Added more CSP conditions

2025-09-04 09:21:42 +02:00 · 2025-05-15 12:56:22 +02:00
parent f7cfd13d5a
commit 20020cca92
23 changed files with 65 additions and 50 deletions
--- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2
+++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2
@@ -11,15 +11,15 @@ services:
    volumes:
      - synapse_data:/data
      - ./homeserver.yaml:/data/homeserver.yaml:ro
-      - ./{{domains.matrix_synapse}}.log.config:/data/{{domains.matrix_synapse}}.log.config:ro
+      - ./{{domains.synapse}}.log.config:/data/{{domains.synapse}}.log.config:ro
 {% for item in bridges %}
      - {{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/registration.yaml:{{registration_file_folder}}{{item.bridge_name}}.registration.yaml:ro
 {% endfor %}
    environment:
-      - SYNAPSE_SERVER_NAME={{domains.matrix_synapse}}
+      - SYNAPSE_SERVER_NAME={{domains.synapse}}
      - SYNAPSE_REPORT_STATS=no
    ports:
-      - "127.0.0.1:{{ports.localhost.http.matrix_synapse}}:8008"
+      - "127.0.0.1:{{ports.localhost.http.synapse}}:8008"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8008/"]
      interval: 1m
@@ -39,7 +39,7 @@ services:
    volumes:
      - ./element-config.json:/app/config.json
    ports:
-      - "127.0.0.1:{{ports.localhost.http.matrix_element}}:80"
+      - "127.0.0.1:{{ports.localhost.http.element}}:80"
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"]
      interval: 1m
@@ -89,7 +89,7 @@ services:
 #      KEYV_URL: ''
 #      KEYV_BOT_ENCRYPTION: 'false'
 #      KEYV_BOT_STORAGE: 'true'
-#      MATRIX_HOMESERVER_URL: 'https://{{domains.matrix_synapse}}'
+#      MATRIX_HOMESERVER_URL: 'https://{{domains.synapse}}'
 #      MATRIX_BOT_USERNAME: '@chatgptbot:{{applications.matrix.server_name}}'
 #      MATRIX_ACCESS_TOKEN: '{{ applications[application_id].credentials.chatgpt_bridge_access_token | default('') }}'
 #      MATRIX_BOT_PASSWORD: '{{applications[application_id].credentials.chatgpt_bridge_user_password}}'
--- a/roles/docker-matrix-compose/templates/element.config.json.j2
+++ b/roles/docker-matrix-compose/templates/element.config.json.j2
@@ -1,8 +1,8 @@
 {
    "default_server_config": {
        "m.homeserver": {
-            "base_url": "{{ web_protocol }}://{{domains.matrix_synapse}}",
-            "server_name": "{{domains.matrix_synapse}}"
+            "base_url": "{{ web_protocol }}://{{domains.synapse}}",
+            "server_name": "{{domains.synapse}}"
        },
        "m.identity_server": {
            "base_url": "{{ web_protocol }}://{{primary_domain}}"
--- a/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2
@@ -143,7 +143,7 @@ bridge:
    sync_direct_chat_list: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications.matrix.server_name}}: {{domains.matrix_synapse}}
+        {{applications.matrix.server_name}}: {{domains.synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2
@@ -134,7 +134,7 @@ bridge:
    double_puppet_allow_discovery: false
    # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
    double_puppet_server_map:
-        {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
+        {{applications.matrix.server_name}}: https://{{domains.synapse}}
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
--- a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
@@ -141,7 +141,7 @@ bridge:
    federate_rooms: true
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
+        {{applications.matrix.server_name}}: https://{{domains.synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
@@ -118,7 +118,7 @@ bridge:

    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
+        {{applications.matrix.server_name}}: https://{{domains.synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
@@ -198,7 +198,7 @@ bridge:
    sync_direct_chat_list: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
+        {{applications.matrix.server_name}}: https://{{domains.synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
@@ -236,7 +236,7 @@ bridge:
    force_active_delivery_receipts: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
+        {{applications.matrix.server_name}}: https://{{domains.synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/nginx.conf.j2
+++ b/roles/docker-matrix-compose/templates/nginx.conf.j2
@@ -1,10 +1,10 @@
 server {
    {# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #}
    {# Could be that this is related to the set_fact use #}
-    {% set domain = domains.matrix_synapse %}
-    {% set http_port = ports.localhost.http.matrix_synapse %}
+    {% set domain = domains.synapse %}
+    {% set http_port = ports.localhost.http.synapse %}

-    server_name {{domains.matrix_synapse}};
+    server_name {{domains.synapse}};
    {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
    
    # For the federation port
--- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
@@ -17,15 +17,15 @@ database:
    host: "{{database_host}}"
    cp_min: 5
    cp_max: 10
-log_config:                     "/data/{{domains.matrix_synapse}}.log.config"
+log_config:                     "/data/{{domains.synapse}}.log.config"
 media_store_path:               "/data/media_store"
 registration_shared_secret:     "{{applications[application_id].credentials.registration_shared_secret}}"
 report_stats:                   true
 macaroon_secret_key:            "{{applications[application_id].credentials.macaroon_secret_key}}"
 form_secret:                    "{{applications[application_id].credentials.form_secret}}"
-signing_key_path:               "/data/{{domains.matrix_synapse}}.signing.key"
-web_client_location:            "{{ web_protocol }}://{{domains.matrix_element}}"
-public_baseurl:                 "{{ web_protocol }}://{{domains.matrix_synapse}}"
+signing_key_path:               "/data/{{domains.synapse}}.signing.key"
+web_client_location:            "{{ web_protocol }}://{{domains.element}}"
+public_baseurl:                 "{{ web_protocol }}://{{domains.synapse}}"
 trusted_key_servers:
  - server_name: "matrix.org"
 admin_contact: 'mailto:{{users.administrator.email}}'
@@ -39,10 +39,10 @@ email:
  #require_transport_security:   true
  enable_tls:                   "{{ system_email.tls | upper }}"
  notif_from:                   "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
-  app_name:                     "Matrix on {{domains.matrix_synapse}}"
+  app_name:                     "Matrix on {{domains.synapse}}"
  enable_notifs:                true
  notif_for_new_users:          false
-  client_base_url:              "{{domains.matrix_synapse}}"
+  client_base_url:              "{{domains.synapse}}"
  validation_token_lifetime:    15m

 {% if applications[application_id].features.oidc | bool %}
--- a/roles/docker-matrix-compose/templates/synapse/log.config.j2
+++ b/roles/docker-matrix-compose/templates/synapse/log.config.j2
@@ -8,7 +8,7 @@ handlers:
  file:
    class: logging.handlers.RotatingFileHandler
    formatter: precise
-    filename: /data/{{domains.matrix_synapse}}.homeserver.log
+    filename: /data/{{domains.synapse}}.homeserver.log
    maxBytes: 10485760
    backupCount: 3
  console:
--- a/roles/docker-matrix-compose/templates/well-known.j2
+++ b/roles/docker-matrix-compose/templates/well-known.j2
@@ -1,3 +1,3 @@
 {
-    "m.server": "{{domains.matrix_synapse}}:443"
+    "m.server": "{{domains.synapse}}:443"
 }