=root group=root mode=0644 + setype=httpd_sys_content_t + tags: + - fedora-web + - fedora-web/main + - fedora-web/matrix + +- name: Create a file for matrix servers + copy: dest=/srv/web/.well-known-matrix-server-fedoraproject-org src=.well-known-matrix-server-fedoraproject-org + owner=root group=root mode=0644 + setype=httpd_sys_content_t + tags: + - fedora-web + - fedora-web/main + - fedora-web/matrix