Use mxisd for user directory searches

Implements #77 (Github issue).
spantaleev · Jan 17, 2019 · cb11548 · cb11548
1 parent df0d465
commit cb11548
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 0 deletions.
diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers
@@ -118,6 +118,10 @@ matrix_mxisd_synapsesql_enabled: true
 matrix_mxisd_synapsesql_type: postgresql
 matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}
 
+matrix_mxisd_dns_overwrite_enabled: true
+matrix_mxisd_dns_overwrite_homeserver_client_name: "matrix-mxisd"
+matrix_mxisd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"
+
 # By default, we send mail through the `matrix-mailer` service.
 matrix_mxisd_threepid_medium_email_identity_from: "{{ matrix_mailer_sender_address }}"
 matrix_mxisd_threepid_medium_email_connectors_smtp_host: "matrix-mailer"
@@ -126,6 +130,8 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 0
 
 matrix_mxisd_systemd_wanted_services_list: |
   {{
+    (['matrix-corporal.service'] if matrix_corporal_enabled else ['matrix-synapse.service'])
+    +
     (['matrix-postgres.service'] if matrix_postgres_enabled else [])
     +
     (['matrix-mailer.service'] if matrix_mailer_enabled else [])
@@ -165,6 +171,10 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_mxisd_enabled }
 matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
 matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090"
 
+matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_mxisd_enabled }}"
+matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
+matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
+
 matrix_nginx_proxy_systemd_wanted_services_list: |
   {{
     (['matrix-synapse.service'])

diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml
@@ -36,6 +36,13 @@ matrix_mxisd_threepid_medium_email_connectors_smtp_tls: 1
 matrix_mxisd_threepid_medium_email_connectors_smtp_login: ""
 matrix_mxisd_threepid_medium_email_connectors_smtp_password: ""
 
+# DNS overwrites are useful for telling mxisd how it can reach the homeserver directly.
+# Useful when reverse-proxying certain URLs (e.g. `/_matrix/client/r0/user_directory/search`) to mxisd,
+# so that mxisd can rewrite the original URL to one that would reach the homeserver.
+matrix_mxisd_dns_overwrite_enabled: false
+matrix_mxisd_dns_overwrite_homeserver_client_name: "matrix-mxisd"
+matrix_mxisd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008"
+
 # Default mxisd configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
@@ -56,6 +63,15 @@ matrix_mxisd_configuration_yaml: |
       sqlite:
         database: /var/mxisd/mxisd.db
 
+  {% if matrix_mxisd_dns_overwrite_enabled %}
+  dns:
+    overwrite:
+      homeserver:
+        client:
+          - name: {{ matrix_mxisd_dns_overwrite_homeserver_client_name }}
+            value: {{ matrix_mxisd_dns_overwrite_homeserver_client_value }}
+  {% endif %}
+
   {% if matrix_mxisd_matrixorg_forwarding_enabled %}
   forward:
     servers: ['matrix-org']

diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -24,6 +24,13 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
 matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "localhost:41081"
 
+# Controls whether proxying for the User Directory Search API (`/_matrix/client/r0/user_directory/search`) should be done (on the matrix domain).
+# This can be used to forward the API endpoint to another service, augmenting the functionality of Synapse's own User Directory Search.
+# To learn more, see: https://github.com/kamax-matrix/mxisd/blob/master/docs/features/directory.md
+matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
+matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-mxisd:8090"
+matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "localhost:8090"
+
 # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
 matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
 matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"

diff --git a/roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx-conf.d/matrix-synapse.conf.j2
@@ -74,6 +74,20 @@ server {
 	}
 	{% endif %}
 
+	{% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %}
+	location /_matrix/client/r0/user_directory/search {
+		{% if matrix_nginx_proxy_enabled %}
+			{# Use the embedded DNS resolver in Docker containers to discover the service #}
+			resolver 127.0.0.11 valid=5s;
+			set $backend "{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container }}";
+			proxy_pass http://$backend;
+		{% else %}
+			{# Generic configuration for use outside of our container setup #}
+			proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container }};
+		{% endif %}
+	}
+	{% endif %}
+
 	{% for configuration_block in matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks %}
 		{{- configuration_block }}
 	{% endfor %}