~xenrox/ansible

be997314c3c3a61e389372ed36e41e785381317d — Thorben Günther 2 months ago 92623a9
matrix: Allow admin API access for wireguard connections

Can be used together with synapse-admin [1] to manage synapse.

[1]: https://github.com/Awesome-Technologies/synapse-admin
2 files changed, 14 insertions(+), 2 deletions(-)

M roles/matrix/tasks/main.yml
R roles/matrix/{files/matrix.conf => templates/matrix.conf.j2}
M roles/matrix/tasks/main.yml => roles/matrix/tasks/main.yml +2 -2
@@ 51,8 51,8 @@
    state: started

- name: Copy nginx conf
  ansible.builtin.copy:
    src: matrix.conf
  ansible.builtin.template:
    src: matrix.conf.j2
    dest: /etc/nginx/nginx.d/matrix.conf
    owner: root
    group: root

R roles/matrix/files/matrix.conf => roles/matrix/templates/matrix.conf.j2 +12 -0
@@ 15,4 15,16 @@ server {

        client_max_body_size 50M;
    }

    location ~ ^(/_synapse/admin) {
        allow {{ wireguard_vpn_subnet }};
        deny all;

        proxy_pass http://127.0.0.1:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        client_max_body_size 50M;
    }
}