From be997314c3c3a61e389372ed36e41e785381317d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorben=20G=C3=BCnther?= Date: Mon, 30 May 2022 01:47:38 +0200 Subject: [PATCH] matrix: Allow admin API access for wireguard connections Can be used together with synapse-admin [1] to manage synapse. [1]: https://github.com/Awesome-Technologies/synapse-admin --- roles/matrix/tasks/main.yml | 4 ++-- .../{files/matrix.conf => templates/matrix.conf.j2} | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) rename roles/matrix/{files/matrix.conf => templates/matrix.conf.j2} (58%) diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml index c415235..0873340 100644 --- a/roles/matrix/tasks/main.yml +++ b/roles/matrix/tasks/main.yml @@ -51,8 +51,8 @@ state: started - name: Copy nginx conf - ansible.builtin.copy: - src: matrix.conf + ansible.builtin.template: + src: matrix.conf.j2 dest: /etc/nginx/nginx.d/matrix.conf owner: root group: root diff --git a/roles/matrix/files/matrix.conf b/roles/matrix/templates/matrix.conf.j2 similarity index 58% rename from roles/matrix/files/matrix.conf rename to roles/matrix/templates/matrix.conf.j2 index 7c83673..e337ceb 100644 --- a/roles/matrix/files/matrix.conf +++ b/roles/matrix/templates/matrix.conf.j2 @@ -15,4 +15,16 @@ server { client_max_body_size 50M; } + + location ~ ^(/_synapse/admin) { + allow {{ wireguard_vpn_subnet }}; + deny all; + + proxy_pass http://127.0.0.1:8008; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + client_max_body_size 50M; + } } -- 2.44.0