From 35ed78089fad04ece07028e17fecb8bcb182f5a8 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <jean-marie.mineau@protonmail.com>
Date: Wed, 28 Jul 2021 02:22:54 +0200
Subject: [PATCH] add a tmp rp

---
 roles/synapse/handlers/main.yml       |  5 +++++
 roles/synapse/tasks/main.yml          | 31 +++++++++++++++++++++++++++
 roles/synapse/templates/nginx/synapse | 26 ++++++++++++++++++++++
 3 files changed, 62 insertions(+)
 create mode 100644 roles/synapse/handlers/main.yml
 create mode 100644 roles/synapse/templates/nginx/synapse

diff --git a/roles/synapse/handlers/main.yml b/roles/synapse/handlers/main.yml
new file mode 100644
index 0000000..6dfcdd7
--- /dev/null
+++ b/roles/synapse/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Reload nginx
+  systemd:
+    name: nginx
+    state: reloaded
diff --git a/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml
index fa4a04f..98a5f44 100644
--- a/roles/synapse/tasks/main.yml
+++ b/roles/synapse/tasks/main.yml
@@ -53,3 +53,34 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
+
+
+# --- DRAFT ---
+- name: Install nginx
+  apt:
+    name: nginx
+    state: latest
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Generate self signed cert
+  include_role:
+    name: generate_self_signed_certificate
+  vars:
+    server_hostname: "{{ matrix_server_name }}"
+
+- name: Copy reverse proxy sites
+  template:
+    src: "nginx/config_synapse"
+    dest: "/etc/nginx/sites-available/synapse"
+  notify: Reload nginx
+
+- name: Activate sites
+  file:
+    src: "/etc/nginx/sites-available/synapse"
+    dest: "/etc/nginx/sites-enabled/synapse"
+    state: link
+    force: yes
+  notify: Reload nginx
diff --git a/roles/synapse/templates/nginx/synapse b/roles/synapse/templates/nginx/synapse
new file mode 100644
index 0000000..e80ecd2
--- /dev/null
+++ b/roles/synapse/templates/nginx/synapse
@@ -0,0 +1,26 @@
+{{ ansible_managed | comment }}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    # For the federation port
+    listen 8448 ssl http2 default_server;
+    listen [::]:8448 ssl http2 default_server;
+
+    server_name {{ matrix_server_name }};
+
+	ssl_certificate /var/certificates/{{ matrix_server_name }}_cert.pem;
+	ssl_certificate_key /var/certificates/{{ matrix_server_name }}_privkey.pem;
+
+    location ~* ^(\/_matrix|\/_synapse\/client) {
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+        client_max_body_size {{ matrix_max_upload_size }};
+    }
+}