Remove the default client and use Riot instead

Author: Chris Herrmann

infrastructure/main.tf

@@ -74,6 +74,7 @@ resource "openstack_networking_secgroup_v2" "synapse_homeserver" {
 }
 
 resource "openstack_networking_secgroup_rule_v2" "http" {
+  # Riot webclient
   direction         = "ingress"
   ethertype         = "IPv4"
   protocol          = "tcp"
@@ -84,6 +85,7 @@ resource "openstack_networking_secgroup_rule_v2" "http" {
 }
 
 resource "openstack_networking_secgroup_rule_v2" "https" {
+  # Riot webclient
   direction         = "ingress"
   ethertype         = "IPv4"
   protocol          = "tcp"
@@ -94,6 +96,7 @@ resource "openstack_networking_secgroup_rule_v2" "https" {
 }
 
 resource "openstack_networking_secgroup_rule_v2" "synapse_federation" {
+  # Matrix federation
   direction         = "ingress"
   ethertype         = "IPv4"
   protocol          = "tcp"
@@ -103,6 +106,17 @@ resource "openstack_networking_secgroup_rule_v2" "synapse_federation" {
   security_group_id = "${openstack_networking_secgroup_v2.synapse_homeserver.id}"
 }
 
+resource "openstack_networking_secgroup_rule_v2" "synapse_homeserver" {
+  # Matrix homeserver
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8080
+  port_range_max    = 8080
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.synapse_homeserver.id}"
+}
+
 resource "openstack_compute_keypair_v2" "erp_deploy" {
   name = "${var.public_key_name}"
   public_key = "${var.public_key_value}"

provisioning/host_vars/chat.python.nz

@@ -3,8 +3,13 @@ home: /home/ubuntu
 
 synapse_path: "{{ home }}/synapse"
 synapse_config_path: "{{ synapse_path }}/homeserver.yaml"
-logo_path: /data/_matrix/client/img
+synapse_release: https://github.com/matrix-org/synapse/tarball/master
+
+riot_path: "{{ home }}/riot"
+riot_version: v0.15.5
+riot_release: "https://github.com/vector-im/riot-web/releases/download/{{ riot_version }}/riot-{{ riot_version }}.tar.gz"
 
+logo_path: /data/_matrix/client/img
 images:
   - favicon.ico
   - img/logo.png

provisioning/provision.yml

@@ -14,6 +14,9 @@
       raw: sudo apt-get install -y python
 
   tasks:
+    #########################
+    # System Configuration
+    #########################
     - name: Install system packages
       become: yes
       apt:
@@ -34,6 +37,9 @@
         - software-properties-common
         - sqlite3
 
+    #########################
+    # Synapse Configuration
+    #########################
     - name: Create Synapse directory
       file:
         path: "{{ synapse_path }}"
@@ -72,7 +78,7 @@
       with_items:
         - pip
         - setuptools
-        - https://github.com/matrix-org/synapse/tarball/master
+        - "{{ synapse_release }}"
 
     - name: Register if homeserver config exists
       stat:
@@ -98,32 +104,51 @@
           dest: /etc/systemd/system/synapse.service
           mode: 0644
 
-    - name: Create static directories
+    #########################
+    # Riot Configuration
+    #########################
+    - name: Download Riot release archive
+      get_url:
+        url: "{{ riot_release }}"
+        dest: "{{ riot_path }}.tar.gz"
+
+    - name: Extract Riot release archive
+      unarchive:
+        src: "{{ riot_path }}.tar.gz"
+        dest: "{{ home }}"
+        remote_src: yes
+        list_files: yes
+      register: riot_archive
+
+    - name: Symlink Riot src for Nginx
       become: yes
       file:
-        path: "{{ logo_path }}"
-        state: directory
-        owner: "{{ remote_user }}"
-        group: "www-data"
-        recurse: yes
+        src: "{{ home }}/{{ riot_archive.files[0] }}"
+        dest: /usr/share/nginx/html
+        state: link
 
-    - name: Copy logo images
-      copy:
-        src: "{{ item }}"
-        dest: "/data/_matrix/client/{{ item }}"
-      with_items: "{{ images }}"
+    - name: Configure Riot
+      template:
+        src: riot/config.j2
+        dest: "{{ home }}/{{ riot_archive.files[0] }}/config.json"
 
-    - name: Create Nginx config
+    #########################
+    # Nginx configuration
+    #########################
+    - name: Configure Nginx
       become: yes
       template:
         src: nginx/nginx.j2
         dest: /etc/nginx/nginx.conf
 
+    #########################
+    # Load and start services
+    #########################
     - name: Reloading Daemons
       become: yes
       command: systemctl daemon-reload
 
-    - name: Enabling service
+    - name: Enabling Synapse service
       become: yes
       command: systemctl enable synapse
 

provisioning/templates/nginx/nginx.j2

@@ -20,26 +20,28 @@ http {
     server {
         listen 443 ssl;
         listen [::]:443 ssl;
-        server_name {{ ansible_ssh_host }};
+        server_name  {{ ansible_ssh_host }};
 
         ssl_certificate /etc/letsencrypt/live/{{ ansible_host }}/fullchain.pem;
         ssl_certificate_key /etc/letsencrypt/live/{{ ansible_host }}/privkey.pem;
 
         location / {
-            proxy_pass http://localhost:8008;
-            proxy_set_header X-Forwarded-For $remote_addr;
+            root   html;
+            index  index.html index.htm;
         }
+    }
 
-        location /_matrix/client/img/logo.png {
-            alias /data/_matrix/client/img/logo.png;
-        }
+    server {
+        listen 8080 ssl;
+        listen [::]:8080 ssl;
+        server_name {{ ansible_ssh_host }};
 
-        location /_matrix/client/img/logo-small.png {
-            alias /data/_matrix/client/img/logo-small.png;
-        }
+        ssl_certificate /etc/letsencrypt/live/{{ ansible_host }}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/{{ ansible_host }}/privkey.pem;
 
-        location /_matrix/client/favicon.ico {
-            alias /data/_matrix/client/favicon.ico;
+        location / {
+            proxy_pass http://localhost:8008;
+            proxy_set_header X-Forwarded-For $remote_addr;
         }
     }
 }

provisioning/templates/riot/config.j2

@@ -0,0 +1,34 @@
+{
+    "default_hs_url": "https://{{ ansible_host }}:8080",
+    "default_is_url": "https://matrix.org",
+    "disable_custom_urls": false,
+    "disable_guests": false,
+    "disable_login_language_selector": false,
+    "disable_3pid_login": false,
+    "brand": "Riot",
+    "integrations_ui_url": "https://scalar.vector.im/",
+    "integrations_rest_url": "https://scalar.vector.im/api",
+    "bug_report_endpoint_url": "https://riot.im/bugreports/submit",
+    "features": {
+        "feature_groups": "labs",
+        "feature_pinning": "labs"
+    },
+    "default_federate": true,
+    "welcomePageUrl": "home.html",
+    "default_theme": "light",
+    "roomDirectory": {
+        "servers": [
+            "chat.python.nz"
+        ]
+    },
+    "welcomeUserId": "@riot-bot:matrix.org",
+    "piwik": {
+        "url": "https://piwik.riot.im/",
+        "whitelistedHSUrls": ["https://matrix.org"],
+        "whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
+        "siteId": 1
+    },
+    "enable_presence_by_hs_url": {
+        "https://matrix.org": false
+    }
+}

provisioning/templates/synapse/homeserver.yaml

@@ -77,7 +77,7 @@ pid_file: /home/ubuntu/synapse/homeserver.pid
 # cpu_affinity: 0xFFFFFFFF
 
 # Whether to serve a web client from the HTTP/HTTPS root resource.
-web_client: True
+web_client: False
 
 # The root directory to server for the above web client.
 # If left undefined, synapse will serve the matrix-angular-sdk web client.
@@ -147,7 +147,6 @@ listeners:
         # List of resources to host on this listener.
         names:
           - client     # The client-server APIs, both v1 and v2
-          - webclient  # The bundled webclient.
 
         # Should synapse compress HTTP responses to clients that support it?
         # This should be disabled if running synapse behind a load balancer
@@ -174,7 +173,7 @@ listeners:
     x_forwarded: true
 
     resources:
-      - names: [client, webclient]
+      - names: [client]
         compress: true
       - names: [federation]
         compress: false