diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml index beff4658..22ba9253 100644 --- a/.config/ansible-lint.yml +++ b/.config/ansible-lint.yml @@ -9,5 +9,8 @@ skip_list: - schema - command-instead-of-shell - role-name + # We frequently load configuration from a template (into a variable), then merge that with another variable (configuration extension) + # before finally dumping it to a file. + - template-instead-of-copy offline: false diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index aa107858..8da5b969 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,7 +13,7 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run yamllint - uses: frenck/action-yamllint@v1.2.0 + uses: frenck/action-yamllint@v1.3.1 ansible-lint: name: ansible-lint runs-on: ubuntu-latest diff --git a/.gitignore b/.gitignore index 36c65bda..0b64b859 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,10 @@ !/inventory/.gitkeep !/inventory/host_vars/.gitkeep !/inventory/scripts -/roles/*/files/scratchpad +/roles/**/files/scratchpad .DS_Store .python-version + +# ignore roles pulled by ansible-galaxy +/roles/galaxy/* +!/roles/galaxy/.gitkeep diff --git a/.yamllint b/.yamllint index 08b89afd..75da2b70 100644 --- a/.yamllint +++ b/.yamllint @@ -1,8 +1,5 @@ --- extends: default -ignore: | - roles/matrix-synapse/vars/workers.yml - rules: line-length: disable diff --git a/CHANGELOG.md b/CHANGELOG.md index c8d31aba..209e9945 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,247 @@ +# 2022-11-05 + +## (Backward Compatibility Break) A new default standalone mode for Etherpad + +Until now, [Etherpad](https://etherpad.org/) (which [the playbook could install for you](docs/configuring-playbook-etherpad.md)) required the [Dimension integration manager](docs/configuring-playbook-dimension.md) to also be installed, because Etherpad was hosted on the Dimension domain (at `dimension.DOMAIN/etherpad`). + +From now on, Etherpad can be installed in `standalone` mode on `etherpad.DOMAIN` and used even without Dimension. This is much more versatile, so the playbook now defaults to this new mode (`matrix_etherpad_mode: standalone`). + +If you've already got both Etherpad and Dimension in use you could: + +- **either** keep hosting Etherpad under the Dimension domain by adding `matrix_etherpad_mode: dimension` to your `vars.yml` file. All your existing room widgets will continue working at the same URLs and no other changes will be necessary. + +- **or**, you could change to hosting Etherpad separately on `etherpad.DOMAIN`. You will need to [configure a DNS record](docs/configuring-dns.md) for this new domain. You will also need to reconfigure Dimension to use the new pad URLs (`https://etherpad.DOMAIN/...`) going forward (refer to our [configuring Etherpad documentation](docs/configuring-playbook-etherpad.md)). All your existing room widgets (which still use `https://dimension.DOMAIN/etherpad/...`) will break as Etherpad is not hosted there anymore. You will need to re-add them or to consider not using `standalone` mode + + +# 2022-11-04 + +## The playbook now uses external roles for some things + +**TLDR**: when updating the playbook and before running it, you'll need to run `make roles` to make [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) download dependency roles (see the [`requirements.yml` file](requirements.yml)) to the `roles/galaxy` directory. Without this, the playbook won't work. + +We're in the process of trimming the playbook and making it reuse Ansible roles. + +Starting now, the playbook is composed of 2 types of Ansible roles: + +- those that live within the playbook itself (`roles/custom/*`) + +- those downloaded from other sources (using [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to `roles/galaxy`, based on the [`requirements.yml` file](requirements.yml)). These roles are maintained by us or by other people from the Ansible community. + +We're doing this for greater code-reuse (across Ansible playbooks, including our own related playbooks [gitea-docker-ansible-deploy](https://github.com/spantaleev/gitea-docker-ansible-deploy) and [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy)) and decreased maintenance burden. Until now, certain features were copy-pasted across playbooks or were maintained separately in each one, with improvements often falling behind. We've also tended to do too much by ourselves - installing Docker on the server from our `matrix-base` role, etc. - something that we'd rather not do anymore by switching to the [geerlingguy.docker](https://galaxy.ansible.com/geerlingguy/docker) role. + +Some variable names will change during the transition to having more and more external (galaxy) roles. There's a new `custom/matrix_playbook_migration` role added to the playbook which will tell you about these changes each time you run the playbook. + +**From now on**, every time you update the playbook (well, every time the `requirements.yml` file changes), it's best to run `make roles` to update the roles downloaded from other sources. `make roles` is a shortcut (a `roles` target defined in [`Makefile`](Makefile) and executed by the [`make`](https://www.gnu.org/software/make/) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `make`, you can also manually run the commands seen in the `Makefile`. + + +# 2022-10-14 + +## synapse-s3-storage-provider support + +**`synapse-s3-storage-provider` support is very new and still relatively untested. Using it may cause data loss.** + +You can now store your Synapse media repository files on Amazon S3 (or another S3-compatible object store) using [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) - a media provider for Synapse (Python module), which should work faster and more reliably than our previous [Goofys](docs/configuring-playbook-s3-goofys.md) implementation (Goofys will continue to work). + +This is not just for initial installations. Users with existing files (stored in the local filesystem) can also migrate their files to `synapse-s3-storage-provider`. + +To get started, see our [Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider](docs/configuring-playbook-synapse-s3-storage-provider.md) documentation. + + +## Synapse container image customization support + +We now support customizing the Synapse container image by adding additional build steps to its [`Dockerfile`](https://docs.docker.com/engine/reference/builder/). + +Our [synapse-s3-storage-provider support](#synapse-s3-storage-provider-support) is actually built on this. When `s3-storage-provider` is enabled, we automatically add additional build steps to install its Python module into the Synapse image. + +Besides this kind of auto-added build steps (for components supported by the playbook), we also let you inject your own custom build steps using configuration like this: + +```yaml +matrix_synapse_container_image_customizations_enabled: true + +matrix_synapse_container_image_customizations_dockerfile_body_custom: | + RUN echo 'This is a custom step for building the customized Docker image for Synapse.' + RUN echo 'You can override matrix_synapse_container_image_customizations_dockerfile_body_custom to add your own steps.' + RUN echo 'You do NOT need to include a FROM clause yourself.' +``` + +People who have needed to customize Synapse previously had to fork the git repository, make their changes to the `Dockerfile` there, point the playbook to the new repository (`matrix_synapse_container_image_self_build_repo`) and enable self-building from scratch (`matrix_synapse_container_image_self_build: true`). This is harder and slower. + +With the new Synapse-customization feature in the playbook, we use the original upstream (pre-built, if available) Synapse image and only build on top of it, right on the Matrix server. This is much faster than building all of Synapse from scratch. + + +# 2022-10-02 + +## matrix-ldap-registration-proxy support + +Thanks to [@TheOneWithTheBraid](https://github.com/TheOneWithTheBraid), we now support installing [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) - a proxy which handles Matrix registration requests and forwards them to LDAP. + +See our [Setting up the ldap-registration-proxy](docs/configuring-playbook-matrix-ldap-registration-proxy.md) documentation to get started. + + +# 2022-09-15 + +## (Potential Backward Compatibility Break) Major improvements to Synapse workers + +People who are interested in running a Synapse worker setup should know that **our Synapse worker implementation is much more powerful now**: + +- we've added support for [Stream writers](#stream-writers-support) +- we've added support for [multiple federation sender workers](#multiple-federation-sender-workers-support) +- we've added support for [multiple pusher workers](#multiple-pusher-workers-support) +- we've added support for [running background tasks on a worker](#background-tasks-can-run-on-a-worker) +- we've restored support for [`appservice` workers](#appservice-worker-support-is-back) +- we've restored support for [`user_dir` workers](#user-directory-worker-support-is-back) +- we've made it possible to [reliably use more than 1 `media_repository` worker](#using-more-than-1-media-repository-worker-is-now-more-reliable) +- see the [Potential Backward Incompatibilities after these Synapse worker changes](#potential-backward-incompatibilities-after-these-synapse-worker-changes) + +### Stream writers support + +From now on, the playbook lets you easily set up various [stream writer workers](https://matrix-org.github.io/synapse/latest/workers.html#stream-writers) which can handle different streams (`events` stream; `typing` URL endpoints, `to_device` URL endpoints, `account_data` URL endpoints, `receipts` URL endpoints, `presence` URL endpoints). All of this work was previously handled by the main Synapse process, but can now be offloaded to stream writer worker processes. + +If you're using `matrix_synapse_workers_preset: one-of-each`, you'll automatically get 6 additional workers (one for each of the above stream types). Our `little-federation-helper` preset (meant to be quite minimal and focusing in improved federation performance) does not include stream writer workers. + +If you'd like to customize the number of workers we also make that possible using these variables: + +```yaml +# Synapse only supports more than 1 worker for the `events` stream. +# All other streams can utilize either 0 or 1 workers, not more than that. +matrix_synapse_workers_stream_writer_events_stream_workers_count: 5 +matrix_synapse_workers_stream_writer_typing_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_to_device_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_account_data_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_receipts_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_presence_stream_workers_count: 1 +``` + +### Multiple federation sender workers support + +Until now, we only supported a single `federation_sender` worker (`matrix_synapse_workers_federation_sender_workers_count` could either be `0` or `1`). +From now on, you can have as many as you want to help with your federation traffic. + +### Multiple pusher workers support + +Until now, we only supported a single `pusher` worker (`matrix_synapse_workers_pusher_workers_count` could either be `0` or `1`). +From now on, you can have as many as you want to help with pushing notifications out. + +### Background tasks can run on a worker + +From now on, you can put [background task processing on a worker](https://matrix-org.github.io/synapse/latest/workers.html#background-tasks). + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `background` worker automatically. +You can also control the `background` workers count with `matrix_synapse_workers_background_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. + +### Appservice worker support is back + +We previously had an `appservice` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. + +The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of talking to Application Services. +From now on, we have support for this. + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `appservice` worker automatically. +You can also control the `appservice` workers count with `matrix_synapse_workers_appservice_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. + +### User Directory worker support is back + +We previously had a `user_dir` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. + +The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of serving the user directory. +From now on, we have support for this. + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `user_dir` worker automatically. +You can also control the `user_dir` workers count with `matrix_synapse_workers_user_dir_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. + +### Using more than 1 media repository worker is now more reliable + +With `matrix_synapse_workers_preset: one-of-each`, we only launch one `media_repository` worker. + +If you've been configuring `matrix_synapse_workers_media_repository_workers_count` manually, you may have increased that to more workers. +When multiple media repository workers are in use, background tasks related to the media repository must always be configured to run on a single `media_repository` worker via `media_instance_running_background_jobs`. Until now, we weren't doing this correctly, but we now are. + +### Potential Backward Incompatibilities after these Synapse worker changes + +Below we'll discuss **potential backward incompatibilities**. + +- **Worker names** (container names, systemd services, worker configuration files) **have changed**. Workers are now labeled sequentially (e.g. `matrix-synapse-worker_generic_worker-18111` -> `matrix-synapse-worker-generic-0`). The playbook will handle these changes automatically. + +- Due to increased worker types support above, people who use `matrix_synapse_workers_preset: one-of-each` should be aware that with these changes, **the playbook will deploy 9 additional workers** (6 stream writers, 1 `appservice` worker, 1 `user_dir` worker, 1 background task worker). This **may increase RAM/CPU usage**, etc. If you find your server struggling, consider disabling some workers with the appropriate `matrix_synapse_workers_*_workers_count` variables. + +- **Metric endpoints have also changed** (`/metrics/synapse/worker/generic_worker-18111` -> `/metrics/synapse/worker/generic-worker-0`). If you're [collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server), consider revisiting our [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server) docs and updating your Prometheus configuration. **If you're collecting metrics to the integrated Prometheus server** (not enabled by default), **your Prometheus configuration will be updated automatically**. Old data (from before this change) may stick around though. + +- **the format of `matrix_synapse_workers_enabled_list` has changed**. You were never advised to use this variable for directly creating workers (we advise people to control workers using `matrix_synapse_workers_preset` or by tweaking `matrix_synapse_workers_*_workers_count` variables only), but some people may have started using the `matrix_synapse_workers_enabled_list` variable to gain more control over workers. If you're one of them, you'll need to adjust its value. See `roles/custom/matrix-synapse/defaults/main.yml` for more information on the new format. The playbook will also do basic validation and complain if you got something wrong. + + +# 2022-09-09 + +## Cactus Comments support + +Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now set up [Cactus Comments](https://cactus.chat) - federated comment system for the web based on Matrix. + +See our [Setting up a Cactus Comments server](docs/configuring-playbook-cactus-comments.md) documentation to get started. + + +# 2022-08-23 + +## Postmoogle email bridge support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up the new [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email bridge/bot. Postmoogle is like the [email2matrix bridge](https://github.com/devture/email2matrix) (also [already supported by the playbook](docs/configuring-playbook-email2matrix.md)), but more capable and with the intention to soon support *sending* emails, not just receiving. + +See our [Setting up Postmoogle email bridging](docs/configuring-playbook-bot-postmoogle.md) documentation to get started. + + +# 2022-08-10 + +## mautrix-whatsapp default configuration changes + +In [Pull Request #2012](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2012), we've made some changes to the default configuration used by the `mautrix-whatsapp` bridge. + +If you're using this bridge, you should look into this PR and see if the new configuration suits you. If not, you can always change individual preferences in your `vars.yml` file. + +Most notably, spaces support has been enabled by default. The bridge will now group rooms into a Matrix space. **If you've already bridged to Whatsapp** prior to this update, you will need to send `!wa sync space` to the bridge bot to make it create the space and put your existing rooms into it. + + +# 2022-08-09 + +## Conduit support + +Thanks to [Charles Wright](https://github.com/cvwright), we now have optional experimental [Conduit](https://conduit.rs) homeserver support for new installations. This comes as a follow-up to the playbook getting [Dendrite support](#dendrite-support) earlier this year. + +Existing Synapse or Dendrite installations do **not** need to be updated. **Synapse is still the default homeserver implementation** installed by the playbook. + +To try out Conduit, we recommend that you **use a new server** and the following `vars.yml` configuration: + +```yaml +matrix_homeserver_implementation: conduit +``` + +**The homeserver implementation of an existing server cannot be changed** (e.g. from Synapse or Dendrite to Conduit) without data loss. + + +# 2022-07-29 + +## mautrix-discord support + +Thanks to [MdotAmaan](https://github.com/MdotAmaan)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mautrix-discord](https://mau.dev/mautrix/discord) bridge. See our [Setting up Mautrix Discord bridging](docs/configuring-playbook-bridge-mautrix-discord.md) documentation page for getting started. + +**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases). + + +# 2022-07-27 + +## matrix-appservice-kakaotalk support + +The playbook now supports bridging to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) via [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) - a bridge based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. Thanks to [hnarjis](https://github.com/hnarjis) for helping us add support for this! + +See our [Setting up Appservice Kakaotalk bridging](docs/configuring-playbook-bridge-appservice-kakaotalk.md) documentation to get started. + + +# 2022-07-20 + +## maubot support + +Thanks to [Stuart Mumford (@Cadair)](https://github.com/cadair) for starting ([PR #373](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/373) and [PR #622](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/622)) and to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s) for finishing up (in [PR #1894](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894)), the playbook can now help you set up [maubot](https://github.com/maubot/maubot) - a plugin-based Matrix bot system. + +See our [Setting up maubot](docs/configuring-playbook-bot-maubot.md) documentation to get started. + + # 2022-07-14 ## mx-puppet-skype removal @@ -204,7 +448,7 @@ matrix_ma1sd_enabled: true We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401). -To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`. +To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/custom/matrix-synapse/defaults/main.yml`. # 2022-02-01 @@ -591,7 +835,7 @@ You have 3 ways to proceed: - stop the bridge (`systemctl stop matrix-mautrix-facebook`) - create a new `matrix_mautrix_facebook` Postgres database for it - run [pgloader](https://pgloader.io/) manually (we import this bridge's data using default settings and it works well) - - define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/matrix-mautrix-facebook/defaults/main.yml` + - define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/custom/matrix-mautrix-facebook/defaults/main.yml` - switch the bridge to Postgres (`matrix_mautrix_facebook_database_engine: 'postgres'` in your `vars.yml` file) - re-run the playbook (`--tags=setup-all,start`) and ensure the bridge works (`systemctl status matrix-mautrix-facebook` and `journalctl -fu matrix-mautrix-facebook`) - send a `login` message to the Facebook bridge bot again @@ -1469,7 +1713,7 @@ Having Synapse not be a required component potentially opens the door for instal ## Bridges are now separate from the Synapse role Bridges are no longer part of the `matrix-synapse` role. -Each bridge now lives in its own separate role (`roles/matrix-bridge-*`). +Each bridge now lives in its own separate role (`roles/custom/matrix-bridge-*`). These bridge roles are independent of the `matrix-synapse` role, so it should be possible to use them with a Synapse instance installed another way (not through the playbook). @@ -1763,7 +2007,7 @@ The following variables are no longer supported by this playbook: - `matrix_mxisd_template_config` You are encouraged to use the `matrix_mxisd_configuration_extension_yaml` variable to define your own mxisd configuration additions and overrides. -Refer to the [default variables file](roles/matrix-mxisd/defaults/main.yml) for more information. +Refer to the [default variables file](roles/custom/matrix-mxisd/defaults/main.yml) for more information. This new way of configuring mxisd is beneficial because: @@ -1825,14 +2069,14 @@ Based on feedback from others, running Synapse on Python 3 is supposed to decrea ## Riot homepage customization You can now customize some parts of the Riot homepage (or even completely replace it with your own custom page). -See the `matrix_riot_web_homepage_` variables in `roles/matrix-riot-web/defaults/main.yml`. +See the `matrix_riot_web_homepage_` variables in `roles/custom/matrix-riot-web/defaults/main.yml`. # 2018-12-04 ## mxisd extensibility -The [LDAP identity store for mxisd](https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md) can now be configured easily using playbook variables (see the `matrix_mxisd_ldap_` variables in `roles/matrix-server/defaults/main.yml`). +The [LDAP identity store for mxisd](https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md) can now be configured easily using playbook variables (see the `matrix_mxisd_ldap_` variables in `roles/custom/matrix-server/defaults/main.yml`). # 2018-11-28 diff --git a/Makefile b/Makefile index f0aeb397..b7fc41bd 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,11 @@ -.PHONY: lint +.PHONY: roles lint help: ## Show this help. - @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//' + @grep -F -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -e 's/\\$$//' | sed -e 's/##//' + +roles: ## Pull roles + rm -rf roles/galaxy + ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force lint: ## Runs ansible-lint against all roles in the playbook ansible-lint diff --git a/README.md b/README.md index 251df043..569dbb3f 100644 --- a/README.md +++ b/README.md @@ -19,9 +19,11 @@ Using this playbook, you can get the following services configured on your serve - (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network +- (optional) a [Conduit](https://conduit.rs) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements + - (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. -- (optional) [Amazon S3](https://aws.amazon.com/s3/) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys) +- (optional) [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys) or [`synapse-s3-storage-provider`](https://github.com/matrix-org/synapse-s3-storage-provider) - (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. @@ -43,10 +45,14 @@ Using this playbook, you can get the following services configured on your serve - (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module +- (optional, advanced) the [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) a proxy that handles Matrix registration requests and forwards them to LDAP. + - (optional, advanced) the [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) spam checker module - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server +- (optional) the [mautrix-discord](https://github.com/mautrix/discord) bridge for bridging your Matrix server to [Discord](https://discord.com/) - see [docs/configuring-playbook-bridge-mautrix-discord.md](docs/configuring-playbook-bridge-mautrix-discord.md) for setup documentation + - (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/) - (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) @@ -63,7 +69,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/) -- (optional) the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) +- (optional) the [beeper-linkedin](https://github.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) - (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) @@ -89,7 +95,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation -- (optional) the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation +- (optional) the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation - (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation @@ -103,8 +109,14 @@ Using this playbook, you can get the following services configured on your serve - (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation +- (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation + +- (optional) [maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-maubot.md](docs/configuring-playbook-bot-maubot.md) for setup documentation + - (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation +- (optional) [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email to matrix bot - see [docs/configuring-playbook-bot-postmoogle.md](docs/configuring-playbook-bot-postmoogle.md) for setup documentation + - (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation - (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation @@ -127,6 +139,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation +- (optional) [Cactus Comments](https://cactus.chat), a federated comment system built on matrix - see [docs/configuring-playbook-cactus-comments.md](docs/configuring-playbook-cactus-comments.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. diff --git a/docs/ansible.md b/docs/ansible.md index bd1fe927..e8a0ddb2 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -45,10 +45,7 @@ Alternatively, you can run Ansible inside a Docker container (powered by the [de This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook. -There are 2 ways to go about it: - -- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) -- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server) +You can either [run Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) or [run Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server). ### Running Ansible in a container on the Matrix server itself @@ -73,13 +70,15 @@ docker run -it --rm \ -w /work \ -v `pwd`:/work \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.13.0-r0 +docker.io/devture/ansible:2.13.6-r0 ``` Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. -You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now. +First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues). + +Finally, you can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now. ### Running Ansible in a container on another computer (not the Matrix server) @@ -92,7 +91,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.13.0-r0 +docker.io/devture/ansible:2.13.6-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). @@ -101,7 +100,10 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. -You can execute `ansible-playbook ...` commands as per normal now. +First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues). + +Finally, you execute `ansible-playbook ...` commands as per normal now. + #### If you don't use SSH keys for authentication @@ -112,3 +114,13 @@ apk add sshpass ``` Then, to be asked for the password whenever running an `ansible-playbook` command add `--ask-pass` to the arguments of the command. + +#### Resolve directory ownership issues + +Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as: + +> fatal: unsafe repository ('/work' is owned by someone else) +> To add an exception for this directory, call: +> git config --global --add safe.directory /work + +These errors can be resolved by making `git` trust the playbook directory by running `git config --global --add safe.directory /work` diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 9fde07f1..3fcd0f92 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -26,21 +26,29 @@ Be mindful as to how long it will take for the DNS records to propagate. If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail. +When you're done configuring DNS, proceed to [Configuring the playbook](configuring-playbook.md). + ## DNS settings for optional services/features -| Type | Host | Priority | Weight | Port | Target | -| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | -| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | -| CNAME | `dimension` | - | - | - | `matrix.` | -| CNAME | `jitsi` | - | - | - | `matrix.` | -| CNAME | `stats` | - | - | - | `matrix.` | -| CNAME | `goneb` | - | - | - | `matrix.` | -| CNAME | `sygnal` | - | - | - | `matrix.` | -| CNAME | `ntfy` | - | - | - | `matrix.` | -| CNAME | `hydrogen` | - | - | - | `matrix.` | -| CNAME | `cinny` | - | - | - | `matrix.` | -| CNAME | `wsproxy` | - | - | - | `matrix.` | -| CNAME | `buscarron` | - | - | - | `matrix.` | +| Used by component | Type | Host | Priority | Weight | Port | Target | +| ----------------------------------------------------------------------------------------------------------------------- | ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- | +| [ma1sd](configuring-playbook-ma1sd.md) identity server | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | +| [Dimension](configuring-playbook-dimension.md) integration server | CNAME | `dimension` | - | - | - | `matrix.` | +| [Jitsi](configuring-playbook-jitsi.md) video-conferencing platform | CNAME | `jitsi` | - | - | - | `matrix.` | +| [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) monitoring system | CNAME | `stats` | - | - | - | `matrix.` | +| [Go-NEB](configuring-playbook-bot-go-neb.md) bot | CNAME | `goneb` | - | - | - | `matrix.` | +| [Sygnal](configuring-playbook-sygnal.md) push notification gateway | CNAME | `sygnal` | - | - | - | `matrix.` | +| [ntfy](configuring-playbook-ntfy.md) push notifications server | CNAME | `ntfy` | - | - | - | `matrix.` | +| [Etherpad](configuring-playbook-etherpad.md) collaborative text editor | CNAME | `etherpad` | - | - | - | `matrix.` | +| [Hydrogen](configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.` | +| [Cinny](configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.` | +| [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | MX | `matrix` | 10 | 0 | - | `matrix.` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` | + +When setting up a SRV record, if you are asked for a service and protocol instead of a hostname split the host value from the table where the period is. For example use service as `_matrix-identity` and protocol as `_tcp`. ## Subdomains setup @@ -61,6 +69,8 @@ The `sygnal.` subdomain may be necessary, because this playbook cou The `ntfy.` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.` DNS record. +The `etherpad.` subdomain may be necessary, because this playbook could install the [Etherpad](https://etherpad.org/) a highly customizable open source online editor providing collaborative editing in really real-time. The installation of etherpad is disabled by default, it is not a core required component. To learn how to install it, see our [configuring etherpad guide](configuring-playbook-etherpad.md). If you do not wish to set up etherpad, feel free to skip the `etherpad.` DNS record. + The `hydrogen.` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.` DNS record. The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. @@ -80,3 +90,8 @@ This is an optional feature for the optionally-installed [ma1sd service](configu Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md). + +## `_dmarc`, `postmoogle._domainkey` TXT and `matrix` MX records setup + +To make the [postmoogle](configuring-playbook-bot-postmoogle.md) email bridge enable its email sending features, you need to configure +SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 44c970af..f3cfc6de 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -43,22 +43,28 @@ matrix_backup_borg_location_repositories: - USER@HOST:REPO matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" matrix_backup_borg_ssh_key_private: | - PRIVATE KEY + -----BEGIN OPENSSH PRIVATE KEY----- + TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2NpbmcgZW + xpdCwgc2VkIGRvIGVpdXNtb2QgdGVtcG9yIGluY2lkaWR1bnQgdXQgbGFib3JlIGV0IGRv + bG9yZSBtYWduYSBhbGlxdWEuIFV0IGVuaW0gYWQgbWluaW0gdmVuaWFtLCBxdWlzIG5vc3 + RydWQgZXhlcmNpdGF0aW9uIHVsbGFtY28gbGFib3JpcyBuaXNpIHV0IGFsaXF1aXAgZXgg + ZWEgY29tbW9kbyBjb25zZXF1YXQuIA== + -----END OPENSSH PRIVATE KEY----- ``` where: * USER - SSH user of a provider/server * HOST - SSH host of a provider/server -* REPO - borg repository name, it will be initialized on backup start, eg: `matrix` +* REPO - borg repository name, it will be initialized on backup start, eg: `matrix`, regarding Syntax see [Remote repositories](https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls) * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager -* PRIVATE KEY - the content of the **private** part of the SSH key you created before +* PRIVATE KEY - the content of the **private** part of the SSH key you created before. The whole key (all of its belonging lines) under `matrix_backup_borg_ssh_key_private` needs to be indented with 2 spaces To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable. `matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. -Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options. +Check the `roles/custom/matrix-backup-borg/defaults/main.yml` file for the full list of available options. ## Installing @@ -67,3 +73,9 @@ After configuring the playbook, run the [installation](installing.md) command ag ``` ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ``` + +## Manually start a backup + +For testing your setup it can be helpful to not wait until 4am. If you want to run the backup immediately, log onto the server +and run `systemctl start matrix-backup-borg`. This will not return until the backup is done, so possibly a long time. +Consider using [tmux](https://en.wikipedia.org/wiki/Tmux) if your SSH connection is unstable. diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md index 3a5822ab..0b80ba40 100644 --- a/docs/configuring-playbook-bot-buscarron.md +++ b/docs/configuring-playbook-bot-buscarron.md @@ -5,20 +5,6 @@ The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/bu It's a bot you can use to setup **your own helpdesk on matrix** It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room -## Registering the bot user - -By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`. - -(to use a different username, adjust the `matrix_bot_buscarron_login` variable). - -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - ## Adjusting the playbook configuration @@ -27,7 +13,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_buscarron_enabled: true -# Adjust this to whatever password you chose when registering the bot user +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_buscarron_login: bot.buscarron + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT # Adjust accepted forms @@ -36,10 +25,10 @@ matrix_bot_buscarron_forms: room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + hasemail: 1 # (optional) form has "email" field that should be validated extensions: [] # (optional) list of form extensions (not used yet) -matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically -matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically +matrix_bot_buscarron_spamlist: [] # (optional) list of emails/domains/hosts (with wildcards support) that should be rejected automatically ``` You will also need to add a DNS record so that buscarron can be accessed. @@ -57,9 +46,15 @@ matrix_server_fqn_buscarron: "form.{{ matrix_domain }}" After configuring the playbook, run the [installation](installing.md) command again: +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` + +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_buscarron_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_buscarron_password` to let the bot know its new password ## Usage diff --git a/docs/configuring-playbook-bot-go-neb.md b/docs/configuring-playbook-bot-go-neb.md index 33ce4dd3..6ec2056c 100644 --- a/docs/configuring-playbook-bot-go-neb.md +++ b/docs/configuring-playbook-bot-go-neb.md @@ -21,20 +21,7 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` - -## Getting an access token - -If you use curl, you can get an access token like this: - -``` -curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "bot.go-neb" }, - "password": "a strong password", - "type": "m.login.password" -}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' -``` - -Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token), but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start). +Once the user is created you can [obtain an access token](obtaining-access-tokens.md). ## Adjusting the playbook configuration diff --git a/docs/configuring-playbook-bot-honoroit.md b/docs/configuring-playbook-bot-honoroit.md index 45fc033d..42f31d49 100644 --- a/docs/configuring-playbook-bot-honoroit.md +++ b/docs/configuring-playbook-bot-honoroit.md @@ -7,21 +7,6 @@ It's a bot you can use to setup **your own helpdesk on matrix** See the project's [documentation](https://gitlab.com/etke.cc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you. -## Registering the bot user - -By default, the playbook will set up the bot with a username like this: `@honoroit:DOMAIN`. - -(to use a different username, adjust the `matrix_bot_honoroit_login` variable). - -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=honoroit password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - - ## Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: @@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_honoroit_enabled: true -# Adjust this to whatever password you chose when registering the bot user +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_honoroit_login: honoroit + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` matrix_bot_honoroit_password: PASSWORD_FOR_THE_BOT # Adjust this to your room ID @@ -41,9 +29,15 @@ matrix_bot_honoroit_roomid: "!yourRoomID:DOMAIN" After configuring the playbook, run the [installation](installing.md) command again: +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` + +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_honoroit_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_honoroit_password` to let the bot know its new password ## Usage diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index c47d5bfd..b1e3fdc6 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -16,7 +16,7 @@ By default, the playbook will set use the bot with a username like this: `@bot.m (to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable). -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): +For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): ``` ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user @@ -26,14 +26,7 @@ Choose a strong password for the bot. You can generate a good password with a co ## Obtaining an admin access token -In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the -bot, it is recommended to obtain an access token by logging into Element/Schildichat with the bot account -(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom. -You can expand "Access token" to copy it. - -![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png) - -**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token. +In order to use the bot you need to add an admin user's access token token to the configuration. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). ## Adjusting the playbook configuration @@ -63,7 +56,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. diff --git a/docs/configuring-playbook-bot-matrix-reminder-bot.md b/docs/configuring-playbook-bot-matrix-reminder-bot.md index aaf5670c..da73e5db 100644 --- a/docs/configuring-playbook-bot-matrix-reminder-bot.md +++ b/docs/configuring-playbook-bot-matrix-reminder-bot.md @@ -7,21 +7,6 @@ It's a bot you can use to **schedule one-off & recurring reminders and alarms**. See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage) to learn what it does and why it might be useful to you. -## Registering the bot user - -By default, the playbook will set up the bot with a username like this: `@bot.matrix-reminder-bot:DOMAIN`. - -(to use a different username, adjust the `matrix_bot_matrix_reminder_bot_matrix_user_id_localpart` variable). - -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-reminder-bot password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - - ## Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: @@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_matrix_reminder_bot_enabled: true -# Adjust this to whatever password you chose when registering the bot user +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_matrix_reminder_bot_matrix_user_id_localpart: bot.matrix-reminder-bot + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` matrix_bot_matrix_reminder_bot_matrix_user_password: PASSWORD_FOR_THE_BOT # Adjust this to your timezone @@ -41,9 +29,15 @@ matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/London After configuring the playbook, run the [installation](installing.md) command again: +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` + +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_matrix_reminder_bot_matrix_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_matrix_reminder_bot_matrix_user_password` to let the bot know its new password ## Usage diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md new file mode 100644 index 00000000..11ab1cce --- /dev/null +++ b/docs/configuring-playbook-bot-maubot.md @@ -0,0 +1,58 @@ +# Setting up maubot (optional) + +The playbook can install and configure [maubot](https://github.com/maubot/maubot) for you. + +After setting up maubot, you can use the web management interface to make it do things. +The default location of the management interface is `matrix./_matrix/maubot/` + +See the project's [documentation](https://docs.mau.fi/maubot/usage/basic.html) to learn what it +does and why it might be useful to you. + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_maubot_enabled: true +matrix_bot_maubot_admins: + - yourusername: securepassword +``` + +You can add multiple admins. The admin accounts are not connected to any matrix ID and are only used to access the +maubot administration interface. + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + +## Usage + +You can visit `matrix./_matrix/maubot/` to manage your available plugins, clients and instances. + +You should start in the following order +1. **Create one or more clients:** A client is a matrix account which the bot will use to message. +2. **Upload some Plugins:** Plugins can be obtained from [here](https://github.com/maubot/maubot#plugins) or any other source. +3. **Create an instance:** An instance is the actual bot. You have to specify a client which the bot instance will use +and the plugin (how the bot will behave) + +To add a client you first need to create an account and obtain a valid access token. + +## Registering the bot user + +You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.maubot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user +``` + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + +## Obtaining an admin access token + +This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands you'll need to open the bot docker container with `docker exec -it matrix-bot-maubot sh` +Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md). However these two methods won't allow the bot to work in encrypted rooms. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 5ddb2ad3..5fc6331e 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -24,22 +24,12 @@ If you would like Mjolnir to be able to deactivate users, move aliases, shutdown ## 2. Get an access token -If you use curl, you can get an access token like this: - -``` -curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "bot.mjolnir" }, - "password": "PASSWORD_FOR_THE_BOT", - "type": "m.login.password" -}' 'https://matrix.DOMAIN/_matrix/client/r0/login' -``` - -Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token). +Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). ## 3. Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps. +You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps. 1. Copy the statement below into a text editor. diff --git a/docs/configuring-playbook-bot-postmoogle.md b/docs/configuring-playbook-bot-postmoogle.md new file mode 100644 index 00000000..0fa36693 --- /dev/null +++ b/docs/configuring-playbook-bot-postmoogle.md @@ -0,0 +1,53 @@ +# Setting up Postmoogle (optional) + +**Note**: email bridging can also happen via the [email2matrix](configuring-playbook-email2matrix.md) bridge supported by the playbook. + +The playbook can install and configure [Postmoogle](https://gitlab.com/etke.cc/postmoogle) for you. + +It's a bot/bridge you can use to forward emails to Matrix rooms + +See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_postmoogle_enabled: true + +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_postmoogle_login: postmoogle + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` +matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT +``` + +You will also need to add several DNS records so that postmoogle can send emails. +See [Configuring DNS](configuring-dns.md). + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start +``` + +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_postmoogle_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_postmoogle_password` to let the bot know its new password + + +## Usage + +To use the bot, invite the `@postmoogle:DOMAIN` into a room you want to use as a mailbox. + +Then send `!pm mailbox NAME` to expose this Matrix room as an inbox with the email address `NAME@matrix.domain`. Emails sent to that email address will be forwarded to the room. + +Send `!pm help` to the room to see the bot's help menu for additional commands. + +You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/postmoogle). diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index e25686bf..d37724c0 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,6 +1,8 @@ # Setting up Appservice Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. +- For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. @@ -61,7 +63,7 @@ To get started with Portal Bridging: 1. To invite the bot to Discord, retrieve the invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). 2. Room addresses follow this syntax: `#_discord__`. You can easily find the guild and channel IDs by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discord.com/channels//`. -3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. +3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. ## Getting Administrator access in a portal bridged room diff --git a/docs/configuring-playbook-bridge-appservice-kakaotalk.md b/docs/configuring-playbook-bridge-appservice-kakaotalk.md new file mode 100644 index 00000000..99ddafe8 --- /dev/null +++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md @@ -0,0 +1,64 @@ +# Setting up Appservice Kakaotalk (optional) + +The playbook can install and configure [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) for you. `matrix-appservice-kakaotalk` is a bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. + +**NOTE**: there have been recent reports (~2022-09-16) that **using this bridge may get your account banned**. + +See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you. + + +## Installing + +To enable the bridge, add this to your `vars.yml` file: + +```yaml +matrix_appservice_kakaotalk_enabled: true +``` + +You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation. + +After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +To make use of the Kakaotalk bridge, see [Usage](#usage) below. + + +### Additional configuration + +There are some additional things you may wish to configure about the bridge. + +Take a look at: + +- `roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable + + +### Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +#### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +#### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Appservice-Kakaotalk` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + +Start a chat with `@kakaotalkbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login --save EMAIL_OR_PHONE_NUMBER` to the bridge bot to enable bridging for your Kakaotalk account. The `--save` flag may be omitted, if you'd rather not save your password. + +After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md index bcc9d0f5..6ec294fb 100644 --- a/docs/configuring-playbook-bridge-beeper-linkedin.md +++ b/docs/configuring-playbook-bridge-beeper-linkedin.md @@ -1,8 +1,8 @@ # Setting up Beeper Linkedin (optional) -The playbook can install and configure [beeper-linkedin](https://gitlab.com/beeper/linkedin) for you, for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges +The playbook can install and configure [beeper-linkedin](https://github.com/beeper/linkedin) for you, for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges -See the project's [documentation](https://gitlab.com/beeper/linkedin/-/blob/master/README.md) to learn what it does and why it might be useful to you. +See the project's [documentation](https://github.com/beeper/linkedin/blob/master/README.md) to learn what it does and why it might be useful to you. ```yaml matrix_beeper_linkedin_enabled: true @@ -27,7 +27,7 @@ matrix_beeper_linkedin_configuration_extension_yaml: | '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure. ## Set up Double Puppeting diff --git a/docs/configuring-playbook-bridge-heisenbridge.md b/docs/configuring-playbook-bridge-heisenbridge.md index 2c1b438f..b21eab1f 100644 --- a/docs/configuring-playbook-bridge-heisenbridge.md +++ b/docs/configuring-playbook-bridge-heisenbridge.md @@ -8,7 +8,7 @@ See the project's [README](https://github.com/hifi/heisenbridge/blob/master/READ ## Configuration -Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/matrix-bridge-heisenbridge/defaults/main.yml). +Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/custom/matrix-bridge-heisenbridge/defaults/main.yml). At a minimum, you only need to enable the bridge to get it up and running (`inventory/host_vars/matrix.DOMAIN/vars.yml`): diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 3e8a54a2..5cd4dd4c 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -8,17 +8,36 @@ See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/l Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. + ## Setup Instructions Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do. -1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. -2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. -4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. +1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file +2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required. +3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). +4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. +Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them. + +Finally, run the playbook (see [installing](installing.md)). + + +## Usage + +Create a room and invite the Hookshot bot (`@hookshot:DOMAIN`) to it. + +Make sure the bot is able to send state events (usually the Moderator power level in clients). + +Send a `!hookshot help` message to see a list of help commands. + +Refer to [Hookshot's documentation](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) for more details about using the brige's various features. + +**Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](#urls-for-bridges-setup) below. + + +## More setup documentation ### URLs for bridges setup @@ -35,14 +54,14 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | | metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | -See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). +See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml). -The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. +The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. ### Manage GitHub Private Key with matrix-aux role The GitHub bridge requires you to install a private key file. This can be done in multiple ways: -- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml)). +- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)). - somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually. - use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server. @@ -55,7 +74,7 @@ matrix_aux_file_definitions: owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" ``` -For more info see the documentation in the [matrix-aux base configuration file](/roles/matrix-aux/defaults/main.yml). +For more info see the documentation in the [matrix-aux base configuration file](/roles/custom/matrix-aux/defaults/main.yml). ### Provisioning API diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md new file mode 100644 index 00000000..6acab6f1 --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -0,0 +1,91 @@ +# Setting up Mautrix Discord (optional) + +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. +- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +- For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. + +The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you. + +See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you. + + +## Prerequisites + +There are 2 ways to login to discord using this bridge, either by [scanning a QR code](#method-1-login-using-qr-code-recommended) using the Discord mobile app **or** by using a [Discord token](#method-2-login-using-discord-token-not-recommended). + +If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you proceed with this one if possible. + +## Installing + +To enable the bridge, add this to your `vars.yml` file: + +```yaml +matrix_mautrix_discord_enabled: true +``` + +You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation. + +After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +To make use of the bridge, see [Usage](#usage) below. + + +### Additional configuration + +There are some additional things you may wish to configure about the bridge. + +Take a look at: + +- `roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable + + +### Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +#### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +#### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Mautrix-Discord` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + +### Logging in + +#### Method 1: Login using QR code (recommended) + +For using this bridge, you would need to authenticate by **scanning a QR code** with the Discord app on your phone. + +You can delete the Discord app after the authentication process. + +#### Method 2: Login using Discord token (not recommended) + +To acquire the token, open Discord in a private browser window. Then open the developer settings (keyboard shortcut might be "ctrl+shift+i" or by pressing "F12"). Navigate to the "Network" tab then reload the page. In the URL filter or search bar type "/api" and find the response with the file name of "library". Under the request headers you should find a variable called "Authorization", this is the token to your Discord account. After copying the token, you can close the browser window. + +### Bridging + +1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +2. If you would like to login to Discord using a token, send `login-token` command, otherwise, send `login-qr` command. +3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app. +4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..." +5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to +6. Some Direct Messages from Discord should start syncing automatically +7. If you'd like to bridge guilds: +- send `guilds status` to see the list of guilds +- for each guild that you'd like bridged, send `guilds bridge GUILD_ID --entire` +8. You may wish to uninstall the Discord app from your phone now. It's not needed for the bridge to function. diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 4429f004..82d51df3 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: | default: true ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting @@ -58,13 +58,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: -- retrieve a Matrix access token for yourself. You can use the following command: - -``` -curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Facebook", "initial_device_display_name": "Mautrix-Facebook"}' \ -https://matrix.DOMAIN/_matrix/client/r0/login -``` +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). - send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` diff --git a/docs/configuring-playbook-bridge-mautrix-googlechat.md b/docs/configuring-playbook-bridge-mautrix-googlechat.md index 381d1f29..6527294b 100644 --- a/docs/configuring-playbook-bridge-mautrix-googlechat.md +++ b/docs/configuring-playbook-bridge-mautrix-googlechat.md @@ -29,13 +29,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: -- retrieve a Matrix access token for yourself. You can use the following command: - -``` -curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-googlechat", "initial_device_display_name": "Mautrix-googlechat"}' \ -https://matrix.DOMAIN/_matrix/client/r0/login -``` +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). - send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md index f6129777..49dad027 100644 --- a/docs/configuring-playbook-bridge-mautrix-hangouts.md +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -31,13 +31,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: -- retrieve a Matrix access token for yourself. You can use the following command: - -``` -curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Hangouts", "initial_device_display_name": "Mautrix-Hangouts"}' \ -https://matrix.DOMAIN/_matrix/client/r0/login -``` +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). - send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index cbfdcb0b..c5b3feb7 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -31,7 +31,7 @@ matrix_mautrix_instagram_configuration_extension_yaml: | '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. ## Usage diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index f47640b9..13e424d4 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -55,7 +55,7 @@ matrix_mautrix_signal_bridge_permissions: | '@USER:YOUR_DOMAIN' : user ``` -You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure. ## Set up Double Puppeting @@ -73,13 +73,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: -- retrieve a Matrix access token for yourself. You can use the following command: - -``` -curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Signal", "initial_device_display_name": "Mautrix-Signal"}' \ -https://matrix.DOMAIN/_matrix/client/r0/login -``` +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). - send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index 924de8ca..91596afc 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -28,13 +28,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: -- retrieve a Matrix access token for yourself. You can use the following command: - -``` -curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Telegram", "initial_device_display_name": "Mautrix-Telegram"}' \ -https://matrix.DOMAIN/_matrix/client/r0/login -``` +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). - send `login-matrix` to the bot and follow instructions about how to send the access token to it @@ -65,3 +59,8 @@ matrix_mautrix_telegram_configuration_extension_yaml: | More details about permissions in this example: https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml#L410 + +If you like to exclude all groups from syncing and use the Telgeram-Bridge only for direct chats, you can add the following additional playbook configuration: +```yaml +matrix_mautrix_telegram_filter_mode: whitelist +``` diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index 2af38be1..8ae6e5a0 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -44,13 +44,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: -- retrieve a Matrix access token for yourself. You can use the following command: - -``` -curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Whatsapp", "initial_device_display_name": "Mautrix-Whatsapp"}' \ -https://matrix.DOMAIN/_matrix/client/r0/login -``` +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). - send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 2be7f206..c266f843 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,6 +1,8 @@ # Setting up MX Puppet Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +- For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. diff --git a/docs/configuring-playbook-bridge-mx-puppet-groupme.md b/docs/configuring-playbook-bridge-mx-puppet-groupme.md index 2f0eda19..4d03d5d9 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-groupme.md +++ b/docs/configuring-playbook-bridge-mx-puppet-groupme.md @@ -1,7 +1,7 @@ # Setting up MX Puppet GroupMe (optional) The playbook can install and configure -[mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) for you. +[mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) for you. See the project page to learn what it does and why it might be useful to you. diff --git a/docs/configuring-playbook-cactus-comments.md b/docs/configuring-playbook-cactus-comments.md new file mode 100644 index 00000000..00c76f54 --- /dev/null +++ b/docs/configuring-playbook-cactus-comments.md @@ -0,0 +1,65 @@ +# Setting up Cactus Comments (optional) + +The playbook can install and configure [Cactus Comments](https://cactus.chat) for you. + +Cactus Comments is a **federated comment system** built on Matrix. The role allows you to self-host the system. +It respects your privacy, and puts you in control. + +See the project's [documentation](https://cactus.chat/docs/getting-started/introduction/) to learn what it +does and why it might be useful to you. + + +## Configuration + +Add the following block to your `vars.yaml` and make sure to exchange the tokens to randomly generated values. + +```yaml +################# +## Cactus Chat ## +################# + +matrix_cactus_comments_enabled: true + +# To allow guest comments without users needing to log in, you need to have guest registration enabled. +# To do this you need to uncomment one of the following lines (depending if you are using synapse or dentrite as a homeserver) +# If you don't know which one you use: The default is synapse ;) +# matrix_synapse_allow_guest_access: true +# matrix_dentrite_allow_guest_access +``` + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +Upon starting Cactus Comments, a `bot.cactusbot` user account is created automatically. + +To get started, send a `help` message to the `@bot.cactusbot:your-homeserver.com` bot to confirm it's working. +Then, register a site by typing: `register `. You will then be invited into a moderation room. +Now you are good to go and can include the comment section on your website! + +**Careful:** To really make use of self-hosting you need change a few things in comparison to the official docs! + +Insert the following snippet into you page and make sure to replace `example.com` with your base domain! + + +```html + + +
+ +``` diff --git a/docs/configuring-playbook-client-element.md b/docs/configuring-playbook-client-element.md index 45299c55..1f90aca6 100644 --- a/docs/configuring-playbook-client-element.md +++ b/docs/configuring-playbook-client-element.md @@ -17,7 +17,7 @@ matrix_client_element_enabled: false The playbook provides some customization variables you could use to change Element's settings. -Their defaults are defined in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/matrix-client-element/templates/config.json.j2`](../roles/matrix-client-element/templates/config.json.j2) template. +Their defaults are defined in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/custom/matrix-client-element/templates/config.json.j2`](../roles/custom/matrix-client-element/templates/config.json.j2) template. **If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix./vars.yml`) and [re-run the playbook](installing.md) to apply the changes. @@ -25,14 +25,14 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo - you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Element's various settings that rarely get used. -- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml). +- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/custom/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml). -- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml). +- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml). ## Themes -To change the look of Element, you can define your own themes manually by using the `matrix_client_element__settingDefaults_custom_themes` setting. +To change the look of Element, you can define your own themes manually by using the `matrix_client_element_settingDefaults_custom_themes` setting. Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`). diff --git a/docs/configuring-playbook-conduit.md b/docs/configuring-playbook-conduit.md new file mode 100644 index 00000000..8739a567 --- /dev/null +++ b/docs/configuring-playbook-conduit.md @@ -0,0 +1,58 @@ +# Configuring Conduit (optional) + +By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Conduit](https://conduit.rs). + +**NOTES**: + +- **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet. + +- **homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding + + +## Installation + +To use Conduit, you **generally** need the following additional `vars.yml` configuration: + +```yaml +matrix_homeserver_implementation: conduit +``` + +However, since Conduit is difficult (see [famedly/conduit#276](https://gitlab.com/famedly/conduit/-/issues/276) and [famedly/conduit#354](https://gitlab.com/famedly/conduit/-/merge_requests/354)) when it comes to creating the first user account and does not support [registering users](registering-users.md) (via the command line or via the playbook) like Synapse and Dendrite do, we recommend the following flow: + +1. Add `matrix_conduit_allow_registration: true` to your `vars.yml` the first time around, temporarily +2. Run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` - see [Installing](installing.md)) +3. Create your first user via Element or any other client which supports creating users +4. Get rid of `matrix_conduit_allow_registration: true` from your `vars.yml` +5. Run the playbook again (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-conduit,start` would be enough this time) +6. You can now use your server safely. Additional users can be created by messaging the internal Conduit bot + + +## Configuring bridges / appservices + +Automatic appservice setup is currently unsupported when using conduit. After setting up the service as usual you may notice that it is unable to start. + +You will have to manually register appservices using the the [register-appservice](https://gitlab.com/famedly/conduit/-/blob/next/APPSERVICES.md) command. + +Find the `registration.yaml` in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`, then pass the content to conduit: + + + @conduit:your.server.name: register-appservice + ``` + as_token: + de.sorunome.msc2409.push_ephemeral: true + hs_token: + id: signal + namespaces: + aliases: + - exclusive: true + regex: ^#signal_.+:example\.org$ + users: + - exclusive: true + regex: ^@signal_.+:example\.org$ + - exclusive: true + regex: ^@signalbot:example\.org$ + rate_limited: false + sender_localpart: _bot_signalbot + url: http://matrix-mautrix-signal:29328 + ``` + diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index 73a7fc0e..e201785a 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -22,7 +22,7 @@ matrix_dimension_enabled: true ## Define admin users -These users can modify the integrations this Dimension supports. +These users can modify the integrations this Dimension supports. Add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml @@ -39,27 +39,7 @@ We recommend that you create a dedicated Matrix user for Dimension (`dimension` Follow our [Registering users](registering-users.md) guide to learn how to register **a regular (non-admin) user**. You are required to specify an access token (belonging to this new user) for Dimension to work. -To get an access token for the Dimension user, you can follow one of two options: - -*Through an interactive login*: - -1. In a private browsing session (incognito window), open Element. -1. Log in with the `dimension` user and its password. -1. Set the display name and avatar, if required. -1. In the settings page choose "Help & About", scroll down to the bottom and expand the `Access Token` section. -1. Copy the access token to your configuration. -1. Close the private browsing session. **Do not log out**. Logging out will invalidate the token, making it not work. - -*With CURL* - -``` -curl -X POST --header 'Content-Type: application/json' -d '{ - "identifier": { "type": "m.id.user", "user": "YourDimensionUsername" }, - "password": "YourDimensionPassword", - "type": "m.login.password" -}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' -``` -*Change `YourDimensionUsername`, `YourDimensionPassword`, and `YOURDOMAIN` accordingly.* +To get an access token for the Dimension user, you can follow the documentation on [how to do obtain an access token](obtaining-access-tokens.md). **Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.** @@ -93,6 +73,6 @@ In the interim until the above limitation is resolved, an admin user needs to co ## Additional features To use a more custom configuration, you can define a `matrix_dimension_configuration_extension_yaml` string variable and put your configuration in it. -To learn more about how to do this, refer to the information about `matrix_dimension_configuration_extension_yaml` in the [default variables file](../roles/matrix-dimension/defaults/main.yml) of the Dimension component. +To learn more about how to do this, refer to the information about `matrix_dimension_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-dimension/defaults/main.yml) of the Dimension component. You can find all configuration options on [GitHub page of Dimension project](https://github.com/turt2live/matrix-dimension/blob/master/config/default.yaml). diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md index 510a9dcc..56e181f1 100644 --- a/docs/configuring-playbook-email2matrix.md +++ b/docs/configuring-playbook-email2matrix.md @@ -1,5 +1,8 @@ # Setting up Email2Matrix (optional) +**Note**: email bridging can also happen via the [Postmoogle](configuring-playbook-bot-postmoogle.md) bot supported by the playbook. +Postmoogle is much more powerful and easier to use, so we recommend that you use it, instead of Email2Matrix. + The playbook can install and configure [email2matrix](https://github.com/devture/email2matrix) for you. See the project's [documentation](https://github.com/devture/email2matrix/blob/master/docs/README.md) to learn what it does and why it might be useful to you. @@ -7,6 +10,10 @@ See the project's [documentation](https://github.com/devture/email2matrix/blob/m ## Preparation +### DNS configuration + +It's not strictly necessary, but you may increase the chances that incoming emails reach your server by adding an `MX` record for `matrix.DOMAIN`, as described in the [Configuring DNS](configuring-dns.md) documentation page. + ### Port availability Ensure that port 25 is available on your Matrix server and open in your firewall. @@ -34,18 +41,7 @@ You'll need the room id when doing [Configuration](#configuration) below. ### Obtaining an access token for the sender user -In order for the sender user created above to be able to send messages to the room, we'll need to obtain an access token for it. - -To do this, you can execute a command like this: - -``` -curl \ ---data '{"identifier": {"type": "m.id.user", "user": "email2matrix" }, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \ -https://matrix.DOMAIN/_matrix/client/r0/login -``` - -Take note of the `access_token` value. You'll need the access token when doing [Configuration](#configuration) below. - +In order for the sender user created above to be able to send messages to the room, we'll need to obtain an access token for it. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). ## Configuration diff --git a/docs/configuring-playbook-etherpad.md b/docs/configuring-playbook-etherpad.md index 4c38bb3c..2ea423ef 100644 --- a/docs/configuring-playbook-etherpad.md +++ b/docs/configuring-playbook-etherpad.md @@ -1,12 +1,20 @@ # Setting up Etherpad (optional) -[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io) +[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io) or used as standalone web app. When enabled together with the Jitsi audio/video conferencing system (see [our docs on Jitsi](configuring-playbook-jitsi.md)), it will be made available as an option during the conferences. + ## Prerequisites -For the self-hosted Etherpad instance to be available to your users, you must first enable and configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md) +Etherpad can be installed in 2 modes: + +- (default) `standalone` mode (`matrix_etherpad_mode: standalone`) - Etherpad will be hosted on `etherpad.` (`matrix_server_fqn_etherpad`), so the DNS record for this domian must be created. See [Configuring your DNS server](configuring-dns.md) on how to set up the `etherpad` DNS record correctly + +- `dimension` mode (`matrix_etherpad_mode: dimension`) - Etherpad will be hosted on `dimension./etherpad` (`matrix_server_fqn_dimension`). This requires that you **first** configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md) + +We recomend that you go with the default (`standalone`) mode, which makes Etherpad independent and allows it to be used with or without Dimension. + ## Installing @@ -14,35 +22,40 @@ For the self-hosted Etherpad instance to be available to your users, you must fi ```yaml matrix_etherpad_enabled: true + +# Uncomment below if you'd like to install Etherpad on the Dimension domain (not recommended) +# matrix_etherpad_mode: dimension + +# Uncomment below to enable the admin web UI +# matrix_etherpad_admin_username: admin +# matrix_etherpad_admin_password: some-password ``` -## Set Dimension default to the self-hosted Etherpad +If enabled, the admin web-UI should then be available on `https://etherpad./admin` (or `https://dimension./etherpad/admin`, if `matrix_etherpad_mode: dimension`) -The Dimension administrator users can configure the default URL template. The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab. Replace `scalar.vector.im` with your own Dimension domain. -### Removing the integrated Etherpad chat - -If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template. -Example: `https://dimension./etherpad/p/$roomId_$padName?showChat=false` - -### Etherpad Admin access (optional) - -Etherpad comes with a admin web-UI which is disabled by default. You can enable it by setting a username and password in your configuration file (`inventory/host_vars/matrix./vars.yml`): - -```yaml -matrix_etherpad_admin_username: admin -matrix_etherpad_admin_password: some-password -``` - -The admin web-UI should then be available on: `https://dimension./etherpad/admin` - -### Managing / Deleting old pads +## Managing / Deleting old pads If you want to manage and remove old unused pads from Etherpad, you will first need to able Admin access as described above. -Then from the plugin manager page (`https://dimension./etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI. +Then from the plugin manager page (`https://etherpad./admin/plugins` or `https://dimension./etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI. -## Known issues + +## Set Dimension default to the self-hosted Etherpad (optional) + +If you decided to install [Dimension integration manager](configuring-playbook-dimension.md) alongside Etherpad, the Dimension administrator users can configure the default URL template. +The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab. + + +### Removing the integrated Etherpad chat + +If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template. Examples: +- `https://etherpad./p/$roomId_$padName?showChat=false` (for the default - `matrix_etherpad_mode: standalone`) + +- `https://dimension./etherpad/p/$roomId_$padName?showChat=false` (for `matrix_etherpad_mode: dimension`) + + +### Known issues If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it. `$roomId_$padName` can end up being longer than 50 characters. You can avoid having this problem by altering the template so it only contains the three word random identifier `$padName`. diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md index eef3cbac..1f1a30e4 100644 --- a/docs/configuring-playbook-external-postgres.md +++ b/docs/configuring-playbook-external-postgres.md @@ -20,7 +20,7 @@ matrix_synapse_database_database: "your-postgres-server-database-name" # Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server. # Each service expects to have its own dedicated database on the Postgres server -# and uses its own variable names (see `roles/matrix-*/defaults/main.yml) for configuring Postgres connectivity. +# and uses its own variable names (see `roles/custom/matrix-*/defaults/main.yml) for configuring Postgres connectivity. ``` The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials. diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index f7e8a949..f278e54e 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -14,7 +14,7 @@ Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. You may also need to open the following ports to your server: - `4443/tcp` - RTP media fallback over TCP -- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)). +- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/custom/matrix-jitsi/defaults/main.yml)). ## Installation @@ -87,7 +87,7 @@ For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/d By default the Jitsi Meet instance does not work with a client in LAN (Local Area Network), even if others are connected from WAN. There are no video and audio. In the case of WAN to WAN everything is ok. -The reason is the Jitsi VideoBridge git to LAN client the IP address of the docker image instead of the host. The [documentation](https://github.com/jitsi/docker-jitsi-meet#running-behind-nat-or-on-a-lan-environment) of Jitsi in docker suggest to add `DOCKER_HOST_ADDRESS` in enviornment variable to make it work. +The reason is the Jitsi VideoBridge git to LAN client the IP address of the docker image instead of the host. The [documentation](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#running-behind-nat-or-on-a-lan-environment) of Jitsi in docker suggest to add `JVB_ADVERTISE_IPS` in enviornment variable to make it work. Here is how to do it in the playbook. @@ -95,7 +95,7 @@ Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configu ```yaml matrix_jitsi_jvb_container_extra_arguments: - - '--env "DOCKER_HOST_ADDRESS="' + - '--env "JVB_ADVERTISE_IPS="' ``` ## (Optional) Fine tune Jitsi diff --git a/docs/configuring-playbook-ldap-auth.md b/docs/configuring-playbook-ldap-auth.md index 5144323a..ecc0f257 100644 --- a/docs/configuring-playbook-ldap-auth.md +++ b/docs/configuring-playbook-ldap-auth.md @@ -28,5 +28,12 @@ If you wish for users to **authenticate only against configured password provide matrix_synapse_password_config_localdb_enabled: false ``` + ## Using ma1sd Identity Server for authentication + If you wish to use the ma1sd Identity Server for LDAP authentication instead of [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) consult [Adjusting ma1sd Identity Server configuration](configuring-playbook-ma1sd.md#authentication). + + +## Handling user registration + +If you wish for users to also be able to make new registrations against LDAP, you may **also** wish to [set up the ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md). diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index e18a51c5..1e92378a 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -33,7 +33,7 @@ matrix_ma1sd_matrixorg_forwarding_enabled: true ## Customizing email templates If you'd like to change the default email templates used by ma1sd, take a look at the `matrix_ma1sd_threepid_medium_email_custom_` variables -(in the `roles/matrix-ma1sd/defaults/main.yml` file. +(in the `roles/custom/matrix-ma1sd/defaults/main.yml` file. ## ma1sd-controlled Registration @@ -86,7 +86,7 @@ You can refer to the [ma1sd website](https://github.com/ma1uta/ma1sd) for more d To use a more custom configuration, you can define a `matrix_ma1sd_configuration_extension_yaml` string variable and put your configuration in it. -To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component. +To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-ma1sd/defaults/main.yml) of the ma1sd component. ## Example: SMS verification diff --git a/docs/configuring-playbook-matrix-ldap-registration-proxy.md b/docs/configuring-playbook-matrix-ldap-registration-proxy.md new file mode 100644 index 00000000..16e0641e --- /dev/null +++ b/docs/configuring-playbook-matrix-ldap-registration-proxy.md @@ -0,0 +1,33 @@ +# Setting up matrix-ldap-registration-proxy (optional) + +The playbook can install and configure [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) for you. + +This proxy handles Matrix registration requests and forwards them to LDAP. + +**Please note:** This does support the full Matrix specification for registrations. It only provide a very coarse +implementation of a basic password registration. + +## Quickstart + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_ldap_registration_proxy_enabled: true +# LDAP credentials +matrix_ldap_registration_proxy_ldap_uri: +matrix_ldap_registration_proxy_ldap_base_dn: +matrix_ldap_registration_proxy_ldap_user: +matrix_ldap_registration_proxy_ldap_password: +``` + +If you already use the [synapse external password provider via LDAP](configuring-playbook-ldap-auth.md) (that is, you have `matrix_synapse_ext_password_provider_ldap_enabled: true` and other options in your configuration) +you can use the following values as configuration: + +```yaml +# Use the LDAP values specified for the synapse role to setup LDAP proxy +matrix_ldap_registration_proxy_ldap_uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}" +matrix_ldap_registration_proxy_ldap_base_dn: "{{ matrix_synapse_ext_password_provider_ldap_base }}" +matrix_ldap_registration_proxy_ldap_user: "{{ matrix_synapse_ext_password_provider_ldap_bind_dn }}" +matrix_ldap_registration_proxy_ldap_password: "{{ matrix_synapse_ext_password_provider_ldap_bind_password }}" +``` + diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md index 1cd76f96..abc6b0f1 100644 --- a/docs/configuring-playbook-mautrix-bridges.md +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -64,7 +64,7 @@ Can be used to set the username for the bridge. ## Discovering additional configuration options -You may wish to look at `roles/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting @@ -97,7 +97,7 @@ If you have issues with a service, and are requesting support, the higher levels ## Usage -You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). Send `login ` to the bridge bot to get started You can learn more here about authentication from the bridge's official documentation on Authentication https://docs.mau.fi/bridges/python/SERVICENAME/authentication.html . diff --git a/docs/configuring-playbook-nginx.md b/docs/configuring-playbook-nginx.md index c8500b37..96f854d0 100644 --- a/docs/configuring-playbook-nginx.md +++ b/docs/configuring-playbook-nginx.md @@ -42,7 +42,7 @@ Besides changing the preset (`matrix_nginx_proxy_ssl_preset`), you can also dire - `matrix_nginx_proxy_ssl_prefer_server_ciphers`: for specifying if the server or the client choice when negotiating the cipher. It can set to `on` or `off`. - `matrix_nginx_proxy_ssl_ciphers`: for specifying the SSL Cipher suites used by nginx. -For more information about these variables, check the `roles/matrix-nginx-proxy/defaults/main.yml` file. +For more information about these variables, check the `roles/custom/matrix-nginx-proxy/defaults/main.yml` file. ## Synapse + OpenID Connect for Single-Sign-On @@ -80,5 +80,5 @@ matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: # These lines will be included in the nginx configuration. # This is at the top level of the file, so you will need to define all of the `server { ... }` blocks. - | - # For advanced use, have a look at the template files in `roles/matrix-nginx-proxy/templates/nginx/conf.d` + # For advanced use, have a look at the template files in `roles/custom/matrix-nginx-proxy/templates/nginx/conf.d` ``` diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 57dfb3b2..a5aec60b 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -23,7 +23,7 @@ matrix_ntfy_configuration_extension_yaml: | log_level: DEBUG ``` -For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. +For a more complete list of variables that you could override, see `roles/custom/matrix-ntfy/defaults/main.yml`. For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). @@ -71,7 +71,8 @@ Steps needed for specific matrix apps: 3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section. * Element-android v1.4.26+: - - [not yet documented; should auto-detect and use it?] + 1. choose `Settings` -> `Notifications` -> `Notification method` -> `ntfy` + 2. verify `Settings` -> `Troubleshoot` -> `Troubleshoot notification settings` If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 76fa2d8b..9fd51086 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -1,11 +1,14 @@ # Using your own webserver, instead of this playbook's nginx proxy (optional, advanced) -By default, this playbook installs its own nginx webserver (in a Docker container) which listens on ports 80 and 443. +By default, this playbook installs its own nginx webserver (called `matrix-nginx-proxy`, in a Docker container) which listens on ports 80 and 443. If that's alright, you can skip this. If you don't want this playbook's nginx webserver to take over your server's 80/443 ports like that, and you'd like to use your own webserver (be it nginx, Apache, Varnish Cache, etc.), you can. +You should note, however, that the playbook's services work best when you keep using the integrated `matrix-nginx-proxy` webserver. +For example, disabling `matrix-nginx-proxy` when running a [Synapse worker setup for load-balancing](configuring-playbook-synapse.md#load-balancing-with-workers) (a more advanced, non-default configuration) is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). If you need a such more scalable setup, disabling `matrix-nginx-proxy` will be a bad idea. If yours will be a simple (default, non-worker-load-balancing) deployment, disabling `matrix-nginx-proxy` may be fine. + There are **2 ways you can go about it**, if you'd like to use your own webserver: - [Method 1: Disabling the integrated nginx reverse-proxy webserver](#method-1-disabling-the-integrated-nginx-reverse-proxy-webserver) @@ -24,11 +27,23 @@ No matter which external webserver you decide to go with, you'll need to: 1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx`. This allows your webserver user to access files owned by the `matrix` group. When using an external nginx webserver, this allows it to read configuration files from `/matrix/nginx-proxy/conf.d`. When using another server, it would make other files, such as `/matrix/static-files/.well-known`, accessible to it. -2) Edit your configuration file (`inventory/host_vars/matrix./vars.yml`) to disable the integrated nginx server: +2) Edit your configuration file (`inventory/host_vars/matrix./vars.yml`) + - to disable the integrated nginx server: -```yaml -matrix_nginx_proxy_enabled: false -``` + ```yaml + matrix_nginx_proxy_enabled: false + ``` + - if using an external server on another host, add the `_http_host_bind_port` or `_http_bind_port` variables for the services that will be exposed by the external server on the other host. The actual name of the variable is listed in the `roles//defaults/vars.yml` file for each service. Most variables follow the `_http_host_bind_port` format. + + These variables will make Docker expose the ports on all network interfaces instead of localhost only. + [Keep in mind that there are some security concerns if you simply proxy everything.](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) + + Here are the variables required for the default configuration (Synapse and Element) + ``` + matrix_synapse_container_client_api_host_bind_port: '0.0.0.0:8008' + matrix_synapse_container_federation_api_plain_host_bind_port: '0.0.0.0:8048' + matrix_client_element_container_http_host_bind_port: "0.0.0.0:8765" + ``` 3) **If you'll manage SSL certificates by yourself**, edit your configuration file (`inventory/host_vars/matrix./vars.yml`) to disable SSL certificate retrieval: @@ -38,7 +53,6 @@ matrix_ssl_retrieval_method: none **Note**: During [installation](installing.md), unless you've disabled SSL certificate management (`matrix_ssl_retrieval_method: none`), the playbook would need 80 to be available, in order to retrieve SSL certificates. **Please manually stop your other webserver while installing**. You can start it back up afterwards. - ### Using your own external nginx webserver Once you've followed the [Preparation](#preparation) guide above, it's time to set up your external nginx server. @@ -57,15 +71,6 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. -If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) -```yaml -# Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. -matrix_synapse_container_client_api_host_bind_port: '' -matrix_synapse_container_federation_api_plain_host_bind_port: '' -``` - - - ### Using your own external Apache webserver Once you've followed the [Preparation](#preparation) guide above, you can take a look at the [examples/apache](../examples/apache) directory for a sample configuration. @@ -79,7 +84,7 @@ After following the [Preparation](#preparation) guide above, you can take a loo ### Using another external webserver -Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/matrix-nginx-proxy/templates/nginx/conf.d/). +Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/). ## Method 2: Fronting the integrated nginx reverse-proxy webserver with another reverse-proxy diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index b2878c12..f86566a9 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -90,11 +90,11 @@ matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_b Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). -Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. +Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. ### Collecting Synapse worker metrics to an external Prometheus server -If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. +If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/ID`, where `ID` corresponds to the worker `id` as exemplified in `matrix_synapse_workers_enabled_list`. The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. It will look a bit like this: @@ -111,8 +111,8 @@ scrape_configs: labels: job: "master" index: 1 - - job_name: 'synapse-generic_worker-1' - metrics_path: /metrics/synapse/worker/generic_worker-18111 + - job_name: 'matrix-synapse-synapse-worker-generic-worker-0' + metrics_path: /metrics/synapse/worker/generic-worker-0 scheme: https basic_auth: username: prometheus diff --git a/docs/configuring-playbook-s3-goofys.md b/docs/configuring-playbook-s3-goofys.md new file mode 100644 index 00000000..ef8f20c2 --- /dev/null +++ b/docs/configuring-playbook-s3-goofys.md @@ -0,0 +1,137 @@ +# Storing Matrix media files on Amazon S3 with Goofys (optional) + +If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service), +you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you. + +Another (and better performing) way to use S3 storage with Synapse is [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md). + +Using a Goofys-backed media store works, but performance may not be ideal. If possible, try to use a region which is close to your Matrix server. + +If you'd like to move your locally-stored media store data to Amazon S3 (or another S3-compatible object store), we also provide some migration instructions below. + + +## Usage + +After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure Goofys in your configuration file (`inventory/host_vars/matrix./vars.yml`): + +```yaml +matrix_s3_media_store_enabled: true +matrix_s3_media_store_bucket_name: "your-bucket-name" +matrix_s3_media_store_aws_access_key: "access-key-goes-here" +matrix_s3_media_store_aws_secret_key: "secret-key-goes-here" +matrix_s3_media_store_region: "eu-central-1" +``` + +You can use any S3-compatible object store by **additionally** configuring these variables: + +```yaml +matrix_s3_media_store_custom_endpoint_enabled: true +matrix_s3_media_store_custom_endpoint: "https://your-custom-endpoint" +``` + +If you have local media store files and wish to migrate to Backblaze B2 subsequently, follow our [migration guide to Backblaze B2](#migrating-to-backblaze-b2) below instead of applying this configuration as-is. + + +## Migrating from local filesystem storage to S3 + +It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before migrating your local media store to an S3-backed one. + +Follow one of the guides below for a migration path from a locally-stored media store to one stored on S3-compatible storage: + +- [Storing Matrix media files on Amazon S3 with Goofys (optional)](#storing-matrix-media-files-on-amazon-s3-with-goofys-optional) + - [Usage](#usage) + - [Migrating from local filesystem storage to S3](#migrating-from-local-filesystem-storage-to-s3) + - [Migrating to any S3-compatible storage (universal, but likely slow)](#migrating-to-any-s3-compatible-storage-universal-but-likely-slow) + - [Migrating to Backblaze B2](#migrating-to-backblaze-b2) + +### Migrating to any S3-compatible storage (universal, but likely slow) + +It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this. + +1. Proceed with the steps below without stopping Matrix services + +2. Start by adding the base S3 configuration in your `vars.yml` file (seen above, may be different depending on the S3 provider of your choice) + +3. In addition to the base configuration you see above, add this to your `vars.yml` file: + +```yaml +matrix_s3_media_store_path: /matrix/s3-media-store +``` + +This enables S3 support, but mounts the S3 storage bucket to `/matrix/s3-media-store` without hooking it to your homeserver yet. Your homeserver will still continue using your local filesystem for its media store. + +5. Run the playbook to apply the changes: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +6. Do an **initial sync of your files** by running this **on the server** (it may take a very long time): + +```sh +sudo -u matrix -- rsync --size-only --ignore-existing -avr /matrix/synapse/storage/media-store/. /matrix/s3-media-store/. +``` + +You may need to install `rsync` manually. + +7. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) + +8. Start the S3 service by running this **on the server**: `systemctl start matrix-goofys` + +9. Sync the files again by re-running the `rsync` command you see in step #6 + +10. Stop the S3 service by running this **on the server**: `systemctl stop matrix-goofys` + +11. Get the old media store out of the way by running this command on the server: + +```sh +mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup +``` + +12. Remove the `matrix_s3_media_store_path` configuration from your `vars.yml` file (undoing step #3 above) + +13. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +14. You're done! Verify that loading existing (old) media files works and that you can upload new ones. + +15. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup` + + +### Migrating to Backblaze B2 + +It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this. + +1. While all Matrix services are running, run the following command on the server: + +(you need to adjust the 3 `--env` line below with your own data) + +```sh +docker run -it --rm -w /work \ +--env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \ +--env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \ +--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \ +--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \ +--entrypoint=/bin/sh \ +docker.io/tianon/backblaze-b2:3.6.0 \ +-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET && b2 sync /work b2://$B2_BUCKET_NAME --skipNewer' +``` + +This is some initial file sync, which may take a very long time. + +2. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) + +3. Run the command from step #1 again. + +Doing this will sync any new files that may have been created locally in the meantime. + +Now that Matrix services aren't running, we're sure to get Backblaze B2 and your local media store fully in sync. + +4. Get the old media store out of the way by running this command on the server: + +```sh +mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup +``` + +5. Put the [Backblaze B2 settings seen above](#backblaze-b2) in your `vars.yml` file + +6. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +7. You're done! Verify that loading existing (old) media files works and that you can upload new ones. + +8. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup` diff --git a/docs/configuring-playbook-s3.md b/docs/configuring-playbook-s3.md index 9132ff71..539f96d3 100644 --- a/docs/configuring-playbook-s3.md +++ b/docs/configuring-playbook-s3.md @@ -1,19 +1,48 @@ -# Storing Matrix media files on Amazon S3 (optional) +# Storing Synapse media files on Amazon S3 or another compatible Object Storage (optional) By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem. If that's alright, you can skip this. -If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service), -you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you. +As an alternative to storing media files on the local filesystem, you can store them on [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object store. -Using a Goofys-backed media store works, but performance may not be ideal. If possible, try to use a region which is close to your Matrix server. +First, [choose an Object Storage provider](#choosing-an-object-storage-provider). -If you'd like to move your locally-stored media store data to Amazon S3 (or another S3-compatible object store), we also provide some migration instructions below. +Then, [create the S3 bucket](#bucket-creation-and-security-configuration). +Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring-playbook-s3-goofys.md) or [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)). + + +## Choosing an Object Storage provider + +You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object store like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), etc. + +Amazon S3 and Backblaze S3 are pay-as-you with no minimum charges for storing too little data. + +All these providers have different prices, with Backblaze B2 appearing to be the cheapest. + +Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. + +Digital Ocean Spaces has a minimum charge of 250GB ($5/month as of 2022-10), which is also expensive if you're storing less data than that. + +Important aspects of choosing the right provider are: + +- a provider by a company you like and trust (or dislike less than the others) +- a provider which has a data region close to your Matrix server (if it's farther away, high latency may cause slowdowns) +- a provider which is OK pricewise +- a provider with free or cheap egress (if you need to get the data out often, for some reason) - likely not too important for the common use-case + + +## Bucket creation and Security Configuration + +Now that you've [chosen an Object Storage provider](#choosing-an-object-storage-provider), you need to create a storage bucket. + +How you do this varies from provider to provider, with Amazon S3 being the most complicated due to its vast number of services and complicated security policies. + +Below, we provider some guides for common providers. If you don't see yours, look at the others for inspiration or read some guides online about how to create a bucket. Feel free to contribute to this documentation with an update! ## Amazon S3 -You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example security policy: +You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example IAM security policy: ```json { @@ -34,154 +63,45 @@ You'll need an Amazon S3 bucket and some IAM user credentials (access key + secr } ``` -You then need to enable S3 support in your configuration file (`inventory/host_vars/matrix./vars.yml`). -It would be something like this: - -```yaml -matrix_s3_media_store_enabled: true -matrix_s3_media_store_bucket_name: "your-bucket-name" -matrix_s3_media_store_aws_access_key: "access-key-goes-here" -matrix_s3_media_store_aws_secret_key: "secret-key-goes-here" -matrix_s3_media_store_region: "eu-central-1" -``` +**NOTE**: This policy needs to be attached to an IAM user created from the **Security Credentials** menu. This is not a **Bucket Policy**. -## Using other S3-compatible object stores +## Backblaze B2 -You can use any S3-compatible object store by **additionally** configuring these variables: +To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html) you first need to sign up. -```yaml -matrix_s3_media_store_custom_endpoint_enabled: true -# Example: "https://storage.googleapis.com" -matrix_s3_media_store_custom_endpoint: "your-custom-endpoint" -``` +You [can't easily change which region (US, Europe) your Backblaze account stores files in](https://old.reddit.com/r/backblaze/comments/hi1v90/make_the_choice_for_the_b2_data_center_region/), so make sure to carefully choose the region when signing up (hint: it's a hard to see dropdown below the username/password fields in the signup form). -### Backblaze B2 - -To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html): +After logging in to Backblaze: - create a new **private** bucket through its user interface (you can call it something like `matrix-DOMAIN-media-store`) -- note the **Endpoint** for your bucket (something like `s3.us-west-002.backblazeb2.com`) -- adjust its lifecycle rules to use the following **custom** rules: - - File Path: *empty value* - - Days Till Hide: *empty value* - - Days Till Delete: `1` +- note the **Endpoint** for your bucket (something like `s3.us-west-002.backblazeb2.com`). +- adjust its Lifecycle Rules to: Keep only the last version of the file - go to [App Keys](https://secure.backblaze.com/app_keys.htm) and use the **Add a New Application Key** to create a new one - restrict it to the previously created bucket (e.g. `matrix-DOMAIN-media-store`) - give it *Read & Write* access -Copy the `keyID` and `applicationKey`. +The `keyID` value is your **Access Key** and `applicationKey` is your **Secret Key**. -You need the following *additional* playbook configuration (on top of what you see above): +For configuring [Goofys](configuring-playbook-s3-goofys.md) or [s3-synapse-storage-provider](configuring-playbook-synapse-s3-storage-provider.md) you will need: -```yaml -matrix_s3_media_store_bucket_name: "YOUR_BUCKET_NAME_GOES_HERE" -matrix_s3_media_store_aws_access_key: "YOUR_keyID_GOES_HERE" -matrix_s3_media_store_aws_secret_key: "YOUR_applicationKey_GOES_HERE" -matrix_s3_media_store_custom_endpoint_enabled: true -matrix_s3_media_store_custom_endpoint: "https://s3.us-west-002.backblazeb2.com" # this may be different for your bucket -``` +- **Endpoint URL** - this is the **Endpoint** value you saw above, but prefixed with `https://` -If you have local media store files and wish to migrate to Backblaze B2 subsequently, follow our [migration guide to Backblaze B2](#migrating-to-backblaze-b2) below instead of applying this configuration as-is. +- **Region** - use the value you see in the Endpoint (e.g. `us-west-002`) + +- **Storage Class** - use `STANDARD`. Backblaze B2 does not have different storage classes, so it doesn't make sense to use any other value. -## Migrating from local filesystem storage to S3 +## Other providers -It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before migrating your local media store to an S3-backed one. +For other S3-compatible providers, you may not need to configure security policies, etc. (just like for [Backblaze B2](#backblaze-b2)). -Follow one of the guides below for a migration path from a locally-stored media store to one stored on S3-compatible storage: - -- [Migrating to any S3-compatible storage (universal, but likely slow)](#migrating-to-any-s3-compatible-storage-universal-but-likely-slow) -- [Migrating to Backblaze B2](#migrating-to-backblaze-b2) - -### Migrating to any S3-compatible storage (universal, but likely slow) - -It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this. - -1. Proceed with the steps below without stopping Matrix services - -2. Start by adding the base S3 configuration in your `vars.yml` file (seen above, may be different depending on the S3 provider of your choice) - -3. In addition to the base configuration you see above, add this to your `vars.yml` file: - -```yaml -matrix_s3_media_store_path: /matrix/s3-media-store -``` - -This enables S3 support, but mounts the S3 storage bucket to `/matrix/s3-media-store` without hooking it to your homeserver yet. Your homeserver will still continue using your local filesystem for its media store. - -5. Run the playbook to apply the changes: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` - -6. Do an **initial sync of your files** by running this **on the server** (it may take a very long time): - -```sh -sudo -u matrix -- rsync --size-only --ignore-existing -avr /matrix/synapse/storage/media-store/. /matrix/s3-media-store/. -``` - -You may need to install `rsync` manually. - -7. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) - -8. Start the S3 service by running this **on the server**: `systemctl start matrix-goofys` - -9. Sync the files again by re-running the `rsync` command you see in step #6 - -10. Stop the S3 service by running this **on the server**: `systemctl stop matrix-goofys` - -11. Get the old media store out of the way by running this command on the server: - -```sh -mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup -``` - -12. Remove the `matrix_s3_media_store_path` configuration from your `vars.yml` file (undoing step #3 above) - -13. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` - -14. You're done! Verify that loading existing (old) media files works and that you can upload new ones. - -15. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup` +You most likely just need to create an S3 bucket and get some credentials (access key and secret key) for accessing the bucket in a read/write manner. -### Migrating to Backblaze B2 +## Setting up -It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this. +To set up Synapse to store files in S3, follow the instructions for the method of your choice: -1. While all Matrix services are running, run the following command on the server: - -(you need to adjust the 3 `--env` line below with your own data) - -```sh -docker run -it --rm -w /work \ ---env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \ ---env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \ ---env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \ --v /matrix/synapse/storage/media-store/:/work \ ---entrypoint=/bin/sh \ -docker.io/tianon/backblaze-b2:2.1.0 \ --c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET > /dev/null && b2 sync /work/ b2://$B2_BUCKET_NAME' -``` - -This is some initial file sync, which may take a very long time. - -2. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) - -3. Run the command from step #1 again. - -Doing this will sync any new files that may have been created locally in the meantime. - -Now that Matrix services aren't running, we're sure to get Backblaze B2 and your local media store fully in sync. - -4. Get the old media store out of the way by running this command on the server: - -```sh -mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup -``` - -5. Put the [Backblaze B2 settings seen above](#backblaze-b2) in your `vars.yml` file - -6. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` - -7. You're done! Verify that loading existing (old) media files works and that you can upload new ones. - -8. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup` +- using [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md) (recommended) +- using [Goofys to mount the S3 store to the local filesystem](configuring-playbook-s3-goofys.md) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 30a8f0b8..606160da 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -99,7 +99,7 @@ The certificate files would be made available in `/matrix/ssl/config/live//vars.yml`): + +```yaml +matrix_synapse_ext_synapse_s3_storage_provider_enabled: true +matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: your-bucket-name +matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: some-region-name # e.g. eu-central-1 +matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://.. # delete this whole line for Amazon S3 +matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-goes-here +matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here +matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc. + +# For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml` +``` + +If you have existing files in Synapse's media repository (`/matrix/synapse/media-store/..`): + +- new files will start being stored both locally and on the S3 store +- the existing files will remain on the local filesystem only until [migrating them to the S3 store](#migrating-your-existing-media-files-to-the-s3-store) +- at some point (and periodically in the future), you can delete local files which have been uploaded to the S3 store already + +Regardless of whether you need to [Migrate your existing files to the S3 store](#migrating-your-existing-media-files-to-the-s3-store) or not, make sure you've familiarized yourself with [How it works?](#how-it-works) above and [Periodically cleaning up the local filesystem](#periodically-cleaning-up-the-local-filesystem) below. + + +## Migrating your existing media files to the S3 store + +Migrating your existing data can happen in multiple ways: + +- [using the `s3_media_upload` script from `synapse-s3-storage-provider`](#using-the-s3_media_upload-script-from-synapse-s3-storage-provider) (very slow when dealing with lots of data) +- [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload) (quicker when dealing with lots of data) + +### Using the `s3_media_upload` script from `synapse-s3-storage-provider` + +Instead of using `s3_media_upload` directly, which is very slow and painful for an initial data migration, we recommend [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload). + +To copy your existing files, SSH into the server and run `/usr/local/bin/matrix-synapse-s3-storage-provider-shell`. + +This launches a Synapse container, which has access to the local media store, Postgres database, S3 store and has some convenient environment variables configured for you to use (`MEDIA_PATH`, `BUCKET`, `ENDPOINT`, `UPDATE_DB_DAYS`, etc). + +Then use the following commands (`$` values come from environment variables - they're **not placeholders** that you need to substitute): + +- `s3_media_upload update-db $UPDATE_DB_DURATION` - create a local SQLite database (`cache.db`) with a list of media repository files (from the `synapse` Postgres database) eligible for operating on + - `$UPDATE_DB_DURATION` is influenced by the `matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count` variable (defaults to `0`) + - `$UPDATE_DB_DURATION` defaults to `0d` (0 days), which means **include files which haven't been accessed for more than 0 days** (that is, **all files will be included**). +- `s3_media_upload check-deleted $MEDIA_PATH` - check whether files in the local cache still exist in the local media repository directory +- `s3_media_upload upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT` - uploads locally-stored files to S3 and deletes them from the local media repository directory + +The `s3_media_upload upload` command may take a lot of time to complete. + +Instead of running the above commands manually in the shell, you can also run the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because: + +- it's what the upstream project demonstrates and it teaches you how to use the `s3_media_upload` tool +- allows you to check and verify the output of each command, to catch mistakes +- includes progress bars and detailed output for each command +- allows you to easily interrupt slow-running commands, etc. (the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`) + +### Using another tool in combination with `s3_media_upload` + +To migrate your existing local data to S3, we recommend to: + +- **first** use another tool ([`aws s3`](#copying-data-to-amazon-s3) or [`b2 sync`](#copying-data-to-backblaze-b2), etc.) to copy the local files to the S3 bucket + +- **only then** [use the `s3_media_upload` tool to finish the migration](#using-the-s3_media_upload-script-from-synapse-s3-storage-provider) (this checks to ensure all files are uploaded and then deletes the local files) + +#### Copying data to Amazon S3 + +Generally, you need to use the `aws s3` tool. + +This documentation section could use an improvement. Ideally, we'd come up with a guide like the one used in [Copying data to Backblaze B2](#copying-data-to-backblaze-b2) - running `aws s3` in a container, etc. + +#### Copying data to Backblaze B2 + +To copy to Backblaze B2, start a container like this: + +```sh +docker run -it --rm \ +-w /work \ +--env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \ +--env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \ +--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \ +--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \ +--entrypoint=/bin/sh \ +tianon/backblaze-b2:3.6.0 \ +-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET && b2 sync /work b2://$B2_BUCKET_NAME --skipNewer' +``` + +## Periodically cleaning up the local filesystem + +As described in [How it works?](#how-it-works) above, when new media is uploaded to the Synapse homeserver, it's first stored locally and then also stored on the remote S3 storage. + +By default, we periodically ensure that all local files are uploaded to S3 and are then removed from the local filesystem. This is done automatically using: + +- the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script +- .. invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service +- .. triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00 + +So.. you don't need to perform any maintenance yourself. diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index 50860a17..2e14f1ad 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -5,7 +5,7 @@ If that's enough for you, you can skip this document. The playbook provides lots of customization variables you could use to change Synapse's settings. -Their defaults are defined in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml) and they ultimately end up in the generated `/matrix/synapse/config/homeserver.yaml` file (on the server). This file is generated from the [`roles/matrix-synapse/templates/synapse/homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2) template. +Their defaults are defined in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml) and they ultimately end up in the generated `/matrix/synapse/config/homeserver.yaml` file (on the server). This file is generated from the [`roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2`](../roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2) template. **If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix./vars.yml`) and [re-run the playbook](installing.md) to apply the changes. @@ -13,9 +13,9 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you - you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Synapse's various settings that rarely get used. -- or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml). +- or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml). -- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml). +- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml). ## Load balancing with workers @@ -42,7 +42,7 @@ matrix_postgres_process_extra_arguments: [ ] ``` -If you're using the default setup (the `matrix-nginx-proxy` webserver being enabled) or you're using your own `nginx` server (which imports the configuration files generated by the playbook), you're good to go. If you use some other webserver, you may need to tweak your reverse-proxy setup manually to forward traffic to the various workers. +**NOTE**: Disabling `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: false`) (that is, [using your own other webserver](configuring-playbook-own-webserver.md) when running a Synapse worker setup is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`. diff --git a/docs/configuring-playbook-telemetry.md b/docs/configuring-playbook-telemetry.md index da583838..a97fa59c 100644 --- a/docs/configuring-playbook-telemetry.md +++ b/docs/configuring-playbook-telemetry.md @@ -3,8 +3,7 @@ By default, this playbook configures your Matrix homeserver to not send any telemetry data anywhere. The [matrix.org](https://matrix.org) team would really appreciate it if you could help the project out by reporting -anonymized usage statistics from your homeserver. Only very [basic aggregate -data](#usage-statistics-being-submitted) (e.g. number of users) will be reported, but it helps track the +usage statistics from your homeserver. Enabling usage statistics helps track the growth of the Matrix community, and helps to make Matrix a success. @@ -19,28 +18,9 @@ matrix_synapse_report_stats: true ## Usage statistics being submitted -If statistics reporting is enabled, the information that gets submitted to the matrix.org team [according to the source code](https://github.com/matrix-org/synapse/blob/master/synapse/app/homeserver.py) is: +When enabled, Synapse will regularly upload a few dozen statistics about your server. +This data includes your homeserver's domain, the total number of users, the number of active +users, the total number of rooms, and the number of messages sent per day on your homeserver. -- your homeserver's domain name - -- uptime of the homeserver program - -- [Python](https://www.python.org/) version powering your homeserver - -- total number of users on your home server (including bridged users) - -- total number of native Matrix users on your home server - -- total number of rooms on your homeserver - -- total number of daily active users on your homeserver - -- total number of daily active rooms on your homeserver - -- total number of messages sent per day - -- cache setting information - -- CPU and memory statistics for the homeserver program - -- database engine type and version +See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) +for the full list of statistics that are reported. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index f2ce0cfd..127ab47d 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -18,6 +18,7 @@ You can then follow these steps inside the playbook directory: 1. edit the inventory hosts file (`inventory/hosts`) to your liking +1. (optional, advanced) to run Ansible against multiple servers with different `sudo` credentials, you can copy the sample inventory hosts yaml file for each of your hosts: (`cp examples/host.yml inventory/my_host1.yml` …) and use the [`ansible-all-hosts.sh`](../inventory/scripts/ansible-all-hosts.sh) script [in the installation step](installing.md). For a basic Matrix installation, that's all you need. For a more custom setup, see the [Other configuration options](#other-configuration-options) below. @@ -33,13 +34,18 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional) +- [Setting up Etherpad](configuring-playbook-etherpad.md) (optional) + - [Setting up Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional) - [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) (optional) ### Core service adjustments -- [Configuring Synapse](configuring-playbook-synapse.md) (optional) +- Homeserver configuration: + - [Configuring Synapse](configuring-playbook-synapse.md), if you're going with the default/recommended homeserver implementation (optional) + + - [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation (optional) - [Configuring Element](configuring-playbook-client-element.md) (optional) @@ -51,7 +57,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) -- [Configure Nginx (optional, advanced)](configuring-playbook-nginx.md) (optional, advanced) +- [Configure Nginx](configuring-playbook-nginx.md) (optional, advanced) - [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced) @@ -85,6 +91,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the LDAP password provider module](configuring-playbook-ldap-auth.md) (optional, advanced) +- [Setting up the ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (optional, advanced) + - [Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (optional, advanced) - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) @@ -92,6 +100,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Bridging other networks +- [Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md) (optional) + - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional) - [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional) @@ -110,14 +120,16 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) -- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) - - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional) - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional) +- [Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md) (optional) + +- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) + - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) - ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) @@ -138,6 +150,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) +- [Setting up Postmoogle email bridging](configuring-playbook-bot-postmoogle.md) (optional) + - [Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md) (optional) - [Setting up Heisenbridge bouncer-style IRC bridging](configuring-playbook-bridge-heisenbridge.md) (optional) @@ -149,6 +163,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) +- [Setting up maubot](configuring-playbook-bot-maubot.md) - a plugin-based Matrix bot system (optional) + - [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional) - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional) @@ -170,3 +186,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) - [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional) + +- [Setting up a Cactus Comments server](configuring-playbook-cactus-comments.md) - a federated comment system built on Matrix (optional) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 53a35386..fd548aa6 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -15,7 +15,7 @@ All services created by this playbook are meant to be installed on their own ser As [per the Server-Server specification](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-discovery), to use a Matrix user identifier like `@:` while hosting services on a subdomain like `matrix.`, the Matrix network needs to be instructed of such delegation/redirection. -Server delegation can be configured using DNS SRV records or by setting up a `/.well-known/matrix/server` file on the base domain (``). +Server delegation can be configured using DNS SRV records or by setting up a `/.well-known/matrix/server` file on the base domain (``). Both methods have their place and will continue to do so. You only need to use just one of these delegation methods. For simplicity reasons, our setup advocates for the `/.well-known/matrix/server` method and guides you into using that. @@ -116,12 +116,12 @@ With this method, you **don't need** to add special HTTP headers for [CORS](http **For nginx**, it would be something like this: ```nginx -# This is your HTTPS-enabled server for DOMAIN. +# This is your HTTPS-enabled server for example.com. server { - server_name DOMAIN; + server_name example.com; location /.well-known/matrix { - proxy_pass https://matrix.DOMAIN/.well-known/matrix; + proxy_pass https://matrix.example.com/.well-known/matrix; proxy_set_header X-Forwarded-For $remote_addr; } @@ -133,11 +133,11 @@ server { ```apache - ServerName DOMAIN + ServerName example.com SSLProxyEngine on - ProxyPass /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon - ProxyPassReverse /.well-known/matrix https://matrix.DOMAIN/.well-known/matrix nocanon + ProxyPass /.well-known/matrix https://matrix.example.com/.well-known/matrix nocanon + ProxyPassReverse /.well-known/matrix https://matrix.example.com/.well-known/matrix nocanon # other configuration @@ -146,30 +146,10 @@ server { **For Caddy 2**, it would be something like this: ```caddy -DOMAIN.com { - @wellknown { - path /.well-known/matrix/*:x - } - - handle @wellknown { - reverse_proxy https://matrix.DOMAIN.com { - header_up Host {http.reverse_proxy.upstream.hostport} - } - } - # Configration for the base domain goes here - # handle { - # header -Server - # encode zstd gzip - # reverse_proxy localhost:4020 - # } -} -``` - -**For Caddy 1**, it would be something like this: - -```caddy -proxy /.well-known/matrix/ https://matrix.DOMAIN { - header_upstream Host {http.reverse_proxy.upstream.hostport} +example.com { + reverse_proxy /.well-known/matrix/* https://matrix.example.com { + header_up Host {upstream_hostport} + } } ``` @@ -196,7 +176,7 @@ backend matrix-backend ``` # In the _redirects file in the website's root -/.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200! +/.well-known/matrix/* https://matrix.example.com/.well-known/matrix/:splat 200! ``` **For AWS CloudFront** @@ -206,13 +186,13 @@ backend matrix-backend Make sure to: -- **replace `DOMAIN`** in the server configuration with your actual domain name +- **replace `example.com`** in the server configuration with your actual domain name - and: to **do this for the HTTPS-enabled server block**, as that's where Matrix expects the file to be ## Confirming it works -No matter which method you've used to set up the well-known files, if you've done it correctly you should be able to see a JSON file at both of these URLs: +No matter which method you've used to set up the well-known files, if you've done it correctly you should be able to see a JSON file at these URLs: - `https:///.well-known/matrix/server` - `https:///.well-known/matrix/client` diff --git a/docs/container-images.md b/docs/container-images.md index a587d932..737a4457 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -30,7 +30,9 @@ These services are not part of our default installation, but can be enabled by [ - [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) -- [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional) +- [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) - the [Conduit](https://conduit.rs) Matrix homeserver (optional) + +- [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional) - [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional) @@ -76,7 +78,7 @@ These services are not part of our default installation, but can be enabled by [ - [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional) -- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional) +- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional) - [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional) @@ -92,8 +94,14 @@ These services are not part of our default installation, but can be enabled by [ - [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional) +- [moanos/matrix-registration-bot/](https://hub.docker.com/r/moanos/matrix-registration-bot/) - the [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) bot (manage registration tokens for invitations to the server) (optional) + +- [dock.mau.dev/maubot/maubot](https://mau.dev/maubot/maubot/container_registry) - the [maubot](https://github.com/maubot/maubot) bot (a plugin-based Matrix bot system) (optional) + - [etke.cc/honoroit](https://gitlab.com/etke.cc/honoroit/container_registry) - the [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot (optional) +- [etke.cc/postmoogle](https://gitlab.com/etke.cc/postmoogle/container_registry) - the [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email bridge bot (optional) + - [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional) - [matrixdotorg/mjolnir](https://hub.docker.com/r/matrixdotorg/mjolnir) - the [mjolnir](https://github.com/matrix-org/mjolnir) moderation bot (optional) @@ -109,3 +117,5 @@ These services are not part of our default installation, but can be enabled by [ - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix - [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server + +- [cactuscomments/cactus-appservice](https://hub.docker.com/r/cactuscomments/cactus-appservice/) - [Cactus Comments](https://cactus.chat) a federated comment system built on Matrix diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index c5a8d828..fe3817f5 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -12,8 +12,8 @@ If your database name differs, be sure to change `matrix_synapse_database_databa The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`). -Importing multiple databases (as dumped by `pg_dumpall`) is also supported. -But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new roomes, ...) +Importing multiple databases (as dumped by `pg_dumpall`) is also supported. +But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new rooms, ...) Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay). @@ -24,11 +24,14 @@ To import, run this command (make sure to replace `` must be a file path to a Postgres dump file on the server (not on your local machine!). +**Notes**: + +- `` must be a file path to a Postgres dump file on the server (not on your local machine!) +- `postgres_default_import_database` defaults to `matrix`, which is useful for importing multiple databases (for dumps made with `pg_dumpall`). If you're importing a single database (e.g. `synapse`), consider changing `postgres_default_import_database` accordingly ## Troubleshooting @@ -90,7 +93,7 @@ If not, you probably get this error. `synapse` is the correct table owner, but t "ERROR: role synapse does not exist" ``` -Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed. +Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed. Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal) ``` diff --git a/docs/installing.md b/docs/installing.md index 8b1b51aa..53a86585 100644 --- a/docs/installing.md +++ b/docs/installing.md @@ -1,25 +1,67 @@ # Installing -## 1. Installing the Matrix services - If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure. -Run this command to install the Matrix services: +**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `make roles`. `make roles` is a shortcut (a `roles` target defined in [`Makefile`](Makefile) and executed by the [`make`](https://www.gnu.org/software/make/) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `make`, you can also manually run the `roles` commands seen in the `Makefile`. -```bash + +## Playbook tags introduction + +The Ansible playbook's tasks are tagged, so that certain parts of the Ansible playbook can be run without running all other tasks. + +The general command syntax is: `ansible-playbook -i inventory/hosts setup.yml --tags=COMMA_SEPARATED_TAGS_GO_HERE` + +Here are some playbook tags that you should be familiar with: + +- `setup-all` - runs all setup tasks for all components, but does not start/restart services + +- `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag). + +- `start` - starts all systemd services and makes them start automatically in the future + +- `stop` - stops all systemd services + +- `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created + +`setup-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc. + + +## 1. Installing Matrix + +If you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the all Ansible commands + +If you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to all Ansible commands + +There 2 ways to start the installation process - depending on whether you're [Installing a brand new server (without importing data)](#installing-a-brand-new-server-without-importing-data) or [Installing a server into which you'll import old data](#installing-a-server-into-which-youll-import-old-data). + + +### Installing a brand new server (without importing data) + +If this is **a brand new** Matrix server and you **won't be importing old data into it**, run all these tags: + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start +``` + +This will do a full installation and start all Matrix services. + +Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation) + + +### Installing a server into which you'll import old data + +If you will be importing data into your newly created Matrix server, install it, but **do not** start its services just yet. +Starting its services or messing with its database now will affect your data import later on. + +To do the installation **without** starting services, run only the `setup-all` tag: + +```sh ansible-playbook -i inventory/hosts setup.yml --tags=setup-all ``` -The above command **doesn't start any services just yet** (another step does this later - below). Feel free to **re-run this setup command any time** you think something is off with the server configuration. +When this command completes, services won't be running yet. -**Notes**: -- if you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands. -- if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands. - - -## 2. Things you might want to do after installing - -**Before starting the services**, you may want to do additional things like: +You can now: - [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional) @@ -27,21 +69,26 @@ The above command **doesn't start any services just yet** (another step does thi - [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional) +.. and then proceed to starting all services: -## 3. Starting the services - -When you're ready to start the Matrix services (and set them up to auto-start in the future), run this command: - -```bash +```sh ansible-playbook -i inventory/hosts setup.yml --tags=start ``` -## 4. Finalize the installation +Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation) + + +## 2. Maintaining your setup in the future + +Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match. + + +## 3. Finalize the installation Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md). -## 5. Things to do next +## 4. Things to do next After you have started the services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can: diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index 9727f450..a51811ff 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -16,14 +16,7 @@ Table of contents: You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**. -To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element). -Alternatively, you can log in and obtain a new access token like this: - -``` -curl \ ---data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Synapse-Purge-History-API"}' \ -https://matrix.DOMAIN/_matrix/client/r0/login -``` +To make use of this API, **you'll need an admin access token** first. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). Synapse's Admin API is not exposed to the internet by default. To expose it you will need to add `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` to your `vars.yml` file. diff --git a/docs/maintenance-upgrading-services.md b/docs/maintenance-upgrading-services.md index fe289a86..d1c707fd 100644 --- a/docs/maintenance-upgrading-services.md +++ b/docs/maintenance-upgrading-services.md @@ -10,8 +10,8 @@ To upgrade services: - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of -- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all` +- download the upstream Ansible roles used by the playbook by running `make roles` -- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` +- re-run the [playbook setup](installing.md) and restart all serivces: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start` **Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). diff --git a/docs/obtaining-access-tokens.md b/docs/obtaining-access-tokens.md new file mode 100644 index 00000000..7db2ef1b --- /dev/null +++ b/docs/obtaining-access-tokens.md @@ -0,0 +1,49 @@ +# Obtaining an Access Token + +When setting up some optional features like bots and bridges you will need to provide an access token for some user. This document provides documentation on how to obtain such an access token. + +**Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.** + +## Prerequisites + +The user for whom you want to obtain an access token needs to already exist. You can use this playbook to [register a new user](registering-users.md), if you have not already. + +Below, we describe 2 ways to generate an access token for a user - using [Element](#obtain-an-access-token-via-element) or [curl](#obtain-an-access-token-via-curl). For both ways you need the user's password. + +## Obtain an access token via Element + +1. In a private browsing session (incognito window), open Element. +1. Log in with the user's credentials. +1. In the settings page, choose "Help & About", scroll down to the bottom and expand the `Access Token` section (see screenshot below). +1. Copy the access token to your configuration. +1. Close the private browsing session. **Do not log out**. Logging out will invalidate the token, making it not work. + +![Obtaining an access token with Element](assets/obtain_admin_access_token_element.png) + + +## Obtain an access token via curl + +You can use the following command to get an access token for your user directly from the [Matrix Client-Server API](https://www.matrix.org/docs/guides/client-server-api#login): + +``` +curl -XPOST -d '{ + "identifier": { "type": "m.id.user", "user": "USERNAME" }, + "password": "PASSWORD", + "type": "m.login.password", + "device_id": "YOURDEVICEID" +}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' +``` +Change `USERNAME`, `PASSWORD`, and `YOURDOMAIN` accordingly. + +`YOURDEVICEID` is optional and can be used to more easily identify the session later. When omitted (mind the commas in the JSON payload if you'll be omitting it), a random device ID will be generated. + +Your response will look like this (prettified): + +``` +{ + "user_id":"@USERNAME:YOURDOMAIN", + "access_token":">>>YOUR_ACCESS_TOKEN_IS_HERE<<<", + "home_server":"YOURDOMAIN", + "device_id":"YOURDEVICEID" +} +``` diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 1ed4befe..c0a90640 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -22,11 +22,13 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you - [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components. +- [`make`](https://www.gnu.org/software/make/) for running `make roles`, etc. (see [`Makefile`](../Makefile)), although you can also run these commands manually (without `make`) + - An HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). - Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)). -- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: +- Some TCP/UDP ports open. This playbook (actually [Docker itself](https://docs.docker.com/network/iptables/)) configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: - `80/tcp`: HTTP webserver - `443/tcp`: HTTPS webserver diff --git a/docs/self-building.md b/docs/self-building.md index ab6e17d3..3351a1f8 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -37,6 +37,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bot-mjolnir` - `matrix-bot-honoroit` - `matrix-bot-matrix-reminder-bot` +- `matrix-bot-maubot` - `matrix-email2matrix` Adding self-building support to other roles is welcome. Feel free to contribute! diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 7d2f2832..2ea20d2f 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -34,7 +34,7 @@ where `` is the hash returned by the docker command above. Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password -This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* +This requires an [access token](obtaining-access-tokens.md) from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 162e539e..43005ca4 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -1,3 +1,15 @@ +(cors) { + @cors_preflight method OPTIONS + + handle @cors_preflight { + header Access-Control-Allow-Origin "{args.0}" + header Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE" + header Access-Control-Allow-Headers "Content-Type, Authorization" + header Access-Control-Max-Age "3600" + } +} + + matrix.DOMAIN.tld { # creates letsencrypt certificate @@ -81,6 +93,13 @@ matrix.DOMAIN.tld { header Access-Control-Allow-Origin * file_server } + + # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the base domain + #handle @wellknown { + # # .well-known is handled by base domain + # reverse_proxy https://DOMAIN.tld { + # header_up Host {http.reverse_proxy.upstream.hostport} + #} handle { encode zstd gzip @@ -114,6 +133,8 @@ element.DOMAIN.tld { # creates letsencrypt certificate # tls your@email.com + import cors https://*.DOMAIN.tld + header { # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -123,6 +144,8 @@ element.DOMAIN.tld { X-Content-Type-Options "nosniff" # Disallow the site to be rendered within a frame (clickjacking protection) X-Frame-Options "DENY" + # If using integrations that add frames to Element, such as Dimension and its integrations running on the same domain, it can be a good idea to limit sources allowed to be rendered + # Content-Security-Policy frame-src https://*.DOMAIN.tld # X-Robots-Tag X-Robots-Tag "noindex, noarchive, nofollow" } @@ -144,6 +167,8 @@ element.DOMAIN.tld { # # creates letsencrypt certificate # # tls your@email.com # +# import cors https://*.DOMAIN.tld +# # header { # # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS # Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -151,8 +176,8 @@ element.DOMAIN.tld { # X-XSS-Protection "1; mode=block" # # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type # X-Content-Type-Options "nosniff" -# # Disallow the site to be rendered within a frame (clickjacking protection) -# X-Frame-Options "DENY" +# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain (clickjacking protection) +# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld # # X-Robots-Tag # X-Robots-Tag "noindex, noarchive, nofollow" # } @@ -176,6 +201,8 @@ element.DOMAIN.tld { # creates letsencrypt certificate # tls your@email.com # +# import cors https://*.DOMAIN.tld +# # header { # # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS # Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -185,9 +212,9 @@ element.DOMAIN.tld { # # # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type # X-Content-Type-Options "nosniff" -# -# # Disallow the site to be rendered within a frame (clickjacking protection) -# X-Frame-Options "SAMEORIGIN" + +# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain +# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld # # # Disable some features # Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'" @@ -225,6 +252,14 @@ element.DOMAIN.tld { # header_up Host {http.reverse_proxy.upstream.hostport} # } # } +# # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the matrix subdomain +# # handle /.well-known/* { +# # encode zstd gzip +# # header Cache-Control max-age=14400 +# # header Content-Type application/json +# # header Access-Control-Allow-Origin * +# #} +# # # Configration for the base domain goes here # # handle { # # header -Server diff --git a/examples/host.yml b/examples/host.yml new file mode 100644 index 00000000..e9ba2810 --- /dev/null +++ b/examples/host.yml @@ -0,0 +1,11 @@ +--- + +# This is a host file for usage with the `ansible-all-hosts.sh` script, +# which runs Ansible against a bunch of hosts, each with its own `sudo` password. +matrix_servers: + hosts: + matrix.: + ansible_host: + ansible_ssh_user: + become: true + become_user: root diff --git a/examples/vars.yml b/examples/vars.yml index 3ca8f460..e1b6cf05 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -12,7 +12,9 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE # The Matrix homeserver software to install. -# See `roles/matrix-base/defaults/main.yml` for valid options. +# See: +# - `roles/custom/matrix-base/defaults/main.yml` for valid options +# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice matrix_homeserver_implementation: synapse # A secret used as a base, for generating various other secrets. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index dae44e23..a846768c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -9,6 +9,46 @@ # You can also override ANY variable (seen here or in any given role), # by re-defining it in your own configuration file (`inventory/host_vars/matrix.`). + +######################################################################## +# # +# com.devture.ansible.role.timesync # +# # +######################################################################## + +# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`. + +######################################################################## +# # +# /com.devture.ansible.role.timesync # +# # +######################################################################## + + + +###################################################################### +# +# com.devture.ansible.role.playbook_state_preserver +# +###################################################################### + +# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`. + +devture_playbook_state_preserver_uid: "{{ matrix_user_uid }}" +devture_playbook_state_preserver_gid: "{{ matrix_user_gid }}" + +devture_playbook_state_preserver_vars_preservation_dst: "{{ matrix_base_data_path }}/vars.yml" + +devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_data_path }}/git_hash.yml" + +###################################################################### +# +# /com.devture.ansible.role.playbook_state_preserver +# +###################################################################### + + + ###################################################################### # # matrix-base @@ -22,16 +62,18 @@ matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matri matrix_homeserver_container_url: |- {{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else { - 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port | string), - 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port | string), + 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string), + 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string), + 'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string), }[matrix_homeserver_implementation] }} matrix_homeserver_container_federation_url: |- {{ 'http://matrix-nginx-proxy:12088' if matrix_nginx_proxy_enabled else { - 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | string), - 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port | string), + 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string), + 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string), + 'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string), }[matrix_homeserver_implementation] }} @@ -137,7 +179,7 @@ matrix_appservice_webhooks_systemd_required_services_list: | # We don't enable bridges by default. matrix_appservice_slack_enabled: false -matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-slack over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -213,6 +255,43 @@ matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_gen # ###################################################################### +###################################################################### +# +# matrix-bridge-appservice-kakaotalk +# +###################################################################### + +# We don't enable bridges by default. +matrix_appservice_kakaotalk_enabled: false + +matrix_appservice_kakaotalk_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-appservice-kakaotalk-node.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + }} + +matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}" + +matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}" + +matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-appservice-kakaotalk +# +###################################################################### + ###################################################################### # @@ -261,7 +340,7 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_go_skype_bridge_enabled: false -matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_go_skype_bridge_systemd_required_services_list: | {{ @@ -626,7 +705,7 @@ matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_g ###################################################################### # -# matrix-bridge-mautrix-wsproxy +# matrix-bridge-mautrix-discord # ###################################################################### @@ -660,7 +739,45 @@ matrix_mautrix_wsproxy_login_shared_secret: "{{ matrix_synapse_ext_password_prov # ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-wsproxy +# +###################################################################### +matrix_mautrix_discord_enabled: false +matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +matrix_mautrix_discord_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}" + +matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}" + +matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}" + +# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default. +# This will be fixed in the upcoming `0.5.0` release of conduit. +matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}" + +###################################################################### +# +# /matrix-bridge-mautrix-discord +# +###################################################################### ###################################################################### # @@ -726,7 +843,7 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false -matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" @@ -1058,6 +1175,48 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list: | # ###################################################################### +###################################################################### +# +# matrix-bot-maubot +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_maubot_enabled: false + +matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_bot_maubot_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_bot_maubot_registration_shared_secret: |- + {{ + { + 'synapse': matrix_synapse_registration_shared_secret, + 'dendrite': matrix_dendrite_registration_shared_secret, + }[matrix_homeserver_implementation] + }} + +matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_bot_maubot_management_interface_port | string) }}" + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bot-maubot +# +###################################################################### + ###################################################################### # @@ -1082,7 +1241,7 @@ matrix_bot_honoroit_systemd_required_services_list: | # Postgres is the default, except if not using `matrix_postgres` (internal postgres) matrix_bot_honoroit_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db') | to_uuid }}" -matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # @@ -1113,7 +1272,7 @@ matrix_bot_buscarron_systemd_required_services_list: | # Postgres is the default, except if not using `matrix_postgres` (internal postgres) matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}" -matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # @@ -1121,6 +1280,39 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in # ###################################################################### +###################################################################### +# +# matrix-bot-postmoogle +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_postmoogle_enabled: false +matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}" +matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem" +matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem" + +matrix_bot_postmoogle_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db') | to_uuid }}" + +matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + +###################################################################### +# +# /matrix-bot-postmoogle +# +###################################################################### + ###################################################################### # @@ -1218,6 +1410,35 @@ matrix_backup_borg_systemd_required_services_list: | # /matrix-backup-borg # ###################################################################### +###################################################################### +# +# matrix-cactus-comments +# +###################################################################### + +matrix_cactus_comments_enabled: false + +# Derive secret values from homeserver secret +matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token') | to_uuid }}" +matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token') | to_uuid }}" + +matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_cactus_comments_systemd_required_services_list: | + {{ + (['docker.service']) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + + + (['matrix-' + matrix_homeserver_implementation + '.service']) + }} + +matrix_cactus_comments_client_nginx_path: "{{ '/cactus-comments/' if matrix_nginx_proxy_enabled else matrix_cactus_comments_client_path + '/' }}" + +###################################################################### +# +# /matrix-cactus-comments +# +###################################################################### ###################################################################### # @@ -1339,6 +1560,8 @@ matrix_etherpad_enabled: false matrix_etherpad_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9001' }}" +matrix_etherpad_base_url: "{{ 'https://'+ matrix_server_fqn_dimension + matrix_etherpad_public_endpoint if matrix_etherpad_mode == 'dimension' else 'https://' + matrix_server_fqn_etherpad + '/' }}" + matrix_etherpad_systemd_required_services_list: | {{ ['docker.service'] @@ -1427,6 +1650,20 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab # /matrix-jitsi # ###################################################################### +###################################################################### +# +# matrix-ldap-registration-proxy +# +###################################################################### + +# This is only for users with a specific LDAP setup +matrix_ldap_registration_proxy_enabled: false + +###################################################################### +# +# /matrix-ldap-registration-proxy +# +###################################################################### ###################################################################### # @@ -1535,6 +1772,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |- { 'synapse': matrix_synapse_max_upload_size_mb, 'dendrite': (matrix_dendrite_max_file_size_bytes / 1024 / 1024) | round, + 'conduit': (matrix_conduit_max_request_size / 1024 / 1024) | round, }[matrix_homeserver_implementation]|int }} @@ -1548,6 +1786,7 @@ matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }} matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}" matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" +matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}" @@ -1570,6 +1809,7 @@ matrix_nginx_proxy_proxy_matrix_federation_api_enabled: |- { 'synapse': (matrix_synapse_federation_port_enabled and not matrix_synapse_tls_federation_listener_enabled), 'dendrite': matrix_dendrite_federation_enabled, + 'conduit': matrix_conduit_allow_federation, }[matrix_homeserver_implementation]|bool }} @@ -1588,6 +1828,12 @@ matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{ matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}" matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port | string }}" +matrix_nginx_proxy_proxy_conduit_enabled: "{{ matrix_conduit_enabled }}" +matrix_nginx_proxy_proxy_conduit_client_api_addr_with_container: "matrix-conduit:{{ matrix_conduit_port_number|string }}" +matrix_nginx_proxy_proxy_conduit_client_api_addr_sans_container: "127.0.0.1:{{ matrix_conduit_port_number|string }}" +matrix_nginx_proxy_proxy_conduit_federation_api_addr_with_container: "matrix-conduit:{{ matrix_conduit_port_number|string }}" +matrix_nginx_proxy_proxy_conduit_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_conduit_port_number|string }}" + # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" @@ -1610,14 +1856,20 @@ matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled } matrix_nginx_proxy_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}" matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}" matrix_nginx_proxy_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}" matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}" -matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" -matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" +matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}" matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] + + (matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled else []) + + (['matrix-corporal.service'] if matrix_corporal_enabled else []) + (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else []) @@ -1642,7 +1894,7 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else []) + - (['matrix-etherpad.service'] if matrix_etherpad_enabled and matrix_dimension_enabled else []) + (['matrix-etherpad.service'] if matrix_etherpad_enabled else []) + (['matrix-hookshot.service'] if matrix_hookshot_enabled else []) }} @@ -1663,6 +1915,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + + ([matrix_server_fqn_etherpad] if (matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone') else []) + + ([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else []) + ([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else []) @@ -1675,6 +1929,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + + ([matrix_bot_postmoogle_domain] if matrix_bot_postmoogle_enabled else []) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) + matrix_ssl_additional_domains_to_obtain_certificates_for @@ -1721,10 +1977,6 @@ matrix_postgres_additional_databases: | }] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + ([{ - 'name': matrix_dendrite_appservice_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, - },{ 'name': matrix_dendrite_federationapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, @@ -1776,6 +2028,18 @@ matrix_postgres_additional_databases: | 'password': matrix_bot_honoroit_database_password, }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_bot_postmoogle_database_name, + 'username': matrix_bot_postmoogle_database_username, + 'password': matrix_bot_postmoogle_database_password, + }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == 'matrix-postgres') else []) + + + ([{ + 'name': matrix_bot_maubot_database_name, + 'username': matrix_bot_maubot_database_username, + 'password': matrix_bot_maubot_database_password, + }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_bot_buscarron_database_name, 'username': matrix_bot_buscarron_database_username, @@ -1806,6 +2070,12 @@ matrix_postgres_additional_databases: | 'password': matrix_appservice_irc_database_password, }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_appservice_kakaotalk_database_name, + 'username': matrix_appservice_kakaotalk_database_username, + 'password': matrix_appservice_kakaotalk_database_password, + }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_beeper_linkedin_database_name, 'username': matrix_beeper_linkedin_database_username, @@ -1872,6 +2142,12 @@ matrix_postgres_additional_databases: | 'password': matrix_mautrix_whatsapp_database_password, }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_mautrix_discord_database_name, + 'username': matrix_mautrix_discord_database_username, + 'password': matrix_mautrix_discord_database_password, + }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mx_puppet_slack_database_name, 'username': matrix_mx_puppet_slack_database_username, @@ -1928,18 +2204,9 @@ matrix_postgres_additional_databases: | }} -matrix_postgres_import_roles_to_ignore: | +matrix_postgres_systemd_services_to_stop_for_maintenance_list: | {{ - [matrix_postgres_connection_username] - + - matrix_postgres_additional_databases|map(attribute='username') | list - }} - -matrix_postgres_import_databases_to_ignore: | - {{ - [matrix_postgres_db_name] - + - matrix_postgres_additional_databases|map(attribute='name') | list + ['matrix-' + matrix_homeserver_implementation + '.service'] }} ###################################################################### @@ -2008,7 +2275,7 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}" # If you wish to connect to your Matrix server by other means, you may wish to disable this. matrix_client_element_enabled: true -matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -2076,7 +2343,7 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl matrix_client_cinny_enabled: false -matrix_client_cinny_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_client_cinny_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Cinny over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -2103,9 +2370,7 @@ matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}" matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" -# When ma1sd is enabled, we can use it to validate email addresses and phone numbers. -# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. -matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" +# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself. matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. @@ -2182,7 +2447,7 @@ matrix_synapse_systemd_required_services_list: | + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + - (['matrix-goofys'] if matrix_s3_media_store_enabled else []) + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} matrix_synapse_systemd_wanted_services_list: | @@ -2197,6 +2462,9 @@ matrix_synapse_redis_enabled: "{{ matrix_redis_enabled }}" matrix_synapse_redis_host: "{{ 'matrix-redis' if matrix_redis_enabled else '' }}" matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_redis_enabled else '' }}" +matrix_synapse_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}" +matrix_synapse_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}" + ###################################################################### # # /matrix-synapse @@ -2306,13 +2574,24 @@ matrix_grafana_enabled: false # Grafana's HTTP port to the local host. matrix_grafana_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:3000' }}" -matrix_grafana_dashboard_download_urls_all: | +matrix_grafana_dashboard_download_urls: | {{ - matrix_grafana_dashboard_download_urls + (matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else []) + + + (matrix_prometheus_node_exporter_dashboard_urls if matrix_prometheus_node_exporter_enabled else []) + (matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else []) }} +matrix_grafana_default_home_dashboard_path: |- + {{ + { + 'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled else '/etc/grafana/dashboards/node-exporter-full.json'), + 'dendrite': '/etc/grafana/dashboards/node-exporter-full.json', + 'conduit': '/etc/grafana/dashboards/node-exporter-full.json', + }[matrix_homeserver_implementation] + }} + matrix_grafana_systemd_wanted_services_list: | {{ [] @@ -2346,6 +2625,7 @@ matrix_registration_shared_secret: |- { 'synapse': matrix_synapse_registration_shared_secret, 'dendrite': matrix_dendrite_registration_shared_secret, + 'conduit': '', }[matrix_homeserver_implementation] }} @@ -2453,7 +2733,7 @@ matrix_dendrite_systemd_required_services_list: | + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + - (['matrix-goofys'] if matrix_s3_media_store_enabled else []) + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} matrix_dendrite_systemd_wanted_services_list: | @@ -2461,8 +2741,71 @@ matrix_dendrite_systemd_wanted_services_list: | (['matrix-coturn.service'] if matrix_coturn_enabled else []) }} +matrix_dendrite_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}" +matrix_dendrite_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}" + ###################################################################### # # /matrix-dendrite # ###################################################################### + +###################################################################### +# +# matrix-conduit +# +###################################################################### + +matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}" + +matrix_conduit_systemd_required_services_list: | + {{ + (['docker.service']) + }} + + +###################################################################### +# +# /matrix-conduit +# +###################################################################### + + +###################################################################### +# +# matrix-user-creator +# +###################################################################### + +matrix_user_creator_users_auto: | + {{ + [{ + 'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart, + 'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password, + 'initial_type': 'bot', + }] if matrix_bot_matrix_reminder_bot_enabled else [] + + + [{ + 'username': matrix_bot_honoroit_login, + 'initial_password': matrix_bot_honoroit_password, + 'initial_type': 'bot', + }] if matrix_bot_honoroit_enabled else [] + + + [{ + 'username': matrix_bot_postmoogle_login, + 'initial_password': matrix_bot_postmoogle_password, + 'initial_type': 'bot', + }] if matrix_bot_postmoogle_enabled else [] + + + [{ + 'username': matrix_bot_buscarron_login, + 'initial_password': matrix_bot_buscarron_password, + 'initial_type': 'bot', + }] if matrix_bot_buscarron_enabled else [] + }} + +###################################################################### +# +# /matrix-user-creator +# +###################################################################### diff --git a/inventory/scripts/ansible-all-hosts.sh b/inventory/scripts/ansible-all-hosts.sh new file mode 100755 index 00000000..3b611ab3 --- /dev/null +++ b/inventory/scripts/ansible-all-hosts.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +# +# Run the playbook on multiple hosts with different credentials with this script +# It defaults to ansible tags "setup-all,start". You can pass alternative tags +# to this script as arguments, e.g. +# +# ./inventory/scripts/ansible-all-hosts.sh self-check +# + +# set playbook root path +root=$(dirname "$(readlink -f "$0")")/../.. + +# set default tags or get from first argument if any +tags="${1:-setup-all,start}" + +# init password array +declare -A pws + +# capture passwords for all hosts +for host in "$root"/inventory/*.yml; do + read -rp "sudo password for $(basename "$host"): " -s pw + pws[$host]="$pw" + echo +done + +# run ansible on all captured passwords/hosts +for host in "${!pws[@]}"; do + ansible-playbook "$root"/setup.yml \ + --inventory-file "$host" \ + --extra-vars "ansible_become_pass=${pws[$host]}" \ + --tags="$tags" +done diff --git a/inventory/scripts/jitsi-generate-passwords.sh b/inventory/scripts/jitsi-generate-passwords.sh index c48a0c2d..f24a3fba 100755 --- a/inventory/scripts/jitsi-generate-passwords.sh +++ b/inventory/scripts/jitsi-generate-passwords.sh @@ -18,7 +18,7 @@ JIBRI_XMPP_PASSWORD=$(generatePassword) echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:" echo "" -echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD -echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD -echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD -echo "matrix_jitsi_jibri_xmpp_password: "$JIBRI_XMPP_PASSWORD +echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" +echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" +echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" +echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 00000000..a57b63a9 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,16 @@ +--- + +- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git + version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f + +- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git + version: 327d2e17f5189ac2480d6012f58cf64a2b46efba + +- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git + version: 461ace97fcf0e36c76747b36fcad8587d9b072f5 + +- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git + version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 + +- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git + version: f1c78d4e85e875129790c58335d0e44385683f6b diff --git a/roles/matrix-aux/defaults/main.yml b/roles/custom/matrix-aux/defaults/main.yml similarity index 89% rename from roles/matrix-aux/defaults/main.yml rename to roles/custom/matrix-aux/defaults/main.yml index e4a4e827..4c1f8879 100644 --- a/roles/matrix-aux/defaults/main.yml +++ b/roles/custom/matrix-aux/defaults/main.yml @@ -50,6 +50,9 @@ matrix_aux_file_default_mode: '0640' # then you likely need to add `/matrix/some/path` to `matrix_aux_directory_definitions` as well. # You don't need to do this for directories that the playbook already creates for you. # +# Use a `content` key for text content and `src` with a location to a file for binary content. +# The `content` key does not support binary content (see https://github.com/ansible/ansible/issues/11594). +# # Example: # # matrix_aux_file_definitions: @@ -69,4 +72,10 @@ matrix_aux_file_default_mode: '0640' # mode: '0600' # owner: 'some-user' # group: 'some-group' +# +# - dest: /matrix/aux/binary-file.dat +# src: "/path/to/binary.dat" +# mode: '0600' +# owner: 'some-user' +# group: 'some-group' matrix_aux_file_definitions: [] diff --git a/roles/matrix-aux/tasks/main.yml b/roles/custom/matrix-aux/tasks/main.yml similarity index 100% rename from roles/matrix-aux/tasks/main.yml rename to roles/custom/matrix-aux/tasks/main.yml diff --git a/roles/matrix-aux/tasks/setup.yml b/roles/custom/matrix-aux/tasks/setup.yml similarity index 85% rename from roles/matrix-aux/tasks/setup.yml rename to roles/custom/matrix-aux/tasks/setup.yml index ccb0bdcb..eb0adad4 100644 --- a/roles/matrix-aux/tasks/setup.yml +++ b/roles/custom/matrix-aux/tasks/setup.yml @@ -11,8 +11,9 @@ - name: Ensure AUX files are created ansible.builtin.copy: + src: "{{ item.src if 'src' in item else omit }}" + content: "{{ item.content if 'content' in item else omit }}" dest: "{{ item.dest }}" - content: "{{ item.content }}" owner: "{{ item.owner | default(matrix_user_username) }}" group: "{{ item.group | default(matrix_user_groupname) }}" mode: "{{ item.mode | default(matrix_aux_file_default_mode) }}" diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/custom/matrix-backup-borg/defaults/main.yml similarity index 93% rename from roles/matrix-backup-borg/defaults/main.yml rename to roles/custom/matrix-backup-borg/defaults/main.yml index 89381788..de086ebd 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/custom/matrix-backup-borg/defaults/main.yml @@ -26,8 +26,11 @@ matrix_backup_borg_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-backup-borg.service wants matrix_backup_borg_systemd_wanted_services_list: [] -# systemd calendar configuration for backup job +# systemd calendar configuration for the backup job +# the actual job may run with a delay (see matrix_backup_borg_schedule_randomized_delay_sec) matrix_backup_borg_schedule: "*-*-* 04:00:00" +# the delay with which the systemd timer may run in relation to the `matrix_backup_borg_schedule` schedule +matrix_backup_borg_schedule_randomized_delay_sec: 2h # what directories should be added to backup matrix_backup_borg_location_source_directories: [] diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/custom/matrix-backup-borg/tasks/init.yml similarity index 100% rename from roles/matrix-backup-borg/tasks/init.yml rename to roles/custom/matrix-backup-borg/tasks/init.yml diff --git a/roles/matrix-backup-borg/tasks/main.yml b/roles/custom/matrix-backup-borg/tasks/main.yml similarity index 100% rename from roles/matrix-backup-borg/tasks/main.yml rename to roles/custom/matrix-backup-borg/tasks/main.yml diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/custom/matrix-backup-borg/tasks/setup_install.yml similarity index 82% rename from roles/matrix-backup-borg/tasks/setup_install.yml rename to roles/custom/matrix-backup-borg/tasks/setup_install.yml index cc9816fa..d12229e2 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml @@ -1,8 +1,16 @@ --- -- block: +- when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == '' + block: + - name: Fail with matrix_backup_borg_version advice if Postgres not enabled + ansible.builtin.fail: + msg: >- + You are not running a built-in Postgres server (`matrix_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen. + Consider setting `matrix_backup_borg_version` to your Postgres version manually. + when: not matrix_postgres_enabled + - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: detect_existing_postgres_version - name: Fail if detected Postgres version is unsupported @@ -13,7 +21,6 @@ - name: Set the correct borg backup version to use ansible.builtin.set_fact: matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" - when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == '' - name: Ensure borg paths exist ansible.builtin.file: @@ -52,15 +59,15 @@ mode: 0600 - name: Ensure borg image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_backup_borg_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}" when: "not matrix_backup_borg_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure borg repository is present on self-build @@ -75,7 +82,7 @@ when: "matrix_backup_borg_container_image_self_build | bool" - name: Ensure borg image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_backup_borg_docker_image }}" source: build force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -89,14 +96,14 @@ - name: Ensure matrix-backup-borg.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" mode: 0644 register: matrix_backup_borg_systemd_service_result - name: Ensure matrix-backup-borg.timer installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" - dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer" mode: 0644 register: matrix_backup_borg_systemd_timer_result diff --git a/roles/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-backup-borg/tasks/setup_uninstall.yml rename to roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml index fb583f57..c4c1028d 100644 --- a/roles/matrix-backup-borg/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-backup-borg service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" register: matrix_backup_borg_service_stat - name: Ensure matrix-backup-borg is stopped @@ -15,13 +15,13 @@ - name: Ensure matrix-backup-borg.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" state: absent when: "matrix_backup_borg_service_stat.stat.exists | bool" - name: Ensure matrix-backup-borg.timer doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer" state: absent when: "matrix_backup_borg_service_stat.stat.exists | bool" @@ -36,6 +36,6 @@ state: absent - name: Ensure borg Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_backup_borg_docker_image }}" state: absent diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/custom/matrix-backup-borg/tasks/validate_config.yml similarity index 100% rename from roles/matrix-backup-borg/tasks/validate_config.yml rename to roles/custom/matrix-backup-borg/tasks/validate_config.yml diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/custom/matrix-backup-borg/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-backup-borg/templates/config.yaml.j2 rename to roles/custom/matrix-backup-borg/templates/config.yaml.j2 diff --git a/roles/matrix-backup-borg/templates/passwd.j2 b/roles/custom/matrix-backup-borg/templates/passwd.j2 similarity index 100% rename from roles/matrix-backup-borg/templates/passwd.j2 rename to roles/custom/matrix-backup-borg/templates/passwd.j2 diff --git a/roles/matrix-backup-borg/templates/sshkey.j2 b/roles/custom/matrix-backup-borg/templates/sshkey.j2 similarity index 100% rename from roles/matrix-backup-borg/templates/sshkey.j2 rename to roles/custom/matrix-backup-borg/templates/sshkey.j2 diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 similarity index 66% rename from roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 rename to roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 index 76217250..533f6e42 100644 --- a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 +++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -12,10 +12,10 @@ DefaultDependencies=no [Service] Type=oneshot -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \ --log-driver=none \ --cap-drop=ALL \ --read-only \ @@ -33,7 +33,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-bor {{ matrix_backup_borg_docker_image }} \ sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}" -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \ --log-driver=none \ --cap-drop=ALL \ --read-only \ @@ -50,8 +50,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ {% endfor %} {{ matrix_backup_borg_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' SyslogIdentifier=matrix-backup-borg [Install] diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 similarity index 68% rename from roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 rename to roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 index 541d0020..fdafef76 100644 --- a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 +++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 @@ -4,7 +4,7 @@ Description=Matrix Borg Backup timer [Timer] Unit=matrix-backup-borg.service OnCalendar={{ matrix_backup_borg_schedule }} -RandomizedDelaySec=2h +RandomizedDelaySec={{ matrix_backup_borg_schedule_randomized_delay_sec }} [Install] WantedBy=timers.target diff --git a/roles/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml similarity index 88% rename from roles/matrix-base/defaults/main.yml rename to roles/custom/matrix-base/defaults/main.yml index 21879e19..6b6885c6 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -28,7 +28,7 @@ matrix_homeserver_admin_contacts: [] matrix_homeserver_support_url: '' # This will contain the homeserver implementation that is in use. -# Valid values: synapse, dendrite +# Valid values: synapse, dendrite, conduit # # By default, we use Synapse, because it's the only full-featured Matrix server at the moment. # @@ -62,6 +62,9 @@ matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}" # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" +# This is where you access the etherpad (if enabled via matrix_etherpad_enabled; disabled by default). +matrix_server_fqn_etherpad: "etherpad.{{ matrix_domain }}" + # For use with Go-NEB! (github callback url for example) matrix_server_fqn_bot_go_neb: "goneb.{{ matrix_domain }}" @@ -95,14 +98,6 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" -# Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt. -matrix_container_retries_count: 10 -matrix_container_retries_delay: 10 - -# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt. -matrix_geturl_retries_count: 10 -matrix_geturl_retries_delay: 10 - matrix_user_username: "matrix" matrix_user_groupname: "matrix" @@ -116,12 +111,6 @@ matrix_base_data_path: "/matrix" matrix_base_data_path_mode: "750" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" -matrix_systemd_path: "/etc/systemd/system" - -# Specifies the path to use for the `HOME` environment variable for systemd unit files. -# Docker 20.10 complains with `WARNING: Error loading config file: .dockercfg: $HOME is not defined` -# if `$HOME` is not defined, so we define something to make it happy. -matrix_systemd_unit_home_path: /root # This is now unused. We keep it so that cleanup tasks can use it. # To be removed in the future. @@ -129,16 +118,10 @@ matrix_cron_path: "/etc/cron.d" matrix_local_bin_path: "/usr/local/bin" -matrix_host_command_docker: "/usr/bin/env docker" matrix_host_command_sleep: "/usr/bin/env sleep" matrix_host_command_chown: "/usr/bin/env chown" matrix_host_command_fusermount: "/usr/bin/env fusermount" matrix_host_command_openssl: "/usr/bin/env openssl" -matrix_host_command_systemctl: "/usr/bin/env systemctl" -matrix_host_command_sh: "/usr/bin/env sh" - -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" -matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" @@ -258,12 +241,6 @@ matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_sup # The Docker network that all services would be put into matrix_docker_network: "matrix" -# Controls whether we'll preserve the vars.yml file on the Matrix server. -# If you have a differently organized inventory, you may wish to disable this feature, -# or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve. -matrix_vars_yml_snapshotting_enabled: true -matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}/vars.yml" - # Controls whether a `/.well-known/matrix/server` file is generated and used at all. # # If you wish to rely on DNS SRV records only, you can disable this. diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo b/roles/custom/matrix-base/files/yum.repos.d/docker-ce-centos.repo similarity index 100% rename from roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo rename to roles/custom/matrix-base/files/yum.repos.d/docker-ce-centos.repo diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo b/roles/custom/matrix-base/files/yum.repos.d/docker-ce-fedora.repo similarity index 100% rename from roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo rename to roles/custom/matrix-base/files/yum.repos.d/docker-ce-fedora.repo diff --git a/roles/matrix-base/tasks/clean_up_old_files.yml b/roles/custom/matrix-base/tasks/clean_up_old_files.yml similarity index 100% rename from roles/matrix-base/tasks/clean_up_old_files.yml rename to roles/custom/matrix-base/tasks/clean_up_old_files.yml diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml new file mode 100644 index 00000000..8f768bd1 --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml @@ -0,0 +1,12 @@ +--- + +# This is for both RedHat 7 and 8 +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml" + when: ansible_os_family == 'RedHat' + +# This is for both Debian and Raspbian +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml" + when: ansible_os_family == 'Debian' + +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml" + when: ansible_os_family == 'Archlinux' diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed_archlinux.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed_archlinux.yml new file mode 100644 index 00000000..676543d8 --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed_archlinux.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure fuse installed (Archlinux) + community.general.pacman: + name: fuse3 + state: present diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed_debian.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed_debian.yml new file mode 100644 index 00000000..b9491eb4 --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed_debian.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure fuse installed (Debian/Raspbian) + ansible.builtin.apt: + name: fuse + state: present diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml new file mode 100644 index 00000000..878fb568 --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure fuse installed (RedHat) + ansible.builtin.yum: + name: fuse + state: present diff --git a/roles/custom/matrix-base/tasks/ensure_openssl_installed.yml b/roles/custom/matrix-base/tasks/ensure_openssl_installed.yml new file mode 100644 index 00000000..d0cd8ede --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_openssl_installed.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure openssl installed + ansible.builtin.package: + name: openssl + state: present diff --git a/roles/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml similarity index 100% rename from roles/matrix-base/tasks/main.yml rename to roles/custom/matrix-base/tasks/main.yml diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/custom/matrix-base/tasks/sanity_check.yml similarity index 99% rename from roles/matrix-base/tasks/sanity_check.yml rename to roles/custom/matrix-base/tasks/sanity_check.yml index 76100687..5104ba43 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/custom/matrix-base/tasks/sanity_check.yml @@ -3,7 +3,7 @@ - name: Fail if invalid homeserver implementation ansible.builtin.fail: msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`" - when: "matrix_homeserver_implementation not in ['synapse', 'dendrite']" + when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']" # We generally support Ansible 2.7.1 and above. - name: Fail if running on Ansible < 2.7.1 diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/custom/matrix-base/tasks/server_base/setup.yml similarity index 85% rename from roles/matrix-base/tasks/server_base/setup.yml rename to roles/custom/matrix-base/tasks/server_base/setup.yml index 40d5a4d0..d0b9f0b9 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup.yml @@ -9,7 +9,8 @@ - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30 -- block: +- when: ansible_os_family == 'Debian' + block: # ansible_lsb is only available if lsb-release is installed. - name: Ensure lsb-release installed ansible.builtin.apt: @@ -20,7 +21,8 @@ register: lsb_release_installation_result - name: Reread ansible_lsb facts if lsb-release got installed - ansible.builtin.setup: filter=ansible_lsb* + ansible.builtin.setup: + filter: ansible_lsb* when: lsb_release_installation_result.changed - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml" @@ -28,7 +30,6 @@ - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml" when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian') - when: ansible_os_family == 'Debian' - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml" when: ansible_distribution == 'Archlinux' @@ -38,9 +39,3 @@ name: docker state: started enabled: true - -- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns" - ansible.builtin.service: - name: "{{ matrix_ntpd_service }}" - state: started - enabled: true diff --git a/roles/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml similarity index 82% rename from roles/matrix-base/tasks/server_base/setup_archlinux.yml rename to roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml index c912e58f..a9313614 100644 --- a/roles/matrix-base/tasks/server_base/setup_archlinux.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml @@ -1,7 +1,7 @@ --- - name: Install host dependencies - pacman: + community.general.pacman: name: - python-docker - python-dnspython @@ -9,7 +9,7 @@ update_cache: true - name: Ensure Docker is installed - pacman: + community.general.pacman: name: - docker state: present diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/custom/matrix-base/tasks/server_base/setup_debian.yml similarity index 88% rename from roles/matrix-base/tasks/server_base/setup_debian.yml rename to roles/custom/matrix-base/tasks/server_base/setup_debian.yml index 271fab41..412a11d0 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_debian.yml @@ -25,13 +25,6 @@ update_cache: true when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' -- name: Ensure APT packages are installed - ansible.builtin.apt: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.apt: name: diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml similarity index 86% rename from roles/matrix-base/tasks/server_base/setup_fedora.yml rename to roles/custom/matrix-base/tasks/server_base/setup_fedora.yml index 2c7d528f..19d46571 100644 --- a/roles/matrix-base/tasks/server_base/setup_fedora.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml @@ -17,13 +17,6 @@ key: https://download.docker.com/linux/fedora/gpg when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' -- name: Ensure yum packages are installed - ansible.builtin.yum: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.yum: name: diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml similarity index 82% rename from roles/matrix-base/tasks/server_base/setup_raspbian.yml rename to roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml index 54ea4d18..6959b39c 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml @@ -25,17 +25,10 @@ update_cache: true when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' -- name: Ensure APT packages are installed - ansible.builtin.apt: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.apt: name: - "{{ matrix_docker_package_name }}" - - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" + - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker" state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_redhat.yml b/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml similarity index 83% rename from roles/matrix-base/tasks/server_base/setup_redhat.yml rename to roles/custom/matrix-base/tasks/server_base/setup_redhat.yml index 4e5c97d4..dbddd913 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml @@ -15,13 +15,6 @@ key: https://download.docker.com/linux/centos/gpg when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' -- name: Ensure yum packages are installed - ansible.builtin.yum: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.yum: name: diff --git a/roles/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml similarity index 87% rename from roles/matrix-base/tasks/server_base/setup_redhat8.yml rename to roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml index 932dbab5..c303abb8 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat8.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml @@ -22,13 +22,6 @@ state: present update_cache: true -- name: Ensure yum packages are installed - ansible.builtin.yum: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.yum: name: diff --git a/roles/matrix-base/tasks/setup_matrix_base.yml b/roles/custom/matrix-base/tasks/setup_matrix_base.yml similarity index 62% rename from roles/matrix-base/tasks/setup_matrix_base.yml rename to roles/custom/matrix-base/tasks/setup_matrix_base.yml index 2e860987..f954bd79 100644 --- a/roles/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/custom/matrix-base/tasks/setup_matrix_base.yml @@ -10,17 +10,8 @@ with_items: - "{{ matrix_base_data_path }}" -- name: Preserve vars.yml on the server for easily restoring if it gets lost later on - ansible.builtin.copy: - src: "{{ matrix_vars_yml_snapshotting_src }}" - dest: "{{ matrix_base_data_path }}/vars.yml" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: '0660' - when: "matrix_vars_yml_snapshotting_enabled | bool" - - name: Ensure Matrix network is created in Docker - docker_network: + community.docker.docker_network: name: "{{ matrix_docker_network }}" driver: bridge diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/custom/matrix-base/tasks/setup_matrix_user.yml similarity index 100% rename from roles/matrix-base/tasks/setup_matrix_user.yml rename to roles/custom/matrix-base/tasks/setup_matrix_user.yml diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/custom/matrix-base/tasks/setup_well_known.yml similarity index 100% rename from roles/matrix-base/tasks/setup_well_known.yml rename to roles/custom/matrix-base/tasks/setup_well_known.yml diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 similarity index 100% rename from roles/matrix-base/templates/static-files/well-known/matrix-client.j2 rename to roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-server.j2 similarity index 100% rename from roles/matrix-base/templates/static-files/well-known/matrix-server.j2 rename to roles/custom/matrix-base/templates/static-files/well-known/matrix-server.j2 diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2 similarity index 100% rename from roles/matrix-base/templates/static-files/well-known/matrix-support.j2 rename to roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2 diff --git a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 b/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 similarity index 85% rename from roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 rename to roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 index f4b23b44..f9b174e5 100644 --- a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 +++ b/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 @@ -16,9 +16,9 @@ if [ "$sure" != "Yes, I really want to remove everything!" ]; then else echo "Stop and remove matrix services" - for s in $(find {{ matrix_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do + for s in $(find {{ devture_systemd_docker_base_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do systemctl disable --now $s - rm -f {{ matrix_systemd_path }}/$s + rm -f {{ devture_systemd_docker_base_systemd_path }}/$s done systemctl daemon-reload diff --git a/roles/matrix-base/vars/main.yml b/roles/custom/matrix-base/vars/main.yml similarity index 59% rename from roles/matrix-base/vars/main.yml rename to roles/custom/matrix-base/vars/main.yml index 28ac226a..3578666f 100644 --- a/roles/matrix-base/vars/main.yml +++ b/roles/custom/matrix-base/vars/main.yml @@ -2,3 +2,6 @@ # This will contain a list of enabled services that the playbook is managing. # Each component is expected to append its service name to this list. matrix_systemd_services_list: [] + +matrix_homeserver_container_runtime_injected_arguments: [] +matrix_homeserver_app_service_runtime_injected_config_files: [] diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml similarity index 83% rename from roles/matrix-bot-buscarron/defaults/main.yml rename to roles/custom/matrix-bot-buscarron/defaults/main.yml index 6d289bb9..21d9a4a3 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.2.0 +matrix_bot_buscarron_version: v1.3.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -78,37 +78,49 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" matrix_bot_buscarron_forms: [] # Disable encryption -matrix_bot_buscarron_noencryption: +matrix_bot_buscarron_noencryption: false # Sentry DSN -matrix_bot_buscarron_sentry: +matrix_bot_buscarron_sentry: '' # Log level matrix_bot_buscarron_loglevel: INFO -# spam hosts/domains +# list of spammers with wildcards support, eg: *@spam.com spam@*, spam@spam.com +matrix_bot_buscarron_spamlist: [] + +# spam hosts/domains. +# deprecated, use matrix_bot_buscarron_spamlist matrix_bot_buscarron_spam_hosts: [] # spam email addresses +# deprecated, use matrix_bot_buscarron_spamlist matrix_bot_buscarron_spam_emails: [] # spam email localparts +# deprecated, use matrix_bot_buscarron_spamlist matrix_bot_buscarron_spam_localparts: [] -# Ban duration in hours -matrix_bot_buscarron_ban_duration: 24 - # Banlist size matrix_bot_buscarron_ban_size: 10000 +# Permanent banlist +matrix_bot_buscarron_ban_list: [] + # Postmark token (confirmation emails) -matrix_bot_buscarron_pm_token: +matrix_bot_buscarron_pm_token: '' # Postmark sender signature -matrix_bot_buscarron_pm_from: +matrix_bot_buscarron_pm_from: '' # Postmark confirmation email's reply-to -matrix_bot_buscarron_pm_replyto: +matrix_bot_buscarron_pm_replyto: '' + +# email address (from) for SMTP validation. Must be valid email on valid SMTP server, otherwise it will be rejected by other servers +matrix_bot_buscarron_smtp_from: '' + +# enforce SMTP validation +matrix_bot_buscarron_smtp_validation: false # Additional environment variables to pass to the buscarron container # diff --git a/roles/matrix-bot-buscarron/tasks/init.yml b/roles/custom/matrix-bot-buscarron/tasks/init.yml similarity index 100% rename from roles/matrix-bot-buscarron/tasks/init.yml rename to roles/custom/matrix-bot-buscarron/tasks/init.yml diff --git a/roles/matrix-bot-buscarron/tasks/main.yml b/roles/custom/matrix-bot-buscarron/tasks/main.yml similarity index 100% rename from roles/matrix-bot-buscarron/tasks/main.yml rename to roles/custom/matrix-bot-buscarron/tasks/main.yml diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml similarity index 89% rename from roles/matrix-bot-buscarron/tasks/setup_install.yml rename to roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 0db7b728..156813de 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -2,13 +2,15 @@ - ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: false -- block: +- when: "matrix_bot_buscarron_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" register: matrix_bot_buscarron_sqlite_database_path_local_stat_result - - block: + - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" @@ -19,13 +21,11 @@ systemd_services_to_stop: ['matrix-bot-buscarron.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: true - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_buscarron_database_engine == 'postgres'" - name: Ensure buscarron paths exist ansible.builtin.file: @@ -50,15 +50,15 @@ mode: 0640 - name: Ensure buscarron image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}" when: "not matrix_bot_buscarron_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure buscarron repository is present on self-build @@ -73,7 +73,7 @@ when: "matrix_bot_buscarron_container_image_self_build | bool" - name: Ensure buscarron image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" source: build force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -87,7 +87,7 @@ - name: Ensure matrix-bot-buscarron.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" mode: 0644 register: matrix_bot_buscarron_systemd_service_result diff --git a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-buscarron/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml index ad9e78cd..cb3333bf 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-buscarron service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" register: matrix_bot_buscarron_service_stat - name: Ensure matrix-buscarron is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-buscarron.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" state: absent when: "matrix_bot_buscarron_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure buscarron Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" state: absent diff --git a/roles/matrix-bot-buscarron/tasks/validate_config.yml b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-buscarron/tasks/validate_config.yml rename to roles/custom/matrix-bot-buscarron/tasks/validate_config.yml diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/custom/matrix-bot-buscarron/templates/env.j2 similarity index 83% rename from roles/matrix-bot-buscarron/templates/env.j2 rename to roles/custom/matrix-bot-buscarron/templates/env.j2 index 42da0d34..80ddd38c 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/env.j2 @@ -3,22 +3,26 @@ BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }} BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }} BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} +BUSCARRON_SPAMLIST={{ matrix_bot_buscarron_spamlist|join(" ") }} BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} -BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} +BUSCARRON_BAN_LIST={{ matrix_bot_buscarron_ban_list|default('')|join(' ') }} BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} +BUSCARRON_SMTP_FROM={{ matrix_bot_buscarron_smtp_from }} +BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }} BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }} +BUSCARRON_{{ form.name|upper }}_HASEMAIL={{ form.hasemail|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} diff --git a/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 similarity index 51% rename from roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 rename to roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 index fd6d0310..60909dc9 100644 --- a/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-buscarron \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron {% endfor %} {{ matrix_bot_buscarron_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-buscarron diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/custom/matrix-bot-go-neb/defaults/main.yml similarity index 100% rename from roles/matrix-bot-go-neb/defaults/main.yml rename to roles/custom/matrix-bot-go-neb/defaults/main.yml diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/custom/matrix-bot-go-neb/tasks/init.yml similarity index 100% rename from roles/matrix-bot-go-neb/tasks/init.yml rename to roles/custom/matrix-bot-go-neb/tasks/init.yml diff --git a/roles/matrix-bot-go-neb/tasks/main.yml b/roles/custom/matrix-bot-go-neb/tasks/main.yml similarity index 100% rename from roles/matrix-bot-go-neb/tasks/main.yml rename to roles/custom/matrix-bot-go-neb/tasks/main.yml diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml similarity index 88% rename from roles/matrix-bot-go-neb/tasks/setup_install.yml rename to roles/custom/matrix-bot-go-neb/tasks/setup_install.yml index a651c160..70aec14a 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml @@ -17,14 +17,14 @@ when: "item.when | bool" - name: Ensure go-neb image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_go_neb_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure go-neb config installed @@ -38,7 +38,7 @@ - name: Ensure matrix-bot-go-neb.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" mode: 0644 register: matrix_bot_go_neb_systemd_service_result diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-go-neb/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml index 9794a90a..d5caa86b 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-go-neb service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" register: matrix_bot_go_neb_service_stat - name: Ensure matrix-go-neb is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-go-neb.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" state: absent when: "matrix_bot_go_neb_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure go-neb Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_go_neb_docker_image }}" state: absent diff --git a/roles/matrix-bot-go-neb/tasks/validate_config.yml b/roles/custom/matrix-bot-go-neb/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-go-neb/tasks/validate_config.yml rename to roles/custom/matrix-bot-go-neb/tasks/validate_config.yml diff --git a/roles/matrix-bot-go-neb/templates/config.yaml.j2 b/roles/custom/matrix-bot-go-neb/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bot-go-neb/templates/config.yaml.j2 rename to roles/custom/matrix-bot-go-neb/templates/config.yaml.j2 diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 similarity index 62% rename from roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 rename to roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index 83eb3c7d..a57df57e 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-go-neb \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ {{ matrix_bot_go_neb_docker_image }} \ -c "go-neb /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-go-neb diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml similarity index 88% rename from roles/matrix-bot-honoroit/defaults/main.yml rename to roles/custom/matrix-bot-honoroit/defaults/main.yml index a48fb878..3510f473 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.9 +matrix_bot_honoroit_version: v0.9.16 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -88,15 +88,35 @@ matrix_bot_honoroit_loglevel: '' # Disable encryption matrix_bot_honoroit_noencryption: false +# A list of whitelisted users allowed to use/invite honoroit +# If not defined, everyone is allowed. +# Example set of rules: +# matrix_bot_honoroit_allowedusers: +# - @someone:example.com +# - @another:example.com +# - @bot.*:example.com +# - @*:another.com +matrix_bot_honoroit_allowedusers: + - "@*:*" + # Max items in cache matrix_bot_honoroit_cachesize: '' +# List of ignored room IDs +matrix_bot_honoroit_ignoredrooms: [] + +# Ignore messages outside of threads +matrix_bot_honoroit_ignorenothread: false + # Text prefix: open matrix_bot_honoroit_text_prefix_open: '' # Text prefix: done matrix_bot_honoroit_text_prefix_done: '' +# Text: no encryption +matrix_bot_honoroit_text_noencryption: '' + # Text: greetings matrix_bot_honoroit_text_greetings: '' diff --git a/roles/matrix-bot-honoroit/tasks/init.yml b/roles/custom/matrix-bot-honoroit/tasks/init.yml similarity index 100% rename from roles/matrix-bot-honoroit/tasks/init.yml rename to roles/custom/matrix-bot-honoroit/tasks/init.yml diff --git a/roles/matrix-bot-honoroit/tasks/main.yml b/roles/custom/matrix-bot-honoroit/tasks/main.yml similarity index 100% rename from roles/matrix-bot-honoroit/tasks/main.yml rename to roles/custom/matrix-bot-honoroit/tasks/main.yml diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml similarity index 89% rename from roles/matrix-bot-honoroit/tasks/setup_install.yml rename to roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index 9bb979fc..05dcd7c7 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -2,13 +2,15 @@ - ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: false -- block: +- when: "matrix_bot_honoroit_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" register: matrix_bot_honoroit_sqlite_database_path_local_stat_result - - block: + - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" @@ -19,13 +21,11 @@ systemd_services_to_stop: ['matrix-bot-honoroit.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: true - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_honoroit_database_engine == 'postgres'" - name: Ensure honoroit paths exist ansible.builtin.file: @@ -50,15 +50,15 @@ mode: 0640 - name: Ensure honoroit image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_honoroit_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}" when: "not matrix_bot_honoroit_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure honoroit repository is present on self-build @@ -73,7 +73,7 @@ when: "matrix_bot_honoroit_container_image_self_build | bool" - name: Ensure honoroit image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_honoroit_docker_image }}" source: build force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -87,7 +87,7 @@ - name: Ensure matrix-bot-honoroit.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" mode: 0644 register: matrix_bot_honoroit_systemd_service_result diff --git a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-honoroit/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml index 6ede0d1d..0fa83a02 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-honoroit service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" register: matrix_bot_honoroit_service_stat - name: Ensure matrix-honoroit is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-honoroit.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" state: absent when: "matrix_bot_honoroit_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure honoroit Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_honoroit_docker_image }}" state: absent diff --git a/roles/matrix-bot-honoroit/tasks/validate_config.yml b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-honoroit/tasks/validate_config.yml rename to roles/custom/matrix-bot-honoroit/tasks/validate_config.yml diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/custom/matrix-bot-honoroit/templates/env.j2 similarity index 81% rename from roles/matrix-bot-honoroit/templates/env.j2 rename to roles/custom/matrix-bot-honoroit/templates/env.j2 index de8b9d84..0cfd88c1 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/env.j2 @@ -9,8 +9,12 @@ HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} +HONOROIT_IGNORENOTHREAD={{ matrix_bot_honoroit_ignorenothread }} +HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms | join(' ') }} +HONOROIT_ALLOWEDUSERS={{ matrix_bot_honoroit_allowedusers | join(' ') }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} +HONOROIT_TEXT_NOENCRYPTION={{ matrix_bot_honoroit_text_noencryption }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} HONOROIT_TEXT_INVITE={{ matrix_bot_honoroit_text_invite }} HONOROIT_TEXT_JOIN={{ matrix_bot_honoroit_text_join }} diff --git a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 similarity index 51% rename from roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 rename to roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index 2bb14109..2cce62da 100644 --- a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-honoroit \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ {% endfor %} {{ matrix_bot_honoroit_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/defaults/main.yml rename to roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/tasks/init.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/tasks/main.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index d4522321..3838fa07 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -22,15 +22,15 @@ mode: 0640 - name: Ensure matrix-registration-bot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_registration_bot_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-registration-bot repository is present on self-build @@ -45,7 +45,7 @@ when: "matrix_bot_matrix_registration_bot_container_image_self_build | bool" - name: Ensure matrix-registration-bot image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" source: build force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -59,7 +59,7 @@ - name: Ensure matrix-bot-matrix-registration-bot.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" mode: 0644 register: matrix_bot_matrix_registration_bot_systemd_service_result diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml similarity index 83% rename from roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml index 426eefc1..c7ee1365 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-matrix-registration-bot service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" register: matrix_bot_matrix_registration_bot_service_stat - name: Ensure matrix-matrix-registration-bot is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" state: absent when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure matrix-registration-bot Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" state: absent diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml diff --git a/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 rename to roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 diff --git a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 similarity index 50% rename from roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 rename to roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 index e1aa8954..704c512f 100644 --- a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \ --log-driver=none \ --cap-drop=ALL \ -e "CONFIG_PATH=/config/config.yml" \ @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reg --network={{ matrix_docker_network }} \ {{ matrix_bot_matrix_registration_bot_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-registration-bot diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/defaults/main.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/tasks/init.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/tasks/main.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml similarity index 90% rename from roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index 0ad895af..00e25c36 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -3,13 +3,15 @@ - ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: false -- block: +- when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" register: matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result - - block: + - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" @@ -20,13 +22,11 @@ systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: true - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'" - name: Ensure matrix-reminder-bot paths exist ansible.builtin.file: @@ -43,15 +43,15 @@ when: "item.when | bool" - name: Ensure matrix-reminder-bot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_reminder_bot_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-reminder-bot repository is present on self-build @@ -66,7 +66,7 @@ when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool" - name: Ensure matrix-reminder-bot image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" source: build force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -88,7 +88,7 @@ - name: Ensure matrix-bot-matrix-reminder-bot.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" mode: 0644 register: matrix_bot_matrix_reminder_bot_systemd_service_result diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml similarity index 83% rename from roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index d8926df7..1b940f32 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-matrix-reminder-bot service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" register: matrix_bot_matrix_reminder_bot_service_stat - name: Ensure matrix-matrix-reminder-bot is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" state: absent when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure matrix-reminder-bot Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" state: absent diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 b/roles/custom/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 rename to roles/custom/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 similarity index 55% rename from roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 rename to roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index a9cf8bb8..71598232 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-reminder-bot diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml new file mode 100644 index 00000000..0a73d92e --- /dev/null +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -0,0 +1,69 @@ +--- + +# maubot is a plugin-based Matrix bot system. +# Project source code URL: https://mau.dev/maubot/maubot + +matrix_bot_maubot_enabled: true +matrix_bot_maubot_container_image_self_build: false +matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git" +matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src" +matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" + + +matrix_bot_maubot_version: v0.3.1 +matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}" +matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" + +matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" +matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data" +matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config" + +matrix_bot_maubot_bot_server_public_url: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_maubot_proxy_management_interface: true + +matrix_bot_maubot_database_engine: sqlite +matrix_bot_maubot_sqlite_database_path_local: "{{ matrix_bot_maubot_data_path }}/maubot.db" +matrix_bot_maubot_sqlite_database_path_in_container: "/data/maubot.db" + +matrix_bot_maubot_database_username: matrix_bot_maubot +matrix_bot_maubot_database_password: ~ +matrix_bot_maubot_database_hostname: 'matrix-postgres' +matrix_bot_maubot_database_port: 5432 +matrix_bot_maubot_database_name: matrix_bot_maubot + +matrix_bot_maubot_database_connection_string: postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable + +matrix_bot_maubot_database_uri: "{{ + { + 'sqlite': ('sqlite:///' + matrix_bot_maubot_sqlite_database_path_in_container), + 'postgres': matrix_bot_maubot_database_connection_string, + }[matrix_bot_maubot_database_engine] + }}" + + +# Defines the port number where the management interface is +# To actually expose the management interface outside of the container, use `matrix_bot_maubot_management_interface_http_bind_port` +matrix_bot_maubot_management_interface_port: 29316 + +# Controls whether the maubot container exposes its HTTP management interface port (tcp/29316 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:29316"), or empty string to not expose. +# If you'll be setting this at all, it should be defined in terms of `matrix_bot_maubot_management_interface_port`. +# Example: +# matrix_bot_maubot_management_interface_http_bind_port: "127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}" +matrix_bot_maubot_management_interface_http_bind_port: '' + + +matrix_bot_maubot_unshared_secret: 'generate' + +# Specifies the default log level for all bot loggers. +matrix_bot_maubot_logging_level: WARNING + +# A list of extra arguments to pass to the container +matrix_bot_maubot_container_extra_arguments: [] + +# List of systemd services that matrix-bot-maubot.service depends on +matrix_bot_maubot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-maubot.service wants +matrix_bot_maubot_systemd_wanted_services_list: [] diff --git a/roles/custom/matrix-bot-maubot/tasks/init.yml b/roles/custom/matrix-bot-maubot/tasks/init.yml new file mode 100644 index 00000000..ccb5956e --- /dev/null +++ b/roles/custom/matrix-bot-maubot/tasks/init.yml @@ -0,0 +1,47 @@ +--- + +- name: Add maubot to the systemd service list + ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" + when: matrix_bot_maubot_enabled | bool + +- name: Configure nginx for maubot + block: + - name: Generate Maubot proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_bot_maubot_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/maubot/.*) { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-maubot:{{ matrix_bot_maubot_management_interface_port }}"; + proxy_pass http://$backend$request_uri; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}$request_uri; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {% endif %} + } + when: matrix_bot_maubot_proxy_management_interface | bool + + - name: Register Maubot's proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_bot_maubot_matrix_nginx_proxy_configuration] + }} + when: matrix_bot_maubot_proxy_management_interface | bool + + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled Maubot but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `/_matrix/maubot` + URL endpoint to the matrix-maubot container. + when: "matrix_bot_maubot_enabled | bool and matrix_bot_maubot_proxy_management_interface | bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/custom/matrix-bot-maubot/tasks/main.yml b/roles/custom/matrix-bot-maubot/tasks/main.yml new file mode 100644 index 00000000..773f4b9f --- /dev/null +++ b/roles/custom/matrix-bot-maubot/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_maubot_enabled|bool" + tags: + - setup-all + - setup-bot-maubot + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_maubot_enabled|bool" + tags: + - setup-all + - setup-bot-maubot + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_maubot_enabled|bool" + tags: + - setup-all + - setup-bot-maubot diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml new file mode 100644 index 00000000..22f53b6f --- /dev/null +++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml @@ -0,0 +1,73 @@ +--- + +- name: Ensure maubot paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0755 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_maubot_base_path }}", when: true} + - {path: "{{ matrix_bot_maubot_config_path }}", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true} + - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true} + - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"} + when: "item.when|bool" + +- name: Ensure maubot configuration file created + ansible.builtin.template: + src: "{{ role_path }}/templates/config/config.yaml.j2" + dest: "{{ matrix_bot_maubot_config_path }}/config.yaml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: "u=rwx" + +- name: Ensure maubot image is pulled + community.docker.docker_image: + name: "{{ matrix_bot_maubot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}" + when: "not matrix_bot_maubot_container_image_self_build|bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure maubot repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_bot_maubot_docker_repo }}" + version: "{{ matrix_bot_maubot_docker_repo_version }}" + dest: "{{ matrix_bot_maubot_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_maubot_git_pull_results + when: "matrix_bot_maubot_container_image_self_build|bool" + +- name: Ensure maubot image is built + community.docker.docker_image: + name: "{{ matrix_bot_maubot_docker_image }}" + source: build + force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_maubot_docker_src_files_path }}" + pull: true + when: "matrix_bot_maubot_container_image_self_build|bool" + +- name: Ensure matrix-bot-maubot.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" + mode: 0644 + register: matrix_bot_maubot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-maubot.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_bot_maubot_systemd_service_result.changed|bool" diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml new file mode 100644 index 00000000..33b8fc14 --- /dev/null +++ b/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-maubot service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" + register: matrix_bot_maubot_service_stat + +- name: Ensure matrix-bot-maubot is stopped + ansible.builtin.service: + name: matrix-bot-maubot + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_maubot_service_stat.stat.exists | bool" + +- name: Ensure matrix-bot-maubot.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" + state: absent + when: "matrix_bot_maubot_service_stat.stat.exists | bool" + +- name: Ensure systemd reloaded after matrix-bot-maubot.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_bot_maubot_service_stat.stat.exists | bool" + +- name: Ensure Matrix maubot paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_maubot_base_path }}" + state: absent + +- name: Ensure maubot Docker image doesn't exist + community.docker.docker_image: + name: "{{ matrix_bot_maubot_docker_image }}" + state: absent diff --git a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml new file mode 100644 index 00000000..5b28d9c0 --- /dev/null +++ b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - matrix_bot_maubot_unshared_secret + - matrix_bot_maubot_admins diff --git a/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 new file mode 100644 index 00000000..49bbcb87 --- /dev/null +++ b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -0,0 +1,110 @@ +# The full URI to the database. SQLite and Postgres are fully supported. +# Other DBMSes supported by SQLAlchemy may or may not work. +# Format examples: +# SQLite: sqlite:///filename.db +# Postgres: postgresql://username:password@hostname/dbname +database: {{ matrix_bot_maubot_database_uri|to_json }} + +# Separate database URL for the crypto database. "default" means use the same database as above. +crypto_database: + type: default + +# Additional arguments for asyncpg.create_pool() or sqlite3.connect() +# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool +# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect +# For sqlite, min_size is used as the connection thread pool size and max_size is ignored. +database_opts: + min_size: 1 + max_size: 10 +plugin_directories: + # The directory where uploaded new plugins should be stored. + upload: /data/plugins + # The directories from which plugins should be loaded. + # Duplicate plugin IDs will be moved to the trash. + load: + - /data/plugins + trash: /data/trash + +# Configuration for storing plugin databases +plugin_databases: + # Some plugins still require sqlite, so configure a path here. + # postgres will be used if supported. + sqlite: /data/dbs + postgres: default + +server: + # The IP and port to listen to. + hostname: 0.0.0.0 + port: {{ matrix_bot_maubot_management_interface_port|to_json }} + # Public base URL where the server is visible. + public_url: {{ matrix_bot_maubot_bot_server_public_url|to_json }} + # The base management API path. + base_path: /_matrix/maubot/v1 + # The base path for the UI. + ui_base_path: /_matrix/maubot + # The base path for plugin endpoints. The instance ID will be appended directly. + plugin_base_path: /_matrix/maubot/plugin/ + # Override path from where to load UI resources. + # Set to false to using pkg_resources to find the path. + override_resource_path: /opt/maubot/frontend + # The base appservice API path. Use / for legacy appservice API and /_matrix/app/v1 for v1. + appservice_base_path: /_matrix/app/v1 + # The shared secret to sign API access tokens. + # Set to "generate" to generate and save a new token at startup. + unshared_secret: {{ matrix_bot_maubot_unshared_secret|to_json }} + +# Known homeservers. This is required for the `mbc auth` command and also allows +# more convenient access from the management UI. This is not required to create +# clients in the management UI, since you can also just type the homeserver URL +# into the box there. +homeservers: + {{ matrix_domain }}: + # Client-server API URL + url: "https://{{ matrix_server_fqn_matrix }}" + # registration_shared_secret from synapse config + # You can leave this empty if you don't have access to the homeserver. + # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. + secret: {{ matrix_bot_maubot_registration_shared_secret|to_json }} + +# List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password +# to prevent normal login. Root is a special user that can't have a password and will always exist. +admins: {{ matrix_bot_maubot_admins | combine( {"root": ""} )|to_json }} + +api_features: + login: true + plugin: true + plugin_upload: true + instance: true + instance_database: true + client: true + client_proxy: true + client_auth: true + dev_open: true + log: true + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): maubot.lib.color_log.ColorFormatter + format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s' + normal: + format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s' + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + maubot: + level: {{ matrix_bot_maubot_logging_level|to_json }} + mau: + level: {{ matrix_bot_maubot_logging_level|to_json }} + aiohttp: + level: {{ matrix_bot_maubot_logging_level|to_json }} + root: + level: {{ matrix_bot_maubot_logging_level|to_json }} + handlers: [console] diff --git a/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 new file mode 100644 index 00000000..34c85635 --- /dev/null +++ b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Maubot +{% for service in matrix_bot_maubot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_maubot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-maubot \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --cap-drop=ALL \ + --mount type=bind,src={{ matrix_bot_maubot_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_bot_maubot_data_path }},dst=/data \ + {% for arg in matrix_bot_maubot_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_bot_maubot_management_interface_http_bind_port %} + -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }} \ + {% endif %} + {{ matrix_bot_maubot_docker_image }} \ + python3 -m maubot -c /config/config.yaml --no-update + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-maubot + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml similarity index 100% rename from roles/matrix-bot-mjolnir/defaults/main.yml rename to roles/custom/matrix-bot-mjolnir/defaults/main.yml diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/custom/matrix-bot-mjolnir/tasks/init.yml similarity index 100% rename from roles/matrix-bot-mjolnir/tasks/init.yml rename to roles/custom/matrix-bot-mjolnir/tasks/init.yml diff --git a/roles/matrix-bot-mjolnir/tasks/main.yml b/roles/custom/matrix-bot-mjolnir/tasks/main.yml similarity index 100% rename from roles/matrix-bot-mjolnir/tasks/main.yml rename to roles/custom/matrix-bot-mjolnir/tasks/main.yml diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bot-mjolnir/tasks/setup_install.yml rename to roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml index 08ac9d03..995e3b2b 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml @@ -18,15 +18,15 @@ when: "item.when | bool" - name: Ensure mjolnir Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_mjolnir_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" when: "not matrix_bot_mjolnir_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure mjolnir repository is present on self-build @@ -41,7 +41,7 @@ when: "matrix_bot_mjolnir_container_image_self_build | bool" - name: Ensure mjolnir Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_mjolnir_docker_image }}" source: build force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}" @@ -62,7 +62,7 @@ - name: Ensure matrix-bot-mjolnir.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-mjolnir.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" mode: 0644 register: matrix_bot_mjolnir_systemd_service_result diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml index 5c7f4c89..708a7bb0 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-bot-mjolnir service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" register: matrix_bot_mjolnir_service_stat - name: Ensure matrix-bot-mjolnir is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-mjolnir.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" state: absent when: "matrix_bot_mjolnir_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure mjolnir Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_mjolnir_docker_image }}" state: absent diff --git a/roles/matrix-bot-mjolnir/tasks/validate_config.yml b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-mjolnir/tasks/validate_config.yml rename to roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml diff --git a/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 new file mode 100644 index 00000000..7643d65f --- /dev/null +++ b/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 @@ -0,0 +1,246 @@ +# Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API), +# set this to the pantalaimon URL if you're using that. +homeserverUrl: "{{ matrix_homeserver_url }}" + +# Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +rawHomeserverUrl: "{{ matrix_homeserver_url }}" + +# Matrix Access Token to use, Mjolnir will only use this if pantalaimon.use is false. +accessToken: "{{ matrix_bot_mjolnir_access_token }}" + +# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) +#pantalaimon: +# # Whether or not Mjolnir will use pantalaimon to access the matrix homeserver, +# # set to `true` if you're using pantalaimon. +# # +# # Be sure to point homeserverUrl to the pantalaimon instance. +# # +# # Mjolnir will log in using the given username and password once, +# # then store the resulting access token in a file under dataPath. +# use: false +# +# # The username to login with. +# username: mjolnir +# +# # The password Mjolnir will login with. +# # +# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. +# password: your_password + +# The path Mjolnir will store its state/data in, leave default ("/data/storage") when using containers. +dataPath: "/data" + +# If true (the default), Mjolnir will only accept invites from users present in managementRoom. +autojoinOnlyIfManager: true + +# If `autojoinOnlyIfManager` is false, only the members in this space can invite +# the bot to new rooms. +#acceptInvitesFromSpace: "!example:example.org" + +# Whether Mjolnir should report ignored invites to the management room (if autojoinOnlyIfManager is true). +recordIgnoredInvites: false + +# The room ID (or room alias) of the management room, anyone in this room can issue commands to Mjolnir. +# +# Mjolnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it! +# +# This should be a room alias or room ID - not a matrix.to URL. +# +# Note: By default, Mjolnir is fairly verbose - expect a lot of messages in this room. +# (see verboseLogging to adjust this a bit.) +managementRoom: "{{ matrix_bot_mjolnir_management_room }}" + +# Whether Mjolnir should log a lot more messages in the room, +# mainly involves "all-OK" messages, and debugging messages for when mjolnir checks bans in a room. +verboseLogging: false + +# The log level of terminal (or container) output, +# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. +# +# This should be at INFO or DEBUG in order to get support for Mjolnir problems. +logLevel: "INFO" + +# Whether or not Mjolnir should synchronize policy lists immediately after startup. +# Equivalent to running '!mjolnir sync'. +syncOnStartup: true + +# Whether or not Mjolnir should check moderation permissions in all protected rooms on startup. +# Equivalent to running `!mjolnir verify`. +verifyPermissionsOnStartup: true + +# Whether or not Mjolnir should actually apply bans and policy lists, +# turn on to trial some untrusted configuration or lists. +noop: false + +# Whether Mjolnir should check member lists quicker (by using a different endpoint), +# keep in mind that enabling this will miss invited (but not joined) users. +# +# Turn on if your bot is in (very) large rooms, or in large amounts of rooms. +fasterMembershipChecks: false + +# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for. +# +# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list, +# it will also remove the user's messages automatically. +# +# Typically this is useful to avoid having to give two commands to the bot. +# Advanced: Use asterisks to have the reason match using "globs" +# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting"). +# +# See here for more info: https://www.digitalocean.com/community/tools/glob +# Note: Keep in mind that glob is NOT regex! +automaticallyRedactForReasons: + - "spam" + - "advertising" + +# A list of rooms to protect. Mjolnir will add this to the list it knows from its account data. +# +# It won't, however, add it to the account data. +# Manually add the room via '!mjolnir rooms add' to have it stay protected regardless if this config value changes. +# +# Note: These must be matrix.to URLs +#protectedRooms: +# - "https://matrix.to/#/#yourroom:example.org" + +# Whether or not to add all joined rooms to the "protected rooms" list +# (excluding the management room and watched policy list rooms, see below). +# +# Note that this effectively makes the protectedRooms and associated commands useless +# for regular rooms. +# +# Note: the management room is *excluded* from this condition. +# Explicitly add it as a protected room to protect it. +# +# Note: Ban list rooms the bot is watching but didn't create will not be protected. +# Explicitly add these rooms as a protected room list if you want them protected. +protectAllJoinedRooms: false + +# Increase this delay to have Mjölnir wait longer between two consecutive backgrounded +# operations. The total duration of operations will be longer, but the homeserver won't +# be affected as much. Conversely, decrease this delay to have Mjölnir chain operations +# faster. The total duration of operations will generally be shorter, but the performance +# of the homeserver may be more impacted. +backgroundDelayMS: 500 + +# Server administration commands, these commands will only work if Mjolnir is +# a global server administrator, and the bot's server is a Synapse instance. +#admin: +# # Whether or not Mjolnir can temporarily take control of any eligible account from the local homeserver who's in the room +# # (with enough permissions) to "make" a user an admin. +# # +# # This only works if a local user with enough admin permissions is present in the room. +# enableMakeRoomAdminCommand: false + +# Misc options for command handling and commands +commands: + # Whether or not the `!mjolnir` prefix is necessary to submit commands. + # + # If `true`, will allow commands like `!ban`, `!help`, etc. + # + # Note: Mjolnir can also be pinged by display name instead of having to use + # the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" + # will address only my_moderator_bot. + allowNoPrefix: false + + # Any additional bot prefixes that Mjolnir will listen to. i.e. adding `mod` will allow `!mod help`. + additionalPrefixes: + - "mjolnir_bot" + + # Whether or not commands with a wildcard (*) will require an additional `--force` argument + # in the command to be able to be submitted. + confirmWildcardBan: true + +# Configuration specific to certain toggle-able protections +#protections: +# # Configuration for the wordlist plugin, which can ban users based if they say certain +# # blocked words shortly after joining. +# wordlist: +# # A list of case-insensitive keywords that the WordList protection will watch for from new users. +# # +# # WordList will ban users who use these words when first joining a room, so take caution when selecting them. +# # +# # For advanced usage, regex can also be used, see the following links for more information; +# # - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions +# # - https://regexr.com/ +# # - https://regexone.com/ +# words: +# - "LoReM" +# - "IpSuM" +# - "DoLoR" +# - "aMeT" +# +# # For how long (in minutes) the user is "new" to the WordList plugin. +# # +# # After this time, the user will no longer be banned for using a word in the above wordlist. +# # +# # Set to zero to disable the timeout and make users *always* appear "new". +# # (users will always be banned if they say a bad word) +# minutesBeforeTrusting: 20 + +# Options for advanced monitoring of the health of the bot. +health: + # healthz options. These options are best for use in container environments + # like Kubernetes to detect how healthy the service is. The bot will report + # that it is unhealthy until it is able to process user requests. Typically + # this means that it'll flag itself as unhealthy for a number of minutes + # before saying "Now monitoring rooms" and flagging itself healthy. + # + # Health is flagged through HTTP status codes, defined below. + healthz: + # Whether the healthz integration should be enabled (default false) + enabled: false + + # The port to expose the webserver on. Defaults to 8080. + port: 8080 + + # The address to listen for requests on. Defaults to all addresses. + address: "0.0.0.0" + + # The path to expose the monitoring endpoint at. Defaults to `/healthz` + endpoint: "/healthz" + + # The HTTP status code which reports that the bot is healthy/ready to + # process requests. Typically this should not be changed. Defaults to + # 200. + healthyStatus: 200 + + # The HTTP status code which reports that the bot is not healthy/ready. + # Defaults to 418. + unhealthyStatus: 418 + +# Options for exposing web APIs. +#web: +# # Whether to enable web APIs. +# enabled: false +# +# # The port to expose the webserver on. Defaults to 8080. +# port: 8080 +# +# # The address to listen for requests on. Defaults to only the current +# # computer. +# address: localhost +# +# # Alternative setting to open to the entire web. Be careful, +# # as this will increase your security perimeter: +# # +# # address: "0.0.0.0" +# +# # A web API designed to intercept Matrix API +# # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId} +# # and display readable abuse reports in the moderation room. +# # +# # If you wish to take advantage of this feature, you will need +# # to configure a reverse proxy, see e.g. test/nginx.conf +# abuseReporting: +# # Whether to enable this feature. +# enabled: false + +# Whether or not to actively poll synapse for abuse reports, to be used +# instead of intercepting client calls to synapse's abuse endpoint, when that +# isn't possible/practical. +pollReports: false + +# Whether or not new reports, received either by webapi or polling, +# should be printed to our managementRoom. +displayReports: false diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 similarity index 55% rename from roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 rename to roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 7ea6be37..8ac872b7 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-mjolnir \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-mjolnir diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml new file mode 100644 index 00000000..af6c23ac --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -0,0 +1,151 @@ +--- +# postmoogle is an email to matrix bot +# Project source code URL: https://gitlab.com/etke.cc/postmoogle + +matrix_bot_postmoogle_enabled: true + +matrix_bot_postmoogle_container_image_self_build: false +matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" +matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" +matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" + +matrix_bot_postmoogle_version: v0.9.8 +matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}" +matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" +matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" + +matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle" +matrix_bot_postmoogle_config_path: "{{ matrix_bot_postmoogle_base_path }}/config" +matrix_bot_postmoogle_data_path: "{{ matrix_bot_postmoogle_base_path }}/data" + +# A list of extra arguments to pass to the container +matrix_bot_postmoogle_container_extra_arguments: [] + +# List of systemd services that matrix-bot-postmoogle.service depends on +matrix_bot_postmoogle_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-postmoogle.service wants +matrix_bot_postmoogle_systemd_wanted_services_list: [] + + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_bot_postmoogle_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_bot_postmoogle_database_*` variables +matrix_bot_postmoogle_database_engine: 'sqlite' + +matrix_bot_postmoogle_sqlite_database_path_local: "{{ matrix_bot_postmoogle_data_path }}/bot.db" +matrix_bot_postmoogle_sqlite_database_path_in_container: "/data/bot.db" + +matrix_bot_postmoogle_database_username: 'postmoogle' +matrix_bot_postmoogle_database_password: 'some-password' +matrix_bot_postmoogle_database_hostname: 'matrix-postgres' +matrix_bot_postmoogle_database_port: 5432 +matrix_bot_postmoogle_database_name: 'postmoogle' + +matrix_bot_postmoogle_database_connection_string: 'postgres://{{ matrix_bot_postmoogle_database_username }}:{{ matrix_bot_postmoogle_database_password }}@{{ matrix_bot_postmoogle_database_hostname }}:{{ matrix_bot_postmoogle_database_port }}/{{ matrix_bot_postmoogle_database_name }}?sslmode=disable' + +matrix_bot_postmoogle_storage_database: "{{ + { + 'sqlite': matrix_bot_postmoogle_sqlite_database_path_in_container, + 'postgres': matrix_bot_postmoogle_database_connection_string, + }[matrix_bot_postmoogle_database_engine] +}}" + +matrix_bot_postmoogle_database_dialect: "{{ + { + 'sqlite': 'sqlite3', + 'postgres': 'postgres', + }[matrix_bot_postmoogle_database_engine] +}}" + + +# The bot's username. This user needs to be created manually beforehand. +# Also see `matrix_bot_postmoogle_password`. +matrix_bot_postmoogle_login: "postmoogle" + +# The password that the bot uses to authenticate. +matrix_bot_postmoogle_password: '' + +matrix_bot_postmoogle_homeserver: "{{ matrix_homeserver_container_url }}" + +# Command prefix +matrix_bot_postmoogle_prefix: '!pm' + +# Max email size in megabytes, including attachments +matrix_bot_postmoogle_maxsize: '1024' + +# DEPRECATED, use !pm users instead +# A list of whitelisted users allowed to use the bridge. +# If not defined, everyone is allowed. +# Example set of rules: +# matrix_bot_postmoogle_users: +# - @someone:example.com +# - @another:example.com +# - @bot.*:example.com +# - @*:another.com +matrix_bot_postmoogle_users: + - "@*:{{ matrix_domain }}" + +# A list of admins +# Example set of rules: +# matrix_bot_postmoogle_admins: +# - @someone:example.com +# - @another:example.com +# - @bot.*:example.com +# - @*:another.com +matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}" + +# Sentry DSN +matrix_bot_postmoogle_sentry: '' + +# Log level +matrix_bot_postmoogle_loglevel: 'INFO' + +# Disable encryption +matrix_bot_postmoogle_noencryption: false + +matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}" + +# Password (passphrase) to encrypt account data +matrix_bot_postmoogle_data_secret: "" + +# in-container ports +matrix_bot_postmoogle_port: '2525' +matrix_bot_postmoogle_tls_port: '25587' + +# on-host ports +matrix_bot_postmoogle_smtp_host_bind_port: '25' +matrix_bot_postmoogle_submission_host_bind_port: '587' + +### SSL +## on-host SSL dir +matrix_bot_postmoogle_ssl_path: "" + +## in-container SSL paths +# matrix_bot_postmoogle_tls_cert is the SSL certificate's certificate. +# This is likely set via group_vars/matrix_servers, so you don't need to set it. +# If you do need to set it manually, note that this is an in-container path. +# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path +# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem +matrix_bot_postmoogle_tls_cert: "" + +# matrix_bot_postmoogle_tls_key is the SSL certificate's key. +# This is likely set via group_vars/matrix_servers, so you don't need to set it. +# If you do need to set it manually, note that this is an in-container path. +# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path +# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem +matrix_bot_postmoogle_tls_key: "" + +# Mandatory TLS, even on plain SMTP port +matrix_bot_postmoogle_tls_required: false + +# Additional environment variables to pass to the postmoogle container +# +# Example: +# matrix_bot_postmoogle_environment_variables_extension: | +# postmoogle_TEXT_DONE=Done +matrix_bot_postmoogle_environment_variables_extension: '' diff --git a/roles/custom/matrix-bot-postmoogle/tasks/init.yml b/roles/custom/matrix-bot-postmoogle/tasks/init.yml new file mode 100644 index 00000000..16b78171 --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-postmoogle.service'] }}" + when: matrix_bot_postmoogle_enabled | bool diff --git a/roles/custom/matrix-bot-postmoogle/tasks/main.yml b/roles/custom/matrix-bot-postmoogle/tasks/main.yml new file mode 100644 index 00000000..cbe590e1 --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool" + tags: + - setup-all + - setup-bot-postmoogle + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool" + tags: + - setup-all + - setup-bot-postmoogle + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_postmoogle_enabled | bool" + tags: + - setup-all + - setup-bot-postmoogle diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml new file mode 100644 index 00000000..993cf8e5 --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- +- when: "matrix_bot_postmoogle_database_engine == 'postgres'" + block: + - name: Check if an SQLite database already exists + ansible.builtin.stat: + path: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}" + register: matrix_bot_postmoogle_sqlite_database_path_local_stat_result + + - when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool" + block: + - ansible.builtin.set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}" + dst: "{{ matrix_bot_postmoogle_database_connection_string }}" + caller: "{{ role_path | basename }}" + engine_variable_name: 'matrix_bot_postmoogle_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-bot-postmoogle.service'] + + - ansible.builtin.import_role: + name: custom/matrix-postgres + tasks_from: migrate_db_to_postgres + + - ansible.builtin.set_fact: + matrix_bot_postmoogle_requires_restart: true + +- name: Ensure postmoogle paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_postmoogle_config_path }}", when: true} + - {path: "{{ matrix_bot_postmoogle_data_path }}", when: true} + - {path: "{{ matrix_bot_postmoogle_docker_src_files_path }}", when: matrix_bot_postmoogle_container_image_self_build} + when: "item.when | bool" + +- name: Ensure postmoogle environment variables file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_bot_postmoogle_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure postmoogle image is pulled + community.docker.docker_image: + name: "{{ matrix_bot_postmoogle_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_postmoogle_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_postmoogle_docker_image_force_pull }}" + when: "not matrix_bot_postmoogle_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure postmoogle repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_bot_postmoogle_docker_repo }}" + version: "{{ matrix_bot_postmoogle_docker_repo_version }}" + dest: "{{ matrix_bot_postmoogle_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_postmoogle_git_pull_results + when: "matrix_bot_postmoogle_container_image_self_build | bool" + +- name: Ensure postmoogle image is built + community.docker.docker_image: + name: "{{ matrix_bot_postmoogle_docker_image }}" + source: build + force_source: "{{ matrix_bot_postmoogle_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_postmoogle_docker_src_files_path }}" + pull: true + when: "matrix_bot_postmoogle_container_image_self_build | bool" + +- name: Ensure matrix-bot-postmoogle.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-bot-postmoogle.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" + mode: 0644 + register: matrix_bot_postmoogle_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-postmoogle.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_bot_postmoogle_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml new file mode 100644 index 00000000..198df7d7 --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-postmoogle service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" + register: matrix_bot_postmoogle_service_stat + +- name: Ensure matrix-postmoogle is stopped + ansible.builtin.service: + name: matrix-bot-postmoogle + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_postmoogle_service_stat.stat.exists | bool" + +- name: Ensure matrix-bot-postmoogle.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" + state: absent + when: "matrix_bot_postmoogle_service_stat.stat.exists | bool" + +- name: Ensure systemd reloaded after matrix-bot-postmoogle.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_bot_postmoogle_service_stat.stat.exists | bool" + +- name: Ensure Matrix postmoogle paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_postmoogle_base_path }}" + state: absent + +- name: Ensure postmoogle Docker image doesn't exist + community.docker.docker_image: + name: "{{ matrix_bot_postmoogle_docker_image }}" + state: absent diff --git a/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml b/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml new file mode 100644 index 00000000..b5d9d1ed --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_bot_postmoogle_password" diff --git a/roles/custom/matrix-bot-postmoogle/templates/env.j2 b/roles/custom/matrix-bot-postmoogle/templates/env.j2 new file mode 100644 index 00000000..c8151053 --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/templates/env.j2 @@ -0,0 +1,20 @@ +POSTMOOGLE_LOGIN={{ matrix_bot_postmoogle_login }} +POSTMOOGLE_PASSWORD={{ matrix_bot_postmoogle_password }} +POSTMOOGLE_HOMESERVER={{ matrix_bot_postmoogle_homeserver }} +POSTMOOGLE_DOMAIN={{ matrix_bot_postmoogle_domain }} +POSTMOOGLE_PORT={{ matrix_bot_postmoogle_port }} +POSTMOOGLE_DB_DSN={{ matrix_bot_postmoogle_database_connection_string }} +POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }} +POSTMOOGLE_PREFIX={{ matrix_bot_postmoogle_prefix }} +POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }} +POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }} +POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }} +POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }} +POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }} +POSTMOOGLE_TLS_PORT={{ matrix_bot_postmoogle_tls_port }} +POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }} +POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }} +POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }} +POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }} + +{{ matrix_bot_postmoogle_environment_variables_extension }} diff --git a/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 new file mode 100644 index 00000000..f2610600 --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 @@ -0,0 +1,46 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix helpdesk bot +{% for service in matrix_bot_postmoogle_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_postmoogle_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-postmoogle \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_postmoogle_config_path }}/env \ + -p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \ + {% if matrix_bot_postmoogle_ssl_path %} + -p {{ matrix_bot_postmoogle_submission_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \ + {% endif %} + --mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \ + {% if matrix_bot_postmoogle_ssl_path %} + --mount type=bind,src={{ matrix_bot_postmoogle_ssl_path }},dst=/ssl \ + {% endif %} + {% for arg in matrix_bot_postmoogle_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_postmoogle_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-postmoogle + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml similarity index 92% rename from roles/matrix-bridge-appservice-discord/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-discord/defaults/main.yml index 9f6109ed..9e061d67 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml @@ -2,10 +2,12 @@ # matrix-appservice-discord is a Matrix <-> Discord bridge # Project source code URL: https://github.com/Half-Shot/matrix-appservice-discord -matrix_appservice_discord_enabled: true +matrix_appservice_discord_enabled: false +matrix_appservice_discord_container_image_self_build: false -matrix_appservice_discord_version: v1.0.0 -matrix_appservice_discord_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-appservice-discord:{{ matrix_appservice_discord_version }}" +matrix_appservice_discord_version: v3.1.0 +matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_name_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}" +matrix_appservice_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else 'ghcr.io/' }}" matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}" matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord" diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml similarity index 77% rename from roles/matrix-bridge-appservice-discord/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/init.yml index b9d875da..915d7302 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml @@ -13,16 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-appservice-discord-registration.yaml"] }} diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-discord/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml similarity index 89% rename from roles/matrix-bridge-appservice-discord/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml index af17613c..f04e7f69 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -3,13 +3,15 @@ - ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: false -- block: +- when: "matrix_appservice_discord_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_appservice_discord_sqlite_database_path_local }}" register: matrix_appservice_discord_sqlite_database_path_local_stat_result - - block: + - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" @@ -20,23 +22,21 @@ systemd_services_to_stop: ['matrix-appservice-discord.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: true - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_appservice_discord_database_engine == 'postgres'" - name: Ensure Appservice Discord image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_discord_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure AppService Discord paths exist @@ -93,7 +93,7 @@ # We intentionally suppress Ansible changes. - name: Generate AppService Discord invite link ansible.builtin.shell: >- - {{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg @@ -105,7 +105,7 @@ - name: Ensure matrix-appservice-discord.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" mode: 0644 register: matrix_appservice_discord_systemd_service_result diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 83588d1c..50d108fa 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-discord service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" register: matrix_appservice_discord_service_stat - name: Ensure matrix-appservice-discord is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-appservice-discord.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" state: absent when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml similarity index 89% rename from roles/matrix-bridge-appservice-discord/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml index 901b760b..e005f162 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml @@ -22,5 +22,6 @@ - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': ''} - name: Require a valid database engine - ansible.builtin.fail: msg="`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'" + ansible.builtin.fail: + msg: "`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'" when: "matrix_appservice_discord_database_engine not in ['sqlite', 'postgres']" diff --git a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 similarity index 77% rename from roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 index a530af2e..2309be44 100644 --- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 @@ -18,6 +18,9 @@ bridge: disableTypingNotifications: false # Disable deleting messages on Discord if a message is redacted on Matrix. disableDeletionForwarding: false + # Disable portal bridging, where Matrix users can search for unbridged Discord + # rooms on their Matrix server. + disablePortalBridging: {{ matrix_appservice_discord_bridge_disablePortalBridging|to_json }} # Enable users to bridge rooms using !discord commands. See # https://t2bot.io/discord for instructions. enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }} @@ -28,10 +31,14 @@ bridge: disableJoinLeaveNotifications: false # Disable Invite echos from matrix disableInviteNotifications: false - # Disable portal briding (automatic room creation) - disablePortalBridging: {{ matrix_appservice_discord_bridge_disablePortalBridging|to_json }} + # Disable Room Topic echos from matrix + disableRoomTopicNotifications: false # Auto-determine the language of code blocks (this can be CPU-intensive) determineCodeLanguage: false + # MXID of an admin user that will be PMd if the bridge experiences problems. Optional + adminMxid: {{ matrix_admin | to_json }} + # The message to send to the bridge admin if the Discord token is not valid + invalidTokenMessage: 'Your Discord bot token seems to be invalid, and the bridge cannot function. Please update it in your bridge settings and restart the bridge' # Authentication configuration for the discord bot. auth: clientID: {{ matrix_appservice_discord_client_id | string|to_json }} @@ -75,20 +82,20 @@ channel: namePattern: "[Discord] :guild :name" # Changes made to rooms when a channel is deleted. deleteOptions: - # Prefix the room name with a string. - #namePrefix: "[Deleted]" - # Prefix the room topic with a string. - #topicPrefix: "This room has been deleted" - # Disable people from talking in the room by raising the event PL to 50 - disableMessaging: false - # Remove the discord alias from the room. - unsetRoomAlias: true - # Remove the room from the directory. - unlistFromDirectory: true - # Set the room to be unavaliable for joining without an invite. - setInviteOnly: true - # Make all the discord users leave the room. - ghostsLeave: true + # Prefix the room name with a string. + #namePrefix: "[Deleted]" + # Prefix the room topic with a string. + #topicPrefix: "This room has been deleted" + # Disable people from talking in the room by raising the event PL to 50 + disableMessaging: false + # Remove the discord alias from the room. + unsetRoomAlias: true + # Remove the room from the directory. + unlistFromDirectory: true + # Set the room to be unavailable for joining without an invite. + setInviteOnly: true + # Make all the discord users leave the room. + ghostsLeave: true limits: # Delay in milliseconds between discord users joining a room. roomGhostJoinDelay: 6000 @@ -98,8 +105,15 @@ limits: # echos = (Copies of a sent message may arrive from discord before we've # fininished handling it, causing us to echo it back to the room) discordSendDelay: 1500 + # Set a maximum of rooms to be bridged. + # roomCount: 20 ghosts: # Pattern for the ghosts nick, available is :nick, :username, :tag and :id nickPattern: ":nick" # Pattern for the ghosts username, available is :username, :tag and :id usernamePattern: ":username#:tag" +# Prometheus-compatible metrics endpoint +metrics: + enable: false + port: 9001 + host: "127.0.0.1" diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 similarity index 60% rename from roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 rename to roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 0a527c0c..8a793573 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-discord \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml similarity index 99% rename from roles/matrix-bridge-appservice-irc/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index 93a8e084..d54a7685 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -11,10 +11,11 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_irc_version: 0.34.0 +matrix_appservice_irc_version: 0.36.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" +matrix_appservice_irc_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config" diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml similarity index 77% rename from roles/matrix-bridge-appservice-irc/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/init.yml index d22dd5d7..03127127 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the matrix-appservice-irc image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled" # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. @@ -20,16 +20,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-appservice-irc-registration.yaml"] }} diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-irc/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml similarity index 91% rename from roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index d5f4eefd..9dda2401 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -30,7 +30,7 @@ - name: Check existence of matrix-appservice-irc service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat - name: Ensure matrix-appservice-irc is stopped @@ -42,7 +42,7 @@ - name: Import appservice-irc NeDB database into Postgres ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -66,9 +66,9 @@ - name: Inject result ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your appservice-irc database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_irc_data_path }}/*.db` to `{{ matrix_appservice_irc_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-appservice-irc/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml index 6b7fc92d..32d87408 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -1,6 +1,8 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_openssl_installed - name: Ensure Appservice IRC paths exist ansible.builtin.file: @@ -21,7 +23,8 @@ path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" register: matrix_appservice_irc_stat_passkey -- block: +- when: "matrix_appservice_irc_stat_passkey.stat.exists" + block: - name: (Data relocation) Ensure matrix-appservice-irc.service is stopped ansible.builtin.service: name: matrix-appservice-irc @@ -44,35 +47,34 @@ - rooms.db - users.db failed_when: false - when: "matrix_appservice_irc_stat_passkey.stat.exists" - ansible.builtin.set_fact: matrix_appservice_irc_requires_restart: false -- block: +- when: "matrix_appservice_irc_database_engine == 'postgres'" + block: - name: Check if a nedb database already exists ansible.builtin.stat: path: "{{ matrix_appservice_irc_data_path }}/users.db" register: matrix_appservice_irc_nedb_database_path_local_stat_result - - block: + - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_irc_requires_restart: true - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool" - when: "matrix_appservice_irc_database_engine == 'postgres'" - name: Ensure Appservice IRC image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_irc_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" when: "matrix_appservice_irc_enabled | bool and not matrix_appservice_irc_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-appservice-irc repository is present when self-building @@ -87,7 +89,7 @@ when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool" - name: Ensure matrix-appservice-irc Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_irc_docker_image }}" source: build force_source: "{{ matrix_appservice_irc_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -147,7 +149,7 @@ # to produce a final registration.yaml file, as we desire. - name: Generate Appservice IRC registration-template.yaml ansible.builtin.shell: >- - {{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-irc-gen --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL -v {{ matrix_appservice_irc_config_path }}:/config:z @@ -193,7 +195,7 @@ - name: Ensure matrix-appservice-irc.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" mode: 0644 register: matrix_appservice_irc_systemd_service_result diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 176317de..8921d48e 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-irc service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat - name: Ensure matrix-appservice-irc is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-appservice-irc.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" state: absent when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml similarity index 95% rename from roles/matrix-bridge-appservice-irc/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml index f101e6fe..f0d887c8 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml @@ -23,7 +23,7 @@ You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers` or by extending the base configuration with additional configuration in `matrix_appservice_irc_configuration_extension_yaml`. Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility. - when: "matrix_appservice_irc_configuration.ircService.servers|length == 0" + when: "matrix_appservice_irc_configuration.ircService.servers | length == 0" - name: (Deprecation) Catch and report renamed appservice-irc variables ansible.builtin.fail: diff --git a/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 similarity index 59% rename from roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 rename to roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 4bbda18e..bd5cbbe3 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-irc \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml new file mode 100644 index 00000000..f27f75c5 --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -0,0 +1,200 @@ +--- +# matrix-appservice-kakaotalk is a Matrix <-> Kakaotalk bridge +# Project source code URL: https://src.miscworks.net/fair/matrix-appservice-kakaotalk/ + +matrix_appservice_kakaotalk_enabled: true + +# No images are published for neither of the container images (appservice or node), so we're self-building everything. +matrix_appservice_kakaotalk_container_image_self_build: true +# matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/fair/matrix-appservice-kakaotalk.git" +# +# hnarjis' fork is used instead of upstream (fair's), because upstream is currently broken. +# The following error happens when chatting up the bot without this fix: +# [2022-07-25 09:04:53,784] [ERROR@mau.as] Exception in Matrix event handler +# Traceback (most recent call last): +# File "/usr/lib/python3.9/site-packages/mautrix/appservice/as_handler.py", line 239, in try_handle +# await handler_func(event) +# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 820, in int_handle_event +# await self.int_handle_invite(evt) +# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 441, in int_handle_invite +# inviter = await self.bridge.get_user(evt.sender) +# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/__main__.py", line 112, in get_user +# return await User.get_by_mxid(user_id, create=create) +# File "/usr/lib/python3.9/site-packages/mautrix/util/async_getter_lock.py", line 60, in wrapper +# return await fn(cls, *args, **kwargs) +# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/user.py", line 227, in get_by_mxid +# user = cls(mxid) +# TypeError: __init__() missing 2 required positional arguments: 'force_login' and 'was_connected' +matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/hnarjis/matrix-appservice-kakaotalk.git" +matrix_appservice_kakaotalk_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_kakaotalk_version == 'latest' else matrix_appservice_kakaotalk_version }}" + +matrix_appservice_kakaotalk_node_version: "{{ matrix_appservice_kakaotalk_version }}" +matrix_appservice_kakaotalk_node_docker_image: "{{ matrix_appservice_kakaotalk_node_docker_image_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}" +matrix_appservice_kakaotalk_node_docker_image_prefix: "localhost/" +matrix_appservice_kakaotalk_node_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_node_docker_image.endswith(':latest') }}" + +matrix_appservice_kakaotalk_version: 86c038fd2ffee5e0aebf65136f085cce7e38b54e +matrix_appservice_kakaotalk_docker_image: "{{ matrix_appservice_kakaotalk_docker_image_name_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}" +matrix_appservice_kakaotalk_docker_image_name_prefix: "localhost/" +matrix_appservice_kakaotalk_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_docker_image.endswith(':latest') }}" + +matrix_appservice_kakaotalk_base_path: "{{ matrix_base_data_path }}/appservice-kakaotalk" +matrix_appservice_kakaotalk_config_path: "{{ matrix_appservice_kakaotalk_base_path }}/config" +matrix_appservice_kakaotalk_data_path: "{{ matrix_appservice_kakaotalk_base_path }}/data" +matrix_appservice_kakaotalk_docker_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src" + +matrix_appservice_kakaotalk_command_prefix: "!kt" + +matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}' +matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115' + + +# A list of extra arguments to pass to the appservice-kakaotalk container +matrix_appservice_kakaotalk_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-kakaotalk.service depends on. +matrix_appservice_kakaotalk_systemd_required_services_list: ['docker.service', 'matrix-appservice-kakaotalk-node.service'] + +# List of systemd services that matrix-appservice-kakaotalk.service wants +matrix_appservice_kakaotalk_systemd_wanted_services_list: [] + + +# A list of extra arguments to pass to the appservice-kakaotalk-node container +matrix_appservice_kakaotalk_node_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-kakaotalk-node.service depends on. +matrix_appservice_kakaotalk_node_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-appservice-kakaotalk-node.service wants +matrix_appservice_kakaotalk_node_systemd_wanted_services_list: [] + + +matrix_appservice_kakaotalk_appservice_token: '' +matrix_appservice_kakaotalk_homeserver_token: '' + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_appservice_kakaotalk_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite: +# - change the engine (`matrix_appservice_kakaotalk_database_engine: 'sqlite'`) +# To use Postgres: +# - adjust your database credentials via the `matrix_appservice_kakaotalk_database_*` variables +matrix_appservice_kakaotalk_database_engine: 'postgres' + +matrix_appservice_kakaotalk_sqlite_database_path_local: "{{ matrix_appservice_kakaotalk_data_path }}/appservice-kakaotalk.db" +matrix_appservice_kakaotalk_sqlite_database_path_in_container: "/data/appservice-kakaotalk.db" + +matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk' +matrix_appservice_kakaotalk_database_password: 'some-password' +matrix_appservice_kakaotalk_database_hostname: 'matrix-postgres' +matrix_appservice_kakaotalk_database_port: 5432 +matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk' + +matrix_appservice_kakaotalk_database_connection_string: 'postgres://{{ matrix_appservice_kakaotalk_database_username }}:{{ matrix_appservice_kakaotalk_database_password }}@{{ matrix_appservice_kakaotalk_database_hostname }}:{{ matrix_appservice_kakaotalk_database_port }}/{{ matrix_appservice_kakaotalk_database_name }}' + +matrix_appservice_kakaotalk_appservice_database: "{{ + { + 'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container), + 'postgres': matrix_appservice_kakaotalk_database_connection_string, + }[matrix_appservice_kakaotalk_database_engine] +}}" + + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +# Also see: matrix_appservice_kakaotalk_bridge_login_shared_secret_map +matrix_appservice_kakaotalk_login_shared_secret: '' + +matrix_appservice_kakaotalk_bridge_login_shared_secret_map: "{{ {matrix_appservice_kakaotalk_homeserver_domain: matrix_appservice_kakaotalk_login_shared_secret} if matrix_appservice_kakaotalk_login_shared_secret else {} }}" + +matrix_appservice_kakaotalk_bridge_permissions: | + {{ + {matrix_appservice_kakaotalk_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot +matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_' + +# End-to-bridge encryption configuration +matrix_appservice_kakaotalk_bridge_encryption_allow: false +matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}" + +# Specifies the default log level for all bridge loggers. +matrix_appservice_kakaotalk_logging_level: WARNING + + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_appservice_kakaotalk_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_appservice_kakaotalk_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_kakaotalk_configuration_yaml`. + +matrix_appservice_kakaotalk_configuration_extension: "{{ matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml if matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_configuration_yaml`. +matrix_appservice_kakaotalk_configuration: "{{ matrix_appservice_kakaotalk_configuration_yaml | from_yaml | combine(matrix_appservice_kakaotalk_configuration_extension, recursive=True) }}" + + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_node_configuration_extension_yaml`) +# or completely replace this variable with your own template. +# +# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. +# This is unlike what it does when looking up YAML template files (no automatic parsing there). +matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2') }}" + +# Your custom JSON configuration for appservice-kakaotalk-node should go to `matrix_appservice_kakaotalk_node_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_node_configuration_default`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_appservice_kakaotalk_node_configuration_default`. +# +# Example configuration extension follows: +# +# matrix_appservice_kakaotalk_node_configuration_extension_json: | +# { +# "register_timeout": 5000 +# } +matrix_appservice_kakaotalk_node_configuration_extension_json: '{}' + +matrix_appservice_kakaotalk_node_configuration_extension: "{{ matrix_appservice_kakaotalk_node_configuration_extension_json | from_json if matrix_appservice_kakaotalk_node_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final appservice-kakaotalk-node configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_node_configuration_default`. +matrix_appservice_kakaotalk_node_configuration: "{{ matrix_appservice_kakaotalk_node_configuration_default | combine(matrix_appservice_kakaotalk_node_configuration_extension, recursive=True) }}" + + +matrix_appservice_kakaotalk_registration_yaml: | + id: appservice-kakaotalk + as_token: {{ matrix_appservice_kakaotalk_appservice_token | to_json }} + hs_token: {{ matrix_appservice_kakaotalk_homeserver_token | to_json }} + namespaces: + users: + - exclusive: true + regex: '^@{{ matrix_appservice_kakaotalk_user_prefix | regex_escape }}.*:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$' + - exclusive: true + regex: '^@{{ matrix_appservice_kakaotalk_appservice_bot_username | regex_escape }}:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$' + url: {{ matrix_appservice_kakaotalk_appservice_address | to_json }} + sender_localpart: _appservice_kakaotalk + rate_limited: false + +matrix_appservice_kakaotalk_registration: "{{ matrix_appservice_kakaotalk_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml new file mode 100644 index 00000000..6112b5cc --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml @@ -0,0 +1,28 @@ +--- +# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 +# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 +- name: Fail if trying to self-build on Ansible < 2.8 + ansible.builtin.fail: + msg: "To self-build the appservice-kakaotalk image, you should use Ansible 2.8 or higher. See docs/ansible.md" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_kakaotalk_container_image_self_build and matrix_appservice_kakaotalk_enabled" + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] }}" + when: matrix_appservice_kakaotalk_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_homeserver_container_runtime_injected_arguments: > + {{ + matrix_homeserver_container_runtime_injected_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"] + }} + + matrix_homeserver_app_service_runtime_injected_config_files: > + {{ + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + + + ["/matrix-appservice-kakaotalk-registration.yaml"] + }} + when: matrix_appservice_kakaotalk_enabled | bool diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml new file mode 100644 index 00000000..dfb286f2 --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml new file mode 100644 index 00000000..2f5b6be1 --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml @@ -0,0 +1,125 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-matrix-appservice-kakaotalk role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed | default(False)" + +- name: Ensure matrix-appservice-kakaotalk image is pulled + community.docker.docker_image: + name: "{{ matrix_appservice_kakaotalk_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}" + when: not matrix_appservice_kakaotalk_container_image_self_build + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-appservice-kakaotalk-node image is pulled + community.docker.docker_image: + name: "{{ matrix_appservice_kakaotalk_node_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}" + when: not matrix_appservice_kakaotalk_container_image_self_build + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-appservice-kakaotalk paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_data_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure matrix-appservice-kakaotalk repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo }}" + dest: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}" + version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_appservice_kakaotalk_git_pull_results + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk-node Docker image is built + community.docker.docker_image: + name: "{{ matrix_appservice_kakaotalk_node_docker_image }}" + source: build + force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}/node" + pull: true + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk Docker image is built + community.docker.docker_image: + name: "{{ matrix_appservice_kakaotalk_docker_image }}" + source: build + force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}" + pull: true + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk-node config.json installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_node_configuration | to_nice_json }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/node-config.json" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk-node.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk-node.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service" + mode: 0644 + register: matrix_appservice_kakaotalk_node_systemd_service_result + +- name: Ensure matrix-appservice-kakaotalk.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" + mode: 0644 + register: matrix_appservice_kakaotalk_systemd_service_result + +- name: Ensure systemd reloaded after matrix-appservice-kakaotalk.service or matrix-appservice-kakaotalk-node.service installation + ansible.builtin.service: + daemon_reload: true + when: matrix_appservice_kakaotalk_node_systemd_service_result.changed or matrix_appservice_kakaotalk_systemd_service_result.changed diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml new file mode 100644 index 00000000..8e46d80f --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml @@ -0,0 +1,41 @@ +--- + +- name: Check existence of matrix-appservice-kakaotalk service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" + register: matrix_appservice_kakaotalk_service_stat + +- name: Ensure matrix-appservice-kakaotalk is stopped + ansible.builtin.service: + name: matrix-appservice-kakaotalk + state: stopped + enabled: false + daemon_reload: true + when: "matrix_appservice_kakaotalk_service_stat.stat.exists" + +- name: Check existence of matrix-appservice-kakaotalk-node service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service" + register: matrix_appservice_kakaotalk_node_service_stat + +- name: Ensure matrix-appservice-kakaotalk-node is stopped + ansible.builtin.service: + name: matrix-appservice-kakaotalk-node + state: stopped + enabled: false + daemon_reload: true + when: "matrix_appservice_kakaotalk_node_service_stat.stat.exists" + +- name: Ensure matrix-appservice-kakaotalk.service files don't exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service" + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" + when: "matrix_appservice_kakaotalk_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_appservice_kakaotalk_service_stat.stat.exists or matrix_appservice_kakaotalk_node_service_stat.stat.exists" diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml new file mode 100644 index 00000000..4f838e7a --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_appservice_kakaotalk_appservice_token" + - "matrix_appservice_kakaotalk_homeserver_token" diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 new file mode 100644 index 00000000..1bb87cb4 --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -0,0 +1,276 @@ +# Homeserver details +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_appservice_kakaotalk_homeserver_address | to_json }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_appservice_kakaotalk_homeserver_domain | to_json }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + # Whether or not the homeserver supports asmux-specific endpoints, + # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically + # updating m.direct. + asmux: false + # Number of retries for all HTTP requests if the homeserver isn't reachable. + http_retry_count: 4 + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's MQTT connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Whether asynchronous uploads via MSC2246 should be enabled for media. + # Requires a media repo that supports MSC2246. + async_media: false + +# Application service host/registration related details +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_appservice_kakaotalk_appservice_address | to_json }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 11115 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are supported. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: {{ matrix_appservice_kakaotalk_appservice_database | to_json }} + # Additional arguments for asyncpg.create_pool() or sqlite3.connect() + # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool + # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect + # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. + database_opts: + min_size: 5 + max_size: 10 + + # The unique ID of this appservice. + id: appservice-kakaotalk + # Username of the appservice bot. + bot_username: {{ matrix_appservice_kakaotalk_appservice_bot_username | to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: KakaoTalk bridge bot + bot_avatar: + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: {{ matrix_appservice_kakaotalk_appservice_token | to_json }} + hs_token: {{ matrix_appservice_kakaotalk_homeserver_token | to_json }} + +# Prometheus telemetry config. Requires prometheus-client to be installed. +metrics: + enabled: false + listen_port: 8000 + +# Manhole config. +manhole: + # Whether or not opening the manhole is allowed. + enabled: false + # The path for the unix socket. + path: /var/tmp/matrix-appservice-kakaotalk.manhole + # The list of UIDs who can be added to the whitelist. + # If empty, any UIDs can be specified in the open-manhole command. + whitelist: + - 0 + +# Config for things that are directly sent to KakaoTalk. +kakaotalk: + device_name: "KakaoTalk Bridge" + +# Bridge config +bridge: + # Localpart template of MXIDs for KakaoTalk users. + # {userid} is replaced with the user ID of the KakaoTalk user. + username_template: "{{ matrix_appservice_kakaotalk_user_prefix }}{userid}" + # Displayname template for KakaoTalk users. + # {displayname} is replaced with the display name of the KakaoTalk user. + displayname_template: "{displayname} (KT)" + + # The prefix for commands. Only required in non-management rooms. + command_prefix: {{ matrix_appservice_kakaotalk_command_prefix | to_json }} + + # Number of chats to sync (and create portals for) on startup/login. + # Set to 0 to disable automatic syncing, or -1 to sync as much as possible. + initial_chat_sync: 20 + # Whether or not the KakaoTalk users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications + # when double puppeting is enabled + sync_with_custom_puppets: true + # Whether or not to update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Servers to always allow double puppeting from + double_puppet_server_map: {} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + # If using this for other servers than the bridge's server, + # you must also set the URL in the double_puppet_server_map. + login_shared_secret_map: {{ matrix_appservice_kakaotalk_bridge_login_shared_secret_map | to_json }} + # Whether or not to update avatars when syncing all contacts at startup. + update_avatar_initial_sync: true + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_appservice_kakaotalk_bridge_encryption_allow | to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_appservice_kakaotalk_bridge_encryption_default| to_json }} + # Options for automatic key sharing. + key_sharing: + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow: false + # Require the requesting device to have a valid cross-signing signature? + # This doesn't require that the bridge has verified the device, only that the user has verified it. + # Not yet implemented. + require_cross_signing: false + # Require devices to be verified by the bridge? + # Verification by the bridge is not yet implemented. + require_verification: true + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to KakaoTalk. + delivery_receipts: false + # Whether to allow inviting arbitrary mxids to portal rooms + allow_invites: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_appservice_kakaotalk_federate_rooms | to_json }} + # Settings for backfilling messages from KakaoTalk. + backfill: + # Whether or not the KakaoTalk users of logged in Matrix users should be + # invited to private chats when backfilling history from KakaoTalk. This is + # usually needed to prevent rate limits and to allow timestamp massaging. + invite_own_puppet: true + # Maximum number of messages to backfill initially. + # Set to 0 to disable backfilling when creating portal, or -1 to backfill as much as possible. + initial_limit: 0 + # Maximum number of messages to backfill if messages were missed while + # the bridge was disconnected. + # Set to 0 to disable backfilling missed messages, or -1 to backfill as much as possible. + missed_limit: 1000 + # If using double puppeting, should notifications be disabled + # while the initial backfill is in progress? + disable_notifications: false + # The number of seconds that a disconnection can last without triggering an automatic re-sync + # and missed message backfilling when reconnecting. + # Set to 0 to always re-sync, or -1 to never re-sync automatically. + resync_max_disconnected_time: 5 + # Should users remain logged in after being disconnected from chatroom updates? + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + remain_logged_in_on_disconnect: true + # May the bridge restore user logins with session tokens instead of requiring a password? + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + # Note that password-based login will be tried first for users who have saved their password. + allow_token_relogin: true + # Should the bridge connect users to chatroom updates after a token-based login? + # This will disconnect any KakaoTalk PC/bridge sessions that were started since the last connection. + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + reconnect_on_token_relogin: true + # Should the bridge do a resync for connected users on startup? + sync_on_startup: true + # Whether or not temporary disconnections should send notices to the notice room. + # If this is false, disconnections will never send messages and connections will only send + # messages if it was disconnected for more than resync_max_disconnected_time seconds. + temporary_disconnect_notices: true + # Disable bridge notices entirely + disable_bridge_notices: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, + # except if the config file is not writable. + resend_bridge_info: false + # Whether or not mute status and tags should only be bridged when the portal room is created. + tag_only_on_create: true + # If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or + # other configuration. This may be useful if you don't want to use the default proxy for large files. + sandbox_media_download: false + + # Permissions for using the bridge. + # Permitted values: + # relay - Allowed to be relayed through the bridge, no access to commands. + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_appservice_kakaotalk_bridge_permissions | to_json }} + + relay: + # Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # The formats to use when sending messages to KakaoTalk via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' + m.file: 'File from $sender_displayname: $message' + m.image: 'Image from $sender_displayname: $message' + m.audio: 'Audio from $sender_displayname: $message' + m.video: 'Video from $sender_displayname: $message' + m.location: '$sender_displayname sent a location' + +rpc: + connection: + # Either unix or tcp + type: tcp + # Only for type: unix + # path: /rpc/rpc.sock + # Only for type: tcp + host: matrix-appservice-kakaotalk-node + port: 8000 + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): matrix_appservice_kakaotalk.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} + paho: + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} + aiohttp: + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} + root: + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} + handlers: [console] diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 new file mode 100644 index 00000000..82709138 --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 @@ -0,0 +1,13 @@ +{ + "listen": { + "type": "tcp", + "host": "0.0.0.0", + "port": 8000, + "force": false + }, + "register_timeout": 3000, + "logging_keys": { + "request": ["mxid"], + "response": ["status"] + } +} diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 new file mode 100644 index 00000000..4161241a --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 @@ -0,0 +1,38 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=appservice-kakaotalk-node bridge helper +{% for service in matrix_appservice_kakaotalk_node_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_kakaotalk_node_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/node-config.json,dst=/config.json,ro \ + {% for arg in matrix_appservice_kakaotalk_node_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_appservice_kakaotalk_node_docker_image }} \ + node src/main.js --config /config.json + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-appservice-kakaotalk-node + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 new file mode 100644 index 00000000..0c85e7ba --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=appservice-kakaotalk bridge +{% for service in matrix_appservice_kakaotalk_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_kakaotalk_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-kakaotalk \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_data_path }},dst=/data \ + {% for arg in matrix_appservice_kakaotalk_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_appservice_kakaotalk_docker_image }} \ + python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-appservice-kakaotalk + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml similarity index 99% rename from roles/matrix-bridge-appservice-slack/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index 71fca8e6..b5fbc13f 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_slack_version: 1.11.0 +matrix_appservice_slack_version: 2.0.1 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml similarity index 87% rename from roles/matrix-bridge-appservice-slack/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/init.yml index b4895aea..5d03b24b 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the matrix-appservice-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled" # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. @@ -20,16 +20,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-appservice-slack-registration.yaml"] }} @@ -43,7 +43,10 @@ The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed | default(False)" -- block: +- when: matrix_appservice_slack_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -76,16 +79,13 @@ + [matrix_appservice_slack_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_appservice_slack_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: msg: >- NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy reverse proxy. - Please make sure that you're proxying the `{{ something }}` + Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}` URL endpoint to the matrix-appservice-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/main.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-slack/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml similarity index 93% rename from roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index b9aca080..0ed3e18b 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -36,7 +36,7 @@ - name: Import appservice-slack NeDB database into Postgres ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -62,9 +62,9 @@ - name: Inject result ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_slack_data_path }}/*.db` to `{{ matrix_appservice_slack_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml similarity index 90% rename from roles/matrix-bridge-appservice-slack/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml index a2921d98..2c714085 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -17,30 +17,30 @@ - ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: false -- block: +- when: "matrix_appservice_slack_database_engine == 'postgres'" + block: - name: Check if a nedb database already exists ansible.builtin.stat: path: "{{ matrix_appservice_slack_data_path }}/teams.db" register: matrix_appservice_slack_nedb_database_path_local_stat_result - - block: + - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: true - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool" - when: "matrix_appservice_slack_database_engine == 'postgres'" - name: Ensure Appservice Slack image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_slack_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" when: "not matrix_appservice_slack_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-appservice-slack repository is present when self-building @@ -55,7 +55,7 @@ when: "matrix_appservice_slack_container_image_self_build | bool" - name: Ensure matrix-appservice-slack Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_slack_docker_image }}" source: build force_source: "{{ matrix_appservice_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -85,7 +85,7 @@ - name: Ensure matrix-appservice-slack.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" mode: 0644 register: matrix_appservice_slack_systemd_service_result diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index fa1aaf26..434f9067 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-slack service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" register: matrix_appservice_slack_service_stat - name: Ensure matrix-appservice-slack is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-appservice-slack.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" state: absent when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-appservice-slack/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 similarity index 60% rename from roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 rename to roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 017f352f..0d1009fa 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-slack \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml similarity index 91% rename from roles/matrix-bridge-appservice-webhooks/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml index 8a12a686..1f8ace9e 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -13,16 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-appservice-webhooks-registration.yaml"] }} @@ -36,7 +36,10 @@ The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed | default(False)" -- block: +- when: matrix_appservice_webhooks_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -71,9 +74,6 @@ + [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_appservice_webhooks_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 603f9d1d..734b6e60 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -15,18 +15,19 @@ when: "item.when | bool" - name: Ensure Appservice webhooks image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_webhooks_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" when: "not matrix_appservice_webhooks_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- block: +- when: "matrix_appservice_webhooks_container_image_self_build | bool" + block: - name: Ensure Appservice webhooks repository is present on self-build ansible.builtin.git: repo: "{{ matrix_appservice_webhooks_container_image_self_build_repo }}" @@ -38,7 +39,7 @@ register: matrix_appservice_webhooks_git_pull_results - name: Ensure Appservice webhooks Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_webhooks_docker_image }}" source: build force_source: "{{ matrix_appservice_webhooks_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -47,7 +48,6 @@ dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_appservice_webhooks_docker_src_files_path }}" pull: true - when: "matrix_appservice_webhooks_container_image_self_build | bool" - name: Ensure Matrix Appservice webhooks config is installed ansible.builtin.copy: @@ -84,7 +84,7 @@ - name: Ensure matrix-appservice-webhooks.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" mode: 0644 register: matrix_appservice_webhooks_systemd_service_result diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 2b3c29d5..960fe58b 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-webhooks service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" register: matrix_appservice_webhooks_service_stat - name: Ensure matrix-appservice-webhooks is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-appservice-webhooks.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" state: absent when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/validate_config.yml diff --git a/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-appservice-webhooks/templates/database.json.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/database.json.j2 similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/templates/database.json.j2 rename to roles/custom/matrix-bridge-appservice-webhooks/templates/database.json.j2 diff --git a/roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 rename to roles/custom/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 similarity index 61% rename from roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 rename to roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index 556467b4..a5017369 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-webhooks \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml similarity index 90% rename from roles/matrix-bridge-beeper-linkedin/defaults/main.yml rename to roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index a8338093..4f3d554b 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -1,19 +1,19 @@ --- # beeper-linkedin is a Matrix <-> LinkedIn bridge -# Project source code URL: https://gitlab.com/beeper/linkedin +# Project source code URL: https://github.com/beeper/linkedin matrix_beeper_linkedin_enabled: true -matrix_beeper_linkedin_version: v0.5.2 +matrix_beeper_linkedin_version: v0.5.3 -# See: https://gitlab.com/beeper/linkedin/container_registry +# See: https://github.com/beeper/linkedin/pkgs/container/linkedin matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}" matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image_tag.startswith('latest') }}" -matrix_beeper_linkedin_docker_image_name_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else 'registry.gitlab.com/' }}" -matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}-{{ matrix_architecture }}" +matrix_beeper_linkedin_docker_image_name_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else 'ghcr.io/' }}" +matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}" matrix_beeper_linkedin_container_image_self_build: false -matrix_beeper_linkedin_container_image_self_build_repo: "https://gitlab.com/beeper/linkedin" +matrix_beeper_linkedin_container_image_self_build_repo: "https://github.com/beeper/linkedin" matrix_beeper_linkedin_container_image_self_build_branch: "{{ matrix_beeper_linkedin_version }}" matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin" @@ -29,6 +29,12 @@ matrix_beeper_linkedin_bridge_presence: true matrix_beeper_linkedin_command_prefix: "!li" +matrix_beeper_linkedin_bridge_permissions: | + {{ + {matrix_beeper_linkedin_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] @@ -72,6 +78,9 @@ matrix_beeper_linkedin_appservice_database_uri: "{{ # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). matrix_beeper_linkedin_login_shared_secret: '' +# Specifies the default log level for all bridge loggers. +matrix_beeper_linkedin_logging_level: WARNING + # Default beeper-linkedin configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml similarity index 67% rename from roles/matrix-bridge-beeper-linkedin/tasks/init.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml index 14137b70..1208f185 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -6,16 +6,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-beeper-linkedin-registration.yaml"] }} diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-beeper-linkedin/tasks/main.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml similarity index 86% rename from roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 04a787b8..8784b631 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -23,18 +23,19 @@ - name: Ensure Beeper LinkedIn image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_beeper_linkedin_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" when: "not matrix_beeper_linkedin_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- block: +- when: "matrix_beeper_linkedin_container_image_self_build | bool" + block: - name: Ensure Beeper LinkedIn repository is present on self-build ansible.builtin.git: repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" @@ -46,22 +47,22 @@ register: matrix_beeper_linkedin_git_pull_results # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated. - # See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 + # See: https://github.com/beeper/linkedin/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40 - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image ansible.builtin.command: cmd: | - {{ matrix_host_command_docker }} run \ - --rm \ - --entrypoint=/bin/sh \ - --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ - -w /work \ - docker.io/python:3.9.6-buster \ + {{ devture_systemd_docker_base_host_command_docker }} run + --rm + --entrypoint=/bin/sh + --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work + -w /work + docker.io/python:3.9.6-buster -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" register: matrix_beeper_linkedin_generate_docker_requirements_result changed_when: matrix_beeper_linkedin_generate_docker_requirements_result.rc == 0 - name: Ensure Beeper LinkedIn Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_beeper_linkedin_docker_image }}" source: build force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -72,7 +73,6 @@ pull: true args: TARGETARCH: "{{ matrix_architecture }}" - when: "matrix_beeper_linkedin_container_image_self_build | bool" - name: Ensure beeper-linkedin config.yaml installed ansible.builtin.copy: @@ -93,7 +93,7 @@ - name: Ensure matrix-beeper-linkedin.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" mode: 0644 register: matrix_beeper_linkedin_systemd_service_result diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index 25dbf82b..4a75a4c7 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-beeper-linkedin service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" register: matrix_beeper_linkedin_service_stat - name: Ensure matrix-beeper-linkedin is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-beeper-linkedin.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" state: absent when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 similarity index 96% rename from roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index e0729549..a30f2425 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -56,7 +56,7 @@ appservice: # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. displayname: LinkedIn bridge bot - avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB + avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). @@ -236,11 +236,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_beeper_linkedin_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_beeper_linkedin_bridge_permissions|to_json }} @@ -259,12 +255,12 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} root: - level: WARNING - handlers: [ console] + level: {{ matrix_beeper_linkedin_logging_level|to_json }} + handlers: [console] diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 similarity index 56% rename from roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 rename to roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 37b4f67d..1a63311b 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedin \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-beeper-linkedin \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-beeper-linkedin diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml similarity index 93% rename from roles/matrix-bridge-go-skype-bridge/defaults/main.yml rename to roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index b05e78a5..a6f7aa9d 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -4,13 +4,13 @@ matrix_go_skype_bridge_enabled: true -matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build: false matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git" matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}" matrix_go_skype_bridge_version: latest -matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" -matrix_go_skype_bridge_docker_image_name_prefix: "localhost/" +matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}nodefyme/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" +matrix_go_skype_bridge_docker_image_name_prefix: "{{ 'localhost/' if matrix_go_skype_bridge_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}" matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge" @@ -85,6 +85,20 @@ matrix_go_skype_bridge_bridge_login_shared_secret_map: matrix_go_skype_bridge_bridge_double_puppet_server_map: "{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}" +# Enable End-to-bridge encryption +matrix_go_skype_bridge_bridge_encryption_allow: false +matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_go_skype_bridge_log_level: 'warn' + +matrix_go_skype_bridge_bridge_permissions: | + {{ + {matrix_go_skype_bridge_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Default go-skype-bridge configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -124,11 +138,3 @@ matrix_go_skype_bridge_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}" - -# Enable End-to-bridge encryption -matrix_go_skype_bridge_bridge_encryption_allow: false -matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" - -# Minimum severity of journal log messages. -# Options: debug, info, warn, error, fatal -matrix_go_skype_bridge_log_level: 'warn' diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml similarity index 67% rename from roles/matrix-bridge-go-skype-bridge/tasks/init.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml index 9b826556..58808454 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml @@ -5,16 +5,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-go-skype-bridge-registration.yaml"] }} diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/tasks/main.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index 7403ff5c..68718ccf 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: false -- block: +- when: "matrix_go_skype_bridge_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result - - block: + - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" @@ -29,14 +31,11 @@ pgloader_options: ['--with "quote identifiers"'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: true - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_go_skype_bridge_database_engine == 'postgres'" - - name: Ensure Go Skype Bridge paths exists ansible.builtin.file: @@ -53,15 +52,15 @@ when: item.when | bool - name: Ensure Go Skype Bridge image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_go_skype_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_docker_image_force_pull }}" when: not matrix_go_skype_bridge_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Go Skype Bridge repository is present on self-build @@ -76,7 +75,7 @@ when: "matrix_go_skype_bridge_container_image_self_build | bool" - name: Ensure Go Skype Bridge Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_go_skype_bridge_docker_image }}" source: build force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -133,7 +132,7 @@ - name: Ensure matrix-go-skype-bridge.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-go-skype-bridge.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-go-skype-bridge.service" mode: 0644 register: matrix_go_skype_bridge_systemd_service_result diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 similarity index 98% rename from roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index 56e37f84..2a1dc6c1 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -197,11 +197,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_go_skype_bridge_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_go_skype_bridge_bridge_permissions|to_json }} relaybot: # Whether or not relaybot support is enabled. diff --git a/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 similarity index 56% rename from roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 rename to roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 index fe5ab2d6..f7ab10f8 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 +++ b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridge \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-go-skype-bridge \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridg {{ matrix_go_skype_bridge_docker_image }} \ /usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-go-skype-bridge diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml similarity index 97% rename from roles/matrix-bridge-heisenbridge/defaults/main.yml rename to roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index 68c5d75b..48101db1 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.13.0 +matrix_heisenbridge_version: 1.14.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml similarity index 76% rename from roles/matrix-bridge-heisenbridge/tasks/init.yml rename to roles/custom/matrix-bridge-heisenbridge/tasks/init.yml index 1612a505..dd3d4c7d 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/init.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml @@ -13,16 +13,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/heisenbridge-registration.yaml"] }} diff --git a/roles/matrix-bridge-heisenbridge/tasks/main.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-heisenbridge/tasks/main.yml rename to roles/custom/matrix-bridge-heisenbridge/tasks/main.yml diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml similarity index 86% rename from roles/matrix-bridge-heisenbridge/tasks/setup_install.yml rename to roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml index ffcc1c8b..9a0cac35 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -1,14 +1,14 @@ --- - name: Ensure heisenbridge image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_heisenbridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure heisenbridge paths exist @@ -32,7 +32,7 @@ - name: Ensure matrix-heisenbridge.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" mode: 0644 register: matrix_heisenbridge_systemd_service_result diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index a0232295..688ff9d4 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-heisenbridge service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" register: matrix_heisenbridge_service_stat - name: Ensure matrix-heisenbridge is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-heisenbridge.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" state: absent when: "matrix_heisenbridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 similarity index 71% rename from roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 rename to roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 index e27b88f1..49abaf0a 100644 --- a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-heisenbridge +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-heisenbridge +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-heisenbridge \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \ --listen-port 9898 \ {{ matrix_heisenbridge_homeserver_url }} -ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-heisenbridge +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge Restart=always RestartSec=30 SyslogIdentifier=matrix-heisenbridge diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml similarity index 98% rename from roles/matrix-bridge-hookshot/defaults/main.yml rename to roles/custom/matrix-bridge-hookshot/defaults/main.yml index 7ffb26a2..4e696584 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.8.1 +matrix_hookshot_version: 2.4.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -128,9 +128,9 @@ matrix_hookshot_generic_allow_js_transformation_functions: false matrix_hookshot_generic_user_id_prefix: '_webhooks_' -matrix_hookshot_feeds_enabled: false -# polling interval in seconds -matrix_hookshot_feeds_interval: 600 +matrix_hookshot_feeds_enabled: true +matrix_hookshot_feeds_pollIntervalSeconds: 600 # noqa var-naming +matrix_hookshot_feeds_pollTimeoutSeconds: 10 # noqa var-naming # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. diff --git a/roles/matrix-bridge-hookshot/files/.gitkeep b/roles/custom/matrix-bridge-hookshot/files/.gitkeep similarity index 100% rename from roles/matrix-bridge-hookshot/files/.gitkeep rename to roles/custom/matrix-bridge-hookshot/files/.gitkeep diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/custom/matrix-bridge-hookshot/tasks/init.yml similarity index 95% rename from roles/matrix-bridge-hookshot/tasks/init.yml rename to roles/custom/matrix-bridge-hookshot/tasks/init.yml index f8a1e76c..63921f31 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/init.yml @@ -13,22 +13,23 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/hookshot-registration.yml"] }} when: matrix_hookshot_enabled | bool -- block: +- when: matrix_hookshot_enabled | bool + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -128,7 +129,6 @@ [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] }} when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool - when: matrix_hookshot_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-hookshot/tasks/main.yml b/roles/custom/matrix-bridge-hookshot/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-hookshot/tasks/main.yml rename to roles/custom/matrix-bridge-hookshot/tasks/main.yml diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bridge-hookshot/tasks/setup_install.yml rename to roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml index 0c6bfc34..e13af198 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml @@ -1,6 +1,8 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_openssl_installed - name: Ensure hookshot paths exist ansible.builtin.file: @@ -15,15 +17,15 @@ when: item.when | bool - name: Ensure hookshot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_hookshot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" when: not matrix_hookshot_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure hookshot repository is present on self-build @@ -38,7 +40,7 @@ when: "matrix_hookshot_container_image_self_build | bool" - name: Ensure hookshot Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_hookshot_docker_image }}" source: build force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -71,7 +73,7 @@ - name: Validate hookshot config.yml ansible.builtin.command: cmd: | - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name={{ matrix_hookshot_container_url }}-validate --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -106,7 +108,7 @@ - name: Ensure matrix-hookshot.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-hookshot.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" mode: 0644 register: matrix_hookshot_systemd_service_result diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml index 5aba14de..2028a34e 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-hookshot service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" register: matrix_hookshot_service_stat - name: Ensure matrix-hookshot is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-hookshot.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" state: absent when: "matrix_hookshot_service_stat.stat.exists" diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml similarity index 86% rename from roles/matrix-bridge-hookshot/tasks/validate_config.yml rename to roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml index 0fbcf53c..3392f1b6 100644 --- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml @@ -58,6 +58,15 @@ with_items: - "matrix_hookshot_provisioning_secret" +- name: (Deprecation) Catch and report renamed Hookshot variables + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'} + - name: (Deprecation) Catch and report old metrics usage ansible.builtin.fail: msg: >- diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 similarity index 95% rename from roles/matrix-bridge-hookshot/templates/config.yml.j2 rename to roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 index 6fbce770..527afafa 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 @@ -82,8 +82,9 @@ generic: feeds: # (Optional) Configure this to enable RSS/Atom feed support # - enabled: {{ matrix_hookshot_feeds_enabled }} - pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }} + enabled: {{ matrix_hookshot_feeds_enabled | to_json }} + pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }} + pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }} {% endif %} {% if matrix_hookshot_provisioning_enabled %} provisioning: @@ -108,7 +109,7 @@ metrics: logging: # (Optional) Logging settings. You can have a severity debug,info,warn,error # - level: info + level: warn {% if matrix_hookshot_widgets_enabled %} widgets: # (Optional) EXPERIMENTAL support for complimentary widgets diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 similarity index 100% rename from roles/matrix-bridge-hookshot/templates/registration.yml.j2 rename to roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 similarity index 62% rename from roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 rename to roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 index 16ff0592..7ebd08b6 100644 --- a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} -ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_url }} -ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_co {% endfor %} {{ matrix_hookshot_docker_image }} -ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} -ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_url }} Restart=always RestartSec=30 SyslogIdentifier={{ matrix_hookshot_container_url }} diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml new file mode 100644 index 00000000..7163954a --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -0,0 +1,146 @@ +--- +# mautrix-discord is a Matrix <-> Discord bridge +# Project source code URL: https://github.com/mautrix/discord + +matrix_mautrix_discord_enabled: true + +matrix_mautrix_discord_container_image_self_build: false +matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" +matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" + +matrix_mautrix_discord_version: latest +# See: https://mau.dev/mautrix/discord/container_registry +matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" +matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" +matrix_mautrix_discord_docker_image_force_pull: "{{ matrix_mautrix_discord_docker_image.endswith(':latest') }}" + +matrix_mautrix_discord_base_path: "{{ matrix_base_data_path }}/mautrix-discord" +matrix_mautrix_discord_config_path: "{{ matrix_mautrix_discord_base_path }}/config" +matrix_mautrix_discord_data_path: "{{ matrix_mautrix_discord_base_path }}/data" +matrix_mautrix_discord_docker_src_files_path: "{{ matrix_mautrix_discord_base_path }}/docker-src" + +matrix_mautrix_discord_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}" +matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080" + +matrix_mautrix_discord_command_prefix: "!discord" + +matrix_mautrix_discord_bridge_permissions: | + {{ + {matrix_mautrix_discord_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +# A list of extra arguments to pass to the container +matrix_mautrix_discord_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-discord.service depends on. +matrix_mautrix_discord_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-discord.service wants +matrix_mautrix_discord_systemd_wanted_services_list: [] + +matrix_mautrix_discord_appservice_token: '' +matrix_mautrix_discord_homeserver_token: '' + +matrix_mautrix_discord_appservice_bot_username: discordbot + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_discord_logging_level: 'warn' + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_discord_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_mautrix_discord_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_mautrix_discord_database_*` variables +matrix_mautrix_discord_database_engine: 'sqlite' + +matrix_mautrix_discord_sqlite_database_path_local: "{{ matrix_mautrix_discord_data_path }}/mautrix-discord.db" +matrix_mautrix_discord_sqlite_database_path_in_container: "/data/mautrix-discord.db" + +matrix_mautrix_discord_database_username: 'matrix_mautrix_discord' +matrix_mautrix_discord_database_password: 'some-password' +matrix_mautrix_discord_database_hostname: 'matrix-postgres' +matrix_mautrix_discord_database_port: 5432 +matrix_mautrix_discord_database_name: 'matrix_mautrix_discord' + +matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode=disable' + +matrix_mautrix_discord_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_mautrix_discord_database_engine] +}}" + +matrix_mautrix_discord_appservice_database_uri: "{{ + { + 'sqlite': matrix_mautrix_discord_sqlite_database_path_in_container, + 'postgres': matrix_mautrix_discord_database_connection_string, + }[matrix_mautrix_discord_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_discord_login_shared_secret: '' +matrix_mautrix_discord_bridge_login_shared_secret_map: + "{{ {matrix_mautrix_discord_homeserver_domain: matrix_mautrix_discord_login_shared_secret} if matrix_mautrix_discord_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_mautrix_discord_bridge_double_puppet_server_map: + "{{ matrix_mautrix_discord_homeserver_domain : matrix_mautrix_discord_homeserver_address }}" + +# Default mautrix-discord configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_discord_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mautrix_discord_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_discord_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_discord_configuration_yaml`. + +matrix_mautrix_discord_configuration_extension: "{{ matrix_mautrix_discord_configuration_extension_yaml | from_yaml if matrix_mautrix_discord_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_discord_configuration_yaml`. +matrix_mautrix_discord_configuration: "{{ matrix_mautrix_discord_configuration_yaml | from_yaml | combine(matrix_mautrix_discord_configuration_extension, recursive=True) }}" + +matrix_mautrix_discord_registration_yaml: | + id: discord + url: {{ matrix_mautrix_discord_appservice_address }} + as_token: "{{ matrix_mautrix_discord_appservice_token }}" + hs_token: "{{ matrix_mautrix_discord_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_mautrix_discord_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@discord_[0-9]+:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_discord_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}" + +# Enable End-to-bridge encryption +matrix_mautrix_discord_bridge_encryption_allow: false +matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" +matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" + +# On conduit this option may prevent you from joining spaces created by the bridge. +# Setting this to false fixes the issue. +matrix_mautrix_discord_bridge_restricted_rooms: true diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml new file mode 100644 index 00000000..3f94a73a --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml @@ -0,0 +1,21 @@ +--- +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-discord.service'] }}" + when: matrix_mautrix_discord_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_homeserver_container_runtime_injected_arguments: > + {{ + matrix_homeserver_container_runtime_injected_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_discord_config_path }}/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro"] + }} + + matrix_homeserver_app_service_runtime_injected_config_files: > + {{ + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + + + ["/matrix-mautrix-discord-registration.yaml"] + }} + when: matrix_mautrix_discord_enabled | bool diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml new file mode 100644 index 00000000..9eaadf68 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_discord_enabled | bool" + tags: + - setup-all + - setup-mautrix-discord + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup and matrix_mautrix_discord_enabled" + tags: + - setup-all + - setup-mautrix-discord + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup and not matrix_mautrix_discord_enabled" + tags: + - setup-all + - setup-mautrix-discord diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml new file mode 100644 index 00000000..06bae8dd --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -0,0 +1,121 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-mautrix-discord role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed | default(False)" + +- ansible.builtin.set_fact: + matrix_mautrix_discord_requires_restart: false + +- when: "matrix_mautrix_discord_database_engine == 'postgres'" + block: + - name: Check if an SQLite database already exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" + register: matrix_mautrix_discord_sqlite_database_path_local_stat_result + + - when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool" + block: + - ansible.builtin.set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" + dst: "{{ matrix_mautrix_discord_database_connection_string }}" + caller: "{{ role_path | basename }}" + engine_variable_name: 'matrix_mautrix_discord_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-mautrix-discord.service'] + pgloader_options: ['--with "quote identifiers"'] + + - ansible.builtin.import_role: + name: custom/matrix-postgres + tasks_from: migrate_db_to_postgres + + - ansible.builtin.set_fact: + matrix_mautrix_discord_requires_restart: true + +- name: Ensure Mautrix Discord paths exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_mautrix_discord_base_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_config_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_data_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_docker_src_files_path }}", when: "{{ matrix_mautrix_discord_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure Mautrix Discord image is pulled + community.docker.docker_image: + name: "{{ matrix_mautrix_discord_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_docker_image_force_pull }}" + when: not matrix_mautrix_discord_container_image_self_build + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure Mautrix discord repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_mautrix_discord_container_image_self_build_repo }}" + dest: "{{ matrix_mautrix_discord_docker_src_files_path }}" + version: "{{ matrix_mautrix_discord_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_mautrix_discord_git_pull_results + when: "matrix_mautrix_discord_container_image_self_build | bool" + +- name: Ensure Mautrix discord Docker image is built + community.docker.docker_image: + name: "{{ matrix_mautrix_discord_docker_image }}" + source: build + force_source: "{{ matrix_mautrix_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_mautrix_discord_docker_src_files_path }}" + pull: true + when: "matrix_mautrix_discord_container_image_self_build | bool" + +- name: Ensure mautrix-discord config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_discord_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-discord registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_discord_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_discord_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mautrix-discord.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-discord.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" + mode: 0644 + register: matrix_mautrix_discord_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-discord.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_discord_systemd_service_result.changed" + +- name: Ensure matrix-mautrix-discord.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-discord.service" + state: restarted + when: "matrix_mautrix_discord_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml new file mode 100644 index 00000000..d75f5164 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-mautrix-discord service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" + register: matrix_mautrix_discord_service_stat + +- name: Ensure matrix-mautrix-discord is stopped + ansible.builtin.service: + name: matrix-mautrix-discord + state: stopped + enabled: false + daemon_reload: true + when: "matrix_mautrix_discord_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-discord.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" + state: absent + when: "matrix_mautrix_discord_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-discord.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_discord_service_stat.stat.exists" diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml new file mode 100644 index 00000000..4ba7e127 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_discord_appservice_token" + - "matrix_mautrix_discord_homeserver_token" diff --git a/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 new file mode 100644 index 00000000..03992335 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -0,0 +1,221 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_discord_homeserver_address | to_json }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_discord_homeserver_domain | to_json }} + # Is the homeserver actually mautrix-asmux? + asmux: false + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_discord_appservice_address | to_json }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: {{ matrix_mautrix_discord_appservice_database_type|to_json }} + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: {{ matrix_mautrix_discord_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: discord + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_mautrix_discord_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Discord bridge bot + avatar: mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: {{ matrix_mautrix_discord_appservice_token | to_json }} + hs_token: {{ matrix_mautrix_discord_homeserver_token | to_json }} + +# Bridge config +bridge: + # Localpart template of MXIDs for Discord users. + # {{ '{{.}}' }} is replaced with the internal ID of the Discord user. + username_template: "{{ 'discord_{{.}}' }}" + # Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. + # Available variables: + # {{ '{{.ID}}' }} - Internal user ID + # {{ '{{.Username}}' }} - User's displayname on Discord + # {{ '{{.Discriminator}}' }} - The 4 numbers after the name on Discord + # {{ '{{.Bot}}' }} - Whether the user is a bot + # {{ '{{.System}}' }} - Whether the user is an official system user + displayname_template: "{{ '{{.Username}} {{if .Bot}} (bot){{end}}' }}" + # Displayname template for Discord channels (bridged as rooms, or spaces when type=4). + # Available variables: + # {{ '{{.Name}}' }} - Channel name, or user displayname (pre-formatted with displayname_template) in DMs. + # {{ '{{.ParentName}}' }} - Parent channel name (used for categories). + # {{ '{{.GuildName}}' }} - Guild name. + # {{ '{{.NSFW}}' }} - Whether the channel is marked as NSFW. + # {{ '{{.Type}}' }} - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267) + channel_name_template: "{{ '{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}' }}" + # Displayname template for Discord guilds (bridged as spaces). + # Available variables: + # {{ '{{.Name}}' }} - Guild name + guild_name_template: "{{ '{{.Name}}' }}" + # Should the bridge explicitly set the avatar and room name for DM portal rooms? + # This is implicitly enabled in encrypted rooms. + private_chat_portal_meta: false + portal_message_buffer: 128 + # Number of private channel portals to create on bridge startup. + # Other portals will be created when receiving messages. + startup_private_channel_create_limit: 5 + # Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord? + delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: true + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + # Should the bridge use space-restricted join rules instead of invite-only for guild rooms? + # This can avoid unnecessary invite events in guild rooms when members are synced in. + restricted_rooms: {{ matrix_mautrix_discord_bridge_restricted_rooms|to_json }} + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord? + # If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave. + delete_portal_on_channel_delete: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_discord_federate_rooms|to_json }} + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_mautrix_discord_homeserver_domain }}": {{ matrix_mautrix_discord_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_mautrix_discord_bridge_login_shared_secret_map|to_json }} + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "{{ matrix_mautrix_discord_command_prefix }}" + + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Discord bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_mautrix_discord_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_mautrix_discord_bridge_encryption_default|to_json }} + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow|to_json }} + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Discord account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_mautrix_discord_bridge_permissions|to_json }} + +logging: + directory: ./logs + file_name_format: '' + file_date_format: "2006-01-02" + file_mode: 384 + timestamp_format: Jan _2, 2006 15:04:05 + print_level: {{ matrix_mautrix_discord_logging_level | to_json }} + print_json: false + file_json: false diff --git a/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 new file mode 100644 index 00000000..43a16607 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix Discord bridge +{% for service in matrix_mautrix_discord_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_discord_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-discord \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_mautrix_discord_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_mautrix_discord_data_path }},dst=/data \ + --workdir=/data \ + {% for arg in matrix_mautrix_discord_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_discord_docker_image }} \ + /usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml --no-update + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-discord + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml similarity index 97% rename from roles/matrix-bridge-mautrix-facebook/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index 51b4f357..719c86dc 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -46,6 +46,12 @@ matrix_mautrix_facebook_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_facebook_federate_rooms: true +matrix_mautrix_facebook_bridge_permissions: | + {{ + {matrix_mautrix_facebook_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Controls whether the matrix-mautrix-facebook container exposes its HTTP port. # # Takes an ":" or "" value (e.g. "127.0.0.1:9008"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml similarity index 87% rename from roles/matrix-bridge-mautrix-facebook/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml index a5debc0b..5565689f 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Facebook image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled" - ansible.builtin.set_fact: @@ -12,22 +12,25 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mautrix-facebook-registration.yaml"] }} when: matrix_mautrix_facebook_enabled | bool -- block: +- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -70,7 +73,3 @@ URL endpoint to the matrix-mautrix-facebook container. You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. when: "not matrix_nginx_proxy_enabled | default(False) | bool" - - tags: - - always - when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-facebook/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 3e7d8f05..50a02427 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: false -- block: +- when: "matrix_mautrix_facebook_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" register: matrix_mautrix_facebook_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" @@ -28,24 +30,22 @@ systemd_services_to_stop: ['matrix-mautrix-facebook.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: true - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_facebook_database_engine == 'postgres'" - name: Ensure Mautrix Facebook image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_facebook_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}" when: not matrix_mautrix_facebook_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix Facebook paths exist @@ -74,7 +74,7 @@ when: "matrix_mautrix_facebook_container_image_self_build | bool" - name: Ensure Mautrix Facebook Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_facebook_docker_image }}" source: build force_source: "{{ matrix_mautrix_facebook_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -122,7 +122,7 @@ - name: Ensure matrix-mautrix-facebook.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" mode: 0644 register: matrix_mautrix_facebook_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index 2635f1f5..fb235b54 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-facebook service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" register: matrix_mautrix_facebook_service_stat - name: Ensure matrix-mautrix-facebook is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-facebook.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" state: absent when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml similarity index 82% rename from roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index 4f588b5f..04e45c31 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -10,15 +10,15 @@ - "matrix_mautrix_facebook_appservice_token" - "matrix_mautrix_facebook_homeserver_token" -- block: +- when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" + block: - name: Inject warning if on an old SQLite-supporting version ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your mautrix-facebook bridge is still on SQLite and on the last version that supported it, before support was dropped. Support has been subsequently re-added in v0.3.2, so we advise you to upgrade (by removing your `matrix_mautrix_facebook_docker_image` definition from vars.yml)" ] }} - when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 similarity index 98% rename from roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 4b27e66a..3318255d 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -201,11 +201,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_facebook_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_facebook_bridge_permissions|to_json }} relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 similarity index 60% rename from roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 rename to roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 2103dd05..4097111e 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-facebook \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml similarity index 97% rename from roles/matrix-bridge-mautrix-googlechat/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml index 85d534e5..a4b1438b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -48,6 +48,12 @@ matrix_mautrix_googlechat_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_googlechat_federate_rooms: true +matrix_mautrix_googlechat_bridge_permissions: | + {{ + {matrix_mautrix_googlechat_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml similarity index 88% rename from roles/matrix-bridge-mautrix-googlechat/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml index af1e7d30..c4ae920c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Google Chat image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled" - ansible.builtin.set_fact: @@ -12,22 +12,25 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mautrix-googlechat-registration.yaml"] }} when: matrix_mautrix_googlechat_enabled | bool -- block: +- when: matrix_mautrix_googlechat_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -59,9 +62,6 @@ + [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_mautrix_googlechat_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-googlechat/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index f2192a34..daadcba2 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: false -- block: +- when: "matrix_mautrix_googlechat_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" @@ -28,24 +30,22 @@ systemd_services_to_stop: ['matrix-mautrix-googlechat.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: true - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_googlechat_database_engine == 'postgres'" - name: Ensure Mautrix googlechat image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_googlechat_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}" when: not matrix_mautrix_googlechat_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix googlechat paths exist @@ -74,7 +74,7 @@ when: "matrix_mautrix_googlechat_container_image_self_build | bool" - name: Ensure Mautrix googlechat Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_googlechat_docker_image }}" source: build force_source: "{{ matrix_mautrix_googlechat_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -122,7 +122,7 @@ - name: Ensure matrix-mautrix-googlechat.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" mode: 0644 register: matrix_mautrix_googlechat_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index 104e58a5..37a4e675 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-googlechat service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" register: matrix_mautrix_googlechat_service_stat - name: Ensure matrix-mautrix-googlechat is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-googlechat.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" state: absent when: "matrix_mautrix_googlechat_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 similarity index 97% rename from roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index ad86219c..a2560a9f 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -117,11 +117,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_googlechat_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_googlechat_bridge_permissions|to_json }} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 similarity index 70% rename from roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 rename to roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index 930b58c2..d52e5d6b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-googlechat \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-googlechat \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml similarity index 97% rename from roles/matrix-bridge-mautrix-hangouts/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml index fc467871..8b338fd7 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -27,6 +27,12 @@ matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080 matrix_mautrix_hangouts_command_prefix: "!HO" +matrix_mautrix_hangouts_bridge_permissions: | + {{ + {matrix_mautrix_hangouts_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml similarity index 88% rename from roles/matrix-bridge-mautrix-hangouts/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml index 28ca1cdb..380dc4b3 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Hangouts image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled" - ansible.builtin.set_fact: @@ -12,22 +12,25 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mautrix-hangouts-registration.yaml"] }} when: matrix_mautrix_hangouts_enabled | bool -- block: +- when: matrix_mautrix_hangouts_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -59,9 +62,6 @@ + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_mautrix_hangouts_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-hangouts/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 4087162e..a846a7b0 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: false -- block: +- when: "matrix_mautrix_hangouts_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" register: matrix_mautrix_hangouts_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" @@ -28,24 +30,22 @@ systemd_services_to_stop: ['matrix-mautrix-hangouts.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: true - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_hangouts_database_engine == 'postgres'" - name: Ensure Mautrix Hangouts image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_hangouts_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" when: not matrix_mautrix_hangouts_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix Hangouts paths exist @@ -74,7 +74,7 @@ when: "matrix_mautrix_hangouts_container_image_self_build | bool" - name: Ensure Mautrix Hangouts Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_hangouts_docker_image }}" source: build force_source: "{{ matrix_mautrix_hangouts_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -122,7 +122,7 @@ - name: Ensure matrix-mautrix-hangouts.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" mode: 0644 register: matrix_mautrix_hangouts_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index 2cb676b5..b7ff7239 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-hangouts service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" register: matrix_mautrix_hangouts_service_stat - name: Ensure matrix-mautrix-hangouts is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-hangouts.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" state: absent when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 similarity index 97% rename from roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 6dca06ff..d737f3f1 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -114,11 +114,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_hangouts_bridge_permissions|to_json }} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 similarity index 60% rename from roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 rename to roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index 10402a51..a24bcf86 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -12,10 +12,10 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' -ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -28,7 +28,7 @@ ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-han # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-hangouts \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml similarity index 96% rename from roles/matrix-bridge-mautrix-instagram/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index e31f3f46..dcdf6723 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}" -matrix_mautrix_instagram_version: v0.1.3 +matrix_mautrix_instagram_version: v0.2.2 # See: https://mau.dev/tulir/mautrix-instagram/container_registry matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" @@ -25,6 +25,12 @@ matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29 matrix_mautrix_instagram_command_prefix: "!ig" +matrix_mautrix_instagram_bridge_permissions: | + {{ + {matrix_mautrix_instagram_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_mautrix_instagram_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml similarity index 72% rename from roles/matrix-bridge-mautrix-instagram/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml index 858e2917..7ef037e3 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled" - ansible.builtin.set_fact: @@ -12,16 +12,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mautrix-instagram-registration.yaml"] }} diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-instagram/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 88b0286e..19a2ff9a 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -8,15 +8,15 @@ when: "matrix_synapse_role_executed | default(False)" - name: Ensure Mautrix instagram image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_instagram_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}" when: not matrix_mautrix_instagram_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix instagram paths exist @@ -45,7 +45,7 @@ when: "matrix_mautrix_instagram_container_image_self_build | bool" - name: Ensure Mautrix instagram Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_instagram_docker_image }}" source: build force_source: "{{ matrix_mautrix_instagram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -75,7 +75,7 @@ - name: Ensure matrix-mautrix-instagram.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" mode: 0644 register: matrix_mautrix_instagram_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index 55d882d3..a029a90a 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mautrix-instagram service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" register: matrix_mautrix_instagram_service_stat - name: Ensure matrix-mautrix-instagram is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-instagram.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" state: absent when: "matrix_mautrix_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 similarity index 98% rename from roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 11b1d997..039b9bfe 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -185,11 +185,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_mautrix_instagram_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_mautrix_instagram_bridge_permissions|to_json }} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). provisioning: diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 similarity index 55% rename from roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 rename to roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index d2a6aece..808ace40 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instagram \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-instagram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml similarity index 92% rename from roles/matrix-bridge-mautrix-signal/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 84ef38cd..24ba9b39 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,8 +9,8 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.20.0 +matrix_mautrix_signal_version: v0.4.1 +matrix_mautrix_signal_daemon_version: 0.23.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" @@ -103,12 +103,14 @@ matrix_mautrix_signal_relaybot_enabled: false # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user +# +# This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary. matrix_mautrix_signal_bridge_permissions: | - '*': relay - '{{ matrix_mautrix_signal_homeserver_domain }}': user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + {{ + {'*': 'relay'} + | combine({matrix_mautrix_signal_homeserver_domain: 'user'}) + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. @@ -141,3 +143,10 @@ matrix_mautrix_signal_log_level: 'DEBUG' matrix_mautrix_signal_bridge_encryption_allow: false matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" + +# Additional environment variables to pass to the Signal Daemon container +# +# Example: +# matrix_mautrix_signal_daemon_environment_variables_extension: | +# SIGNALD_TRUST_NEW_KEYS=true +matrix_mautrix_signal_daemon_environment_variables_extension: '' diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml similarity index 68% rename from roles/matrix-bridge-mautrix-signal/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml index c96fe596..17ad98a4 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml @@ -6,16 +6,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mautrix-signal-registration.yaml"] }} diff --git a/roles/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-signal/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml similarity index 88% rename from roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 3a7ad508..f5a162a3 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -9,15 +9,15 @@ when: "matrix_synapse_role_executed | default(False)" - name: Ensure Mautrix Signal image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_signal_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" when: "not matrix_mautrix_signal_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed @@ -33,7 +33,7 @@ when: "matrix_mautrix_signal_container_image_self_build | bool" - name: Ensure Mautrix Signal image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_signal_docker_image }}" source: build force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -46,7 +46,7 @@ - name: Ensure Mautrix Signal Daemon image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_signal_daemon_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -66,7 +66,7 @@ when: "matrix_mautrix_signal_daemon_container_image_self_build | bool" - name: Ensure Mautrix Signal Daemon image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_signal_daemon_docker_image }}" source: build force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -92,6 +92,15 @@ - "{{ matrix_mautrix_signal_daemon_path }}/attachments" - "{{ matrix_mautrix_signal_daemon_path }}/data" + +- name: Ensure mautrix-signal-daemon environment variables file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_mautrix_signal_daemon_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + - name: Ensure mautrix-signal config.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_signal_configuration | to_nice_yaml(indent=2, width=999999) }}" @@ -111,14 +120,14 @@ - name: Ensure matrix-mautrix-signal-daemon.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal-daemon.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" mode: 0644 register: matrix_mautrix_signal_daemon_systemd_service_result - name: Ensure matrix-mautrix-signal.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" mode: 0644 register: matrix_mautrix_signal_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml similarity index 78% rename from roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index befbcbec..d98d28ba 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -3,7 +3,7 @@ # Signal daemon service - name: Check existence of matrix-mautrix-signal-daemon service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" register: matrix_mautrix_signal_daemon_service_stat - name: Ensure matrix-mautrix-signal-daemon is stopped @@ -16,14 +16,14 @@ - name: Ensure matrix-mautrix-signal-daemon.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" state: absent when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" # Bridge service - name: Check existence of matrix-mautrix-signal service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" register: matrix_mautrix_signal_service_stat - name: Ensure matrix-mautrix-signal is stopped @@ -36,7 +36,7 @@ - name: Ensure matrix-mautrix-signal.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" state: absent when: "matrix_mautrix_signal_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml similarity index 76% rename from roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml index 01a02c2f..ea2c1c43 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml @@ -11,6 +11,15 @@ - "matrix_mautrix_signal_homeserver_token" - "matrix_mautrix_signal_appservice_token" +- name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary + ansible.builtin.fail: + msg: >- + The `matrix_mautrix_signal_bridge_permissions` variable in your configuration is specified as a YAML string. + The playbook now expects a hashmap/dictionary in this variable. + Change your configuration like this: + matrix_mautrix_signal_bridge_permissions: {{ matrix_mautrix_signal_bridge_permissions | from_yaml | to_json }} + when: "matrix_mautrix_signal_bridge_permissions is string" + - name: (Deprecation) Catch and report renamed Signal variables ansible.builtin.fail: msg: >- diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 similarity index 99% rename from roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index f0644ee2..796a6e41 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -223,8 +223,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} + permissions: {{ matrix_mautrix_signal_bridge_permissions|to_json }} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/env.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/env.j2 new file mode 100644 index 00000000..f5357ed2 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/env.j2 @@ -0,0 +1 @@ +{{ matrix_mautrix_signal_daemon_environment_variables_extension }} diff --git a/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 similarity index 53% rename from roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index d6be37e9..11a34d8f 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -13,16 +13,16 @@ Wants={{ service }} [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 # Migration task required by the 0.19.0 upgrade -ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,16 +32,17 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si --migrate-data # We can't use `--read-only` for this bridge. -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ + --env-file={{ matrix_mautrix_signal_daemon_path }}/env \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 similarity index 59% rename from roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index d1ef85f3..7b70cbe4 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -13,14 +13,14 @@ Wants={{ service }} [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal \ --log-driver=none \ --network={{ matrix_docker_network }} \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml similarity index 91% rename from roles/matrix-bridge-mautrix-telegram/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 2ac9fe04..0f52cc22 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -9,14 +9,14 @@ matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git" matrix_telegram_lottieconverter_docker_repo_version: "master" matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src" -matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram +matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.11.3 +matrix_mautrix_telegram_version: v0.12.1 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" @@ -27,11 +27,20 @@ matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data matrix_mautrix_telegram_command_prefix: "!tg" +matrix_mautrix_telegram_bridge_permissions: | + {{ + {matrix_mautrix_telegram_homeserver_domain: 'full'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Get your own API keys at https://my.telegram.org/apps matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' matrix_mautrix_telegram_bot_token: disabled +# Define the filter-mode +matrix_mautrix_telegram_filter_mode: "blacklist" + # Whether or not the public-facing endpoints should be enabled (web-based login) matrix_mautrix_telegram_appservice_public_enabled: true @@ -150,3 +159,8 @@ matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_y matrix_mautrix_telegram_username_template: 'telegram_{userid}' matrix_mautrix_telegram_alias_template: 'telegram_{groupname}' matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)' + +# Enable End-to-bridge encryption +matrix_mautrix_telegram_bridge_encryption_allow: false +matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}" +matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml similarity index 87% rename from roles/matrix-bridge-mautrix-telegram/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml index e83bc663..f828f793 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Mautrix-Telegram image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_image_self_build and matrix_mautrix_telegram_enabled" - ansible.builtin.set_fact: @@ -12,22 +12,25 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mautrix-telegram-registration.yaml"] }} when: matrix_mautrix_telegram_enabled | bool -- block: +- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -69,7 +72,3 @@ URL endpoint to the matrix-mautrix-telegram container. You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. when: "not matrix_nginx_proxy_enabled | default(False) | bool" - - tags: - - always - when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-telegram/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 6ce39657..ba9c450f 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: false -- block: +- when: "matrix_mautrix_telegram_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" register: matrix_mautrix_telegram_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" @@ -28,13 +30,11 @@ systemd_services_to_stop: ['matrix-mautrix-telegram.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: true - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_telegram_database_engine == 'postgres'" - name: Ensure Mautrix Telegram paths exist ansible.builtin.file: @@ -51,15 +51,15 @@ when: item.when | bool - name: Ensure Mautrix Telegram image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_telegram_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" when: "not matrix_mautrix_telegram_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure lottieconverter is present when self-building @@ -74,7 +74,7 @@ when: "matrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_container_image_self_build | bool" - name: Ensure lottieconverter Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_telegram_lottieconverter_docker_image }}" source: build force_source: "{{ matrix_telegram_lottieconverter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -97,7 +97,7 @@ when: "matrix_mautrix_telegram_container_image_self_build | bool" - name: Ensure matrix-mautrix-telegram Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_telegram_docker_image }}" source: build force_source: "{{ matrix_mautrix_telegram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -147,7 +147,7 @@ - name: Ensure matrix-mautrix-telegram.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" mode: 0644 register: matrix_mautrix_telegram_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index f4a5f569..90ca0195 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-telegram service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" register: matrix_mautrix_telegram_service_stat - name: Ensure matrix-mautrix-telegram is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-telegram.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" state: absent when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 similarity index 93% rename from roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 19bacbde..b7af83f5 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -176,27 +176,29 @@ bridge: height: 256 background: "020202" # only for gif fps: 30 # only for webm - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. + # End-to-bridge encryption support options. # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. encryption: # Allow encryption, work in group chat rooms with e2ee enabled - allow: false + allow: {{ matrix_mautrix_telegram_bridge_encryption_allow|to_json }} # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - # Database for the encryption data. Currently only supports Postgres and an in-memory - # store that's persisted as a pickle. - # If set to `default`, will use the appservice postgres database - # or a pickle file if the appservice database is sqlite. - # - # Format examples: - # Pickle: pickle:///filename.pickle - # Postgres: postgres://username:password@hostname/dbname + default: {{ matrix_mautrix_telegram_bridge_encryption_default|to_json }} + # Database for the encryption data. If set to `default`, will use the appservice database. database: default - + # Options for automatic key sharing. + key_sharing: + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow: {{ matrix_mautrix_telegram_bridge_encryption_key_sharing_allow|to_json }} + # Require the requesting device to have a valid cross-signing signature? + # This doesn't require that the bridge has verified the device, only that the user has verified it. + # Not yet implemented. + require_cross_signing: false + # Require devices to be verified by the bridge? + # Verification by the bridge is not yet implemented. + require_verification: true # Whether or not to explicitly set the avatar and room name for private # chat portal rooms. This will be implicitly enabled if encryption.default is true. private_chat_portal_meta: false @@ -271,12 +273,12 @@ bridge: # Filter mode to use. Either "blacklist" or "whitelist". # If the mode is "blacklist", the listed chats will never be bridged. # If the mode is "whitelist", only the listed chats can be bridged. - mode: blacklist + mode: {{ matrix_mautrix_telegram_filter_mode | to_json }} # The list of group/channel IDs to filter. list: [] # The prefix for commands. Only required in non-management rooms. - command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}" + command_prefix: {{ matrix_mautrix_telegram_command_prefix | to_json }} # Permissions for using the bridge. # Permitted values: @@ -289,11 +291,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_telegram_homeserver_domain }}': full - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_telegram_bridge_permissions | to_json }} # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 similarity index 60% rename from roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 rename to roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 8b21ee2b..2948a711 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-telegram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml similarity index 96% rename from roles/matrix-bridge-mautrix-twitter/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 512195cb..684b889a 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_twitter_container_image_self_build: false matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git" matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}" -matrix_mautrix_twitter_version: v0.1.4 +matrix_mautrix_twitter_version: v0.1.5 # See: https://mau.dev/tulir/mautrix-twitter/container_registry matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}" matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}" @@ -25,6 +25,12 @@ matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' matrix_mautrix_twitter_command_prefix: "!tw" +matrix_mautrix_twitter_bridge_permissions: | + {{ + {matrix_mautrix_twitter_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_mautrix_twitter_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml similarity index 78% rename from roles/matrix-bridge-mautrix-twitter/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml index 75a60ffa..67f0a7dc 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml @@ -6,16 +6,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mautrix-twitter-registration.yaml"] }} diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-twitter/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 05887c6d..c3ab2d4e 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -12,15 +12,15 @@ matrix_mautrix_twitter_requires_restart: false - name: Ensure Mautrix Twitter image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_twitter_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}" when: matrix_mautrix_twitter_enabled | bool and not matrix_mautrix_twitter_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix Twitter paths exist @@ -49,7 +49,7 @@ when: "matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_container_image_self_build" - name: Ensure Mautrix Twitter Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_twitter_docker_image }}" source: build force_source: "{{ matrix_mautrix_twitter_git_pull_results.changed }}" @@ -78,7 +78,7 @@ - name: Ensure matrix-mautrix-twitter.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" mode: 0644 register: matrix_mautrix_twitter_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml index 5ce64906..5f6b1491 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-twitter service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" register: matrix_mautrix_twitter_service_stat - name: Ensure matrix-mautrix-twitter is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-twitter.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" state: absent when: "matrix_mautrix_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 similarity index 98% rename from roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index b59864f1..da823d1e 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -173,11 +173,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_twitter_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_twitter_bridge_permissions|to_json }} # Python logging configuration. diff --git a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 similarity index 55% rename from roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 rename to roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index 0ce9a123..c167eb06 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitter \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-twitter \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml similarity index 94% rename from roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 7a511651..55b7387f 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.6.0 +matrix_mautrix_whatsapp_version: v0.7.1 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" @@ -86,9 +86,21 @@ matrix_mautrix_whatsapp_login_shared_secret: '' matrix_mautrix_whatsapp_bridge_login_shared_secret_map: "{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}" -# Servers to always allow double puppeting from -matrix_mautrix_whatsapp_bridge_double_puppet_server_map: - "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" +# Enable End-to-bridge encryption +matrix_mautrix_whatsapp_bridge_encryption_allow: false +matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" +matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" + +matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true +matrix_mautrix_whatsapp_bridge_mute_bridging: true +matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false +matrix_mautrix_whatsapp_bridge_allow_user_invite: true + +matrix_mautrix_whatsapp_bridge_permissions: | + {{ + {matrix_mautrix_whatsapp_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. @@ -129,8 +141,3 @@ matrix_mautrix_whatsapp_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}" - -# Enable End-to-bridge encryption -matrix_mautrix_whatsapp_bridge_encryption_allow: false -matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" -matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml similarity index 67% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml index ab10a530..7907c73d 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -5,16 +5,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mautrix-whatsapp-registration.yaml"] }} diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index c3edd6a7..6b376946 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: false -- block: +- when: "matrix_mautrix_whatsapp_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" register: matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" @@ -29,14 +31,11 @@ pgloader_options: ['--with "quote identifiers"'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: true - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_whatsapp_database_engine == 'postgres'" - - name: Ensure Mautrix Whatsapp paths exists ansible.builtin.file: @@ -53,15 +52,15 @@ when: item.when | bool - name: Ensure Mautrix Whatsapp image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_whatsapp_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" when: not matrix_mautrix_whatsapp_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix Whatsapp repository is present on self-build @@ -76,7 +75,7 @@ when: "matrix_mautrix_whatsapp_container_image_self_build | bool" - name: Ensure Mautrix Whatsapp Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_whatsapp_docker_image }}" source: build force_source: "{{ matrix_mautrix_whatsapp_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -133,7 +132,7 @@ - name: Ensure matrix-mautrix-whatsapp.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" mode: 0644 register: matrix_mautrix_whatsapp_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index c531b530..ff215001 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-whatsapp service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" register: matrix_mautrix_whatsapp_service_stat - name: Ensure matrix-mautrix-whatsapp is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-whatsapp.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" state: absent when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 similarity index 93% rename from roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 8e0e300b..9c0b95e8 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -5,6 +5,9 @@ homeserver: address: {{ matrix_mautrix_whatsapp_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. @@ -92,7 +95,7 @@ bridge: displayname_template: "{{ '{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)' }}" # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. - personal_filtering_spaces: false + personal_filtering_spaces: {{ matrix_mautrix_whatsapp_bridge_personal_filtering_spaces | to_json }} # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp? delivery_receipts: false # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. @@ -144,6 +147,12 @@ bridge: # provisioning endpoint is used or when a message comes in from that # chat. max_initial_conversations: -1 + # If this value is greater than 0, then if the conversation's last + # message was more than this number of hours ago, then the conversation + # will automatically be marked it as read. + # Conversations that have a last message that is less than this number + # of hours ago will have their unread status synced from WhatsApp. + unread_hours_threshold: 0 # Settings for immediate backfills. These backfills should generally be # small and their main purpose is to populate each of the initial chats # (as configured by max_initial_conversations) with a few messages so @@ -225,14 +234,17 @@ bridge: # manually. login_shared_secret_map: {{ matrix_mautrix_whatsapp_bridge_login_shared_secret_map|to_json }} # Should the bridge explicitly set the avatar and room name for private chat portal rooms? + # This is implicitly enabled in encrypted rooms. private_chat_portal_meta: false + # Should group members be synced in parallel? This makes member sync faster + parallel_member_sync: false # Should Matrix m.notice-type messages be bridged? bridge_notices: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, except if the config file is not writable. resend_bridge_info: false # When using double puppeting, should muted chats be muted in Matrix? - mute_bridging: false + mute_bridging: {{ matrix_mautrix_whatsapp_bridge_mute_bridging | to_json }} # When using double puppeting, should archived chats be moved to a specific tag in Matrix? # Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix. # This can be set to a tag (e.g. m.lowpriority), or null to disable. @@ -243,7 +255,7 @@ bridge: tag_only_on_create: true # Should WhatsApp status messages be bridged into a Matrix room? # Disabling this won't affect already created status broadcast rooms. - enable_status_broadcast: true + enable_status_broadcast: {{ matrix_mautrix_whatsapp_bridge_enable_status_broadcast | to_json }} # Should sending WhatsApp status messages be allowed? # This can cause issues if the user has lots of contacts, so it's disabled by default. disable_status_broadcast_send: true @@ -257,7 +269,7 @@ bridge: whatsapp_thumbnail: false # Allow invite permission for user. User can invite any bots to room with whatsapp # users (private chat and groups) - allow_user_invite: false + allow_user_invite: {{ matrix_mautrix_whatsapp_bridge_allow_user_invite | to_json }} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} @@ -268,6 +280,9 @@ bridge: # Should the bridge never send alerts to the bridge management room? # These are mostly things like the user being logged out. disable_bridge_alerts: false + # Should the bridge stop if the WhatsApp server says another user connected with the same session? + # This is only safe on single-user bridges. + crash_on_stream_replaced: false # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview, # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews` # key in the event content even if this is disabled. @@ -275,6 +290,9 @@ bridge: # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. # This is currently not supported in most clients. caption_in_message: false + # Should Matrix edits be bridged to WhatsApp edits? + # Official WhatsApp clients don't render edits yet, but once they do, the bridge should work with them right away. + send_whatsapp_edits: false # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration # Null means there's no enforced timeout. message_handling_timeout: @@ -311,6 +329,8 @@ bridge: # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }} + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false # Require encryption, drop any unencrypted messages. require: false # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. @@ -368,11 +388,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_mautrix_whatsapp_bridge_permissions|to_json }} # Settings for relay mode relay: diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 similarity index 56% rename from roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 rename to roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index ae44d342..effa086d 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml similarity index 72% rename from roles/matrix-bridge-mx-puppet-discord/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml index 1a821d7d..9e2a937f 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-discord image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build and matrix_mx_puppet_discord_enabled" - ansible.builtin.set_fact: @@ -12,16 +12,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mx-puppet-discord-registration.yaml"] }} diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index d60f73f9..3b119745 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -27,7 +27,8 @@ path: "{{ matrix_mx_puppet_discord_base_path }}/database.db" register: matrix_mx_puppet_discord_stat_database -- block: +- when: "matrix_mx_puppet_discord_stat_database.stat.exists" + block: - name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped ansible.builtin.service: name: matrix-mx-puppet-discord @@ -40,18 +41,19 @@ cmd: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" register: matrix_mx_puppet_discord_relocate_database_result changed_when: matrix_mx_puppet_discord_relocate_database_result.rc == 0 - when: "matrix_mx_puppet_discord_stat_database.stat.exists" - ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: false -- block: +- when: "matrix_mx_puppet_discord_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" register: matrix_mx_puppet_discord_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" @@ -62,24 +64,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-discord.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: true - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_discord_database_engine == 'postgres'" - name: Ensure MX Puppet Discord image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_discord_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" when: matrix_mx_puppet_discord_enabled | bool and not matrix_mx_puppet_discord_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Discord repository is present on self build @@ -94,7 +94,7 @@ when: "matrix_mx_puppet_discord_enabled | bool and matrix_mx_puppet_discord_container_image_self_build" - name: Ensure MX Puppet Discord Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_discord_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 similarity index 56% rename from roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 52b12c3d..7304054e 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 15 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml similarity index 94% rename from roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml index a7016b30..59b8c193 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -1,11 +1,11 @@ --- # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge -# Project source code URL: https://gitlab.com/robintown/mx-puppet-groupme +# Project source code URL: https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme matrix_mx_puppet_groupme_enabled: true matrix_mx_puppet_groupme_container_image_self_build: false -matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/robintown/mx-puppet-groupme" +matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme" matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if matrix_mx_puppet_groupme_version == 'latest' else matrix_mx_puppet_groupme_version }}" # Controls whether the mx-puppet-groupme container exposes its HTTP port (tcp/8437 in the container). @@ -13,9 +13,9 @@ matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if # Takes an ":" or "" value (e.g. "127.0.0.1:8437"), or empty string to not expose. matrix_mx_puppet_groupme_container_http_host_bind_port: '' -matrix_mx_puppet_groupme_version: latest -matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}" -matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_groupme_version: 533cccc8 +matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix-pub/matrix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}" +matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_groupme_docker_image_force_pull: "{{ matrix_mx_puppet_groupme_docker_image.endswith(':latest') }}" matrix_mx_puppet_groupme_base_path: "{{ matrix_base_data_path }}/mx-puppet-groupme" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml similarity index 72% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml index 92f041d4..76d184dd 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-groupme image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build and matrix_mx_puppet_groupme_enabled" - ansible.builtin.set_fact: @@ -12,16 +12,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mx-puppet-groupme-registration.yaml"] }} diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml similarity index 94% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 497f0109..400de9c5 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -43,13 +43,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: false -- block: +- when: "matrix_mx_puppet_groupme_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" @@ -60,24 +62,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-groupme.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: true - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_groupme_database_engine == 'postgres'" - name: Ensure MX Puppet Groupme image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_groupme_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" when: matrix_mx_puppet_groupme_enabled | bool and not matrix_mx_puppet_groupme_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Groupme repository is present on self build @@ -92,7 +92,7 @@ when: "matrix_mx_puppet_groupme_enabled | bool and matrix_mx_puppet_groupme_container_image_self_build" - name: Ensure MX Puppet Groupme Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_groupme_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_groupme_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 similarity index 56% rename from roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index afb46ecb..d9fd4929 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-groupme \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-groupme \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml similarity index 72% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml index 5e89275c..741c32c0 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build and matrix_mx_puppet_instagram_enabled" - ansible.builtin.set_fact: @@ -12,16 +12,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mx-puppet-instagram-registration.yaml"] }} diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 7695d88e..c98535e3 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -12,13 +12,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: false -- block: +- when: "matrix_mx_puppet_instagram_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" register: matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" @@ -29,24 +31,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-instagram.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: true - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_instagram_database_engine == 'postgres'" - name: Ensure mx-puppet-instagram image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_instagram_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" when: matrix_mx_puppet_instagram_enabled | bool and not matrix_mx_puppet_instagram_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure mx-puppet-instagram paths exist @@ -75,7 +75,7 @@ when: "matrix_mx_puppet_instagram_enabled | bool and matrix_mx_puppet_instagram_container_image_self_build | bool" - name: Ensure mx-puppet-instagram Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_instagram_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_instagram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 similarity index 56% rename from roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 262518fc..5e3ad3ea 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml similarity index 88% rename from roles/matrix-bridge-mx-puppet-slack/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml index fd9d62ae..9eff170a 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build and matrix_mx_puppet_slack_enabled" - ansible.builtin.set_fact: @@ -12,22 +12,25 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mx-puppet-slack-registration.yaml"] }} when: matrix_mx_puppet_slack_enabled | bool -- block: +- when: matrix_mx_puppet_slack_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -60,9 +63,6 @@ + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_mx_puppet_slack_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 70dac9ac..e5d83763 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -39,13 +39,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: false -- block: +- when: "matrix_mx_puppet_slack_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" register: matrix_mx_puppet_slack_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" @@ -56,24 +58,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-slack.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: true - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_slack_database_engine == 'postgres'" - name: Ensure MX Puppet Slack image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_slack_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" when: matrix_mx_puppet_slack_enabled | bool and not matrix_mx_puppet_slack_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Slack repository is present on self build @@ -88,7 +88,7 @@ when: "matrix_mx_puppet_slack_enabled | bool and matrix_mx_puppet_slack_container_image_self_build" - name: Ensure MX Puppet Slack Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_slack_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 similarity index 60% rename from roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index 118d0369..06d5e10a 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-slack \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml similarity index 72% rename from roles/matrix-bridge-mx-puppet-steam/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml index 6c9a9a4f..5f9a5a83 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-steam image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build and matrix_mx_puppet_steam_enabled" - ansible.builtin.set_fact: @@ -12,16 +12,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mx-puppet-steam-registration.yaml"] }} diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 80487630..98854469 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -43,13 +43,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: false -- block: +- when: "matrix_mx_puppet_steam_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" register: matrix_mx_puppet_steam_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" @@ -60,24 +62,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-steam.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: true - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_steam_database_engine == 'postgres'" - name: Ensure MX Puppet Steam image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_steam_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" when: matrix_mx_puppet_steam_enabled | bool and not matrix_mx_puppet_steam_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Steam repository is present on self build @@ -92,7 +92,7 @@ when: "matrix_mx_puppet_steam_enabled | bool and matrix_mx_puppet_steam_container_image_self_build" - name: Ensure MX Puppet Steam Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_steam_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_steam_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 similarity index 56% rename from roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index f1079e3f..31dd2fae 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-steam \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-steam \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml similarity index 88% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 3667ebc7..a58cd9ac 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the mx-puppet-twitter image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build and matrix_mx_puppet_twitter_enabled" - ansible.builtin.set_fact: @@ -12,22 +12,25 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-mx-puppet-twitter-registration.yaml"] }} when: matrix_mx_puppet_twitter_enabled | bool -- block: +- when: matrix_mx_puppet_twitter_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -60,9 +63,6 @@ + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_mx_puppet_twitter_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 305cd5de..d5ebec74 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -43,13 +43,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: false -- block: +- when: "matrix_mx_puppet_twitter_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" register: matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" @@ -60,24 +62,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-twitter.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: true - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_twitter_database_engine == 'postgres'" - name: Ensure MX Puppet Twitter image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_twitter_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" when: matrix_mx_puppet_twitter_enabled | bool and not matrix_mx_puppet_twitter_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Twitter repository is present on self build @@ -92,7 +92,7 @@ when: "matrix_mx_puppet_twitter_enabled | bool and matrix_mx_puppet_twitter_container_image_self_build" - name: Ensure MX Puppet Twitter Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_twitter_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_twitter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 similarity index 60% rename from roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index 5d7cfca6..918b06d7 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-twitter diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/custom/matrix-bridge-sms/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-sms/defaults/main.yml rename to roles/custom/matrix-bridge-sms/defaults/main.yml diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/custom/matrix-bridge-sms/tasks/init.yml similarity index 76% rename from roles/matrix-bridge-sms/tasks/init.yml rename to roles/custom/matrix-bridge-sms/tasks/init.yml index 85684b81..3c044c15 100644 --- a/roles/matrix-bridge-sms/tasks/init.yml +++ b/roles/custom/matrix-bridge-sms/tasks/init.yml @@ -14,16 +14,16 @@ # If the matrix-synapse role is not used, these variables may not exist. - ansible.builtin.set_fact: - matrix_synapse_container_extra_arguments: > + matrix_homeserver_container_runtime_injected_arguments: > {{ - matrix_synapse_container_extra_arguments | default([]) + matrix_homeserver_container_runtime_injected_arguments | default([]) + ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] }} - matrix_synapse_app_service_config_files: > + matrix_homeserver_app_service_runtime_injected_config_files: > {{ - matrix_synapse_app_service_config_files | default([]) + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + ["/matrix-sms-bridge-registration.yaml"] }} diff --git a/roles/matrix-bridge-sms/tasks/main.yml b/roles/custom/matrix-bridge-sms/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-sms/tasks/main.yml rename to roles/custom/matrix-bridge-sms/tasks/main.yml diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml similarity index 89% rename from roles/matrix-bridge-sms/tasks/setup_install.yml rename to roles/custom/matrix-bridge-sms/tasks/setup_install.yml index dcc317ba..2050797a 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml @@ -1,12 +1,12 @@ --- - name: Ensure matrix-sms-bridge image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_sms_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-sms-bridge paths exist @@ -49,7 +49,7 @@ - name: Ensure matrix-sms-bridge.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-sms-bridge.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sms-bridge.service" mode: 0644 register: matrix_sms_bridge_systemd_service_result diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-sms/tasks/setup_uninstall.yml similarity index 74% rename from roles/matrix-bridge-sms/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-sms/tasks/setup_uninstall.yml index 322190f9..c7d0011e 100644 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-sms/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-sms-bridge service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sms-bridge.service" register: matrix_sms_bridge_service_stat - name: Ensure matrix-sms-bridge is stopped @@ -15,6 +15,6 @@ - name: Ensure matrix-sms-bridge.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sms-bridge.service" state: absent when: "matrix_sms_bridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/custom/matrix-bridge-sms/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-sms/tasks/validate_config.yml rename to roles/custom/matrix-bridge-sms/tasks/validate_config.yml diff --git a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 b/roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 similarity index 94% rename from roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 rename to roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 index 46c3463f..2645d39c 100644 --- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 @@ -12,7 +12,7 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge diff --git a/roles/custom/matrix-cactus-comments/defaults/main.yml b/roles/custom/matrix-cactus-comments/defaults/main.yml new file mode 100644 index 00000000..224a5348 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/defaults/main.yml @@ -0,0 +1,60 @@ +--- +# Cactus Comments is a federated comment system built on Matrix +# Project source code URL: https://gitlab.com/cactus-comments/cactus-appservice +# Project source code URL: https://gitlab.com/cactus-comments/cactus-client + +matrix_cactus_comments_enabled: true +matrix_cactus_comments_serve_client_enabled: true +matrix_cactus_comments_container_image_self_build: false +matrix_cactus_comments_docker_repo: "https://gitlab.com/cactus-comments/cactus-appservice.git" +matrix_cactus_comments_docker_repo_version: "{{ matrix_cactus_comments_version if matrix_cactus_comments_version != 'latest' else 'main' }}" +matrix_cactus_comments_docker_src_files_path: "{{ matrix_cactus_comments_base_path }}/docker-src" + + +matrix_cactus_comments_base_path: "{{ matrix_base_data_path }}/cactus-comments" +matrix_cactus_comments_container_tmp_path: "{{ matrix_cactus_comments_base_path }}/tmp" +matrix_cactus_comments_client_path: "{{ matrix_cactus_comments_base_path }}/client" +matrix_cactus_comments_client_file_permissions: "0644" + +matrix_cactus_comments_app_service_config_file: "{{ matrix_cactus_comments_base_path }}/cactus_appservice.yaml" +matrix_cactus_comments_app_service_env_file: "{{ matrix_cactus_comments_base_path }}/cactus.env" + +matrix_cactus_comments_as_token: '' +matrix_cactus_comments_hs_token: '' +matrix_cactus_comments_homeserver_url: "{{ matrix_homeserver_container_url }}" +matrix_cactus_comments_user_id: "bot.cactusbot" +matrix_cactus_comments_tmp_directory_size_mb: 1 + +matrix_cactus_comments_container_port: 5000 + +matrix_cactus_comments_version: 0.9.0 +matrix_cactus_comments_docker_image: "{{ matrix_container_global_registry_prefix }}cactuscomments/cactus-appservice:{{ matrix_cactus_comments_version }}" +matrix_cactus_comments_docker_image_force_pull: "{{ matrix_cactus_comments_docker_image.endswith(':latest') }}" + +# matrix_cactus_comments_client_version specifies the version of the cactus-client release to use. +# For available versions, see: https://gitlab.com/cactus-comments/cactus-client/-/releases +# Also see: `matrix_cactus_comments_client_local_dir` +matrix_cactus_comments_client_version: "0.13.0" + +# matrix_cactus_comments_client_local_dir specifies a local directory (on the Ansible controller, not on the remote server) with cactus-client files to use. +# This is an alternative to `matrix_cactus_comments_client_version`, to be used when you'd like to +# provide the files locally / manually. +matrix_cactus_comments_client_local_dir: '' + +# matrix_cactus_comments_client_nginx_path specifies the path where nginx can access the client files. +# The default value assumes a container setup. If you're running nginx without a container, consider adjusting this path +matrix_cactus_comments_client_nginx_path: "/cactus-comments/" + +# matrix_cactus_comments_client_endpoint specifies where nginx will serve the files in nginx is enabled +matrix_cactus_comments_client_endpoint: "/cactus-comments/" + +# List of systemd services that matrix-cactus-comments.service depends on +matrix_bot_cactus_comments_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-cactus-comments.service wants +matrix_bot_cactus_comments_systemd_wanted_services_list: [] + +# A list of extra arguments to pass to the container +matrix_cactus_comments_container_extra_arguments: [] + +matrix_cactus_comments_environment_variables_extension: '' diff --git a/roles/custom/matrix-cactus-comments/tasks/init.yml b/roles/custom/matrix-cactus-comments/tasks/init.yml new file mode 100644 index 00000000..5067d025 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/init.yml @@ -0,0 +1,68 @@ +--- + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-cactus-comments.service'] }}" + when: matrix_cactus_comments_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_homeserver_container_runtime_injected_arguments: > + {{ + matrix_homeserver_container_runtime_injected_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_cactus_comments_app_service_config_file }},dst=/matrix-cactus-comments.yaml,ro"] + }} + + matrix_homeserver_app_service_runtime_injected_config_files: > + {{ + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + + + ["/matrix-cactus-comments.yaml"] + }} + when: matrix_cactus_comments_enabled | bool + +- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool + tags: + - always + block: + - name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Cactus Comment's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-cactus-comments role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + + - name: Mount volume + ansible.builtin.set_fact: + matrix_nginx_proxy_container_additional_volumes: > + {{ + matrix_nginx_proxy_container_additional_volumes | default([]) + + + [{"src": "{{ matrix_cactus_comments_client_path }}", "dst": "/cactus-comments/cactus-comments", "options": "ro"}] + }} + + - name: Generate Cactus Comment proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_cactus_comments_nginx_proxy_configuration: | + location {{ matrix_cactus_comments_client_endpoint }} { + root {{ matrix_cactus_comments_client_nginx_path }}; + } + + - name: Register Cactus Comment proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_cactus_comments_nginx_proxy_configuration] + }} + + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled Cactus Comments but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying client files in {{ matrix_cactus_comments_client_path }} correctly + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-cactus-comments/tasks/main.yml b/roles/custom/matrix-cactus-comments/tasks/main.yml new file mode 100644 index 00000000..857e2db1 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml new file mode 100644 index 00000000..8de14d19 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml @@ -0,0 +1,138 @@ +--- + +- name: Ensure cactus comments paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_cactus_comments_base_path }}", when: true} + - {path: "{{ matrix_cactus_comments_client_path }}", when: true} + - {path: "{{ matrix_cactus_comments_container_tmp_path }}", when: true} + - {path: "{{ matrix_cactus_comments_docker_src_files_path }}", when: matrix_cactus_comments_container_image_self_build} + when: "item.when | bool" + +- name: Ensure cactus comments environment file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_cactus_comments_app_service_env_file }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure cactus comments appservice file created + ansible.builtin.template: + src: "{{ role_path }}/templates/cactus_appservice.yaml.j2" + dest: "{{ matrix_cactus_comments_app_service_config_file }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure cactus comments image is pulled + community.docker.docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_cactus_comments_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_cactus_comments_docker_image_force_pull }}" + when: "not matrix_cactus_comments_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure cactus comments repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_cactus_comments_docker_repo }}" + version: "{{ matrix_cactus_comments_docker_repo_version }}" + dest: "{{ matrix_cactus_comments_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_cactus_comments_git_pull_results + when: "matrix_cactus_comments_container_image_self_build | bool" + +- name: Ensure cactus comments image is built + community.docker.docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + source: build + force_source: "{{ matrix_cactus_comments_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_cactus_comments_docker_src_files_path }}" + pull: true + when: "matrix_cactus_comments_container_image_self_build | bool" + +- when: matrix_cactus_comments_client_local_dir | length == 0 + block: + - name: Download client binary to local folder + ansible.builtin.get_url: + url: "https://gitlab.com/cactus-comments/cactus-client/-/archive/v{{ matrix_cactus_comments_client_version }}/cactus-client-v{{ matrix_cactus_comments_client_version }}.tar.gz" + dest: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz" + mode: '0644' + register: _download_client + until: _download_client is succeeded + retries: 5 + delay: 2 + check_mode: false + + - name: Unpack client + ansible.builtin.unarchive: + src: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz" + dest: "/tmp/" + remote_src: true + mode: 0600 + check_mode: false + + - name: Propagate client javascript file + ansible.builtin.copy: + src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/cactus.js" + remote_src: true + dest: "{{ matrix_cactus_comments_client_path }}/cactus.js" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Propagate client style file + ansible.builtin.copy: + src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/style.css" + remote_src: true + dest: "{{ matrix_cactus_comments_client_path }}/style.css" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- when: matrix_cactus_comments_client_local_dir | length > 0 + block: + - name: Propagate locally distributed client javascreipt + ansible.builtin.copy: + src: "{{ matrix_cactus_comments_client_local_dir }}/src/cactus.js" + dest: "{{ matrix_cactus_comments_client_path }}/cactus.js" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Propagate locally distributed client style.css + ansible.builtin.copy: + src: "{{ matrix_cactus_comments_client_local_dir }}/src/style.css" + dest: "{{ matrix_cactus_comments_client_path }}/style.css" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-cactus-comments.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-cactus-comments.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" + mode: 0644 + register: matrix_cactus_comments_systemd_service_result + +- name: Ensure systemd reloaded after matrix-cactus-comments.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_cactus_comments_systemd_service_result.changed | bool" + +- name: Ensure matrix-cactus-comments.service restarted, if necessary + ansible.builtin.service: + name: "matrix-cactus-comments.service" + state: restarted diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml new file mode 100644 index 00000000..bd46f252 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-cactus-comments service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" + register: matrix_cactus_comments_service_stat + +- name: Ensure cactus comments is stopped + ansible.builtin.service: + name: matrix-cactus-comments + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure matrix-cactus-comments.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" + state: absent + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure systemd reloaded after matrix-cactus-comments.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure Matrix cactus comments paths don't exist + ansible.builtin.file: + path: "{{ matrix_cactus_comments_base_path }}" + state: absent + +- name: Ensure cactus comments Docker image doesn't exist + community.docker.docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + state: absent diff --git a/roles/custom/matrix-cactus-comments/tasks/validate_config.yml b/roles/custom/matrix-cactus-comments/tasks/validate_config.yml new file mode 100644 index 00000000..094a203d --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_cactus_comments_as_token" + - "matrix_cactus_comments_hs_token" diff --git a/roles/custom/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 b/roles/custom/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 new file mode 100644 index 00000000..bfcb4bb3 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 @@ -0,0 +1,19 @@ +# A unique, user-defined ID of the application service which will never change. +id: "Cactus Comments" + +# Where the cactus-appservice is hosted: +url: "http://matrix-cactus-comments:{{ matrix_cactus_comments_container_port }}" + +# Unique tokens used to authenticate requests between our service and the +# homeserver (and the other way). Use the sha256 hashes of something random. +# CHANGE THESE VALUES. +as_token: {{ matrix_cactus_comments_as_token | to_json }} +hs_token: {{ matrix_cactus_comments_hs_token | to_json }} + +# The user id of the cactusbot which can be used to register and moderate sites +sender_localpart: "{{ matrix_cactus_comments_user_id }}" + +namespaces: + aliases: + - exclusive: true + regex: "#comments_.*" diff --git a/roles/custom/matrix-cactus-comments/templates/env.j2 b/roles/custom/matrix-cactus-comments/templates/env.j2 new file mode 100644 index 00000000..ab048961 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/templates/env.j2 @@ -0,0 +1,6 @@ +CACTUS_HS_TOKEN={{ matrix_cactus_comments_hs_token }} +CACTUS_AS_TOKEN={{ matrix_cactus_comments_as_token }} +CACTUS_HOMESERVER_URL={{ matrix_cactus_comments_homeserver_url }} +CACTUS_USER_ID=@{{ matrix_cactus_comments_user_id }}:{{ matrix_domain }} + +{{ matrix_cactus_comments_environment_variables_extension }} diff --git a/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 new file mode 100644 index 00000000..1ad84d5b --- /dev/null +++ b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Cactus Comments +{% for service in matrix_bot_cactus_comments_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_cactus_comments_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-cactus-comments \ + --log-driver=none \ + --cap-drop=ALL \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --env-file {{ matrix_cactus_comments_app_service_env_file }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_cactus_comments_tmp_directory_size_mb }}m \ + --network={{ matrix_docker_network }} \ + {{ matrix_cactus_comments_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-cactus-comments + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml similarity index 98% rename from roles/matrix-client-cinny/defaults/main.yml rename to roles/custom/matrix-client-cinny/defaults/main.yml index efd88010..de974eb1 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.4 +matrix_client_cinny_version: v2.2.2 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-cinny/tasks/init.yml b/roles/custom/matrix-client-cinny/tasks/init.yml similarity index 100% rename from roles/matrix-client-cinny/tasks/init.yml rename to roles/custom/matrix-client-cinny/tasks/init.yml diff --git a/roles/matrix-client-cinny/tasks/main.yml b/roles/custom/matrix-client-cinny/tasks/main.yml similarity index 100% rename from roles/matrix-client-cinny/tasks/main.yml rename to roles/custom/matrix-client-cinny/tasks/main.yml diff --git a/roles/matrix-client-cinny/tasks/self_check.yml b/roles/custom/matrix-client-cinny/tasks/self_check.yml similarity index 100% rename from roles/matrix-client-cinny/tasks/self_check.yml rename to roles/custom/matrix-client-cinny/tasks/self_check.yml diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/custom/matrix-client-cinny/tasks/setup_install.yml similarity index 91% rename from roles/matrix-client-cinny/tasks/setup_install.yml rename to roles/custom/matrix-client-cinny/tasks/setup_install.yml index 755b872f..09b117be 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_install.yml @@ -12,15 +12,15 @@ when: "item.when | bool" - name: Ensure Cinny Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_client_cinny_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Cinny repository is present on self-build @@ -54,7 +54,7 @@ when: "item.src is not none" - name: Ensure Cinny Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_client_cinny_docker_image }}" source: build force_source: "{{ matrix_client_cinny_git_pull_results.changed }}" @@ -67,7 +67,7 @@ - name: Ensure matrix-client-cinny.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-cinny.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-client-cinny.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" mode: 0644 register: matrix_client_cinny_systemd_service_result diff --git a/roles/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-client-cinny/tasks/setup_uninstall.yml rename to roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml index e6f71b0b..5b67e819 100644 --- a/roles/matrix-client-cinny/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-client-cinny.service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-client-cinny.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" register: matrix_client_cinny_service_stat - name: Ensure matrix-client-cinny is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-client-cinny.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-client-cinny.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" state: absent when: "matrix_client_cinny_service_stat.stat.exists | bool" @@ -30,6 +30,6 @@ state: absent - name: Ensure Cinny Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_client_cinny_docker_image }}" state: absent diff --git a/roles/matrix-client-cinny/tasks/validate_config.yml b/roles/custom/matrix-client-cinny/tasks/validate_config.yml similarity index 100% rename from roles/matrix-client-cinny/tasks/validate_config.yml rename to roles/custom/matrix-client-cinny/tasks/validate_config.yml diff --git a/roles/matrix-client-cinny/templates/config.json.j2 b/roles/custom/matrix-client-cinny/templates/config.json.j2 similarity index 100% rename from roles/matrix-client-cinny/templates/config.json.j2 rename to roles/custom/matrix-client-cinny/templates/config.json.j2 diff --git a/roles/matrix-client-cinny/templates/nginx.conf.j2 b/roles/custom/matrix-client-cinny/templates/nginx.conf.j2 similarity index 100% rename from roles/matrix-client-cinny/templates/nginx.conf.j2 rename to roles/custom/matrix-client-cinny/templates/nginx.conf.j2 diff --git a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 similarity index 55% rename from roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 rename to roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index 3f15ac19..b9a66c74 100644 --- a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-client-cinny \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ {% endfor %} {{ matrix_client_cinny_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-cinny diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml similarity index 99% rename from roles/matrix-client-element/defaults/main.yml rename to roles/custom/matrix-client-element/defaults/main.yml index 119f31a2..a1543b5b 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.0 +matrix_client_element_version: v1.11.14 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/tasks/init.yml b/roles/custom/matrix-client-element/tasks/init.yml similarity index 100% rename from roles/matrix-client-element/tasks/init.yml rename to roles/custom/matrix-client-element/tasks/init.yml diff --git a/roles/matrix-client-element/tasks/main.yml b/roles/custom/matrix-client-element/tasks/main.yml similarity index 100% rename from roles/matrix-client-element/tasks/main.yml rename to roles/custom/matrix-client-element/tasks/main.yml diff --git a/roles/matrix-client-element/tasks/migrate_riot_web.yml b/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml similarity index 88% rename from roles/matrix-client-element/tasks/migrate_riot_web.yml rename to roles/custom/matrix-client-element/tasks/migrate_riot_web.yml index 23011e93..bb62b7ce 100644 --- a/roles/matrix-client-element/tasks/migrate_riot_web.yml +++ b/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-riot-web.service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-riot-web.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-riot-web.service" register: matrix_client_riot_web_service_stat when: "matrix_client_element_enabled | bool" @@ -17,7 +17,7 @@ - name: Ensure matrix-riot-web.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-riot-web.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-riot-web.service" state: absent when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists" diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/custom/matrix-client-element/tasks/prepare_themes.yml similarity index 95% rename from roles/matrix-client-element/tasks/prepare_themes.yml rename to roles/custom/matrix-client-element/tasks/prepare_themes.yml index 8185122c..3f5c9783 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/custom/matrix-client-element/tasks/prepare_themes.yml @@ -4,7 +4,11 @@ # Tasks related to setting up Element themes # -- block: +- when: matrix_client_element_themes_enabled | bool + run_once: true + delegate_to: 127.0.0.1 + become: false + block: - name: Ensure Element themes repository is pulled ansible.builtin.git: repo: "{{ matrix_client_element_themes_repository_url }}" @@ -29,12 +33,6 @@ matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming with_items: "{{ matrix_client_element_theme_file_contents.results }}" - run_once: true - delegate_to: 127.0.0.1 - become: false - when: matrix_client_element_themes_enabled | bool - - # # Tasks related to getting rid of Element themes (if it was previously enabled) # diff --git a/roles/matrix-client-element/tasks/self_check.yml b/roles/custom/matrix-client-element/tasks/self_check.yml similarity index 100% rename from roles/matrix-client-element/tasks/self_check.yml rename to roles/custom/matrix-client-element/tasks/self_check.yml diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml similarity index 93% rename from roles/matrix-client-element/tasks/setup_install.yml rename to roles/custom/matrix-client-element/tasks/setup_install.yml index 5fa34fa6..0edb0b50 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/custom/matrix-client-element/tasks/setup_install.yml @@ -13,15 +13,15 @@ when: "item.when | bool" - name: Ensure Element Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_client_element_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" when: "not matrix_client_element_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Element repository is present on self-build @@ -45,12 +45,12 @@ line: '\1splitChunks: { maxSize: 100000,' backrefs: true owner: root - ansible.builtin.group: root + group: root mode: '0644' when: "matrix_client_element_container_image_self_build | bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled | bool" - name: Ensure Element Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_client_element_docker_image }}" source: build force_source: "{{ matrix_client_element_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -93,7 +93,7 @@ - name: Ensure matrix-client-element.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-client-element.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" mode: 0644 register: matrix_client_element_systemd_service_result diff --git a/roles/matrix-client-element/tasks/setup_uninstall.yml b/roles/custom/matrix-client-element/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-client-element/tasks/setup_uninstall.yml rename to roles/custom/matrix-client-element/tasks/setup_uninstall.yml index b3cdd05e..3a1de409 100644 --- a/roles/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-element/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-client-element.service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-client-element.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" register: matrix_client_element_service_stat - name: Ensure matrix-client-element is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-client-element.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-client-element.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" state: absent when: "matrix_client_element_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Element Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_client_element_docker_image }}" state: absent diff --git a/roles/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml similarity index 100% rename from roles/matrix-client-element/tasks/validate_config.yml rename to roles/custom/matrix-client-element/tasks/validate_config.yml diff --git a/roles/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 similarity index 100% rename from roles/matrix-client-element/templates/config.json.j2 rename to roles/custom/matrix-client-element/templates/config.json.j2 diff --git a/roles/matrix-client-element/templates/nginx.conf.j2 b/roles/custom/matrix-client-element/templates/nginx.conf.j2 similarity index 100% rename from roles/matrix-client-element/templates/nginx.conf.j2 rename to roles/custom/matrix-client-element/templates/nginx.conf.j2 diff --git a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 similarity index 63% rename from roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 rename to roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index 8d3dec57..52f3249a 100644 --- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-client-element \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element {% endfor %} {{ matrix_client_element_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-element diff --git a/roles/matrix-client-element/templates/welcome.html.j2 b/roles/custom/matrix-client-element/templates/welcome.html.j2 similarity index 100% rename from roles/matrix-client-element/templates/welcome.html.j2 rename to roles/custom/matrix-client-element/templates/welcome.html.j2 diff --git a/roles/matrix-client-element/vars/main.yml b/roles/custom/matrix-client-element/vars/main.yml similarity index 100% rename from roles/matrix-client-element/vars/main.yml rename to roles/custom/matrix-client-element/vars/main.yml diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml similarity index 91% rename from roles/matrix-client-hydrogen/defaults/main.yml rename to roles/custom/matrix-client-hydrogen/defaults/main.yml index 1baccdd3..80bdb021 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.33 +matrix_client_hydrogen_version: v0.3.4 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" @@ -31,7 +31,13 @@ matrix_client_hydrogen_systemd_required_services_list: ['docker.service'] matrix_client_hydrogen_self_check_validate_certificates: true # config.json +matrix_client_hydrogen_push: + appId: io.element.hydrogen.web + gatewayUrl: https://matrix.org + applicationServerKey: "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" matrix_client_hydrogen_default_hs_url: "" +matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" # noqa var-naming + # Default Hydrogen configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/custom/matrix-client-hydrogen/tasks/init.yml similarity index 100% rename from roles/matrix-client-hydrogen/tasks/init.yml rename to roles/custom/matrix-client-hydrogen/tasks/init.yml diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/custom/matrix-client-hydrogen/tasks/main.yml similarity index 100% rename from roles/matrix-client-hydrogen/tasks/main.yml rename to roles/custom/matrix-client-hydrogen/tasks/main.yml diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/custom/matrix-client-hydrogen/tasks/self_check.yml similarity index 100% rename from roles/matrix-client-hydrogen/tasks/self_check.yml rename to roles/custom/matrix-client-hydrogen/tasks/self_check.yml diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml similarity index 92% rename from roles/matrix-client-hydrogen/tasks/setup_install.yml rename to roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 4cd445d0..6905081a 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -13,15 +13,15 @@ when: "item.when | bool" - name: Ensure Hydrogen Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Hydrogen repository is present on self-build @@ -58,7 +58,7 @@ # This step MUST come after the steps to install the configuration files because the config files # are currently only read at build time, not at run time like most other components in the playbook - name: Ensure Hydrogen Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" source: build force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" @@ -71,7 +71,7 @@ - name: Ensure matrix-client-hydrogen.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" mode: 0644 register: matrix_client_hydrogen_systemd_service_result diff --git a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-client-hydrogen/tasks/setup_uninstall.yml rename to roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml index d543cbb3..090ce567 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-client-hydrogen.service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" register: matrix_client_hydrogen_service_stat - name: Ensure matrix-client-hydrogen is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-client-hydrogen.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" state: absent when: "matrix_client_hydrogen_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Hydrogen Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" state: absent diff --git a/roles/matrix-client-hydrogen/tasks/validate_config.yml b/roles/custom/matrix-client-hydrogen/tasks/validate_config.yml similarity index 100% rename from roles/matrix-client-hydrogen/tasks/validate_config.yml rename to roles/custom/matrix-client-hydrogen/tasks/validate_config.yml diff --git a/roles/custom/matrix-client-hydrogen/templates/config.json.j2 b/roles/custom/matrix-client-hydrogen/templates/config.json.j2 new file mode 100644 index 00000000..161ee47b --- /dev/null +++ b/roles/custom/matrix-client-hydrogen/templates/config.json.j2 @@ -0,0 +1,12 @@ +{ + "push": {{ matrix_client_hydrogen_push | to_json }}, + "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }}, + "bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }}, + "themeManifests": [ + "assets/theme-Element.json" + ], + "defaultTheme": { + "light": "element-light", + "dark": "element-dark" + } +} diff --git a/roles/matrix-client-hydrogen/templates/nginx.conf.j2 b/roles/custom/matrix-client-hydrogen/templates/nginx.conf.j2 similarity index 100% rename from roles/matrix-client-hydrogen/templates/nginx.conf.j2 rename to roles/custom/matrix-client-hydrogen/templates/nginx.conf.j2 diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 similarity index 53% rename from roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 rename to roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index 0196d35b..92bfadcb 100644 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydrogen \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-client-hydrogen \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydroge {% endfor %} {{ matrix_client_hydrogen_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-hydrogen diff --git a/roles/matrix-common-after/defaults/main.yml b/roles/custom/matrix-common-after/defaults/main.yml similarity index 100% rename from roles/matrix-common-after/defaults/main.yml rename to roles/custom/matrix-common-after/defaults/main.yml diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/custom/matrix-common-after/tasks/main.yml similarity index 76% rename from roles/matrix-common-after/tasks/main.yml rename to roles/custom/matrix-common-after/tasks/main.yml index 1b360698..2cffecb1 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/custom/matrix-common-after/tasks/main.yml @@ -10,10 +10,6 @@ tags: - stop -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml" - tags: - - always - - ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune diff --git a/roles/matrix-common-after/tasks/run_docker_prune.yml b/roles/custom/matrix-common-after/tasks/run_docker_prune.yml similarity index 68% rename from roles/matrix-common-after/tasks/run_docker_prune.yml rename to roles/custom/matrix-common-after/tasks/run_docker_prune.yml index 02dfadc5..58f0e793 100644 --- a/roles/matrix-common-after/tasks/run_docker_prune.yml +++ b/roles/custom/matrix-common-after/tasks/run_docker_prune.yml @@ -2,6 +2,6 @@ - name: Run Docker System Prune ansible.builtin.command: - cmd: "{{ matrix_host_command_docker }} system prune -a -f" + cmd: "{{ devture_systemd_docker_base_host_command_docker }} system prune -a -f" register: matrix_common_after_docker_prune_result changed_when: matrix_common_after_docker_prune_result.rc == 0 diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/custom/matrix-common-after/tasks/start.yml similarity index 91% rename from roles/matrix-common-after/tasks/start.yml rename to roles/custom/matrix-common-after/tasks/start.yml index 890eabfa..a781dab7 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/custom/matrix-common-after/tasks/start.yml @@ -34,7 +34,8 @@ delegate_to: 127.0.0.1 become: false -- block: +- when: "ansible_distribution != 'Archlinux'" + block: - name: Populate service facts ansible.builtin.service_facts: @@ -46,13 +47,13 @@ Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. - See `roles/matrix-common-after/defaults/main.yml` for more details about that. + See `roles/custom/matrix-common-after/defaults/main.yml` for more details about that. with_items: "{{ matrix_systemd_services_list }}" when: - - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" - when: " ansible_distribution != 'Archlinux'" + - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')" -- block: +- when: "ansible_distribution == 'Archlinux'" + block: # Currently there is a bug in ansible that renders is incompatible with systemd. # service_facts is not collecting the data successfully. # Therefore iterating here manually @@ -70,4 +71,3 @@ Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. with_items: "{{ systemdstatus.results }}" when: "item.status['ActiveState'] != 'active'" - when: "ansible_distribution == 'Archlinux'" diff --git a/roles/matrix-common-after/tasks/stop.yml b/roles/custom/matrix-common-after/tasks/stop.yml similarity index 100% rename from roles/matrix-common-after/tasks/stop.yml rename to roles/custom/matrix-common-after/tasks/stop.yml diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml new file mode 100644 index 00000000..366321b9 --- /dev/null +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -0,0 +1,56 @@ +--- +# Conduit is a simple, fast and reliable chat server powered by Matrix +# See: https://conduit.rs + +matrix_conduit_enabled: true + +matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}" +matrix_conduit_docker_image_name_prefix: "docker.io/" +matrix_conduit_docker_image_tag: "v0.4.0" +matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" + +matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit" +matrix_conduit_config_path: "{{ matrix_conduit_base_path }}/config" +matrix_conduit_data_path: "{{ matrix_conduit_base_path }}/data" + +matrix_conduit_port_number: 6167 + +matrix_conduit_tmp_directory_size_mb: 500 + +# List of systemd services that matrix-conduit.service depends on +matrix_conduit_systemd_required_services_list: ["docker.service"] + +# List of systemd services that matrix-conduit.service wants +matrix_conduit_systemd_wanted_services_list: [] + +# Extra arguments for the Docker container +matrix_conduit_container_extra_arguments: [] + +# Specifies which template files to use when configuring Conduit. +# If you'd like to have your own different configuration, feel free to copy and paste +# the original files into your inventory (e.g. in `inventory/host_vars//`) +# and then change the specific host's `vars.yaml` file like this: +# matrix_conduit_template_conduit_config: "{{ playbook_dir }}/inventory/host_vars//conduit.yaml.j2" +matrix_conduit_template_conduit_config: "{{ role_path }}/templates/conduit/conduit.toml.j2" + +# Max size for uploads, in bytes +matrix_conduit_max_request_size: 20_000_000 + +# Maximum number of open files for Conduit's embedded RocksDB database +# See https://github.com/facebook/rocksdb/wiki/RocksDB-Tuning-Guide#tuning-other-options +# By default, Conduit uses a relatively low value of 20. +matrix_conduit_rocksdb_max_open_files: 64 + +# Enables registration. If set to false, no users can register on this server. +matrix_conduit_allow_registration: false + +matrix_conduit_allow_federation: true + +# Enable the display name lightning bolt on registration. +matrix_conduit_enable_lightning_bolt: true + +matrix_conduit_trusted_servers: + - "matrix.org" + +# How many requests Conduit sends to other servers at the same time +matrix_conduit_max_concurrent_requests: 100 diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup.yml b/roles/custom/matrix-conduit/tasks/conduit/setup.yml new file mode 100644 index 00000000..425d0f7e --- /dev/null +++ b/roles/custom/matrix-conduit/tasks/conduit/setup.yml @@ -0,0 +1,7 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup_install.yml" + when: "matrix_conduit_enabled | bool" + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup_uninstall.yml" + when: "not matrix_conduit_enabled | bool" diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup_install.yml b/roles/custom/matrix-conduit/tasks/conduit/setup_install.yml new file mode 100644 index 00000000..ebc5447b --- /dev/null +++ b/roles/custom/matrix-conduit/tasks/conduit/setup_install.yml @@ -0,0 +1,47 @@ +--- +- name: Ensure Conduit Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_conduit_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_conduit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduit_docker_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure Conduit config path exists + ansible.builtin.file: + path: "{{ matrix_conduit_config_path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure Conduit data path exists + ansible.builtin.file: + path: "{{ matrix_conduit_data_path }}" + state: directory + mode: 0770 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure Conduit configuration installed + ansible.builtin.template: + src: "{{ role_path }}/templates/conduit/conduit.toml.j2" + dest: "{{ matrix_conduit_config_path }}/conduit.toml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-conduit.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/conduit/systemd/matrix-conduit.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" + mode: 0644 + register: matrix_conduit_systemd_service_result + +- name: Ensure systemd reloaded after matrix-conduit.service installation + ansible.builtin.systemd: + daemon_reload: true + when: "matrix_conduit_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml b/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml new file mode 100644 index 00000000..efe7d40a --- /dev/null +++ b/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml @@ -0,0 +1,30 @@ +--- + +- name: Check existence of matrix-conduit service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" + register: matrix_conduit_service_stat + +- name: Ensure matrix-conduit is stopped + ansible.builtin.systemd: + name: matrix-conduit + state: stopped + daemon_reload: true + register: stopping_result + when: "matrix_conduit_service_stat.stat.exists" + +- name: Ensure matrix-conduit.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" + state: absent + when: "matrix_conduit_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-conduit.service removal + ansible.builtin.systemd: + daemon_reload: true + when: "matrix_conduit_service_stat.stat.exists" + +- name: Ensure Conduit Docker image doesn't exist + community.docker.docker_image: + name: "{{ matrix_conduit_docker_image }}" + state: absent diff --git a/roles/custom/matrix-conduit/tasks/init.yml b/roles/custom/matrix-conduit/tasks/init.yml new file mode 100644 index 00000000..5f464e40 --- /dev/null +++ b/roles/custom/matrix-conduit/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-conduit.service'] }}" + when: matrix_conduit_enabled | bool diff --git a/roles/custom/matrix-conduit/tasks/main.yml b/roles/custom/matrix-conduit/tasks/main.yml new file mode 100644 index 00000000..623d0458 --- /dev/null +++ b/roles/custom/matrix-conduit/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup.yml" + when: run_setup | bool + tags: + - setup-all + - setup-conduit + +- name: Mark matrix-conduit role as executed + ansible.builtin.set_fact: + matrix_conduit_role_executed: true + tags: + - always diff --git a/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2 b/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2 new file mode 100644 index 00000000..15691440 --- /dev/null +++ b/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2 @@ -0,0 +1,55 @@ +# ============================================================================= +# This is the official example config for Conduit. +# If you use it for your server, you will need to adjust it to your own needs. +# At the very least, change the server_name field! +# ============================================================================= + + +[global] +# The server_name is the pretty name of this server. It is used as a suffix for user +# and room ids. Examples: matrix.org, conduit.rs + +# The Conduit server needs all /_matrix/ requests to be reachable at +# https://your.server.name/ on port 443 (client-server) and 8448 (federation). + +# If that's not possible for you, you can create /.well-known files to redirect +# requests. See +# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client +# and +# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server +# for more information + +server_name = "{{ matrix_domain }}" + +# This is the only directory where Conduit will save its data +database_path = "/var/lib/matrix-conduit/" +database_backend = "rocksdb" + +# The port Conduit will be running on. You need to set up a reverse proxy in +# your web server (e.g. apache or nginx), so all requests to /_matrix on port +# 443 and 8448 will be forwarded to the Conduit instance running on this port +# Docker users: Don't change this, you'll need to map an external port to this. +port = {{ matrix_conduit_port_number }} + +# Max size for uploads +max_request_size = {{ matrix_conduit_max_request_size }} + +# Max number of open files for the RocksDB database +rocksdb_max_open_files = {{ matrix_conduit_rocksdb_max_open_files }} + +# Enables registration. If set to false, no users can register on this server. +allow_registration = {{ matrix_conduit_allow_registration | to_json }} + +allow_federation = {{ matrix_conduit_allow_federation | to_json }} + +# Enable the display name lightning bolt on registration. +enable_lightning_bolt = {{ matrix_conduit_enable_lightning_bolt | to_json }} + +trusted_servers = {{ matrix_conduit_trusted_servers | to_json }} + +max_concurrent_requests = {{ matrix_conduit_max_concurrent_requests }} + +log = "info,state_res=warn,rocket=off,_=off,sled=off" + +address = "0.0.0.0" + diff --git a/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 b/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 new file mode 100644 index 00000000..cdaead01 --- /dev/null +++ b/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 @@ -0,0 +1,38 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Conduit Matrix homeserver +{% for service in matrix_conduit_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-conduit \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_conduit_tmp_directory_size_mb }}m \ + --network={{ matrix_docker_network }} \ + --env CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml \ + --mount type=bind,src={{ matrix_conduit_data_path }},dst=/var/lib/matrix-conduit \ + --mount type=bind,src={{ matrix_conduit_config_path }},dst=/etc/matrix-conduit,ro \ + {% for arg in matrix_conduit_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_conduit_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-conduit /bin/sh -c 'kill -HUP 1' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-conduit + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-conduit/vars/main.yml b/roles/custom/matrix-conduit/vars/main.yml new file mode 100644 index 00000000..f6cc471b --- /dev/null +++ b/roles/custom/matrix-conduit/vars/main.yml @@ -0,0 +1,6 @@ +--- +matrix_conduit_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" +matrix_conduit_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" + +# Tells whether this role had executed or not. Toggled to `true` during runtime. +matrix_conduit_role_executed: false diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml similarity index 99% rename from roles/matrix-corporal/defaults/main.yml rename to roles/custom/matrix-corporal/defaults/main.yml index bb1b8fa1..8c391dfb 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/custom/matrix-corporal/defaults/main.yml @@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.3.0 +matrix_corporal_version: 2.4.0 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/custom/matrix-corporal/tasks/init.yml similarity index 84% rename from roles/matrix-corporal/tasks/init.yml rename to roles/custom/matrix-corporal/tasks/init.yml index c6686a37..dffdbe90 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/custom/matrix-corporal/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Matrix Corporal image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build and matrix_corporal_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/custom/matrix-corporal/tasks/main.yml similarity index 100% rename from roles/matrix-corporal/tasks/main.yml rename to roles/custom/matrix-corporal/tasks/main.yml diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/custom/matrix-corporal/tasks/self_check_corporal.yml similarity index 100% rename from roles/matrix-corporal/tasks/self_check_corporal.yml rename to roles/custom/matrix-corporal/tasks/self_check_corporal.yml diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/custom/matrix-corporal/tasks/setup_corporal.yml similarity index 88% rename from roles/matrix-corporal/tasks/setup_corporal.yml rename to roles/custom/matrix-corporal/tasks/setup_corporal.yml index 583c27eb..3f6ac86c 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/custom/matrix-corporal/tasks/setup_corporal.yml @@ -29,7 +29,7 @@ when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool" - name: Ensure Matrix Corporal Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_corporal_docker_image }}" source: build force_source: "{{ matrix_corporal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -41,15 +41,15 @@ when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool" - name: Ensure Matrix Corporal Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_corporal_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" when: "matrix_corporal_enabled | bool and not matrix_corporal_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Matrix Corporal config installed @@ -64,7 +64,7 @@ - name: Ensure matrix-corporal.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-corporal.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" mode: 0644 register: matrix_corporal_systemd_service_result when: matrix_corporal_enabled | bool @@ -81,7 +81,7 @@ - name: Check existence of matrix-corporal service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-corporal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" register: matrix_corporal_service_stat when: "not matrix_corporal_enabled | bool" @@ -96,7 +96,7 @@ - name: Ensure matrix-corporal.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-corporal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" state: absent when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists" @@ -110,12 +110,12 @@ path: "{{ item }}" state: absent with_items: - - "{{ matrix_systemd_path }}/matrix-corporal.service" + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" - "{{ matrix_corporal_config_dir_path }}/config.json" when: "not matrix_corporal_enabled | bool" - name: Ensure Matrix Corporal Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_corporal_docker_image }}" state: absent when: "not matrix_corporal_enabled | bool" diff --git a/roles/matrix-corporal/tasks/validate_config.yml b/roles/custom/matrix-corporal/tasks/validate_config.yml similarity index 100% rename from roles/matrix-corporal/tasks/validate_config.yml rename to roles/custom/matrix-corporal/tasks/validate_config.yml diff --git a/roles/matrix-corporal/templates/config.json.j2 b/roles/custom/matrix-corporal/templates/config.json.j2 similarity index 100% rename from roles/matrix-corporal/templates/config.json.j2 rename to roles/custom/matrix-corporal/templates/config.json.j2 diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 similarity index 60% rename from roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 rename to roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index d5661b5a..b5ad685a 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-corporal 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-corporal \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-corporal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml similarity index 99% rename from roles/matrix-coturn/defaults/main.yml rename to roles/custom/matrix-coturn/defaults/main.yml index 0b48616b..b2aff984 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r12 +matrix_coturn_version: 4.6.0-r0 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/custom/matrix-coturn/tasks/init.yml similarity index 88% rename from roles/matrix-coturn/tasks/init.yml rename to roles/custom/matrix-coturn/tasks/init.yml index 60a77264..315dfb65 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/custom/matrix-coturn/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the coturn image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build and matrix_coturn_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-coturn/tasks/main.yml b/roles/custom/matrix-coturn/tasks/main.yml similarity index 100% rename from roles/matrix-coturn/tasks/main.yml rename to roles/custom/matrix-coturn/tasks/main.yml diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml similarity index 90% rename from roles/matrix-coturn/tasks/setup_install.yml rename to roles/custom/matrix-coturn/tasks/setup_install.yml index 2a1af731..31b5446c 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -18,18 +18,19 @@ when: "item.when | bool" - name: Ensure Coturn image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_coturn_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}" when: "not matrix_coturn_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- block: +- when: "matrix_coturn_container_image_self_build | bool" + block: - name: Ensure Coturn repository is present on self-build ansible.builtin.git: repo: "{{ matrix_coturn_container_image_self_build_repo }}" @@ -41,7 +42,7 @@ register: matrix_coturn_git_pull_results - name: Ensure Coturn Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_coturn_docker_image }}" source: build force_source: "{{ matrix_coturn_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -50,7 +51,6 @@ dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_coturn_docker_src_files_path }}" pull: true - when: "matrix_coturn_container_image_self_build | bool" - name: Ensure Coturn configuration path exists ansible.builtin.file: @@ -69,14 +69,14 @@ group: "{{ matrix_user_groupname }}" - name: Ensure Coturn network is created in Docker - docker_network: + community.docker.docker_network: name: "{{ matrix_coturn_docker_network }}" driver: bridge - name: Ensure matrix-coturn.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-coturn.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-coturn.service" mode: 0644 register: matrix_coturn_systemd_service_change_results @@ -86,7 +86,7 @@ - name: Ensure reloading systemd units installed, if necessary ansible.builtin.template: src: "{{ role_path }}/templates/systemd/{{ item }}.j2" - dest: "{{ matrix_systemd_path }}/{{ item }}" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" mode: 0644 register: "matrix_coturn_systemd_service_change_results" when: "matrix_coturn_tls_enabled | bool" diff --git a/roles/matrix-coturn/tasks/setup_uninstall.yml b/roles/custom/matrix-coturn/tasks/setup_uninstall.yml similarity index 89% rename from roles/matrix-coturn/tasks/setup_uninstall.yml rename to roles/custom/matrix-coturn/tasks/setup_uninstall.yml index 5dd2788e..bf71b90a 100644 --- a/roles/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-coturn/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-coturn service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-coturn.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-coturn.service" register: matrix_coturn_service_stat when: "not matrix_coturn_enabled | bool" @@ -25,7 +25,7 @@ - name: Ensure systemd units don't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/{{ item }}" + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" state: absent register: matrix_coturn_systemd_unit_uninstallation_result with_items: diff --git a/roles/matrix-coturn/tasks/validate_config.yml b/roles/custom/matrix-coturn/tasks/validate_config.yml similarity index 100% rename from roles/matrix-coturn/tasks/validate_config.yml rename to roles/custom/matrix-coturn/tasks/validate_config.yml diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 similarity index 52% rename from roles/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 rename to roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 index e006e5a0..7d12f6ec 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 +++ b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 @@ -3,4 +3,4 @@ Description=Reloads matrix-coturn so that new SSL certificates can kick in [Service] Type=oneshot -ExecStart={{ matrix_host_command_systemctl }} reload matrix-coturn.service +ExecStart={{ devture_systemd_docker_base_host_command_systemctl }} reload matrix-coturn.service diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 similarity index 100% rename from roles/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 rename to roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 similarity index 68% rename from roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 rename to roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 54bd015e..3a0782bf 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-coturn 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-coturn \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -43,12 +43,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-coturn 2>/dev/null || true' # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 -ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1 +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-coturn kill -USR2 1 Restart=always RestartSec=30 diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 similarity index 100% rename from roles/matrix-coturn/templates/turnserver.conf.j2 rename to roles/custom/matrix-coturn/templates/turnserver.conf.j2 diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml similarity index 82% rename from roles/matrix-dendrite/defaults/main.yml rename to roles/custom/matrix-dendrite/defaults/main.yml index dd6d351e..b9dddfe9 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.8.1" +matrix_dendrite_docker_image_tag: "v0.10.7" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" @@ -43,8 +43,19 @@ matrix_dendrite_container_http_host_bind_address: "" matrix_dendrite_container_https_host_bind_address: "" # A list of extra arguments to pass to the container (`docker run` command) +# Also see `matrix_dendrite_container_arguments` matrix_dendrite_container_extra_arguments: [] +# matrix_dendrite_container_runtime_injected_arguments is a list of extra arguments to pass to the container. +# This list is built during runtime. You're not meant to override this variable. +# If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`. +matrix_dendrite_container_runtime_injected_arguments: [] + +# matrix_dendrite_container_arguments holds the final list of extra arguments to pass to the container. +# You're not meant to override this variable. +# If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`. +matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_arguments + matrix_dendrite_container_runtime_injected_arguments }}" + # A list of extra arguments to pass to the container process (`dendrite-monolith` command) # Example: # matrix_dendrite_process_extra_arguments: @@ -79,16 +90,17 @@ matrix_dendrite_tmp_directory_size_mb: 500 # Rate limits matrix_dendrite_rate_limiting_enabled: true -matrix_dendrite_rate_limiting_threshold: 5 +matrix_dendrite_rate_limiting_threshold: 20 matrix_dendrite_rate_limiting_cooloff_ms: 500 # Controls whether people with access to the homeserver can register by themselves. -matrix_dendrite_registration_disabled: false +matrix_dendrite_registration_disabled: true # reCAPTCHA API for validating registration attempts matrix_dendrite_enable_registration_captcha: false matrix_dendrite_recaptcha_public_key: "" matrix_dendrite_recaptcha_private_key: "" +matrix_dendrite_recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Dendrite extensions that have been enabled. @@ -103,8 +115,19 @@ matrix_dendrite_container_additional_volumes: [] # A list of appservice config files (in-container filesystem paths). # This list gets populated dynamically based on Dendrite extensions that have been enabled. # You may wish to use this together with `matrix_dendrite_container_additional_volumes` or `matrix_dendrite_container_extra_arguments`. +# Also see `matrix_dendrite_app_service_config_files_final` matrix_dendrite_app_service_config_files: [] +# matrix_dendrite_app_service_runtime_injected_config_files is a list of appservice config files. +# This list is built during runtime. You're not meant to override this variable. +# If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`. +matrix_dendrite_app_service_runtime_injected_config_files: [] + +# matrix_dendrite_app_service_config_files_final holds the final list of config files to pass to the container. +# You're not meant to override this variable. +# If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`. +matrix_dendrite_app_service_config_files_final: "{{ matrix_dendrite_app_service_config_files + matrix_dendrite_app_service_runtime_injected_config_files }}" + # Enable exposure of metrics matrix_dendrite_metrics_enabled: false matrix_dendrite_metrics_username: "metrics" @@ -115,7 +138,6 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}: matrix_dendrite_database_hostname: "matrix-postgres" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" -matrix_dendrite_appservice_database: "dendrite_appservice" matrix_dendrite_federationapi_database: "dendrite_federationapi" matrix_dendrite_keyserver_database: "dendrite_keyserver" matrix_dendrite_mediaapi_database: "dendrite_mediaapi" diff --git a/roles/matrix-dendrite/tasks/dendrite/setup.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup.yml similarity index 100% rename from roles/matrix-dendrite/tasks/dendrite/setup.yml rename to roles/custom/matrix-dendrite/tasks/dendrite/setup.yml diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml similarity index 93% rename from roles/matrix-dendrite/tasks/dendrite/setup_install.yml rename to roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml index 3052e101..aec7f77b 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -18,14 +18,14 @@ when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists" - name: Ensure Dendrite Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_dendrite_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Check if a Dendrite signing key exists @@ -65,7 +65,7 @@ - name: Ensure matrix-dendrite.service installed ansible.builtin.template: src: "{{ role_path }}/templates/dendrite/systemd/matrix-dendrite.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-dendrite.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" mode: 0644 register: matrix_dendrite_systemd_service_result diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml similarity index 79% rename from roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml rename to roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml index b6d8cfac..ce3e3476 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml +++ b/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-dendrite service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-dendrite.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" register: matrix_dendrite_service_stat - name: Ensure matrix-dendrite is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-dendrite.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-dendrite.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" state: absent when: "matrix_dendrite_service_stat.stat.exists" @@ -25,6 +25,6 @@ when: "matrix_dendrite_service_stat.stat.exists" - name: Ensure Dendrite Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_dendrite_docker_image }}" state: absent diff --git a/roles/matrix-dendrite/tasks/init.yml b/roles/custom/matrix-dendrite/tasks/init.yml similarity index 100% rename from roles/matrix-dendrite/tasks/init.yml rename to roles/custom/matrix-dendrite/tasks/init.yml diff --git a/roles/matrix-dendrite/tasks/main.yml b/roles/custom/matrix-dendrite/tasks/main.yml similarity index 100% rename from roles/matrix-dendrite/tasks/main.yml rename to roles/custom/matrix-dendrite/tasks/main.yml diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/custom/matrix-dendrite/tasks/register_user.yml similarity index 76% rename from roles/matrix-dendrite/tasks/register_user.yml rename to roles/custom/matrix-dendrite/tasks/register_user.yml index e1b97482..d37e633b 100644 --- a/roles/matrix-dendrite/tasks/register_user.yml +++ b/roles/custom/matrix-dendrite/tasks/register_user.yml @@ -9,6 +9,11 @@ msg: "The `password` variable needs to be provided to this playbook, via --extra-vars" when: "password is not defined or password == ''" +- name: Fail if playbook called incorrectly + ansible.builtin.fail: + msg: "The `admin` variable needs to be provided to this playbook, via --extra-vars" + when: "admin is not defined or admin not in ['yes', 'no']" + - name: Ensure matrix-dendrite is started ansible.builtin.service: name: matrix-dendrite @@ -23,6 +28,6 @@ - name: Register user ansible.builtin.command: - cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username | quote }} {{ password | quote }}" + cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}" register: matrix_dendrite_register_user_result changed_when: matrix_dendrite_register_user_result.rc == 0 diff --git a/roles/matrix-dendrite/tasks/self_check_client_api.yml b/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml similarity index 100% rename from roles/matrix-dendrite/tasks/self_check_client_api.yml rename to roles/custom/matrix-dendrite/tasks/self_check_client_api.yml diff --git a/roles/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml similarity index 100% rename from roles/matrix-dendrite/tasks/self_check_federation_api.yml rename to roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/custom/matrix-dendrite/tasks/setup_dendrite.yml similarity index 100% rename from roles/matrix-dendrite/tasks/setup_dendrite.yml rename to roles/custom/matrix-dendrite/tasks/setup_dendrite.yml diff --git a/roles/matrix-dendrite/tasks/validate_config.yml b/roles/custom/matrix-dendrite/tasks/validate_config.yml similarity index 100% rename from roles/matrix-dendrite/tasks/validate_config.yml rename to roles/custom/matrix-dendrite/tasks/validate_config.yml diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 similarity index 88% rename from roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 rename to roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 29f5c55f..86a12d7c 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -58,6 +58,10 @@ global: # e.g. localhost:443 well_known_server_name: "" + # The server name to delegate client-server communications to, with optional port + # e.g. localhost:443 + well_known_client_name: "" + # Lists of domains that the server will trust as identity servers to verify third # party identifiers such as phone numbers and email addresses. trusted_third_party_id_servers: {{ matrix_dendrite_trusted_id_servers|to_json }} @@ -73,6 +77,25 @@ global: # Whether outbound presence events are allowed, e.g. sending presence events to other servers enable_outbound: false + # Configuration for in-memory caches. Caches can often improve performance by + # keeping frequently accessed items (like events, identifiers etc.) in memory + # rather than having to read them from the database. + cache: + # The estimated maximum size for the global cache in bytes, or in terabytes, + # gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or + # 'kb' suffix is specified. Note that this is not a hard limit, nor is it a + # memory limit for the entire process. A cache that is too small may ultimately + # provide little or no benefit. + max_size_estimated: 1gb + + # The maximum amount of time that a cache entry can live for in memory before + # it will be evicted and/or refreshed from the database. Lower values result in + # easier admission of new cache entries but may also increase database load in + # comparison to higher values, so adjust conservatively. Higher values may make + # it harder for new items to make it into the cache, e.g. if new rooms suddenly + # become popular. + max_age: 1h + # Server notices allows server admins to send messages to all users. server_notices: enabled: false @@ -133,11 +156,6 @@ app_service_api: internal_api: listen: http://0.0.0.0:7777 connect: http://appservice_api:7777 - database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_appservice_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 # Disable the validation of TLS certificates of appservices. This is # not recommended in production since it may allow appservice traffic @@ -145,7 +163,7 @@ app_service_api: disable_tls_validation: {{ matrix_dendrite_disable_tls_validation|to_json }} # Appservice configuration files to load into this homeserver. - config_files: {{ matrix_dendrite_app_service_config_files|to_json }} + config_files: {{ matrix_dendrite_app_service_config_files_final|to_json }} # Configuration for the Client API. client_api: @@ -174,7 +192,7 @@ client_api: recaptcha_public_key: {{ matrix_dendrite_recaptcha_public_key|to_json }} recaptcha_private_key: {{ matrix_dendrite_recaptcha_private_key|to_json }} recaptcha_bypass_secret: "" - recaptcha_siteverify_api: "" + recaptcha_siteverify_api: {{ matrix_dendrite_recaptcha_siteverify_api|to_json }} # TURN server information that this homeserver should send to clients. turn: @@ -191,6 +209,8 @@ client_api: enabled: {{ matrix_dendrite_rate_limiting_enabled|to_json }} threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }} cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }} + exempt_user_ids: + # - "@user:domain.com" # Configuration for the Federation API. federation_api: @@ -329,6 +349,16 @@ sync_api: # a reverse proxy server. # real_ip_header: X-Real-IP real_ip_header: {{ matrix_dendrite_sync_api_real_ip_header|to_json }} + # Configuration for the full-text search engine. + search: + # Whether or not search is enabled. + enabled: false + # The path where the search index will be created in. + index_path: "/matrix-media-store-parent/searchindex" + # The language most likely to be used on the server - used when indexing, to + # ensure the returned results match expectations. A full list of possible languages + # can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang + language: "en" # Configuration for the User API. user_api: diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 similarity index 68% rename from roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 rename to roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 0457917a..b83f00bc 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -12,9 +12,9 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' {% if 'matrix-postgres.service' in matrix_dendrite_systemd_required_services_list %} # Dendrite is too quick to start in relation to its matrix-postgres dependency. @@ -22,7 +22,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre={{ matrix_host_command_sleep }} 5 {% endif %} -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dendrite \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -41,22 +41,22 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% for volume in matrix_dendrite_container_additional_volumes %} -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \ {% endfor %} - {% for arg in matrix_dendrite_container_extra_arguments %} + {% for arg in matrix_dendrite_container_arguments %} {{ arg }} \ {% endfor %} {{ matrix_dendrite_docker_image }} \ -config /data/dendrite.yaml \ + {{ matrix_dendrite_process_extra_arguments|join(' ') }} \ {% if matrix_dendrite_http_bind_address %} -http-bind-address {{ matrix_dendrite_http_bind_address }} {% endif %} {% if matrix_dendrite_https_bind_address %} -https-bind-address {{ matrix_dendrite_https_bind_address }} {% endif %} - {{ matrix_dendrite_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 SyslogIdentifier=matrix-dendrite diff --git a/roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 b/roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 new file mode 100644 index 00000000..edfa521b --- /dev/null +++ b/roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 @@ -0,0 +1,17 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +if [ $# -ne 3 ]; then + echo "Usage: "$0" " + exit 1 +fi + +user=$1 +password=$2 +admin=$3 + +if [ "$admin" -eq "1" ]; then + docker exec matrix-dendrite create-account -config /data/dendrite.yaml -username "$user" -password "$password" -admin -url http://localhost:{{ matrix_dendrite_http_bind_port }} +else + docker exec matrix-dendrite create-account -config /data/dendrite.yaml -username "$user" -password "$password" -url http://localhost:{{ matrix_dendrite_http_bind_port }} +fi diff --git a/roles/matrix-dendrite/vars/main.yml b/roles/custom/matrix-dendrite/vars/main.yml similarity index 100% rename from roles/matrix-dendrite/vars/main.yml rename to roles/custom/matrix-dendrite/vars/main.yml diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/custom/matrix-dimension/defaults/main.yml similarity index 100% rename from roles/matrix-dimension/defaults/main.yml rename to roles/custom/matrix-dimension/defaults/main.yml diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/custom/matrix-dimension/tasks/init.yml similarity index 100% rename from roles/matrix-dimension/tasks/init.yml rename to roles/custom/matrix-dimension/tasks/init.yml diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/custom/matrix-dimension/tasks/main.yml similarity index 100% rename from roles/matrix-dimension/tasks/main.yml rename to roles/custom/matrix-dimension/tasks/main.yml diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml similarity index 93% rename from roles/matrix-dimension/tasks/setup_install.yml rename to roles/custom/matrix-dimension/tasks/setup_install.yml index 7060285a..2aeb1e2a 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/custom/matrix-dimension/tasks/setup_install.yml @@ -3,13 +3,15 @@ - ansible.builtin.set_fact: matrix_dimension_requires_restart: false -- block: +- when: "matrix_dimension_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_dimension_sqlite_database_path_local }}" register: matrix_dimension_sqlite_database_path_local_stat_result - - block: + - when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool" + block: # pgloader makes a few columns `smallint`, instead of `boolean`. # We need to fix them up. - ansible.builtin.set_fact: @@ -62,13 +64,11 @@ additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}" - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_dimension_requires_restart: true - when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_dimension_database_engine == 'postgres'" - name: Ensure Dimension base path exists ansible.builtin.file: @@ -87,15 +87,15 @@ group: "{{ matrix_dimension_user_gid }}" - name: Ensure Dimension image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_dimension_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" when: "not matrix_dimension_container_image_self_build | bool" register: matrix_dimension_pull_results - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: matrix_dimension_pull_results is not failed - name: Ensure dimension repository is present on self-build @@ -110,7 +110,7 @@ register: matrix_dimension_git_pull_results - name: Ensure Dimension Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_dimension_docker_image }}" source: build force_source: "{{ matrix_dimension_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -124,7 +124,7 @@ - name: Ensure matrix-dimension.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-dimension.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" mode: 0644 register: matrix_dimension_systemd_service_result diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/custom/matrix-dimension/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-dimension/tasks/setup_uninstall.yml rename to roles/custom/matrix-dimension/tasks/setup_uninstall.yml index 3e2026a1..8a5f5c75 100644 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-dimension/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-dimension service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-dimension.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" register: matrix_dimension_service_stat - name: Ensure matrix-dimension is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-dimension.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-dimension.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" state: absent when: "matrix_dimension_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Dimension Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_dimension_docker_image }}" state: absent diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/custom/matrix-dimension/tasks/validate_config.yml similarity index 100% rename from roles/matrix-dimension/tasks/validate_config.yml rename to roles/custom/matrix-dimension/tasks/validate_config.yml diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/custom/matrix-dimension/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-dimension/templates/config.yaml.j2 rename to roles/custom/matrix-dimension/templates/config.yaml.j2 diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 similarity index 62% rename from roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 rename to roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index e514a74a..07428ffa 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -12,16 +12,16 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true' # Fixup database ownership if it got changed somehow (during a server migration, etc.) {% if matrix_dimension_database_engine == 'sqlite' %} ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_sqlite_database_path_local }} {% endif %} -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dimension \ --log-driver=none \ --user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ --cap-drop=ALL \ @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-dimension/vars/main.yml b/roles/custom/matrix-dimension/vars/main.yml similarity index 100% rename from roles/matrix-dimension/vars/main.yml rename to roles/custom/matrix-dimension/vars/main.yml diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml similarity index 97% rename from roles/matrix-dynamic-dns/defaults/main.yml rename to roles/custom/matrix-dynamic-dns/defaults/main.yml index bdeea0f1..77e01d0e 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls92 +matrix_dynamic_dns_version: v3.10.0-ls103 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/custom/matrix-dynamic-dns/tasks/init.yml similarity index 85% rename from roles/matrix-dynamic-dns/tasks/init.yml rename to roles/custom/matrix-dynamic-dns/tasks/init.yml index 1cd6170e..9c906441 100644 --- a/roles/matrix-dynamic-dns/tasks/init.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Dynamic DNS image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/custom/matrix-dynamic-dns/tasks/install.yml similarity index 93% rename from roles/matrix-dynamic-dns/tasks/install.yml rename to roles/custom/matrix-dynamic-dns/tasks/install.yml index e83637bf..2367e9cb 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/install.yml @@ -1,15 +1,15 @@ --- - name: Ensure Dynamic DNS image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_dynamic_dns_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" when: matrix_dynamic_dns_enabled | bool and not matrix_dynamic_dns_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Dynamic DNS paths exist @@ -37,7 +37,7 @@ when: "matrix_dynamic_dns_enabled | bool and matrix_dynamic_dns_container_image_self_build | bool" - name: Ensure Dynamic DNS Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_dynamic_dns_docker_image }}" source: build force_source: "{{ matrix_dynamic_dns_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-dynamic-dns/tasks/main.yml b/roles/custom/matrix-dynamic-dns/tasks/main.yml similarity index 100% rename from roles/matrix-dynamic-dns/tasks/main.yml rename to roles/custom/matrix-dynamic-dns/tasks/main.yml diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/custom/matrix-dynamic-dns/tasks/uninstall.yml similarity index 82% rename from roles/matrix-dynamic-dns/tasks/uninstall.yml rename to roles/custom/matrix-dynamic-dns/tasks/uninstall.yml index 5e6b429c..7b4e7667 100644 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-dynamic-dns service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service" register: matrix_dynamic_dns_service_stat - name: Ensure matrix-dynamic-dns is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-dynamic-dns.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service" state: absent when: "matrix_dynamic_dns_service_stat.stat.exists" diff --git a/roles/matrix-dynamic-dns/tasks/validate_config.yml b/roles/custom/matrix-dynamic-dns/tasks/validate_config.yml similarity index 91% rename from roles/matrix-dynamic-dns/tasks/validate_config.yml rename to roles/custom/matrix-dynamic-dns/tasks/validate_config.yml index 610dc2f8..60adade8 100644 --- a/roles/matrix-dynamic-dns/tasks/validate_config.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/validate_config.yml @@ -4,7 +4,7 @@ ansible.builtin.fail: msg: >- You need to define at least one configuration in `matrix_dynamic_dns_domain_configurations` for using matrix-dynamic-dns. - when: "matrix_dynamic_dns_domain_configurations|length == 0" + when: "matrix_dynamic_dns_domain_configurations | length == 0" - name: Fail if required settings not defined in configuration blocks ansible.builtin.fail: diff --git a/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 b/roles/custom/matrix-dynamic-dns/templates/ddclient.conf.j2 similarity index 100% rename from roles/matrix-dynamic-dns/templates/ddclient.conf.j2 rename to roles/custom/matrix-dynamic-dns/templates/ddclient.conf.j2 diff --git a/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 new file mode 100644 index 00000000..39cb94ca --- /dev/null +++ b/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Dynamic DNS +{% for service in matrix_dynamic_dns_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_dynamic_dns_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dynamic-dns \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + -e PUID={{ matrix_user_uid }} \ + -e PGID={{ matrix_user_gid }} \ + -v {{ matrix_dynamic_dns_config_path }}:/config:z \ + {% for arg in matrix_dynamic_dns_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_dynamic_dns_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-dynamic-dns + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/custom/matrix-email2matrix/defaults/main.yml similarity index 98% rename from roles/matrix-email2matrix/defaults/main.yml rename to roles/custom/matrix-email2matrix/defaults/main.yml index 3084506f..b24cc76c 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/custom/matrix-email2matrix/defaults/main.yml @@ -11,7 +11,7 @@ matrix_email2matrix_container_image_self_build: false matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git" matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}" -matrix_email2matrix_version: 1.0.3 +matrix_email2matrix_version: 1.1.0 matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}" matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/custom/matrix-email2matrix/tasks/init.yml similarity index 100% rename from roles/matrix-email2matrix/tasks/init.yml rename to roles/custom/matrix-email2matrix/tasks/init.yml diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/custom/matrix-email2matrix/tasks/main.yml similarity index 100% rename from roles/matrix-email2matrix/tasks/main.yml rename to roles/custom/matrix-email2matrix/tasks/main.yml diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/custom/matrix-email2matrix/tasks/setup_install.yml similarity index 91% rename from roles/matrix-email2matrix/tasks/setup_install.yml rename to roles/custom/matrix-email2matrix/tasks/setup_install.yml index 2a782a1a..74050633 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/custom/matrix-email2matrix/tasks/setup_install.yml @@ -22,15 +22,15 @@ mode: 0640 - name: Ensure Email2Matrix image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_email2matrix_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" when: "not matrix_email2matrix_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Email2Matrix repository is present on self-build @@ -45,7 +45,7 @@ when: "matrix_email2matrix_container_image_self_build | bool" - name: Ensure Email2Matrix Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_email2matrix_docker_image }}" source: build force_source: "{{ matrix_email2matrix_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -59,7 +59,7 @@ - name: Ensure matrix-email2matrix.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-email2matrix.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" mode: 0644 register: matrix_email2matrix_systemd_service_result diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-email2matrix/tasks/setup_uninstall.yml rename to roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml index a713a65a..c9600d0c 100644 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-email2matrix service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" register: matrix_email2matrix_service_stat - name: Ensure matrix-email2matrix is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-email2matrix.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" state: absent when: "matrix_email2matrix_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Email2Matrix Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_email2matrix_docker_image }}" state: absent diff --git a/roles/matrix-email2matrix/tasks/validate_config.yml b/roles/custom/matrix-email2matrix/tasks/validate_config.yml similarity index 75% rename from roles/matrix-email2matrix/tasks/validate_config.yml rename to roles/custom/matrix-email2matrix/tasks/validate_config.yml index 59a3581e..8d89f1d6 100644 --- a/roles/matrix-email2matrix/tasks/validate_config.yml +++ b/roles/custom/matrix-email2matrix/tasks/validate_config.yml @@ -4,4 +4,4 @@ ansible.builtin.fail: msg: > You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix. - when: "matrix_email2matrix_matrix_mappings|length == 0" + when: "matrix_email2matrix_matrix_mappings | length == 0" diff --git a/roles/matrix-email2matrix/templates/config.json.j2 b/roles/custom/matrix-email2matrix/templates/config.json.j2 similarity index 100% rename from roles/matrix-email2matrix/templates/config.json.j2 rename to roles/custom/matrix-email2matrix/templates/config.json.j2 diff --git a/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 new file mode 100644 index 00000000..270a0c53 --- /dev/null +++ b/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -0,0 +1,34 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Email2Matrix +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-email2matrix \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + -p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \ + --mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \ + {% for arg in matrix_email2matrix_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_email2matrix_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-email2matrix + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/custom/matrix-etherpad/defaults/main.yml similarity index 89% rename from roles/matrix-etherpad/defaults/main.yml rename to roles/custom/matrix-etherpad/defaults/main.yml index 8281f27f..540b2a51 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/custom/matrix-etherpad/defaults/main.yml @@ -3,6 +3,10 @@ matrix_etherpad_enabled: false +# standalone = etherpad installed on subdomain (etherpad.DOMAIN) and can be used as-is +# dimension = etherpad installed in subdir of dimension (dimension.DOMAIN/etherpad) and can be used with dimension +matrix_etherpad_mode: standalone + matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" matrix_etherpad_version: 1.8.18 @@ -28,10 +32,11 @@ matrix_etherpad_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_etherpad_container_extra_arguments: [] +# Used only when `matrix_etherpad_mode: dimension` matrix_etherpad_public_endpoint: '/etherpad' -# By default, the Etherpad app can be accessed within the Dimension domain -matrix_etherpad_base_url: "https://{{ matrix_server_fqn_dimension }}{{ matrix_etherpad_public_endpoint }}" +# By default, the Etherpad app can be accessed on etherpad subdomain +matrix_etherpad_base_url: "https://{{ matrix_server_fqn_etherpad }}/" # Database-related configuration fields. # @@ -53,6 +58,8 @@ matrix_etherpad_database_connection_string: 'postgres://{{ matrix_etherpad_datab # Variables configuring the etherpad matrix_etherpad_title: 'Etherpad' +matrix_etherpad_abiword: null +matrix_etherpad_soffice: null matrix_etherpad_default_pad_text: | Welcome to Etherpad! diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/custom/matrix-etherpad/tasks/init.yml similarity index 81% rename from roles/matrix-etherpad/tasks/init.yml rename to roles/custom/matrix-etherpad/tasks/init.yml index e16b78dd..d35ed375 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/custom/matrix-etherpad/tasks/init.yml @@ -4,7 +4,10 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" when: matrix_etherpad_enabled | bool -- block: +- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension' + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -49,16 +52,3 @@ + [matrix_etherpad_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_etherpad_enabled | bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Etherpad tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_etherpad_public_endpoint }}` - URL endpoint to the matrix-etherpad container. - You can expose the container's port using the `matrix_etherpad_container_http_host_bind_port` variable. - when: "matrix_etherpad_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-etherpad/tasks/main.yml b/roles/custom/matrix-etherpad/tasks/main.yml similarity index 100% rename from roles/matrix-etherpad/tasks/main.yml rename to roles/custom/matrix-etherpad/tasks/main.yml index b1c8ab55..caf0dda5 100644 --- a/roles/matrix-etherpad/tasks/main.yml +++ b/roles/custom/matrix-etherpad/tasks/main.yml @@ -4,6 +4,12 @@ tags: - always +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup | bool and matrix_etherpad_enabled | bool + tags: + - setup-all + - setup-etherpad + - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: run_setup | bool and matrix_etherpad_enabled | bool tags: @@ -15,9 +21,3 @@ tags: - setup-all - setup-etherpad - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup | bool and matrix_etherpad_enabled | bool - tags: - - setup-all - - setup-etherpad diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/custom/matrix-etherpad/tasks/setup_install.yml similarity index 85% rename from roles/matrix-etherpad/tasks/setup_install.yml rename to roles/custom/matrix-etherpad/tasks/setup_install.yml index 0243e9d7..bb5e0e53 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/custom/matrix-etherpad/tasks/setup_install.yml @@ -17,20 +17,20 @@ group: "{{ matrix_etherpad_user_gid }}" - name: Ensure Etherpad image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_etherpad_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-etherpad.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-etherpad.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-etherpad.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" mode: 0644 register: matrix_etherpad_systemd_service_result diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-etherpad/tasks/setup_uninstall.yml rename to roles/custom/matrix-etherpad/tasks/setup_uninstall.yml index 38697366..7d93b9ab 100644 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-etherpad service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-etherpad.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" register: matrix_etherpad_service_stat - name: Ensure matrix-etherpad is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-etherpad.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-etherpad.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" state: absent when: "matrix_etherpad_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Etherpad Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_etherpad_docker_image }}" state: absent diff --git a/roles/custom/matrix-etherpad/tasks/validate_config.yml b/roles/custom/matrix-etherpad/tasks/validate_config.yml new file mode 100644 index 00000000..10ddc584 --- /dev/null +++ b/roles/custom/matrix-etherpad/tasks/validate_config.yml @@ -0,0 +1,13 @@ +--- + +- name: Fail if no database is configured for Etherpad + ansible.builtin.fail: + msg: >- + Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname" + when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled + +- name: Fail if wrong mode selected + ansible.builtin.fail: + msg: >- + You're using Etherpad in 'dimension' mode (`matrix_etherpad_serving_mode: dimension`), which tries to host Etherpad at the Dimension subdomain - `{{ matrix_server_fqn_dimension }}`. However, this isn't possible because Dimension is not enabled. To resolve the problem, either enable Dimension (`matrix_dimension_enabled: true`) or switch Etherpad to standalone mode (`matrix_etherpad_mode: standalone`) and have it served on its own domain (`{{ matrix_server_fqn_etherpad }}`). + when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension' and not matrix_dimension_enabled | default(False) | bool diff --git a/roles/matrix-etherpad/templates/settings.json.j2 b/roles/custom/matrix-etherpad/templates/settings.json.j2 similarity index 95% rename from roles/matrix-etherpad/templates/settings.json.j2 rename to roles/custom/matrix-etherpad/templates/settings.json.j2 index 0a240f3e..cc45d190 100644 --- a/roles/matrix-etherpad/templates/settings.json.j2 +++ b/roles/custom/matrix-etherpad/templates/settings.json.j2 @@ -20,8 +20,8 @@ "editOnly": false, "minify": true, "maxAge": 21600, - "abiword": null, - "soffice": null, + "abiword": {{ matrix_etherpad_abiword|to_json }}, + "soffice": {{ matrix_etherpad_soffice|to_json }}, "tidyHtml": null, "allowUnknownFileEnds": true, "requireAuthentication": false, @@ -103,7 +103,7 @@ "pageUp": true, "pageDown": true }, - "loglevel": "INFO", + "loglevel": "WARN", "logconfig" : { "appenders": [ { "type": "console", diff --git a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 b/roles/custom/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 similarity index 68% rename from roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 rename to roles/custom/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 index d96c4260..e0a10481 100644 --- a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 +++ b/roles/custom/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-etherpad +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-etherpad +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-etherpad -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-etherpad \ --log-driver=none \ --user={{ matrix_etherpad_user_uid }}:{{ matrix_etherpad_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \ --sessionkey /data/sessionkey.json --apikey /data/apijey.json -ExecStop=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStop=-{{ matrix_host_command_docker }} rm matrix-etherpad +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-etherpad +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-etherpad Restart=always RestartSec=30 SyslogIdentifier=matrix-etherpad diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml similarity index 86% rename from roles/matrix-grafana/defaults/main.yml rename to roles/custom/matrix-grafana/defaults/main.yml index 3765a0e4..7c5e8d99 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/custom/matrix-grafana/defaults/main.yml @@ -3,18 +3,14 @@ # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md # Project source code URL: https://github.com/grafana/grafana -matrix_grafana_enabled: false +matrix_grafana_enabled: true -matrix_grafana_version: 9.0.3 +matrix_grafana_version: 9.2.4 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" -# Not conditional, because when someone disables metrics -# they might still want to look at the old existing data. -# So it would be silly to delete the dashboard in such case. -matrix_grafana_dashboard_download_urls: - - "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" - - "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" +# matrix_grafana_dashboard_download_urls holds a list of URLs of dashboards to download +matrix_grafana_dashboard_download_urls: [] matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana" matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config" @@ -50,6 +46,10 @@ matrix_grafana_content_security_policy: true matrix_grafana_content_security_policy_customized: false matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';" +# matrix_grafana_default_home_dashboard_path influences the `default_home_dashboard_path` grafana.ini setting, +# which is an in-container path for the default dashboard. +matrix_grafana_default_home_dashboard_path: /etc/grafana/dashboards/node-exporter-full.json + # A list of extra arguments to pass to the container matrix_grafana_container_extra_arguments: [] diff --git a/roles/matrix-grafana/tasks/init.yml b/roles/custom/matrix-grafana/tasks/init.yml similarity index 100% rename from roles/matrix-grafana/tasks/init.yml rename to roles/custom/matrix-grafana/tasks/init.yml diff --git a/roles/matrix-grafana/tasks/main.yml b/roles/custom/matrix-grafana/tasks/main.yml similarity index 100% rename from roles/matrix-grafana/tasks/main.yml rename to roles/custom/matrix-grafana/tasks/main.yml diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/custom/matrix-grafana/tasks/setup.yml similarity index 86% rename from roles/matrix-grafana/tasks/setup.yml rename to roles/custom/matrix-grafana/tasks/setup.yml index 591c0222..eabd25e5 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/custom/matrix-grafana/tasks/setup.yml @@ -5,15 +5,15 @@ # - name: Ensure matrix-grafana image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_grafana_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" when: "matrix_grafana_enabled | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure grafana paths exists @@ -68,17 +68,17 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - with_items: "{{ matrix_grafana_dashboard_download_urls_all }}" + with_items: "{{ matrix_grafana_dashboard_download_urls }}" when: matrix_grafana_enabled | bool register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - name: Ensure matrix-grafana.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-grafana.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-grafana.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" mode: 0644 register: matrix_grafana_systemd_service_result when: matrix_grafana_enabled | bool @@ -94,7 +94,7 @@ - name: Check existence of matrix-grafana service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-grafana.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" register: matrix_grafana_service_stat - name: Ensure matrix-grafana is stopped @@ -108,7 +108,7 @@ - name: Ensure matrix-grafana.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-grafana.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" state: absent when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists" diff --git a/roles/custom/matrix-grafana/tasks/validate_config.yml b/roles/custom/matrix-grafana/tasks/validate_config.yml new file mode 100644 index 00000000..21c44dc8 --- /dev/null +++ b/roles/custom/matrix-grafana/tasks/validate_config.yml @@ -0,0 +1,16 @@ +--- + +- name: Fail if Prometheus not enabled + ansible.builtin.fail: + msg: > + You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana. + when: "not matrix_prometheus_enabled" + +- name: (Deprecation) Catch and report renamed settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_grafana_dashboard_download_urls_all', 'new': 'matrix_grafana_dashboard_download_urls'} diff --git a/roles/matrix-grafana/templates/dashboards.yaml.j2 b/roles/custom/matrix-grafana/templates/dashboards.yaml.j2 similarity index 100% rename from roles/matrix-grafana/templates/dashboards.yaml.j2 rename to roles/custom/matrix-grafana/templates/dashboards.yaml.j2 diff --git a/roles/matrix-grafana/templates/datasources.yaml.j2 b/roles/custom/matrix-grafana/templates/datasources.yaml.j2 similarity index 100% rename from roles/matrix-grafana/templates/datasources.yaml.j2 rename to roles/custom/matrix-grafana/templates/datasources.yaml.j2 diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/custom/matrix-grafana/templates/grafana.ini.j2 similarity index 83% rename from roles/matrix-grafana/templates/grafana.ini.j2 rename to roles/custom/matrix-grafana/templates/grafana.ini.j2 index 1e06683e..ac609f91 100644 --- a/roles/matrix-grafana/templates/grafana.ini.j2 +++ b/roles/custom/matrix-grafana/templates/grafana.ini.j2 @@ -26,8 +26,4 @@ enabled = {{ matrix_grafana_anonymous_access }} org_name = "{{ matrix_grafana_anonymous_access_org_name }}" [dashboards] -{% if matrix_synapse_metrics_enabled %} -default_home_dashboard_path = /etc/grafana/dashboards/synapse.json -{% else %} -default_home_dashboard_path = /etc/grafana/dashboards/node-exporter-full.json -{% endif %} +default_home_dashboard_path = {{ matrix_grafana_default_home_dashboard_path }} diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/custom/matrix-grafana/templates/systemd/matrix-grafana.service.j2 similarity index 54% rename from roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 rename to roles/custom/matrix-grafana/templates/systemd/matrix-grafana.service.j2 index e0f58076..fd48b01e 100644 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ b/roles/custom/matrix-grafana/templates/systemd/matrix-grafana.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-grafana 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-grafana \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ {% endfor %} {{ matrix_grafana_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-grafana 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-grafana diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml similarity index 99% rename from roles/matrix-jitsi/defaults/main.yml rename to roles/custom/matrix-jitsi/defaults/main.yml index 5546d19c..e1fcc318 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/custom/matrix-jitsi/defaults/main.yml @@ -9,6 +9,7 @@ matrix_jitsi_enable_auth: false matrix_jitsi_enable_guests: false matrix_jitsi_enable_recording: false matrix_jitsi_enable_transcriptions: false +matrix_jitsi_enable_jaas_components: false matrix_jitsi_enable_p2p: true matrix_jitsi_enable_av_moderation: true matrix_jitsi_enable_breakout_rooms: true @@ -71,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7439-2 +matrix_jitsi_version: stable-7882 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/custom/matrix-jitsi/tasks/init.yml similarity index 100% rename from roles/matrix-jitsi/tasks/init.yml rename to roles/custom/matrix-jitsi/tasks/init.yml diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/custom/matrix-jitsi/tasks/main.yml similarity index 100% rename from roles/matrix-jitsi/tasks/main.yml rename to roles/custom/matrix-jitsi/tasks/main.yml diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml similarity index 81% rename from roles/matrix-jitsi/tasks/setup_jitsi_base.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml index a91949e1..c52c1902 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -1,6 +1,8 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_openssl_installed # # Tasks related to setting up jitsi diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml similarity index 89% rename from roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 8b2ec6a7..d9395308 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -17,15 +17,15 @@ when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-jicofo Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_jitsi_jicofo_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" when: matrix_jitsi_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure jitsi-jicofo environment variables file created @@ -52,7 +52,7 @@ - name: Ensure matrix-jitsi-jicofo.service installed ansible.builtin.template: src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" mode: 0644 register: matrix_jitsi_jicofo_systemd_service_result when: matrix_jitsi_enabled | bool @@ -68,7 +68,7 @@ - name: Check existence of matrix-jitsi-jicofo service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" register: matrix_jitsi_jicofo_service_stat when: "not matrix_jitsi_enabled | bool" @@ -83,7 +83,7 @@ - name: Ensure matrix-jitsi-jicofo.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" state: absent when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml similarity index 89% rename from roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml index cdb94ebd..966572af 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -17,15 +17,15 @@ when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-jvb Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_jitsi_jvb_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure jitsi-jvb configuration files created @@ -52,7 +52,7 @@ - name: Ensure matrix-jitsi-jvb.service installed ansible.builtin.template: src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" mode: 0644 register: matrix_jitsi_jvb_systemd_service_result when: matrix_jitsi_enabled | bool @@ -68,7 +68,7 @@ - name: Check existence of matrix-jitsi-jvb service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" register: matrix_jitsi_jvb_service_stat when: "not matrix_jitsi_enabled | bool" @@ -83,7 +83,7 @@ - name: Ensure matrix-jitsi-jvb.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" state: absent when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml similarity index 89% rename from roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 9383b48b..1a1656b2 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -18,15 +18,15 @@ when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-prosody Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_jitsi_prosody_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" when: matrix_jitsi_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure jitsi-prosody environment variables file is created @@ -41,7 +41,7 @@ - name: Ensure matrix-jitsi-prosody.service file is installed ansible.builtin.template: src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" mode: 0644 register: matrix_jitsi_prosody_systemd_service_result when: matrix_jitsi_enabled | bool @@ -65,7 +65,7 @@ - name: Ensure matrix-jitsi-prosody.service file exists ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" register: matrix_jitsi_prosody_service_stat when: "not matrix_jitsi_enabled | bool" @@ -80,7 +80,7 @@ - name: Ensure matrix-jitsi-prosody.service file doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" state: absent when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml similarity index 89% rename from roles/matrix-jitsi/tasks/setup_jitsi_web.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml index 1c7daa4b..b6d3241b 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -19,15 +19,15 @@ when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-web Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_jitsi_web_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" when: matrix_jitsi_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure jitsi-web environment variables file created @@ -54,7 +54,7 @@ - name: Ensure matrix-jitsi-web.service installed ansible.builtin.template: src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" mode: 0644 register: matrix_jitsi_web_systemd_service_result when: matrix_jitsi_enabled | bool @@ -70,7 +70,7 @@ - name: Check existence of matrix-jitsi-web service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" register: matrix_jitsi_web_service_stat when: "not matrix_jitsi_enabled | bool" @@ -85,7 +85,7 @@ - name: Ensure matrix-jitsi-web.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" state: absent when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml similarity index 81% rename from roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml rename to roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index d9da9ebe..4edc5431 100644 --- a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -15,7 +15,7 @@ # - name: Ensure Jitsi internal authentication users are configured - ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" + ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}" when: - matrix_jitsi_auth_type == "internal" diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/custom/matrix-jitsi/tasks/validate_config.yml similarity index 100% rename from roles/matrix-jitsi/tasks/validate_config.yml rename to roles/custom/matrix-jitsi/tasks/validate_config.yml diff --git a/roles/matrix-jitsi/templates/jicofo/env.j2 b/roles/custom/matrix-jitsi/templates/jicofo/env.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jicofo/env.j2 rename to roles/custom/matrix-jitsi/templates/jicofo/env.j2 diff --git a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 b/roles/custom/matrix-jitsi/templates/jicofo/logging.properties.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jicofo/logging.properties.j2 rename to roles/custom/matrix-jitsi/templates/jicofo/logging.properties.j2 diff --git a/roles/custom/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/custom/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 new file mode 100644 index 00000000..1cf08234 --- /dev/null +++ b/roles/custom/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -0,0 +1,33 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-jicofo server +{% for service in matrix_jitsi_jicofo_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ + --mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \ + {% for arg in matrix_jitsi_jicofo_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_jicofo_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-jicofo + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 b/roles/custom/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 rename to roles/custom/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 diff --git a/roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 b/roles/custom/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 rename to roles/custom/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/custom/matrix-jitsi/templates/jvb/env.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jvb/env.j2 rename to roles/custom/matrix-jitsi/templates/jvb/env.j2 diff --git a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 b/roles/custom/matrix-jitsi/templates/jvb/logging.properties.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jvb/logging.properties.j2 rename to roles/custom/matrix-jitsi/templates/jvb/logging.properties.j2 diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/custom/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 similarity index 59% rename from roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 rename to roles/custom/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index f0b141fc..922d201a 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/custom/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-jvb \ --log-driver=none \ --network={{ matrix_docker_network }} \ --network-alias=jvb.meet.jitsi \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/custom/matrix-jitsi/templates/prosody/env.j2 similarity index 100% rename from roles/matrix-jitsi/templates/prosody/env.j2 rename to roles/custom/matrix-jitsi/templates/prosody/env.j2 diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 similarity index 54% rename from roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 rename to roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 0c3a3932..0b2592ae 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-prosody \ --log-driver=none \ --network={{ matrix_docker_network }} \ --network-alias={{ matrix_jitsi_xmpp_server }} \ @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/custom-config.js.j2 b/roles/custom/matrix-jitsi/templates/web/custom-config.js.j2 similarity index 100% rename from roles/matrix-jitsi/templates/web/custom-config.js.j2 rename to roles/custom/matrix-jitsi/templates/web/custom-config.js.j2 diff --git a/roles/matrix-jitsi/templates/web/custom-interface_config.js.j2 b/roles/custom/matrix-jitsi/templates/web/custom-interface_config.js.j2 similarity index 100% rename from roles/matrix-jitsi/templates/web/custom-interface_config.js.j2 rename to roles/custom/matrix-jitsi/templates/web/custom-interface_config.js.j2 diff --git a/roles/matrix-jitsi/templates/web/env.j2 b/roles/custom/matrix-jitsi/templates/web/env.j2 similarity index 97% rename from roles/matrix-jitsi/templates/web/env.j2 rename to roles/custom/matrix-jitsi/templates/web/env.j2 index ac15c087..3e9f51b7 100644 --- a/roles/matrix-jitsi/templates/web/env.j2 +++ b/roles/custom/matrix-jitsi/templates/web/env.j2 @@ -57,6 +57,7 @@ ENABLE_TALK_WHILE_MUTED ENABLE_TCC ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }} ENABLE_XMPP_WEBSOCKET +ENABLE_JAAS_COMPONENTS={{ 1 if matrix_jitsi_enable_jaas_components else false }} ETHERPAD_PUBLIC_URL ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}} GOOGLE_ANALYTICS_ID diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/custom/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 similarity index 56% rename from roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 rename to roles/custom/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index 8f29bfa8..fcb5f221 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/custom/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-web \ --log-driver=none \ --network={{ matrix_docker_network }} \ --network-alias={{ matrix_jitsi_xmpp_domain }} \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml b/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml new file mode 100644 index 00000000..7ee5a947 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml @@ -0,0 +1,58 @@ +--- +# matrix_ldap_registration_proxy - Want to build a large-scale Matrix server using external registration on LDAP? +# Project source code URL: https://gitlab.com/activism.international/matrix_ldap_registration_proxy + +matrix_ldap_registration_proxy_enabled: true + +matrix_ldap_registration_proxy_docker_image: matrix_ldap_registration_proxy +matrix_ldap_registration_proxy_container_image_self_build_repo: "https://gitlab.com/activism.international/matrix_ldap_registration_proxy.git" +matrix_ldap_registration_proxy_container_image_self_build_branch: "{{ matrix_ldap_registration_proxy_version }}" + +matrix_ldap_registration_proxy_version: "296246afc6a9b3105e67fcf6621cf05ebc74b873" + +matrix_ldap_registration_proxy_base_path: "{{ matrix_base_data_path }}/matrix_ldap_registration_proxy" +# We need the docker src directory to be named matrix_ldap_registration_proxy. +matrix_ldap_registration_proxy_docker_src_files_path: "{{ matrix_ldap_registration_proxy_base_path }}/docker-src/matrix_ldap_registration_proxy" +matrix_ldap_registration_proxy_config_path: "{{ matrix_ldap_registration_proxy_base_path }}/config" + +matrix_ldap_registration_proxy_ldap_uri: "" +matrix_ldap_registration_proxy_ldap_base_dn: "" +matrix_ldap_registration_proxy_ldap_user: "" +matrix_ldap_registration_proxy_ldap_password: "" +matrix_ldap_registration_proxy_matrix_server_name: "{{ matrix_domain }}" +matrix_ldap_registration_proxy_matrix_server_url: "https://{{ matrix_server_fqn_matrix }}" + +matrix_ldap_registration_proxy_registration_endpoint: "/_matrix/client/r0/register" + +# Controls whether the self-check feature should validate SSL certificates. +matrix_matrix_ldap_registration_proxy_self_check_validate_certificates: true + +matrix_ldap_registration_proxy_container_port: 8080 +# Controls whether the matrix_ldap_registration_proxy container exposes its HTTP port (tcp/{{ matrix_ldap_registration_proxy_container_port }} in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8080"), or empty string to not expose. +matrix_ldap_registration_proxy_container_http_host_bind_port: '' + +# `matrix_ldap_registration_proxy_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_ldap_registration_proxy_container_http_host_bind_port`, +# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') +matrix_ldap_registration_proxy_container_http_host_bind_port_number_raw: "{{ '' if matrix_ldap_registration_proxy_container_http_host_bind_port == '' else (matrix_ldap_registration_proxy_container_http_host_bind_port.split(':')[1] if ':' in matrix_ldap_registration_proxy_container_http_host_bind_port else matrix_ldap_registration_proxy_container_http_host_bind_port) }}" + +matrix_ldap_registration_proxy_registration_addr_with_container: "matrix-ldap_registration-proxy:{{ matrix_ldap_registration_proxy_container_http_host_bind_port_number_raw }}" +matrix_ldap_registration_proxy_registration_addr_sans_container: "127.0.0.1:{{ matrix_ldap_registration_proxy_container_http_host_bind_port_number_raw }}" + + +# A list of extra arguments to pass to the container +matrix_ldap_registration_proxy_container_extra_arguments: [] + +# List of systemd services that matrix_ldap_registration_proxy.service depends on +matrix_ldap_registration_proxy_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix_ldap_registration_proxy.service wants +matrix_ldap_registration_proxy_systemd_wanted_services_list: [] + +# Additional environment variables to pass to the LDAP proxy environment variables. +# +# Example: +# matrix_ldap_registration_proxy_env_variables_extension: | +# KEY=value +matrix_ldap_registration_proxy_env_variables_extension: '' diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml new file mode 100644 index 00000000..40623609 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml @@ -0,0 +1,57 @@ +--- +# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 +# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 +- name: Fail if trying to self-build on Ansible < 2.8 + ansible.builtin.fail: + msg: "To self-build the matrix_ldap_registration_proxy image, you should use Ansible 2.8 or higher. See docs/ansible.md" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ldap_registration_proxy_container_image_self_build and matrix_ldap_registration_proxy_enabled | bool" + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ldap-registration-proxy.service'] }}" + when: matrix_ldap_registration_proxy_enabled | bool + +- when: matrix_ldap_registration_proxy_enabled | bool + tags: + - always + block: + - name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + + - name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: | + location {{ matrix_ldap_registration_proxy_registration_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}"; + proxy_pass http://$backend/register; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register; + {% endif %} + } + + - name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration] + }} + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}` + URL endpoint to the matrix-ldap-proxy container. + You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml new file mode 100644 index 00000000..5815774e --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" + tags: + - setup-all + - setup-matrix-ldap-registration-proxy + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" + tags: + - setup-all + - setup-matrix-ldap-registration-proxy + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_ldap_registration_proxy_enabled | bool" + tags: + - setup-all + - setup-matrix-ldap-registration-proxy diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml new file mode 100644 index 00000000..3ac8f9b8 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml @@ -0,0 +1,63 @@ +--- + +- name: Ensure matrix_ldap_registration_proxy paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_ldap_registration_proxy_config_path }}", when: true} + - {path: "{{ matrix_ldap_registration_proxy_docker_src_files_path }}", when: true} + when: "item.when | bool" + +- ansible.builtin.set_fact: + matrix_ldap_registration_proxy_requires_restart: false + +- name: Ensure matrix_ldap_registration_proxy repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_ldap_registration_proxy_container_image_self_build_repo }}" + dest: "{{ matrix_ldap_registration_proxy_docker_src_files_path }}" + version: "{{ matrix_ldap_registration_proxy_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_ldap_registration_proxy_git_pull_results + +- name: Ensure matrix_ldap_registration_proxy Docker image is built + community.docker.docker_image: + name: "{{ matrix_ldap_registration_proxy_docker_image }}" + source: build + force_source: "{{ matrix_ldap_registration_proxy_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_ldap_registration_proxy_docker_src_files_path }}" + pull: true + when: true + +- name: Ensure matrix_ldap_registration_proxy config installed + ansible.builtin.template: + src: "{{ role_path }}/templates/ldap-registration-proxy.env.j2" + dest: "{{ matrix_ldap_registration_proxy_config_path }}/ldap-registration-proxy.env" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-ldap-registration-proxy.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-ldap-registration-proxy.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" + mode: 0644 + register: matrix_ldap_registration_proxy_systemd_service_result + +- name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_ldap_registration_proxy_systemd_service_result.changed | bool" + +- name: Ensure matrix-ldap-registration-proxy.service restarted, if necessary + ansible.builtin.service: + name: "matrix-ldap-registration-proxy.service" + state: restarted + when: "matrix_ldap_registration_proxy_requires_restart | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml new file mode 100644 index 00000000..ed19ad9c --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-matrix_ldap_registration_proxy service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" + register: matrix_ldap_registration_proxy_service_stat + +- name: Ensure matrix-matrix_ldap_registration_proxy is stopped + ansible.builtin.service: + name: matrix-matrix_ldap_registration_proxy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + +- name: Ensure matrix-ldap-registration-proxy.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" + state: absent + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + +- name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + +- name: Ensure Matrix matrix_ldap_registration_proxy paths don't exist + ansible.builtin.file: + path: "{{ matrix_ldap_registration_proxy_base_path }}" + state: absent + +- name: Ensure matrix_ldap_registration_proxy Docker image doesn't exist + community.docker.docker_image: + name: "{{ matrix_ldap_registration_proxy_docker_image }}" + state: absent diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/validate_config.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/validate_config.yml new file mode 100644 index 00000000..6b52af9c --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/validate_config.yml @@ -0,0 +1,12 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_ldap_registration_proxy_ldap_uri" + - "matrix_ldap_registration_proxy_ldap_base_dn" + - "matrix_ldap_registration_proxy_ldap_user" + - "matrix_ldap_registration_proxy_ldap_password" diff --git a/roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2 b/roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2 new file mode 100644 index 00000000..581a0b0d --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2 @@ -0,0 +1,35 @@ +# please specify the configuration here +# +# these settings are mandatory + +# The server to connect to. Please note it must be accessible from the Docker network +# example: `ldap://127.0.0.1:389` +LDAP_SERVER={{ matrix_ldap_registration_proxy_ldap_uri }} + +# the base DN used for user creation + +LDAP_BASE_DN={{ matrix_ldap_registration_proxy_ldap_base_dn }} + +# the privileged user used for user creation including it's DN +# example: `uid=admin,cn=users,cn=accounts,dc=example,dc=org` + +LDAP_USER={{ matrix_ldap_registration_proxy_ldap_user }} + +# the password of the `LDAP_USER` used for authentication +LDAP_PASSWORD={{ matrix_ldap_registration_proxy_ldap_password }} + +# the human-readable server name of your Matrix server as used in the Matrix ID +# example: `example.org` +MATRIX_SERVER_NAME={{ matrix_ldap_registration_proxy_matrix_server_name }} + +# the url to access the Matrix server API without trailing `/` +# example: `https://matrix.example.org` +MATRIX_SERVER_URL={{ matrix_ldap_registration_proxy_matrix_server_url }} + +# these settings are optional: + +# Specify the port to listen on. Default to 8080 +LISTEN_PORT={{ matrix_ldap_registration_proxy_container_port }} + +# Use this to extend the configuration with custom variables +{{ matrix_ldap_registration_proxy_env_variables_extension }} diff --git a/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 b/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 new file mode 100644 index 00000000..641e321e --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix_ldap_registration_proxy +{% for service in matrix_ldap_registration_proxy_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_ldap_registration_proxy_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ldap-registration-proxy 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true' + +# matrix_ldap_registration_proxy writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, +# so /tmp needs to be mounted with an exec option. +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ldap-registration-proxy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + {% if matrix_ldap_registration_proxy_container_http_host_bind_port %} + -p {{ matrix_ldap_registration_proxy_container_http_host_bind_port }}:{{ matrix_ldap_registration_proxy_container_port }} \ + {% endif %} + --env-file {{ matrix_ldap_registration_proxy_config_path }}/ldap-registration-proxy.env \ + {% for arg in matrix_ldap_registration_proxy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_ldap_registration_proxy_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ldap-registration-proxy 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-ldap-registration-proxy + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/custom/matrix-ma1sd/defaults/main.yml similarity index 100% rename from roles/matrix-ma1sd/defaults/main.yml rename to roles/custom/matrix-ma1sd/defaults/main.yml diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/custom/matrix-ma1sd/tasks/init.yml similarity index 85% rename from roles/matrix-ma1sd/tasks/init.yml rename to roles/custom/matrix-ma1sd/tasks/init.yml index 1d425006..48226aa0 100644 --- a/roles/matrix-ma1sd/tasks/init.yml +++ b/roles/custom/matrix-ma1sd/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the ma1sd image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled | bool" - ansible.builtin.set_fact: diff --git a/roles/matrix-ma1sd/tasks/main.yml b/roles/custom/matrix-ma1sd/tasks/main.yml similarity index 100% rename from roles/matrix-ma1sd/tasks/main.yml rename to roles/custom/matrix-ma1sd/tasks/main.yml diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml similarity index 90% rename from roles/matrix-ma1sd/tasks/migrate_mxisd.yml rename to roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml index 7457001c..ee722895 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -16,7 +16,7 @@ - name: Check existence of old matrix-mxisd service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mxisd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mxisd.service" register: matrix_mxisd_service_stat - name: Ensure matrix-mxisd is stopped @@ -29,7 +29,7 @@ - name: Check existence of matrix-ma1sd service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" register: matrix_ma1sd_service_stat when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" @@ -42,7 +42,8 @@ # We use shell commands for the migration, because the Ansible copy module cannot # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. -- block: +- when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" + block: - name: Copy mxisd data files to ma1sd folder ansible.builtin.command: cmd: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" @@ -66,11 +67,10 @@ cmd: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" register: matrix_ma1sd_migrate_mxisd_move_directory_result changed_when: matrix_ma1sd_migrate_mxisd_move_directory_result.rc == 0 - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Ensure outdated matrix-mxisd.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mxisd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mxisd.service" state: absent when: "matrix_mxisd_service_stat.stat.exists" diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml similarity index 100% rename from roles/matrix-ma1sd/tasks/self_check_ma1sd.yml rename to roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml similarity index 91% rename from roles/matrix-ma1sd/tasks/setup_install.yml rename to roles/custom/matrix-ma1sd/tasks/setup_install.yml index ef32288f..b9668a05 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml @@ -21,13 +21,15 @@ - ansible.builtin.set_fact: matrix_ma1sd_requires_restart: false -- block: +- when: "matrix_ma1sd_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_ma1sd_sqlite_database_path_local }}" register: matrix_ma1sd_sqlite_database_path_local_stat_result - - block: + - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_ma1sd_sqlite_database_path_local }}" @@ -39,27 +41,26 @@ pgloader_options: ['--with "quote identifiers"'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_ma1sd_requires_restart: true - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_ma1sd_database_engine == 'postgres'" - name: Ensure ma1sd image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_ma1sd_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" when: "not matrix_ma1sd_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- block: +- when: "matrix_ma1sd_container_image_self_build | bool" + block: - name: Ensure gradle is installed for self-building (Debian) ansible.builtin.apt: name: @@ -73,13 +74,8 @@ msg: "Installing gradle on RedHat ({{ ansible_distribution }}) is currently not supported, so self-building ma1sd cannot happen at this time" when: ansible_os_family == 'RedHat' - - name: Ensure gradle is installed for self-building (Archlinux) - pacman: - name: - - gradle - state: present - update_cache: true - when: ansible_distribution == 'Archlinux' + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/ensure_gradle_installed_archlinux.yml" + when: "ansible_distribution == 'Archlinux'" - name: Ensure ma1sd repository is present on self-build ansible.builtin.git: @@ -100,7 +96,7 @@ when: matrix_ma1sd_git_pull_results.changed - name: Ensure ma1sd Docker image is tagged correctly - docker_image: + community.docker.docker_image: # The build script always tags the image with 2 tags: # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) @@ -111,7 +107,6 @@ repository: "{{ matrix_ma1sd_docker_image }}" force_tag: true source: local - when: "matrix_ma1sd_container_image_self_build | bool" - name: Ensure ma1sd config installed ansible.builtin.copy: @@ -162,7 +157,7 @@ - name: Ensure matrix-ma1sd.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-ma1sd.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-ma1sd.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" mode: 0644 register: matrix_ma1sd_systemd_service_result diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-ma1sd/tasks/setup_uninstall.yml rename to roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml index 2bc505b0..c7e8bf63 100644 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-ma1sd service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" register: matrix_ma1sd_service_stat - name: Ensure matrix-ma1sd is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-ma1sd.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" state: absent when: "matrix_ma1sd_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure ma1sd Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_ma1sd_docker_image }}" state: absent diff --git a/roles/custom/matrix-ma1sd/tasks/util/ensure_gradle_installed_archlinux.yml b/roles/custom/matrix-ma1sd/tasks/util/ensure_gradle_installed_archlinux.yml new file mode 100644 index 00000000..cfe38a8d --- /dev/null +++ b/roles/custom/matrix-ma1sd/tasks/util/ensure_gradle_installed_archlinux.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure gradle installed (Archlinux) + community.general.pacman: + name: gradle + state: present diff --git a/roles/matrix-ma1sd/tasks/validate_config.yml b/roles/custom/matrix-ma1sd/tasks/validate_config.yml similarity index 100% rename from roles/matrix-ma1sd/tasks/validate_config.yml rename to roles/custom/matrix-ma1sd/tasks/validate_config.yml diff --git a/roles/matrix-ma1sd/templates/ma1sd.yaml.j2 b/roles/custom/matrix-ma1sd/templates/ma1sd.yaml.j2 similarity index 100% rename from roles/matrix-ma1sd/templates/ma1sd.yaml.j2 rename to roles/custom/matrix-ma1sd/templates/ma1sd.yaml.j2 diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 similarity index 61% rename from roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 rename to roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 427f6c9f..9dbddbbf 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -12,13 +12,13 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option. -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ma1sd \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-ma1sd/vars/main.yml b/roles/custom/matrix-ma1sd/vars/main.yml similarity index 100% rename from roles/matrix-ma1sd/vars/main.yml rename to roles/custom/matrix-ma1sd/vars/main.yml diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/custom/matrix-mailer/defaults/main.yml similarity index 100% rename from roles/matrix-mailer/defaults/main.yml rename to roles/custom/matrix-mailer/defaults/main.yml diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/custom/matrix-mailer/tasks/init.yml similarity index 84% rename from roles/matrix-mailer/tasks/init.yml rename to roles/custom/matrix-mailer/tasks/init.yml index e83902d7..487ed0c9 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/custom/matrix-mailer/tasks/init.yml @@ -3,7 +3,7 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Matrix Mailer image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build and matrix_mailer_enabled" - ansible.builtin.set_fact: diff --git a/roles/matrix-mailer/tasks/main.yml b/roles/custom/matrix-mailer/tasks/main.yml similarity index 100% rename from roles/matrix-mailer/tasks/main.yml rename to roles/custom/matrix-mailer/tasks/main.yml diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/custom/matrix-mailer/tasks/setup_mailer.yml similarity index 89% rename from roles/matrix-mailer/tasks/setup_mailer.yml rename to roles/custom/matrix-mailer/tasks/setup_mailer.yml index 2ab39df5..5d81565a 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/custom/matrix-mailer/tasks/setup_mailer.yml @@ -35,7 +35,7 @@ when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool" - name: Ensure exim-relay Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mailer_docker_image }}" source: build force_source: "{{ matrix_mailer_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -47,21 +47,21 @@ when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool" - name: Ensure exim-relay image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mailer_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" when: "matrix_mailer_enabled | bool and not matrix_mailer_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-mailer.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mailer.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" mode: 0644 register: matrix_mailer_systemd_service_result when: matrix_mailer_enabled | bool @@ -77,7 +77,7 @@ - name: Check existence of matrix-mailer service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mailer.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" register: matrix_mailer_service_stat when: "not matrix_mailer_enabled | bool" @@ -92,7 +92,7 @@ - name: Ensure matrix-mailer.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mailer.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" state: absent when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists" @@ -108,7 +108,7 @@ when: "not matrix_mailer_enabled | bool" - name: Ensure mailer Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_mailer_docker_image }}" state: absent when: "not matrix_mailer_enabled | bool" diff --git a/roles/matrix-mailer/templates/env-mailer.j2 b/roles/custom/matrix-mailer/templates/env-mailer.j2 similarity index 100% rename from roles/matrix-mailer/templates/env-mailer.j2 rename to roles/custom/matrix-mailer/templates/env-mailer.j2 diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 similarity index 51% rename from roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 rename to roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index 83cd298e..469d0817 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -7,13 +7,13 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true' # --hostname gives us a friendlier hostname than the default. # The real hostname is passed via a `HOSTNAME` environment variable though. -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mailer \ --log-driver=none \ --user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \ --cap-drop=ALL \ @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml similarity index 91% rename from roles/matrix-nginx-proxy/defaults/main.yml rename to roles/custom/matrix-nginx-proxy/defaults/main.yml index 1754e8e3..e0d489c3 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.23.0-alpine +matrix_nginx_proxy_version: 1.23.2-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but @@ -148,6 +148,21 @@ matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "" # A list of strings containing additional configuration blocks to add to the Dendrite's server configuration (matrix-dendrite.conf). matrix_nginx_proxy_proxy_dendrite_additional_server_configuration_blocks: [] +# Controls whether proxying for Conduit should be done. +matrix_nginx_proxy_proxy_conduit_enabled: false +matrix_nginx_proxy_proxy_conduit_hostname: "matrix-nginx-proxy" +matrix_nginx_proxy_proxy_conduit_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}" +# Controls whether the Client API server (usually at matrix.DOMAIN:443) should explicitly reject `/_matrix/federation` endpoints. +matrix_nginx_proxy_proxy_conduit_block_federation_api_on_client_port: true +# The addresses where the Matrix Client API is, when using Conduit. +matrix_nginx_proxy_proxy_conduit_client_api_addr_with_container: "" +matrix_nginx_proxy_proxy_conduit_client_api_addr_sans_container: "" +# The addresses where the Federation API is, when using Conduit. +matrix_nginx_proxy_proxy_conduit_federation_api_addr_with_container: "" +matrix_nginx_proxy_proxy_conduit_federation_api_addr_sans_container: "" +# A list of strings containing additional configuration blocks to add to the Conduit's server configuration (matrix-conduit.conf). +matrix_nginx_proxy_proxy_conduit_additional_server_configuration_blocks: [] + # Controls whether proxying the Element domain should be done. matrix_nginx_proxy_proxy_element_enabled: false matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}" @@ -177,6 +192,10 @@ matrix_nginx_proxy_proxy_matrix_federation_port: 8448 matrix_nginx_proxy_proxy_dimension_enabled: false matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}" +# Controls whether proxying the etherpad domain should be done. +matrix_nginx_proxy_proxy_etherpad_enabled: false +matrix_nginx_proxy_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}" + # Controls whether proxying the goneb domain should be done. matrix_nginx_proxy_proxy_bot_go_neb_enabled: false matrix_nginx_proxy_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}" @@ -241,7 +260,7 @@ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path: "{{ matrix_nginx_proxy_ # when `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` are provided. # This image provides the `htpasswd` tool which we use for generating the htpasswd file protecting `/metrics/*`. # To avoid using this, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead of supplying username/password. -# Learn more in: `roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. +# Learn more in: `roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image: "{{ matrix_container_global_registry_prefix }}httpd:{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag }}" matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag: "2.4.54-alpine3.16" matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag.endswith(':latest') }}" @@ -362,6 +381,9 @@ matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to etherpad's server configuration (matrix-etherpad.conf). +matrix_nginx_proxy_proxy_etherpad_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to GoNEB's server configuration (matrix-bot-go-neb.conf). matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks: [] @@ -539,7 +561,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.28.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.31.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ @@ -564,6 +586,20 @@ matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" matrix_ssl_pre_obtaining_required_service_name: ~ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds: 60 +# matrix_ssl_orphaned_renewal_configs_purging_enabled controls whether the playbook will delete Let's Encryption renewal configuration files (`/matrix/ssl/config/renewal/*.conf) +# for domains that are not part of the `matrix_ssl_domains_to_obtain_certificates_for` list. +# +# As the `matrix_ssl_domains_to_obtain_certificates_for` list changes over time, the playbook obtains certificates for various domains +# and sets up "renewal" configuration files to keep these certificates fresh. +# When a domain disappears from the `matrix_ssl_domains_to_obtain_certificates_for` list (because its associated service had gotten disabled), +# the certificate files and renewal configuration still remain in the filesystem and certbot may try to renewal the certificate for this domain. +# If there's no DNS record for this domain or it doesn't point to this server anymore, the `matrix-ssl-lets-encrypt-certificates-renew.service` systemd service +# won't be able to renew the certificate and will generate an error. +# +# With `matrix_ssl_orphaned_renewal_configs_purging_enabled` enabled, orphaned renewal configurations will be purged on each playbook run. +# Some other leftover files will still remain, but we don't bother purging them because they don't cause troubles. +matrix_ssl_orphaned_renewal_configs_purging_enabled: true + # Nginx Optimize SSL Session # # ssl_session_cache: @@ -615,13 +651,17 @@ matrix_nginx_proxy_synapse_workers_enabled: false matrix_nginx_proxy_synapse_workers_list: [] matrix_nginx_proxy_synapse_generic_worker_client_server_locations: [] matrix_nginx_proxy_synapse_generic_worker_federation_locations: [] +matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: [] matrix_nginx_proxy_synapse_media_repository_locations: [] matrix_nginx_proxy_synapse_user_dir_locations: [] -matrix_nginx_proxy_synapse_frontend_proxy_locations: [] # synapse content caching matrix_nginx_proxy_synapse_cache_enabled: false -matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path+'/synapse-cache' }}" +matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path + '/synapse-cache' }}" matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC" matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m" matrix_nginx_proxy_synapse_cache_inactive_time: "48h" diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/custom/matrix-nginx-proxy/tasks/init.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/init.yml rename to roles/custom/matrix-nginx-proxy/tasks/init.yml diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/custom/matrix-nginx-proxy/tasks/main.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/main.yml rename to roles/custom/matrix-nginx-proxy/tasks/main.yml diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml similarity index 91% rename from roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml rename to roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index c511e402..a72d26f6 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -15,16 +15,17 @@ # See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module # We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. # As a workaround, we run `htpasswd` from an Apache container image. -- block: +- when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' + block: - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - docker_image: + community.docker.docker_image: name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed # We store the password in a file and make the `htpasswd` tool read it from there, @@ -40,7 +41,7 @@ - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -57,4 +58,3 @@ ansible.builtin.file: path: /tmp/matrix-nginx-proxy-metrics-password state: absent - when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml b/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml similarity index 94% rename from roles/matrix-nginx-proxy/tasks/self_check_well_known.yml rename to roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml index 2a5042d5..e7ed549c 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml @@ -9,7 +9,8 @@ follow_redirects: "{{ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects }}" validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}" -- block: +- when: matrix_well_known_matrix_server_enabled | bool + block: - ansible.builtin.set_fact: well_known_file_check_matrix_server: path: /.well-known/matrix/server @@ -21,7 +22,6 @@ - name: Determine domains that we require certificates for (ma1sd) ansible.builtin.set_fact: well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}" - when: matrix_well_known_matrix_server_enabled | bool - name: Perform well-known checks ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml" diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known_file.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml rename to roles/custom/matrix-nginx-proxy/tasks/self_check_well_known_file.yml diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml similarity index 90% rename from roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml rename to roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 7e642853..3b1cfc28 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -68,6 +68,19 @@ state: absent when: "not matrix_nginx_proxy_proxy_dendrite_enabled | bool" +- name: Ensure Matrix nginx-proxy configuration for matrix-conduit exists + ansible.builtin.template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-conduit.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-conduit.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_conduit_enabled | bool + +- name: Ensure Matrix nginx-proxy configuration for matrix-conduit deleted + ansible.builtin.file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-conduit.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_conduit_enabled | bool" + - name: Ensure Matrix nginx-proxy configuration for Element domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2" @@ -110,6 +123,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_dimension_enabled | bool +- name: Ensure Matrix nginx-proxy configuration for etherpad domain exists + ansible.builtin.template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-etherpad.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-etherpad.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_etherpad_enabled | bool + - name: Ensure Matrix nginx-proxy configuration for goneb domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2" @@ -187,21 +207,21 @@ # Tasks related to setting up matrix-nginx-proxy # - name: Ensure nginx Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_nginx_proxy_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}" when: matrix_nginx_proxy_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-nginx-proxy.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" mode: 0644 register: matrix_nginx_proxy_systemd_service_result when: matrix_nginx_proxy_enabled | bool @@ -218,7 +238,7 @@ - name: Check existence of matrix-nginx-proxy service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" register: matrix_nginx_proxy_service_stat when: "not matrix_nginx_proxy_enabled | bool" @@ -233,7 +253,7 @@ - name: Ensure matrix-nginx-proxy.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" state: absent when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists" @@ -314,6 +334,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for etherpad domain deleted + ansible.builtin.file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-etherpad.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_etherpad_enabled | bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_well_known.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/setup_well_known.yml rename to roles/custom/matrix-nginx-proxy/tasks/setup_well_known.yml diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/ssl/main.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/purge_ssl_lets_encrypt_orphaned_configs.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/purge_ssl_lets_encrypt_orphaned_configs.yml new file mode 100644 index 00000000..51fd1f31 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/purge_ssl_lets_encrypt_orphaned_configs.yml @@ -0,0 +1,27 @@ +--- + +- name: Check if a Let's Encrypt renewal configuration directory exists + ansible.builtin.stat: + path: "{{ matrix_ssl_config_dir_path }}/renewal" + register: matrix_ssl_config_renewal_directory_stat_result + +- when: matrix_ssl_config_renewal_directory_stat_result.stat.exists | bool + block: + - name: Determine current Let's Encrypt renewal configs + ansible.builtin.find: + path: "{{ matrix_ssl_config_dir_path }}/renewal" + patterns: ".*.conf$" + use_regex: true + register: matrix_ssl_current_renewal_config_files + + - name: Determine unnecessary Let's Encrypt renewal configs + ansible.builtin.set_fact: + matrix_ssl_current_renewal_config_files_to_purge: "{{ matrix_ssl_current_renewal_config_files_to_purge | default([]) + [item.path] }}" + with_items: "{{ matrix_ssl_current_renewal_config_files.files }}" + when: "item.path | basename | replace('.conf', '') not in matrix_ssl_domains_to_obtain_certificates_for" + + - name: Purge unneceessary Let's Encrypt renewal config files + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: "{{ matrix_ssl_current_renewal_config_files_to_purge | default([]) }}" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml similarity index 82% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 0e5339a9..77361f3f 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -16,9 +16,13 @@ # Tasks related to setting up Let's Encrypt's management of certificates # -- block: +- when: "matrix_ssl_retrieval_method == 'lets-encrypt'" + block: + - when: matrix_ssl_orphaned_renewal_configs_purging_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/purge_ssl_lets_encrypt_orphaned_configs.yml" + - name: Ensure certbot Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -26,7 +30,7 @@ - name: Obtain Let's Encrypt certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name @@ -39,20 +43,20 @@ - name: Ensure SSL renewal systemd units installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/{{ item.name }}.j2" - dest: "{{ matrix_systemd_path }}/{{ item.name }}" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item.name }}" mode: 0644 when: "item.applicable | bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" - when: "matrix_ssl_retrieval_method == 'lets-encrypt'" # # Tasks related to getting rid of Let's Encrypt's management of certificates # -- block: +- when: "matrix_ssl_retrieval_method != 'lets-encrypt'" + block: - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed ansible.builtin.file: - path: "{{ matrix_systemd_path }}/{{ item.name }}" + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item.name }}" state: absent when: "not item.applicable | bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" @@ -61,4 +65,3 @@ ansible.builtin.file: path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" state: absent - when: "matrix_ssl_retrieval_method != 'lets-encrypt'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml similarity index 95% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index 18cae090..b10791a7 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -13,7 +13,8 @@ - ansible.builtin.set_fact: domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}" -- block: +- when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''" + block: - name: Ensure required service for obtaining is started ansible.builtin.service: name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" @@ -24,13 +25,12 @@ ansible.builtin.wait_for: timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" when: "matrix_ssl_pre_obtaining_required_service_start_result.changed | bool" - when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''" # This will fail if there is something running on port 80 (like matrix-nginx-proxy). # We suppress the error, as we'll try another method below. - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly) ansible.builtin.shell: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name=matrix-certbot --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -59,7 +59,7 @@ # and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`. - name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy) ansible.builtin.shell: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name=matrix-certbot --user={{ matrix_user_uid }}:{{ matrix_user_gid }} diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml similarity index 95% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml index f6fc5a81..769af323 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml @@ -2,7 +2,7 @@ - name: Verify certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name when: "matrix_ssl_retrieval_method == 'manually-managed'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml similarity index 76% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml index 3a7f1958..7ebdec79 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml @@ -1,11 +1,13 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_openssl_installed when: "matrix_ssl_retrieval_method == 'self-signed'" - name: Generate self-signed certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name when: "matrix_ssl_retrieval_method == 'self-signed'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml similarity index 98% rename from roles/matrix-nginx-proxy/tasks/validate_config.yml rename to roles/custom/matrix-nginx-proxy/tasks/validate_config.yml index 6c87a4bb..f7d18c9e 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml @@ -35,7 +35,8 @@ - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" -- block: +- when: "matrix_ssl_retrieval_method == 'lets-encrypt'" + block: - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: msg: >- @@ -57,7 +58,6 @@ - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container" - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" when: "vars[item] == '' or vars[item] is none" - when: "matrix_ssl_retrieval_method == 'lets-encrypt'" - name: (Deprecation) Catch and report old metrics usage ansible.builtin.fail: diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 similarity index 97% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 index 3aff997d..44978dc4 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 @@ -45,7 +45,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 index 0ce1473b..4f0fd4a8 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 @@ -24,7 +24,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-bot-buscarron:8080"; proxy_pass http://$backend; {% else %} @@ -51,7 +51,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 index e5589f55..a62ddfc8 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 @@ -18,7 +18,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-bot-go-neb:4050"; proxy_pass http://$backend; {% else %} @@ -44,7 +44,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 index df66349f..2ec6eb1b 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 @@ -24,7 +24,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-client-cinny:8080"; proxy_pass http://$backend; {% else %} @@ -51,7 +51,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 index dea91b21..0beeae52 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 @@ -26,7 +26,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-client-element:8080"; proxy_pass http://$backend; {% else %} @@ -53,7 +53,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 index e9428c55..7a2e9dfa 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 @@ -24,7 +24,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-client-hydrogen:8080"; proxy_pass http://$backend; {% else %} @@ -51,7 +51,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 new file mode 100644 index 00000000..6e7aca79 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 @@ -0,0 +1,77 @@ +#jinja2: lstrip_blocks: "True" + +server { + listen 12080; + server_name {{ matrix_nginx_proxy_proxy_conduit_hostname }}; + + server_tokens off; + root /dev/null; + + gzip on; + gzip_types text/plain application/json; + + {% for configuration_block in matrix_nginx_proxy_proxy_conduit_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + {% if matrix_nginx_proxy_proxy_conduit_block_federation_api_on_client_port %} + location /_matrix/federation { + {% if matrix_nginx_proxy_proxy_conduit_federation_api_enabled %} + return 404 'The Federation API is served at https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}'; + {% else %} + return 404 'This Matrix server is running with federation disabled'; + {% endif %} + } + {% endif %} + + {# Everything else just goes to the API server ##} + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_conduit_client_api_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_conduit_client_api_addr_sans_container }}; + {% endif %} + + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + } +} + +{% if matrix_nginx_proxy_proxy_conduit_federation_api_enabled %} +server { + listen 12088; + + server_name {{ matrix_nginx_proxy_proxy_conduit_hostname }}; + server_tokens off; + + root /dev/null; + + gzip on; + gzip_types text/plain application/json; + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_conduit_federation_api_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_conduit_federation_api_addr_sans_container }}; + {% endif %} + + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + } +} +{% endif %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 similarity index 94% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 index 939156a3..10eccf37 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 @@ -28,7 +28,7 @@ server { location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -59,7 +59,7 @@ server { location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 index 07347be6..730fc4c1 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 @@ -21,7 +21,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-dimension:8184"; proxy_pass http://$backend; {% else %} @@ -47,7 +47,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 2895ba14..63d45bc6 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -62,7 +62,7 @@ location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -80,7 +80,7 @@ location ^~ /_matrix/identity { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -98,7 +98,7 @@ location ^~ /_matrix/client/r0/user_directory/search { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -115,7 +115,7 @@ location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -140,7 +140,7 @@ location ~* ^({{ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes|join('|') }}) { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -185,7 +185,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} @@ -288,7 +288,7 @@ server { location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-etherpad.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-etherpad.conf.j2 new file mode 100644 index 00000000..8cad9ee3 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-etherpad.conf.j2 @@ -0,0 +1,108 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + +{% for configuration_block in matrix_nginx_proxy_proxy_etherpad_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-etherpad:9001"; + proxy_pass http://$backend; + {# These are proxy directives needed specifically by Etherpad #} + proxy_buffering off; + proxy_http_version 1.1; {# recommended with keepalive connections #} + proxy_pass_header Server; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; {# for EP to set secure cookie flag when https is used #} + {# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html #} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% else %} + {# Generic configuration for use outside of our container setup #} + # A good guide for setting up your Etherpad behind nginx: + # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html + proxy_pass http://127.0.0.1:9001/; + {% endif %} + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_etherpad_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_etherpad_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_etherpad_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_etherpad_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != '' %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_etherpad_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 index def67f66..09418044 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 @@ -28,7 +28,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-grafana:3000"; proxy_pass http://$backend; {% else %} @@ -55,7 +55,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 similarity index 94% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index 54b8ea43..aa4b6b44 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -21,7 +21,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-jitsi-web:80"; proxy_pass http://$backend; {% else %} @@ -36,7 +36,7 @@ # colibri (JVB) websockets location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { {% if matrix_nginx_proxy_enabled %} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-jitsi-jvb:9090"; proxy_pass http://$backend; {% else %} @@ -57,7 +57,7 @@ # XMPP websocket location = /xmpp-websocket { {% if matrix_nginx_proxy_enabled %} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend {{ matrix_jitsi_xmpp_bosh_url_base }}; proxy_pass $backend/xmpp-websocket; {% else %} @@ -89,7 +89,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 similarity index 95% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index 988b3b35..fbae47e1 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -20,8 +20,8 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-ntfy:80"; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-ntfy:8080"; proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} @@ -49,7 +49,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 similarity index 97% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 index 5bcbeba5..99026913 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 @@ -36,7 +36,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 index 0f33c0a7..e3c6a461 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 @@ -19,7 +19,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-sygnal:6000"; proxy_pass http://$backend; {% else %} @@ -46,7 +46,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 new file mode 100644 index 00000000..da189329 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -0,0 +1,229 @@ +#jinja2: lstrip_blocks: "True" + +{% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} +{% set stream_writer_typing_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %} +{% set stream_writer_to_device_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %} +{% set stream_writer_account_data_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %} +{% set stream_writer_receipts_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %} +{% set stream_writer_presence_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %} +{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} +{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} + +{% macro render_worker_upstream(name, workers, matrix_nginx_proxy_enabled) %} +{% if workers | length > 0 %} + upstream {{ name }} { + {% for worker in workers %} + {% if matrix_nginx_proxy_enabled %} + server "{{ worker.name }}:{{ worker.port }}"; + {% else %} + server "127.0.0.1:{{ worker.port }}"; + {% endif %} + {% endfor %} + } +{% endif %} +{% endmacro %} + +{% macro render_locations_to_upstream(locations, upstream_name) %} + {% for location in locations %} + location ~ {{ location }} { + proxy_pass http://{{ upstream_name }}$request_uri; + proxy_set_header Host $host; + } + {% endfor %} +{% endmacro %} + +{% if matrix_nginx_proxy_synapse_workers_enabled %} + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; + {% endif %} + # Round Robin "upstream" pools for workers + + {% if generic_workers |length > 0 %} + upstream generic_workers_upstream { + # ensures that requests from the same client will always be passed + # to the same server (except when this server is unavailable) + hash $http_x_forwarded_for; + + {% for worker in generic_workers %} + {% if matrix_nginx_proxy_enabled %} + server "{{ worker.name }}:{{ worker.port }}"; + {% else %} + server "127.0.0.1:{{ worker.port }}"; + {% endif %} + {% endfor %} + } + {% endif %} + + {{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers, matrix_nginx_proxy_enabled) }} + + {{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers, matrix_nginx_proxy_enabled) }} + + {{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers, matrix_nginx_proxy_enabled) }} +{% endif %} + +server { + listen 12080; + {% if matrix_nginx_proxy_enabled %} + server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; + {% endif %} + + server_tokens off; + root /dev/null; + + gzip on; + gzip_types text/plain application/json; + + {% if matrix_nginx_proxy_synapse_workers_enabled %} + {# Workers redirects BEGIN #} + + {% if generic_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }} + {% endif %} + + {% if stream_writer_typing_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_to_device_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_account_data_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_receipts_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_presence_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }} + {% endif %} + + {% if media_repository_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} + location ~ {{ location }} { + proxy_pass http://media_repository_workers_upstream$request_uri; + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} + } + {% endfor %} + {% endif %} + + {% if user_dir_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory + # If matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set, requests may not reach here, + # but could be captured early on (see `matrix-domain.conf.j2`) and forwarded elsewhere (to an identity server, etc.). + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_user_dir_locations, 'user_dir_workers_upstream') }} + {% endif %} + {# Workers redirects END #} + {% endif %} + + + {% for configuration_block in matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + {# Everything else just goes to the API server ##} + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container }}; + {% endif %} + + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + } +} + +{% if matrix_nginx_proxy_proxy_synapse_federation_api_enabled %} +server { + listen 12088; + {% if matrix_nginx_proxy_enabled %} + server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; + {% endif %} + + server_tokens off; + + root /dev/null; + + gzip on; + gzip_types text/plain application/json; + + {% if matrix_nginx_proxy_synapse_workers_enabled %} + {% if generic_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }} + {% endif %} + {% if media_repository_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} + location ~ {{ location }} { + proxy_pass http://media_repository_workers_upstream$request_uri; + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} + } + {% endfor %} + {% endif %} + {% endif %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container }}; + {% endif %} + + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + } +} +{% endif %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2 diff --git a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 similarity index 64% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 74356ea9..ee32be38 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-nginx-proxy \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -51,12 +51,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ {{ matrix_nginx_proxy_docker_image }} {% for network in matrix_nginx_proxy_container_additional_networks %} -ExecStartPost={{ matrix_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ matrix_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' +ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' {% endfor %} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 SyslogIdentifier=matrix-nginx-proxy diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 similarity index 68% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 index c14905ce..c7f372d9 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 @@ -3,5 +3,5 @@ Description=Renews Let's Encrypt SSL certificates [Service] Type=oneshot -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 similarity index 52% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 index 851655ba..025c5e2d 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 @@ -3,4 +3,4 @@ Description=Reloads matrix-nginx-proxy so that new SSL certificates can kick in [Service] Type=oneshot -ExecStart={{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service +ExecStart={{ devture_systemd_docker_base_host_command_systemctl }} reload matrix-nginx-proxy.service diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 diff --git a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 rename to roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 diff --git a/roles/matrix-nginx-proxy/vars/main.yml b/roles/custom/matrix-nginx-proxy/vars/main.yml similarity index 100% rename from roles/matrix-nginx-proxy/vars/main.yml rename to roles/custom/matrix-nginx-proxy/vars/main.yml diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml similarity index 98% rename from roles/matrix-ntfy/defaults/main.yml rename to roles/custom/matrix-ntfy/defaults/main.yml index 66bc5be4..76243980 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/custom/matrix-ntfy/defaults/main.yml @@ -7,7 +7,7 @@ matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config" matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" -matrix_ntfy_version: v1.27.2 +matrix_ntfy_version: v1.28.0 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-ntfy/tasks/init.yml b/roles/custom/matrix-ntfy/tasks/init.yml similarity index 100% rename from roles/matrix-ntfy/tasks/init.yml rename to roles/custom/matrix-ntfy/tasks/init.yml diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/custom/matrix-ntfy/tasks/main.yml similarity index 100% rename from roles/matrix-ntfy/tasks/main.yml rename to roles/custom/matrix-ntfy/tasks/main.yml diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/custom/matrix-ntfy/tasks/self_check.yml similarity index 100% rename from roles/matrix-ntfy/tasks/self_check.yml rename to roles/custom/matrix-ntfy/tasks/self_check.yml diff --git a/roles/matrix-ntfy/tasks/setup_install.yml b/roles/custom/matrix-ntfy/tasks/setup_install.yml similarity index 86% rename from roles/matrix-ntfy/tasks/setup_install.yml rename to roles/custom/matrix-ntfy/tasks/setup_install.yml index 9afabc4c..5ad8e507 100644 --- a/roles/matrix-ntfy/tasks/setup_install.yml +++ b/roles/custom/matrix-ntfy/tasks/setup_install.yml @@ -1,14 +1,14 @@ --- - name: Ensure matrix-ntfy image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_ntfy_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-ntfy paths exists @@ -34,7 +34,7 @@ - name: Ensure matrix-ntfy.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" mode: 0644 register: matrix_ntfy_systemd_service_result diff --git a/roles/matrix-ntfy/tasks/setup_uninstall.yml b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-ntfy/tasks/setup_uninstall.yml rename to roles/custom/matrix-ntfy/tasks/setup_uninstall.yml index f6d9cc8a..e0eedfd8 100644 --- a/roles/matrix-ntfy/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-ntfy service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" register: matrix_ntfy_service_stat - name: Ensure matrix-ntfy is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-ntfy.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" state: absent when: "matrix_ntfy_service_stat.stat.exists" @@ -31,6 +31,6 @@ state: absent - name: Ensure ntfy Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_ntfy_docker_image }}" state: absent diff --git a/roles/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 similarity index 81% rename from roles/matrix-ntfy/templates/ntfy/server.yml.j2 rename to roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 index 4cafcd62..096991a7 100644 --- a/roles/matrix-ntfy/templates/ntfy/server.yml.j2 +++ b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 @@ -1,3 +1,4 @@ base_url: {{ matrix_ntfy_base_url }} behind_proxy: true cache_file: /data/cache.db +listen-http: :8080 diff --git a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 new file mode 100644 index 00000000..a10cb584 --- /dev/null +++ b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -0,0 +1,38 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-ntfy +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + {% for arg in matrix_ntfy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_ntfy_container_http_host_bind_port %} + -p {{ matrix_ntfy_container_http_host_bind_port }}:8080 \ + {% endif %} + --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ + --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ + {{ matrix_ntfy_docker_image }} \ + serve + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-ntfy + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/custom/matrix-postgres-backup/defaults/main.yml similarity index 62% rename from roles/matrix-postgres-backup/defaults/main.yml rename to roles/custom/matrix-postgres-backup/defaults/main.yml index ed42266f..abdfa74c 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/custom/matrix-postgres-backup/defaults/main.yml @@ -24,19 +24,20 @@ matrix_postgres_backup_postgres_data_path: "" matrix_postgres_backup_architecture: amd64 -# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. +# matrix_postgres_backup_docker_image_distro controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. # Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7). # On ARM32, `-alpine` images fail with the following error: # > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault -matrix_postgres_backup_docker_image_suffix: "{{ '-alpine' if matrix_postgres_backup_architecture in ['amd64', 'arm64'] else '' }}" +matrix_postgres_backup_docker_image_distro: "{{ 'alpine' if matrix_postgres_backup_architecture in ['amd64', 'arm64'] else 'debian' }}" -matrix_postgres_backup_docker_image_v9: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:9.6{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v10: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:10{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:11{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v14 }}" +matrix_postgres_backup_docker_image_v9: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:9.6-{{ matrix_postgres_backup_docker_image_distro }}-2aa03d1" +matrix_postgres_backup_docker_image_v10: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:10-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:11-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v15: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:15-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v15 }}" # This variable is assigned at runtime. Overriding its value has no effect. matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}' diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/custom/matrix-postgres-backup/tasks/init.yml similarity index 100% rename from roles/matrix-postgres-backup/tasks/init.yml rename to roles/custom/matrix-postgres-backup/tasks/init.yml diff --git a/roles/matrix-postgres-backup/tasks/main.yml b/roles/custom/matrix-postgres-backup/tasks/main.yml similarity index 100% rename from roles/matrix-postgres-backup/tasks/main.yml rename to roles/custom/matrix-postgres-backup/tasks/main.yml diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml similarity index 88% rename from roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml rename to roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml index a6246757..6066ee49 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -4,7 +4,7 @@ # Tasks related to setting up postgres backup # - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: detect_existing_postgres_version when: 'matrix_postgres_backup_enabled | bool and matrix_postgres_backup_postgres_data_path != ""' @@ -17,15 +17,15 @@ when: matrix_postgres_backup_enabled | bool - name: Ensure postgres backup Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_postgres_backup_docker_image_to_use }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" when: matrix_postgres_backup_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Postgres backup paths exist @@ -53,7 +53,7 @@ - name: Ensure matrix-postgres-backup.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" mode: 0644 register: matrix_postgres_backup_systemd_service_result when: matrix_postgres_backup_enabled | bool @@ -69,7 +69,7 @@ - name: Check existence of matrix-postgres-backup service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" register: matrix_postgres_backup_service_stat when: "not matrix_postgres_backup_enabled | bool" @@ -83,7 +83,7 @@ - name: Ensure matrix-postgres-backup.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" state: absent when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists" @@ -101,9 +101,9 @@ # We just want to notify the user. Deleting data is too destructive. - name: Inject warning if matrix-postgres backup data remains ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it." diff --git a/roles/matrix-postgres-backup/tasks/validate_config.yml b/roles/custom/matrix-postgres-backup/tasks/validate_config.yml similarity index 60% rename from roles/matrix-postgres-backup/tasks/validate_config.yml rename to roles/custom/matrix-postgres-backup/tasks/validate_config.yml index 8a2ddb5a..aab68eaf 100644 --- a/roles/matrix-postgres-backup/tasks/validate_config.yml +++ b/roles/custom/matrix-postgres-backup/tasks/validate_config.yml @@ -16,3 +16,12 @@ - "matrix_postgres_backup_keep_months" - "matrix_postgres_backup_path" - "matrix_postgres_backup_databases" + +- name: (Deprecation) Catch and report renamed settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_postgres_backup_docker_image_suffix', 'new': 'matrix_postgres_backup_docker_image_distro'} diff --git a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2 similarity index 100% rename from roles/matrix-postgres-backup/templates/env-postgres-backup.j2 rename to roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2 diff --git a/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 new file mode 100644 index 00000000..618eb548 --- /dev/null +++ b/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Automatic Backup of Matrix Postgres server +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop matrix-postgres-backup +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-backup \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_postgres_backup_path }}/env-postgres-backup \ + --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ + {{ matrix_postgres_backup_docker_image_to_use }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop matrix-postgres-backup +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-postgres-backup + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/custom/matrix-postgres/defaults/main.yml similarity index 79% rename from roles/matrix-postgres/defaults/main.yml rename to roles/custom/matrix-postgres/defaults/main.yml index 39481f2e..5a0cdb6c 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/custom/matrix-postgres/defaults/main.yml @@ -15,6 +15,10 @@ matrix_postgres_db_name: "matrix" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" +# matrix_postgres_systemd_services_to_stop_for_maintenance_list specifies the list of systemd services to stop before vacuuming or upgrading. +# These services will be restarted after the operation completes. +matrix_postgres_systemd_services_to_stop_for_maintenance_list: [] + matrix_postgres_architecture: amd64 # matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. @@ -24,12 +28,13 @@ matrix_postgres_architecture: amd64 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.21{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.4{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.22{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.17{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.12{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.8{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.5{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v15: "{{ matrix_container_global_registry_prefix }}postgres:15.0{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v15 }}" # This variable is assigned at runtime. Overriding its value has no effect. matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}' @@ -67,7 +72,14 @@ matrix_postgres_additional_databases: [] # If a dump file contains the roles and they've also been created beforehand (see `matrix_postgres_additional_databases`), # importing would fail. # We either need to not create them or to ignore the `CREATE ROLE` statements in the dump. -matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username] +matrix_postgres_import_roles_to_ignore: | + {{ + ( + [matrix_postgres_connection_username] + + + matrix_postgres_additional_databases|map(attribute='username') | list + ) | unique + }} # When importing an existing Postgres database (when restoring a backup) or when doing a Postgres upgrade (which dumps & restores), we'd like to avoid: # - creating users (`CREATE ROLE ..`) @@ -78,15 +90,25 @@ matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username] # which is unsupported by default by newer Postgres versions (v14+). # When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+. # If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default. -matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)" # noqa var-spacing +# +# We also allow for the role name to be quoted, which is rare, but might happen for role names which are special keywords (e.g. `default`). +matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE \\\"?({{ matrix_postgres_import_roles_to_ignore | join('|') }})\\\"?(;| WITH)" # noqa jinja[spacing] # A list of databases to avoid creating when importing (or upgrading) the database. # If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`), # importing would fail. # We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump. -matrix_postgres_import_databases_to_ignore: [matrix_postgres_db_name] +matrix_postgres_import_databases_to_ignore: | + {{ + ( + [matrix_postgres_db_name] + + + matrix_postgres_additional_databases|map(attribute='name') | list + ) | unique + }} -matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s" # noqa var-spacing +# We also allow for the database name to be quoted, which is rare, but might happen for database names which are special keywords (e.g. `default`). +matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE \\\"?({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\\"?\\s" # noqa jinja[spacing] # The number of seconds to wait after starting `matrix-postgres.service` # and before trying to run queries for creating additional databases/users against it. diff --git a/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml b/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml similarity index 85% rename from roles/matrix-postgres/tasks/detect_existing_postgres_version.yml rename to roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml index 4f4e5e9a..1be8291b 100644 --- a/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml +++ b/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml @@ -6,6 +6,12 @@ # This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible # to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html + +- name: Fail detection if expectation fails (Postgres not enabled) + ansible.builtin.fail: + msg: "Trying to detect the version of the built-in Postgres server, but Postgres installation is not enabled (`matrix_postgres_enabled: false`)" + when: not matrix_postgres_enabled + - name: Initialize Postgres version determination variables (default to empty) ansible.builtin.set_fact: matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" @@ -62,3 +68,8 @@ ansible.builtin.set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v13 }}" when: "matrix_postgres_detected_version == '13' or matrix_postgres_detected_version.startswith('13.')" + +- name: Determine corresponding Docker image to detected version (use 14.x, if detected) + ansible.builtin.set_fact: + matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v14 }}" + when: "matrix_postgres_detected_version == '14' or matrix_postgres_detected_version.startswith('14.')" diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml similarity index 88% rename from roles/matrix-postgres/tasks/import_generic_sqlite_db.yml rename to roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml index 671cb33f..c3fff520 100644 --- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ b/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml @@ -25,15 +25,16 @@ # We either expect `postgres_db_connection_string` specifying a full Postgres database connection string, # or `postgres_connection_string_variable_name`, specifying a name of a variable, which contains a valid connection string. -- block: +- when: 'postgres_connection_string_variable_name is defined' + block: - name: Fail if postgres_connection_string_variable_name points to an undefined variable - ansible.builtin.fail: msg="postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`" + ansible.builtin.fail: + msg: "postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`" when: "postgres_connection_string_variable_name not in vars" - name: Get Postgres connection string from variable ansible.builtin.set_fact: postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}" - when: 'postgres_connection_string_variable_name is defined' - name: Fail if playbook called incorrectly ansible.builtin.fail: @@ -67,10 +68,10 @@ become: false when: "matrix_postgres_service_start_result.changed | bool" -- name: Import SQLite database from {{ sqlite_database_path }} into Postgres +- name: Import SQLite database from {{ sqlite_database_path }} into Postgres # noqa name[template] ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -83,7 +84,7 @@ register: matrix_postgres_import_generic_sqlite_db_import_result changed_when: matrix_postgres_import_generic_sqlite_db_import_result.rc == 0 -- name: Archive SQLite database ({{ sqlite_database_path }} -> {{ sqlite_database_path }}.backup) +- name: Archive SQLite database ({{ sqlite_database_path }} -> {{ sqlite_database_path }}.backup) # noqa name[template] ansible.builtin.command: cmd: "mv {{ sqlite_database_path }} {{ sqlite_database_path }}.backup" register: matrix_postgres_import_generic_sqlite_db_move_result @@ -91,9 +92,9 @@ - name: Inject result ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your SQLite database file has been imported into Postgres. The original file has been moved from `{{ sqlite_database_path }}` to `{{ sqlite_database_path }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file." diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/custom/matrix-postgres/tasks/import_postgres.yml similarity index 90% rename from roles/matrix-postgres/tasks/import_postgres.yml rename to roles/custom/matrix-postgres/tasks/import_postgres.yml index 53d67436..d21333ad 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/custom/matrix-postgres/tasks/import_postgres.yml @@ -49,8 +49,10 @@ name: matrix-postgres state: started daemon_reload: true + register: matrix_postgres_import_start_result - name: Wait a bit, so that Postgres can start + when: matrix_postgres_import_start_result.changed | bool ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 @@ -70,7 +72,7 @@ - name: Generate Postgres database import command ansible.builtin.set_fact: matrix_postgres_import_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-import --log-driver=none --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -108,4 +110,5 @@ async: "{{ postgres_import_wait_time }}" poll: 10 register: matrix_postgres_import_postgres_command_result - changed_when: matrix_postgres_import_postgres_command_result.rc == 0 + failed_when: not matrix_postgres_import_postgres_command_result.finished or matrix_postgres_import_postgres_command_result.rc != 0 + changed_when: matrix_postgres_import_postgres_command_result.finished and matrix_postgres_import_postgres_command_result.rc == 0 diff --git a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml similarity index 98% rename from roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml rename to roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml index a459b6e1..b885ea97 100644 --- a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ b/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml @@ -83,7 +83,7 @@ --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db | basename }} - {{ matrix_synapse_docker_image }} + {{ matrix_synapse_docker_image_final }} /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db | basename }} --postgres-config /data/homeserver.yaml register: matrix_postgres_import_synapse_sqlite_db_result changed_when: matrix_postgres_import_synapse_sqlite_db_result.rc == 0 diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/custom/matrix-postgres/tasks/init.yml similarity index 100% rename from roles/matrix-postgres/tasks/init.yml rename to roles/custom/matrix-postgres/tasks/init.yml diff --git a/roles/matrix-postgres/tasks/main.yml b/roles/custom/matrix-postgres/tasks/main.yml similarity index 100% rename from roles/matrix-postgres/tasks/main.yml rename to roles/custom/matrix-postgres/tasks/main.yml diff --git a/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml b/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml similarity index 92% rename from roles/matrix-postgres/tasks/migrate_db_to_postgres.yml rename to roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml index be967d68..dca284ad 100644 --- a/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml +++ b/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml @@ -31,7 +31,8 @@ msg: "File cannot be found on the server at {{ matrix_postgres_db_migration_request.src }}" when: "not matrix_postgres_db_migration_request_src_stat_result.stat.exists" -- block: +- when: "matrix_postgres_pgloader_container_image_self_build | bool" + block: - name: Ensure pgloader repository is present on self-build ansible.builtin.git: repo: "{{ matrix_postgres_pgloader_container_image_self_build_repo }}" @@ -60,7 +61,7 @@ replace: 'FROM debian:bullseye-slim' - name: Ensure pgloader Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_postgres_pgloader_docker_image }}" source: build force_source: "{{ matrix_postgres_pgloader_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -69,10 +70,9 @@ dockerfile: Dockerfile path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" pull: true - when: "matrix_postgres_pgloader_container_image_self_build | bool" - name: Ensure pgloader Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_postgres_pgloader_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_postgres_pgloader_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -118,10 +118,10 @@ failed_when: false with_items: "{{ matrix_postgres_db_migration_request.systemd_services_to_stop }}" -- name: Import {{ matrix_postgres_db_migration_request.engine_old }} database from {{ matrix_postgres_db_migration_request.src }} into Postgres +- name: Import {{ matrix_postgres_db_migration_request.engine_old }} database from {{ matrix_postgres_db_migration_request.src }} into Postgres # noqa name[template] ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -134,9 +134,10 @@ register: matrix_postgres_migrate_db_to_postgres_import_result changed_when: matrix_postgres_migrate_db_to_postgres_import_result.rc == 0 -- block: +- when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0" + block: - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: detect_existing_postgres_version - ansible.builtin.set_fact: @@ -145,7 +146,7 @@ - name: Execute additional Postgres SQL migration statements ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -157,9 +158,7 @@ register: matrix_postgres_migrate_db_to_postgres_additional_queries_result changed_when: matrix_postgres_migrate_db_to_postgres_additional_queries_result.rc == 0 - when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([])|length > 0" - -- name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) +- name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) # noqa name[template] ansible.builtin.command: cmd: "mv {{ matrix_postgres_db_migration_request.src }} {{ matrix_postgres_db_migration_request.src }}.backup" register: matrix_postgres_migrate_db_to_postgres_move_result @@ -167,9 +166,9 @@ - name: Inject result ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your {{ matrix_postgres_db_migration_request.engine_old }} database file has been imported into Postgres. The original database file has been moved from `{{ matrix_postgres_db_migration_request.src }}` to `{{ matrix_postgres_db_migration_request.src }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file." diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml similarity index 95% rename from roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml rename to roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml index fde580f5..062a05c4 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -52,14 +52,14 @@ group: "{{ matrix_user_groupname }}" when: "result_pg_old_data_dir_stat.stat.exists" -- block: +- when: "result_pg_old_data_dir_stat.stat.exists" + block: - name: Relocate Postgres data files from old directory to new ansible.builtin.command: cmd: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}" with_items: "{{ result_pg_old_data_dir_find.files }}" register: matrix_postgres_migrate_postgres_data_directory_move_result changed_when: matrix_postgres_migrate_postgres_data_directory_move_result.rc == 0 - when: "result_pg_old_data_dir_stat.stat.exists" # Intentionally not starting matrix-postgres here. # It likely needs to be updated to point to the new directory. @@ -68,7 +68,7 @@ - name: Ensure outdated matrix-postgres.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-postgres.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" state: absent when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/custom/matrix-postgres/tasks/run_vacuum.yml similarity index 77% rename from roles/matrix-postgres/tasks/run_vacuum.yml rename to roles/custom/matrix-postgres/tasks/run_vacuum.yml index ce2bee6b..dfa4be7a 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/custom/matrix-postgres/tasks/run_vacuum.yml @@ -28,8 +28,10 @@ name: matrix-postgres state: started daemon_reload: true + register: matrix_postgres_vacuum_start_result - name: Wait a bit, so that Postgres can start + when: matrix_postgres_vacuum_start_result.changed | bool ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 @@ -45,7 +47,7 @@ - name: Generate Postgres database vacuum command ansible.builtin.set_fact: matrix_postgres_vacuum_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} @@ -67,25 +69,28 @@ - ansible.builtin.set_fact: matrix_postgres_synapse_was_running: "{{ ansible_facts.services['matrix-synapse.service'] | default(none) is not none and ansible_facts.services['matrix-synapse.service'].state == 'running' }}" -- name: Ensure matrix-synapse is stopped +- name: Ensure services are stopped ansible.builtin.service: - name: matrix-synapse + name: "{{ item }}" state: stopped daemon_reload: true + with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - name: Run Postgres vacuum command ansible.builtin.command: "{{ matrix_postgres_vacuum_command }}" async: "{{ postgres_vacuum_wait_time }}" poll: 10 register: matrix_postgres_synapse_vacuum_result - changed_when: matrix_postgres_synapse_vacuum_result.rc == 0 + failed_when: not matrix_postgres_synapse_vacuum_result.finished or matrix_postgres_synapse_vacuum_result.rc != 0 + changed_when: matrix_postgres_synapse_vacuum_result.finished and matrix_postgres_synapse_vacuum_result.rc == 0 # Intentionally show the results -- ansible.builtin.debug: var="matrix_postgres_synapse_vacuum_result" +- ansible.builtin.debug: + var: "matrix_postgres_synapse_vacuum_result" -- name: Ensure matrix-synapse is started, if it previously was +- name: Ensure services are started ansible.builtin.service: - name: matrix-synapse + name: "{{ item }}" state: started daemon_reload: true - when: "matrix_postgres_synapse_was_running | bool" + with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/custom/matrix-postgres/tasks/setup_postgres.yml similarity index 91% rename from roles/matrix-postgres/tasks/setup_postgres.yml rename to roles/custom/matrix-postgres/tasks/setup_postgres.yml index 49eb3249..bba0d798 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/custom/matrix-postgres/tasks/setup_postgres.yml @@ -25,9 +25,9 @@ - name: Inject warning if on an old version of Postgres ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your setup is on an old Postgres version ({{ matrix_postgres_docker_image_to_use }}), while {{ matrix_postgres_docker_image_latest }} is supported. You can upgrade using --tags=upgrade-postgres" @@ -37,15 +37,15 @@ # Even if we don't run the internal server, we still need this for running the CLI - name: Ensure postgres Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_postgres_docker_image_to_use }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" when: matrix_postgres_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Postgres paths exist @@ -121,7 +121,7 @@ - name: Ensure matrix-postgres.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-postgres.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" mode: 0644 register: matrix_postgres_systemd_service_result when: matrix_postgres_enabled | bool @@ -146,9 +146,9 @@ - name: Inject warning if backup data remains ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: You have some Postgres backup data in `{{ matrix_postgres_data_path }}-auto-upgrade-backup`, which was created during the last major Postgres update you ran. If your setup works well after this upgrade, feel free to delete this whole directory." @@ -163,7 +163,7 @@ - name: Check existence of matrix-postgres service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-postgres.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" register: matrix_postgres_service_stat when: "not matrix_postgres_enabled | bool" @@ -176,7 +176,7 @@ - name: Ensure matrix-postgres.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-postgres.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" state: absent when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists" @@ -194,9 +194,9 @@ # We just want to notify the user. Deleting data is too destructive. - name: Inject warning if matrix-postgres local data remains ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it." diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml similarity index 93% rename from roles/matrix-postgres/tasks/upgrade_postgres.yml rename to roles/custom/matrix-postgres/tasks/upgrade_postgres.yml index 2f228a4c..d5f7e6c3 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml @@ -55,10 +55,12 @@ - ansible.builtin.debug: msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}" -- name: Ensure matrix-synapse is stopped +- name: Ensure services are stopped ansible.builtin.service: - name: matrix-synapse + name: "{{ item }}" state: stopped + daemon_reload: true + with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - name: Ensure matrix-postgres is started ansible.builtin.service: @@ -80,7 +82,7 @@ - name: Perform Postgres database dump ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-dump --log-driver=none --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --network={{ matrix_docker_network }} @@ -132,7 +134,7 @@ - name: Generate Postgres database import command ansible.builtin.set_fact: matrix_postgres_import_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-import --log-driver=none --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -175,11 +177,12 @@ path: "{{ postgres_dump_dir }}/{{ postgres_dump_name }}" state: absent -- name: Ensure matrix-synapse is started +- name: Ensure services are started ansible.builtin.service: - name: matrix-synapse + name: "{{ item }}" state: started daemon_reload: true + with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - ansible.builtin.debug: msg: "NOTE: Your old Postgres data directory is preserved at `{{ postgres_auto_upgrade_backup_data_path }}`. You might want to get rid of it once you've confirmed that all is well." diff --git a/roles/matrix-postgres/tasks/util/create_additional_database.yml b/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml similarity index 96% rename from roles/matrix-postgres/tasks/util/create_additional_database.yml rename to roles/custom/matrix-postgres/tasks/util/create_additional_database.yml index da95b870..ce441ee1 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_database.yml +++ b/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml @@ -22,7 +22,7 @@ - name: Execute Postgres additional database initialization SQL file for {{ additional_db.name }} ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL diff --git a/roles/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml similarity index 100% rename from roles/matrix-postgres/tasks/util/create_additional_databases.yml rename to roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml diff --git a/roles/matrix-postgres/tasks/validate_config.yml b/roles/custom/matrix-postgres/tasks/validate_config.yml similarity index 96% rename from roles/matrix-postgres/tasks/validate_config.yml rename to roles/custom/matrix-postgres/tasks/validate_config.yml index f239b116..a6225632 100644 --- a/roles/matrix-postgres/tasks/validate_config.yml +++ b/roles/custom/matrix-postgres/tasks/validate_config.yml @@ -36,4 +36,4 @@ - name: Fail if Postgres password length exceeded ansible.builtin.fail: msg: "The maximum `matrix_postgres_connection_password` length is 99 characters" - when: "matrix_postgres_connection_password|length > 99" + when: "matrix_postgres_connection_password | length > 99" diff --git a/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 b/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 new file mode 100644 index 00000000..22058987 --- /dev/null +++ b/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 @@ -0,0 +1,8 @@ +#jinja2: lstrip_blocks: "True" +PGUSER={{ matrix_postgres_connection_username }} +PGPASSWORD={{ matrix_postgres_connection_password }} +PGDATABASE={{ matrix_postgres_db_name }} +# Prevent errors like this: +# > could not save history to file "//.psql_history": Permission denied +# .. due to Postgres not being able to write to the filesystem. +PSQL_HISTORY=/dev/null diff --git a/roles/matrix-postgres/templates/env-postgres-server.j2 b/roles/custom/matrix-postgres/templates/env-postgres-server.j2 similarity index 100% rename from roles/matrix-postgres/templates/env-postgres-server.j2 rename to roles/custom/matrix-postgres/templates/env-postgres-server.j2 diff --git a/roles/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 b/roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 similarity index 100% rename from roles/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 rename to roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 similarity index 62% rename from roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 rename to roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index b30c5ef2..e63267a3 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -7,15 +7,15 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres 2>/dev/null || true' # We need /dev/shm to be larger than the default to allow VACUUM to work. # See: # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1362 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1268 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ {{ matrix_postgres_docker_image_to_use }} \ postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 similarity index 100% rename from roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 rename to roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 similarity index 100% rename from roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 rename to roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 similarity index 100% rename from roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 rename to roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 similarity index 100% rename from roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 rename to roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml similarity index 66% rename from roles/matrix-prometheus-node-exporter/defaults/main.yml rename to roles/custom/matrix-prometheus-node-exporter/defaults/main.yml index d9077697..9b89519c 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_node_exporter_enabled: false -matrix_prometheus_node_exporter_version: v1.3.1 +matrix_prometheus_node_exporter_version: v1.4.0 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" @@ -38,7 +38,7 @@ matrix_prometheus_node_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9100"), just a port number or empty string to not expose. # # You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`. # @@ -54,3 +54,14 @@ matrix_prometheus_node_exporter_metrics_proxying_enabled: false # because node-exporter can't see all interfaces, etc. # For now, we'll live with that, until someone develops a better solution. matrix_prometheus_node_exporter_container_http_host_bind_port: '' + +# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. +# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" +# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used +# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) +matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" + +# matrix_prometheus_node_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions. +# If the Grafana role is enabled, these dashboards will be downloaded. +matrix_prometheus_node_exporter_dashboard_urls: + - https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml similarity index 81% rename from roles/matrix-prometheus-node-exporter/tasks/init.yml rename to roles/custom/matrix-prometheus-node-exporter/tasks/init.yml index 51dd94f2..460ab137 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml @@ -4,7 +4,8 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled | bool -- block: +- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -23,10 +24,10 @@ resolver 127.0.0.11 valid=5s; set $backend "matrix-prometheus-node-exporter:9100"; proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; {% else %} - {# Generic configuration for use outside of our container setup #} - {# This may be implemented in the future. #} - return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; {% endif %} } @@ -38,4 +39,3 @@ + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] }} - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool diff --git a/roles/matrix-prometheus-node-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml similarity index 100% rename from roles/matrix-prometheus-node-exporter/tasks/main.yml rename to roles/custom/matrix-prometheus-node-exporter/tasks/main.yml diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml similarity index 83% rename from roles/matrix-prometheus-node-exporter/tasks/setup.yml rename to roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml index 0c6e77fc..0b0c5704 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml @@ -5,21 +5,21 @@ # - name: Ensure matrix-prometheus-node-exporter image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_prometheus_node_exporter_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" when: "matrix_prometheus_node_exporter_enabled | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-prometheus-node-exporter.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" mode: 0644 register: matrix_prometheus_node_exporter_systemd_service_result when: matrix_prometheus_node_exporter_enabled | bool @@ -35,7 +35,7 @@ - name: Check existence of matrix-prometheus-node-exporter service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" register: matrix_prometheus_node_exporter_service_stat - name: Ensure matrix-prometheus-node-exporter is stopped @@ -49,7 +49,7 @@ - name: Ensure matrix-prometheus-node-exporter.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" state: absent when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 similarity index 56% rename from roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 rename to roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index d0bfa4cc..82aca453 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod {{ matrix_prometheus_node_exporter_docker_image }} \ --path.rootfs=/host {{ matrix_prometheus_node_exporter_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-node-exporter diff --git a/roles/custom/matrix-prometheus-node-exporter/vars/main.yml b/roles/custom/matrix-prometheus-node-exporter/vars/main.yml new file mode 100644 index 00000000..952dc205 --- /dev/null +++ b/roles/custom/matrix-prometheus-node-exporter/vars/main.yml @@ -0,0 +1,5 @@ +--- + +# `matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_node_exporter_container_http_host_bind_port`, +# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') +matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_node_exporter_container_http_host_bind_port == '' else (matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else matrix_prometheus_node_exporter_container_http_host_bind_port) }}" diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml similarity index 71% rename from roles/matrix-prometheus-postgres-exporter/defaults/main.yml rename to roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml index 82a12f42..f0cbfede 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -4,7 +4,7 @@ matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_version: v0.10.1 +matrix_prometheus_postgres_exporter_version: v0.11.1 matrix_prometheus_postgres_exporter_port: 9187 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" @@ -35,7 +35,7 @@ matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9187"), just a port number or an empty string to not expose. # # You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`. # @@ -52,5 +52,13 @@ matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # For now, we'll live with that, until someone develops a better solution. matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' +# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. +# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" +# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used +# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) +matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" + +# matrix_prometheus_postgres_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions. +# If the Grafana role is enabled, these dashboards will be downloaded. matrix_prometheus_postgres_exporter_dashboard_urls: - "https://grafana.com/api/dashboards/9628/revisions/7/download" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml similarity index 81% rename from roles/matrix-prometheus-postgres-exporter/tasks/init.yml rename to roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml index 6da16937..20333dce 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -4,7 +4,8 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled | bool -- block: +- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -23,10 +24,10 @@ resolver 127.0.0.11 valid=5s; set $backend "matrix-prometheus-postgres-exporter:9187"; proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; {% else %} - {# Generic configuration for use outside of our container setup #} - {# This may be implemented in the future. #} - return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; {% endif %} } @@ -38,4 +39,3 @@ + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] }} - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml similarity index 100% rename from roles/matrix-prometheus-postgres-exporter/tasks/main.yml rename to roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml similarity index 83% rename from roles/matrix-prometheus-postgres-exporter/tasks/setup.yml rename to roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml index 00a61df6..1ab15799 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -5,21 +5,21 @@ # - name: Ensure matrix-prometheus-postgres-exporter image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_prometheus_postgres_exporter_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" when: "matrix_prometheus_postgres_exporter_enabled | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-prometheus-postgres-exporter.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" mode: 0644 register: matrix_prometheus_postgres_exporter_systemd_service_result when: matrix_prometheus_postgres_exporter_enabled | bool @@ -35,7 +35,7 @@ - name: Check existence of matrix-prometheus-postgres-exporter service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" register: matrix_prometheus_postgres_exporter_service_stat - name: Ensure matrix-prometheus-postgres-exporter is stopped @@ -49,7 +49,7 @@ - name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" state: absent when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 similarity index 54% rename from roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 rename to roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 index ff8c2ce4..5c3fbac6 100644 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ b/roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-pos --pid=host \ {{ matrix_prometheus_postgres_exporter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-postgres-exporter diff --git a/roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml new file mode 100644 index 00000000..aed3b216 --- /dev/null +++ b/roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml @@ -0,0 +1,5 @@ +--- + +# `matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_postgres_exporter_container_http_host_bind_port`, +# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') +matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_postgres_exporter_container_http_host_bind_port == '' else (matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else matrix_prometheus_postgres_exporter_container_http_host_bind_port) }}" diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml similarity index 99% rename from roles/matrix-prometheus/defaults/main.yml rename to roles/custom/matrix-prometheus/defaults/main.yml index 8f5c2148..adc90387 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/custom/matrix-prometheus/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.37.0 +matrix_prometheus_version: v2.40.1 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-prometheus/tasks/init.yml b/roles/custom/matrix-prometheus/tasks/init.yml similarity index 100% rename from roles/matrix-prometheus/tasks/init.yml rename to roles/custom/matrix-prometheus/tasks/init.yml diff --git a/roles/matrix-prometheus/tasks/main.yml b/roles/custom/matrix-prometheus/tasks/main.yml similarity index 100% rename from roles/matrix-prometheus/tasks/main.yml rename to roles/custom/matrix-prometheus/tasks/main.yml diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/custom/matrix-prometheus/tasks/setup_install.yml similarity index 84% rename from roles/matrix-prometheus/tasks/setup_install.yml rename to roles/custom/matrix-prometheus/tasks/setup_install.yml index c3aeaa7a..8c18ce66 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/custom/matrix-prometheus/tasks/setup_install.yml @@ -1,14 +1,14 @@ --- - name: Ensure matrix-prometheus image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_prometheus_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Prometheus paths exists @@ -33,8 +33,8 @@ group: "{{ matrix_user_groupname }}" when: "matrix_prometheus_scraper_synapse_rules_enabled | bool" register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - name: Ensure prometheus.yml installed @@ -48,7 +48,7 @@ - name: Ensure matrix-prometheus.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" mode: 0644 register: matrix_prometheus_systemd_service_result diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml similarity index 80% rename from roles/matrix-prometheus/tasks/setup_uninstall.yml rename to roles/custom/matrix-prometheus/tasks/setup_uninstall.yml index 7dd94459..5fe145fc 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-prometheus service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" register: matrix_prometheus_service_stat - name: Ensure matrix-prometheus is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-prometheus.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-prometheus.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" state: absent when: "matrix_prometheus_service_stat.stat.exists | bool" diff --git a/roles/matrix-prometheus/tasks/validate_config.yml b/roles/custom/matrix-prometheus/tasks/validate_config.yml similarity index 100% rename from roles/matrix-prometheus/tasks/validate_config.yml rename to roles/custom/matrix-prometheus/tasks/validate_config.yml diff --git a/roles/matrix-prometheus/templates/prometheus.yml.j2 b/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 similarity index 87% rename from roles/matrix-prometheus/templates/prometheus.yml.j2 rename to roles/custom/matrix-prometheus/templates/prometheus.yml.j2 index f3262f48..83ae8a9a 100644 --- a/roles/matrix-prometheus/templates/prometheus.yml.j2 +++ b/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 @@ -32,16 +32,17 @@ scrape_configs: static_configs: - targets: {{ matrix_prometheus_scraper_synapse_targets|to_json }} labels: - instance: {{ matrix_domain }} + instance: {{ matrix_domain | to_json }} job: master index: 0 {% for worker in matrix_prometheus_scraper_synapse_workers_enabled_list %} {% if worker.metrics_port != 0 %} - - targets: ['matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}'] + - targets: ['{{ worker.name }}:{{ worker.metrics_port }}'] labels: - instance: {{ matrix_domain }} - job: {{ worker.type }} - index: {{ worker.instanceId }} + instance: {{ matrix_domain | to_json }} + worker_id: {{ worker.id | to_json }} + job: {{ worker.type | to_json }} + app: {{ worker.app | to_json }} {% endif %} {% endfor %} {% endif %} diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 similarity index 55% rename from roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 rename to roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 56e13c13..58455734 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% endfor %} {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus diff --git a/roles/matrix-redis/defaults/main.yml b/roles/custom/matrix-redis/defaults/main.yml similarity index 100% rename from roles/matrix-redis/defaults/main.yml rename to roles/custom/matrix-redis/defaults/main.yml diff --git a/roles/matrix-redis/tasks/init.yml b/roles/custom/matrix-redis/tasks/init.yml similarity index 100% rename from roles/matrix-redis/tasks/init.yml rename to roles/custom/matrix-redis/tasks/init.yml diff --git a/roles/matrix-redis/tasks/main.yml b/roles/custom/matrix-redis/tasks/main.yml similarity index 100% rename from roles/matrix-redis/tasks/main.yml rename to roles/custom/matrix-redis/tasks/main.yml diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/custom/matrix-redis/tasks/setup_redis.yml similarity index 90% rename from roles/matrix-redis/tasks/setup_redis.yml rename to roles/custom/matrix-redis/tasks/setup_redis.yml index 7dd7ea9f..b1b4c0b5 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/custom/matrix-redis/tasks/setup_redis.yml @@ -5,15 +5,15 @@ # - name: Ensure redis Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_redis_docker_image_to_use }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" when: matrix_redis_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure redis paths exist @@ -52,7 +52,7 @@ - name: Ensure matrix-redis.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-redis.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" mode: 0644 register: matrix_redis_systemd_service_result when: matrix_redis_enabled | bool @@ -68,7 +68,7 @@ - name: Check existence of matrix-redis service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-redis.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" register: matrix_redis_service_stat when: "not matrix_redis_enabled | bool" @@ -82,7 +82,7 @@ - name: Ensure matrix-redis.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-redis.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" state: absent when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists" diff --git a/roles/matrix-redis/templates/redis.conf.j2 b/roles/custom/matrix-redis/templates/redis.conf.j2 similarity index 100% rename from roles/matrix-redis/templates/redis.conf.j2 rename to roles/custom/matrix-redis/templates/redis.conf.j2 diff --git a/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 b/roles/custom/matrix-redis/templates/systemd/matrix-redis.service.j2 similarity index 100% rename from roles/matrix-redis/templates/systemd/matrix-redis.service.j2 rename to roles/custom/matrix-redis/templates/systemd/matrix-redis.service.j2 diff --git a/roles/matrix-registration/defaults/main.yml b/roles/custom/matrix-registration/defaults/main.yml similarity index 100% rename from roles/matrix-registration/defaults/main.yml rename to roles/custom/matrix-registration/defaults/main.yml diff --git a/roles/matrix-registration/tasks/generate_token.yml b/roles/custom/matrix-registration/tasks/generate_token.yml similarity index 89% rename from roles/matrix-registration/tasks/generate_token.yml rename to roles/custom/matrix-registration/tasks/generate_token.yml index c910bf63..aa2b0111 100644 --- a/roles/matrix-registration/tasks/generate_token.yml +++ b/roles/custom/matrix-registration/tasks/generate_token.yml @@ -41,11 +41,11 @@ {{ matrix_registration_api_result.json }} check_mode: false -- name: Inject result message into matrix_playbook_runtime_results +- name: Inject result message into devture_playbook_runtime_messages_list ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [matrix_registration_api_result_message] }} diff --git a/roles/matrix-registration/tasks/init.yml b/roles/custom/matrix-registration/tasks/init.yml similarity index 95% rename from roles/matrix-registration/tasks/init.yml rename to roles/custom/matrix-registration/tasks/init.yml index 064f895c..2b43dffd 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/custom/matrix-registration/tasks/init.yml @@ -3,14 +3,17 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Matrix Registration image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build and matrix_registration_enabled" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}" when: matrix_registration_enabled | bool -- block: +- when: matrix_registration_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -54,9 +57,6 @@ + [matrix_registration_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_registration_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-registration/tasks/list_tokens.yml b/roles/custom/matrix-registration/tasks/list_tokens.yml similarity index 81% rename from roles/matrix-registration/tasks/list_tokens.yml rename to roles/custom/matrix-registration/tasks/list_tokens.yml index 4bcd1460..1001c4fa 100644 --- a/roles/matrix-registration/tasks/list_tokens.yml +++ b/roles/custom/matrix-registration/tasks/list_tokens.yml @@ -20,11 +20,11 @@ {{ matrix_registration_api_result.json | to_nice_json }} check_mode: false -- name: Inject result message into matrix_playbook_runtime_results +- name: Inject result message into devture_playbook_runtime_messages_list ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [matrix_registration_api_result_message] }} diff --git a/roles/matrix-registration/tasks/main.yml b/roles/custom/matrix-registration/tasks/main.yml similarity index 100% rename from roles/matrix-registration/tasks/main.yml rename to roles/custom/matrix-registration/tasks/main.yml diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml similarity index 91% rename from roles/matrix-registration/tasks/setup_install.yml rename to roles/custom/matrix-registration/tasks/setup_install.yml index d3048337..04b2db3e 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/custom/matrix-registration/tasks/setup_install.yml @@ -3,13 +3,15 @@ - ansible.builtin.set_fact: matrix_registration_requires_restart: false -- block: +- when: "matrix_registration_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_registration_sqlite_database_path_local }}" register: matrix_registration_sqlite_database_path_local_stat_result - - block: + - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_registration_sqlite_database_path_local }}" @@ -25,13 +27,11 @@ additional_psql_statements_db_name: "{{ matrix_registration_database_name }}" - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_registration_requires_restart: true - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_registration_database_engine == 'postgres'" - name: Ensure matrix-registration paths exist ansible.builtin.file: @@ -48,15 +48,15 @@ when: "item.when | bool" - name: Ensure matrix-registration image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_registration_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" when: "not matrix_registration_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-registration repository is present when self-building @@ -79,7 +79,7 @@ when: "matrix_registration_container_image_self_build | bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled | bool" - name: Ensure matrix-registration Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_registration_docker_image }}" source: build force_source: "{{ matrix_registration_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -101,7 +101,7 @@ - name: Ensure matrix-registration.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-registration.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" mode: 0644 register: matrix_registration_systemd_service_result diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/custom/matrix-registration/tasks/setup_uninstall.yml similarity index 80% rename from roles/matrix-registration/tasks/setup_uninstall.yml rename to roles/custom/matrix-registration/tasks/setup_uninstall.yml index e3d713dc..623db421 100644 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-registration/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-registration service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-registration.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" register: matrix_registration_service_stat - name: Ensure matrix-registration is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-registration.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-registration.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" state: absent when: "matrix_registration_service_stat.stat.exists | bool" @@ -26,6 +26,6 @@ when: "matrix_registration_service_stat.stat.exists | bool" - name: Ensure matrix-registration Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_registration_docker_image }}" state: absent diff --git a/roles/matrix-registration/tasks/validate_config.yml b/roles/custom/matrix-registration/tasks/validate_config.yml similarity index 100% rename from roles/matrix-registration/tasks/validate_config.yml rename to roles/custom/matrix-registration/tasks/validate_config.yml diff --git a/roles/matrix-registration/templates/config.yaml.j2 b/roles/custom/matrix-registration/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-registration/templates/config.yaml.j2 rename to roles/custom/matrix-registration/templates/config.yaml.j2 diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 similarity index 55% rename from roles/matrix-registration/templates/systemd/matrix-registration.service.j2 rename to roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 index 8acbd3a5..f51d9fb9 100644 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-registration \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ {{ matrix_registration_docker_image }} \ serve -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-registration diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml similarity index 100% rename from roles/matrix-sygnal/defaults/main.yml rename to roles/custom/matrix-sygnal/defaults/main.yml diff --git a/roles/matrix-sygnal/tasks/init.yml b/roles/custom/matrix-sygnal/tasks/init.yml similarity index 100% rename from roles/matrix-sygnal/tasks/init.yml rename to roles/custom/matrix-sygnal/tasks/init.yml diff --git a/roles/matrix-sygnal/tasks/main.yml b/roles/custom/matrix-sygnal/tasks/main.yml similarity index 100% rename from roles/matrix-sygnal/tasks/main.yml rename to roles/custom/matrix-sygnal/tasks/main.yml diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/custom/matrix-sygnal/tasks/setup_install.yml similarity index 86% rename from roles/matrix-sygnal/tasks/setup_install.yml rename to roles/custom/matrix-sygnal/tasks/setup_install.yml index 8f5f6937..27424314 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/custom/matrix-sygnal/tasks/setup_install.yml @@ -1,14 +1,14 @@ --- - name: Ensure Sygnal image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_sygnal_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Sygnal paths exists @@ -34,7 +34,7 @@ - name: Ensure matrix-sygnal.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-sygnal.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" mode: 0644 register: matrix_sygnal_systemd_service_result diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-sygnal/tasks/setup_uninstall.yml rename to roles/custom/matrix-sygnal/tasks/setup_uninstall.yml index eff4a74b..e398f7a9 100644 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-sygnal service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-sygnal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" register: matrix_sygnal_service_stat - name: Ensure matrix-sygnal is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-sygnal.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-sygnal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" state: absent when: "matrix_sygnal_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Sygnal Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_sygnal_docker_image }}" state: absent diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/custom/matrix-sygnal/tasks/validate_config.yml similarity index 71% rename from roles/matrix-sygnal/tasks/validate_config.yml rename to roles/custom/matrix-sygnal/tasks/validate_config.yml index b2c38010..277bd1b2 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/custom/matrix-sygnal/tasks/validate_config.yml @@ -4,4 +4,4 @@ ansible.builtin.fail: msg: >- Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps` - when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0" + when: "matrix_sygnal_enabled and matrix_sygnal_apps | length == 0" diff --git a/roles/matrix-sygnal/templates/sygnal.yaml.j2 b/roles/custom/matrix-sygnal/templates/sygnal.yaml.j2 similarity index 100% rename from roles/matrix-sygnal/templates/sygnal.yaml.j2 rename to roles/custom/matrix-sygnal/templates/sygnal.yaml.j2 diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 similarity index 55% rename from roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 rename to roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index ae7e889d..646314df 100644 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-sygnal \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ {% endfor %} {{ matrix_sygnal_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-sygnal diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml similarity index 100% rename from roles/matrix-synapse-admin/defaults/main.yml rename to roles/custom/matrix-synapse-admin/defaults/main.yml diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/custom/matrix-synapse-admin/tasks/init.yml similarity index 95% rename from roles/matrix-synapse-admin/tasks/init.yml rename to roles/custom/matrix-synapse-admin/tasks/init.yml index 4d8a5eb0..c2b2d05f 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/custom/matrix-synapse-admin/tasks/init.yml @@ -3,14 +3,17 @@ # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 - name: Fail if trying to self-build on Ansible < 2.8 ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" + msg: "To self-build the Synapse Admin image, you should use Ansible 2.8 or higher. See docs/ansible.md" when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_image_self_build and matrix_synapse_admin_enabled" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}" when: matrix_synapse_admin_enabled | bool -- block: +- when: matrix_synapse_admin_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -45,9 +48,6 @@ + [matrix_synapse_admin_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_synapse_admin_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-synapse-admin/tasks/main.yml b/roles/custom/matrix-synapse-admin/tasks/main.yml similarity index 100% rename from roles/matrix-synapse-admin/tasks/main.yml rename to roles/custom/matrix-synapse-admin/tasks/main.yml diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/custom/matrix-synapse-admin/tasks/setup.yml similarity index 87% rename from roles/matrix-synapse-admin/tasks/setup.yml rename to roles/custom/matrix-synapse-admin/tasks/setup.yml index 66021272..56cee498 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/custom/matrix-synapse-admin/tasks/setup.yml @@ -5,15 +5,15 @@ # - name: Ensure matrix-synapse-admin image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_admin_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" when: "matrix_synapse_admin_enabled | bool and not matrix_synapse_admin_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-synapse-admin repository is present when self-building @@ -28,7 +28,7 @@ when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_container_image_self_build | bool" - name: Ensure matrix-synapse-admin Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_admin_docker_image }}" source: build force_source: "{{ matrix_synapse_admin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -42,7 +42,7 @@ - name: Ensure matrix-synapse-admin.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-synapse-admin.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" mode: 0644 register: matrix_synapse_admin_systemd_service_result when: matrix_synapse_admin_enabled | bool @@ -58,7 +58,7 @@ - name: Check existence of matrix-synapse-admin service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" register: matrix_synapse_admin_service_stat - name: Ensure matrix-synapse-admin is stopped @@ -72,7 +72,7 @@ - name: Ensure matrix-synapse-admin.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" state: absent when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" @@ -82,7 +82,7 @@ when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure matrix-synapse-admin Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_admin_docker_image }}" state: absent when: "not matrix_synapse_admin_enabled | bool" diff --git a/roles/matrix-synapse-admin/tasks/validate_config.yml b/roles/custom/matrix-synapse-admin/tasks/validate_config.yml similarity index 100% rename from roles/matrix-synapse-admin/tasks/validate_config.yml rename to roles/custom/matrix-synapse-admin/tasks/validate_config.yml diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 similarity index 52% rename from roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 rename to roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index 6ed9eaae..9bae6e03 100644 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-synapse-admin \ --log-driver=none \ --cap-drop=ALL \ --cap-add=CHOWN \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin {% endfor %} {{ matrix_synapse_admin_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse-admin diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml similarity index 57% rename from roles/matrix-synapse/defaults/main.yml rename to roles/custom/matrix-synapse/defaults/main.yml index 87ef3d6a..54351256 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -7,18 +7,55 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/synapse.git" +# matrix_synapse_container_image_customizations_enabled controls whether a customized Synapse image will be built. +# +# We toggle this variable to `true` when certain features which require a custom build are enabled. +# Feel free to toggle this to `true` yourself and specify build steps in `matrix_synapse_container_image_customizations_dockerfile_body_custom`. +# +# See: +# - `roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2` +# - `matrix_synapse_container_image_customizations_dockerfile_body_custom` +# - `matrix_synapse_docker_image_customized` +# - `matrix_synapse_docker_image_final` +matrix_synapse_container_image_customizations_enabled: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}" + +# Controls whether custom build steps will be added to the Dockerfile for installing s3-storage-provider. +# The version that will be installed is specified in `matrix_synapse_ext_synapse_s3_storage_provider_version`. +matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}" + +# matrix_synapse_container_image_customizations_dockerfile_body contains your custom Dockerfile steps +# for building your customized Synapse image based on the original (upstream) image (`matrix_synapse_docker_image`). +# A `FROM ...` clause is included automatically so you don't have to. +# +# Example: +# matrix_synapse_container_image_customizations_dockerfile_body_custom: | +# RUN echo 'This is a custom step for building the customized Docker image for Synapse.' +# RUN echo 'You can override matrix_synapse_container_image_customizations_dockerfile_body_custom to add your own steps.' +# RUN echo 'You do NOT need to include a FROM clause yourself.' +matrix_synapse_container_image_customizations_dockerfile_body_custom: '' + matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.62.0 +matrix_synapse_version: v1.71.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" +# matrix_synapse_docker_image_customized is the name of the locally built Synapse image +# which adds various customizations on top of the original (upstream) Synapse image. +# This image will be based on the upstream `matrix_synapse_docker_image` image, only if `matrix_synapse_container_image_customizations_enabled: true`. +matrix_synapse_docker_image_customized: "localhost/matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}-customized" + +# matrix_synapse_docker_image_final holds the name of the Synapse image to run depending on whether or not customizations are enabled. +matrix_synapse_docker_image_final: "{{ matrix_synapse_docker_image_customized if matrix_synapse_container_image_customizations_enabled else matrix_synapse_docker_image }} " + matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src" +matrix_synapse_customized_docker_src_files_path: "{{ matrix_synapse_base_path }}/customized-docker-src" matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" +matrix_synapse_ext_s3_storage_provider_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider" matrix_synapse_container_client_api_port: 8008 @@ -61,8 +98,19 @@ matrix_synapse_container_metrics_api_host_bind_port: '' matrix_synapse_container_manhole_api_host_bind_port: '' # A list of extra arguments to pass to the container +# Also see `matrix_synapse_container_arguments` matrix_synapse_container_extra_arguments: [] +# matrix_synapse_container_runtime_injected_arguments is a list of extra arguments to pass to the container. +# This list is built during runtime. You're not meant to override this variable. +# If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`. +matrix_synapse_container_runtime_injected_arguments: [] + +# matrix_synapse_container_arguments holds the final list of extra arguments to pass to the container. +# You're not meant to override this variable. +# If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`. +matrix_synapse_container_arguments: "{{ matrix_synapse_container_extra_arguments + matrix_synapse_container_runtime_injected_arguments }}" + # List of systemd services that matrix-synapse.service depends on matrix_synapse_systemd_required_services_list: ['docker.service'] @@ -137,10 +185,23 @@ matrix_synapse_rc_admin_redaction: matrix_synapse_rc_joins: local: per_second: 0.1 - burst_count: 3 + burst_count: 10 remote: per_second: 0.01 - burst_count: 3 + burst_count: 10 + + +matrix_synapse_rc_invites: + per_room: + per_second: 0.3 + burst_count: 10 + per_user: + per_second: 0.003 + burst_count: 5 + per_issuer: + per_second: 0.3 + burst_count: 10 + matrix_synapse_rc_federation: window_size: 1000 @@ -233,10 +294,6 @@ matrix_synapse_registrations_require_3pid: [] # pattern: '\+44' matrix_synapse_allowed_local_3pids: [] -# The server to use for email threepid validation. When empty, Synapse does it by itself. -# Otherwise, this should be pointed to an identity server. -matrix_synapse_account_threepid_delegates_email: '' - # The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it. # To make it work, this should be pointed to an identity server. matrix_synapse_account_threepid_delegates_msisdn: '' @@ -311,8 +368,19 @@ matrix_synapse_additional_loggers: [] # A list of appservice config files (in-container filesystem paths). # This list gets populated dynamically based on Synapse extensions that have been enabled. # You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`. +# Also see `matrix_synapse_app_service_config_files_final` matrix_synapse_app_service_config_files: [] +# matrix_synapse_app_service_runtime_injected_config_files is a list of appservice config files. +# This list is built during runtime. You're not meant to override this variable. +# If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`. +matrix_synapse_app_service_runtime_injected_config_files: [] + +# matrix_synapse_app_service_config_files_final holds the final list of config files to pass to the container. +# You're not meant to override this variable. +# If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`. +matrix_synapse_app_service_config_files_final: "{{ matrix_synapse_app_service_config_files + matrix_synapse_app_service_runtime_injected_config_files }}" + # This is set dynamically during execution depending on whether # any password providers have been enabled or not. matrix_synapse_password_providers_enabled: false @@ -334,6 +402,11 @@ matrix_url_preview_accept_language: ['en-US', 'en'] matrix_synapse_metrics_enabled: false matrix_synapse_metrics_port: 9100 +# matrix_synapse_grafana_dashboard_urls contains a list of URLs with Grafana dashboard definitions. +# If the Grafana role is enabled, these dashboards will be downloaded. +matrix_synapse_grafana_dashboard_urls: + - https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json + # Controls whether Synapse metrics should be proxied (exposed) on: # - `matrix.DOMAIN/metrics/synapse/main-process` for the main process # - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process @@ -363,23 +436,31 @@ matrix_synapse_workers_presets: little-federation-helper: generic_workers_count: 0 pusher_workers_count: 0 - appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 0 + appservice_workers_count: 0 user_dir_workers_count: 0 - frontend_proxy_workers_count: 0 + background_workers_count: 0 + stream_writer_events_stream_workers_count: 0 + stream_writer_typing_stream_workers_count: 0 + stream_writer_to_device_stream_workers_count: 0 + stream_writer_account_data_stream_workers_count: 0 + stream_writer_receipts_stream_workers_count: 0 + stream_writer_presence_stream_workers_count: 0 one-of-each: generic_workers_count: 1 pusher_workers_count: 1 - # appservice workers are deprecated since Synapse v1.59. This will be removed. - appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 1 - # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. - # user_dir workers are deprecated since Synapse v1.59. This will be removed. - # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types - user_dir_workers_count: 0 - frontend_proxy_workers_count: 1 + appservice_workers_count: 1 + user_dir_workers_count: 1 + background_workers_count: 1 + stream_writer_events_stream_workers_count: 1 + stream_writer_typing_stream_workers_count: 1 + stream_writer_to_device_stream_workers_count: 1 + stream_writer_account_data_stream_workers_count: 1 + stream_writer_receipts_stream_workers_count: 1 + stream_writer_presence_stream_workers_count: 1 # Controls whether the matrix-synapse container exposes the various worker ports # (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container. @@ -392,38 +473,144 @@ matrix_synapse_workers_generic_workers_count: "{{ matrix_synapse_workers_presets matrix_synapse_workers_generic_workers_port_range_start: 18111 matrix_synapse_workers_generic_workers_metrics_range_start: 19111 -# matrix_synapse_workers_pusher_workers_count can only be 0 or 1 for now. -# More instances are not supported due to a playbook limitation having to do with keeping `pusher_instances` in `homeserver.yaml` updated. -# See https://github.com/matrix-org/synapse/commit/ddfdf945064925eba761ae3748e38f3a1c73c328 +# matrix_synapse_workers_stream_writer_events_stream_workers_count controls how many stream writers that handle the `events` stream to spawn. +# More than 1 worker is also supported of this type. +matrix_synapse_workers_stream_writer_events_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_events_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_typing_stream_workers_count controls how many stream writers that handle the `typing` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_typing_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_typing_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_to_device_stream_workers_count controls how many stream writers that handle the `to_device` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_to_device_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_to_device_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_account_data_stream_workers_count controls how many stream writers that handle the `account_data` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_account_data_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_account_data_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_receipts_stream_workers_count controls how many stream writers that handle the `receipts` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_receipts_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_receipts_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_presence_stream_workers_count controls how many stream writers that handle the `presence` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_presence_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_presence_stream_workers_count'] }}" + +# A list of stream writer workers to enable. This list is built automatically based on other variables. +# You're encouraged to enable/disable stream writer workers by setting `matrix_synapse_workers_stream_writer_*_stream_workers_count` variables, instead of adjusting this list manually. +matrix_synapse_workers_stream_writers: | + {{ + [] + + + ([{'stream': 'events'}] * matrix_synapse_workers_stream_writer_events_stream_workers_count | int) + + + ([{'stream': 'typing'}] * matrix_synapse_workers_stream_writer_typing_stream_workers_count | int) + + + ([{'stream': 'to_device'}] * matrix_synapse_workers_stream_writer_to_device_stream_workers_count | int) + + + ([{'stream': 'account_data'}] * matrix_synapse_workers_stream_writer_account_data_stream_workers_count | int) + + + ([{'stream': 'receipts'}] * matrix_synapse_workers_stream_writer_receipts_stream_workers_count | int) + + + ([{'stream': 'presence'}] * matrix_synapse_workers_stream_writer_presence_stream_workers_count | int) + }} + +# matrix_synapse_stream_writers populates the `stream_writers` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_stream_writers`. +# Adjusting this value manually is generally not necessary. +# +# It's tempting to initialize this like this: +# matrix_synapse_stream_writers: +# - typing: [] +# - events: [] +# - to_device: [] +# - account_data: [] +# - receipts: [] +# - presence: [] +# .. but Synapse does not like empty lists (see https://github.com/matrix-org/synapse/issues/13804) +matrix_synapse_stream_writers: {} + +# `matrix_synapse_workers_stream_writer_workers_` variables control the port numbers of various stream writer workers +# defined in `matrix_synapse_workers_stream_writers`. +# It should be noted that not all of the background worker types will need to expose HTTP services, etc. +matrix_synapse_workers_stream_writer_workers_http_port_range_start: 20011 +matrix_synapse_workers_stream_writer_workers_replication_port_range_start: 25011 +matrix_synapse_workers_stream_writer_workers_metrics_range_start: 19211 + +# matrix_synapse_workers_pusher_workers_count controls the number of pusher workers (workers who push out notifications) to spawn. +# See https://matrix-org.github.io/synapse/latest/workers.html#synapseapppusher matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['pusher_workers_count'] }}" matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 -# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. -# appservice workers are deprecated since Synapse v1.59. This will be removed. -# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types -matrix_synapse_workers_appservice_workers_count: 0 -matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 +# matrix_synapse_federation_pusher_instances populates the `pusher_instances` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_pusher_workers_count` or `matrix_synapse_workers_enabled_list`. +# Adjusting this value manually is generally not necessary. +matrix_synapse_federation_pusher_instances: [] -# matrix_synapse_workers_federation_sender_workers_count can only be 0 or 1 for now. -# More instances are not supported due to a playbook limitation having to do with keeping `federation_sender_instances` in `homeserver.yaml` updated. -# See https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfederation_sender +# matrix_synapse_start_pushers controls if the main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`). +# This is enabled if workers are disabled, or if they are enabled, but there are no pusher workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length == 0) }}" + +# matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn. +# See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}" matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 +# matrix_synapse_federation_sender_instances populates the `federation_sender_instances` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_federation_sender_workers_count` or `matrix_synapse_workers_enabled_list`. +# Adjusting this value manually is generally not necessary. +matrix_synapse_federation_sender_instances: [] + +# matrix_synapse_send_federation controls if the main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`). +# This is allowed if workers are disabled, or they are enabled, but there are no federation sender workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length == 0) }}" + matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}" matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 -# Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. -# user_dir workers are deprecated since Synapse v1.59. This will be removed. -# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types -matrix_synapse_workers_user_dir_workers_count: 0 +# matrix_synapse_enable_media_repo controls if the main Synapse process should serve media repository endpoints or if it should be left to media_repository workers (see `matrix_synapse_workers_media_repository_workers_count`). +# This is enabled if workers are disabled, or if they are enabled, but there are no media repository workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length == 0) }}" + +# matrix_synapse_media_instance_running_background_jobs populates the `media_instance_running_background_jobs` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `media_instance_running_background_jobs` is meant to point to a single media-repository worker, which is dedicated to running background tasks that maintain the media repository. +# Multiple `media_repository` workers may be enabled. We always pick the first one as the background tasks worker. +matrix_synapse_media_instance_running_background_jobs: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) else '' }}" + +# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. +# appservice workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). +# Our implementation uses generic worker services and assigns them to perform appservice work using the `notify_appservices_from_worker` Synapse option. +matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}" +matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 + +# matrix_synapse_notify_appservices_from_worker populates the `notify_appservices_from_worker` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `notify_appservices_from_worker` is meant to point to a worker, which is dedicated to sending output traffic to Application Services. +matrix_synapse_notify_appservices_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list | length > 0) else '' }}" + +# matrix_synapse_workers_user_dir_workers_count can only be 0 or 1. More instances are not supported. +# user_dir workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). +# Our implementation uses generic worker services and assigns them to perform appservice work using the `update_user_directory_from_worker` Synapse option. +matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}" matrix_synapse_workers_user_dir_workers_port_range_start: 18661 matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 -matrix_synapse_workers_frontend_proxy_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['frontend_proxy_workers_count'] }}" -matrix_synapse_workers_frontend_proxy_workers_port_range_start: 18771 -matrix_synapse_workers_frontend_proxy_workers_metrics_range_start: 19771 +# matrix_synapse_update_user_directory_from_worker populates the `update_user_directory_from_worker` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `update_user_directory_from_worker` is meant to point to a worker, which is dedicated to updating the user directory and servicing some user directory URL endpoints (`matrix_synapse_workers_user_dir_worker_client_server_endpoints`). +matrix_synapse_update_user_directory_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list | length > 0) else '' }}" + +# matrix_synapse_workers_background_workers_count can only be 0 or 1. More instances are not supported. +# Our implementation uses a generic worker and assigns Synapse to perform background work on this worker using the `run_background_tasks_on` Synapse option. +matrix_synapse_workers_background_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['background_workers_count'] }}" +matrix_synapse_workers_background_workers_metrics_range_start: 19700 + +# matrix_synapse_run_background_tasks_on populates the `run_background_tasks_on` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `run_background_tasks_on` is meant to point to a worker, which is dedicated to processing background tasks. +matrix_synapse_run_background_tasks_on: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'background') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'background') | list | length > 0) else '' }}" # Default list of workers to spawn. # @@ -438,25 +625,36 @@ matrix_synapse_workers_frontend_proxy_workers_metrics_range_start: 19771 # as certain workers can only be spawned just once. # # Each worker instance in the list defines the following fields: -# - `type` - the type of worker (`generic_worker`, etc.) -# - `instanceId` - a string that identifies the worker. The combination of (`type` + `instanceId`) represents the name of the worker and must be unique. +# - `id` - a string that uniquely identifies the worker +# - `name` - a string that will be used as the container and systemd service name +# - `type` - the type of worker (`generic_worker`, `stream_writer`, `pusher`, etc.) +# - `app` - the Synapse app (https://matrix-org.github.io/synapse/latest/workers.html#available-worker-applications) that powers this worker (`generic_worker`, `federation_sender`, etc.). +# The `app` usually matches the `type`, but not always. For example, `type = stream_writer` workers are served by the `generic_worker` type. # - `port` - an HTTP port where the worker listens for requests (can be `0` for workers that don't do HTTP request processing) # - `metrics_port` - an HTTP port where the worker exports Prometheus metrics +# - `replication_port` - an HTTP port where the worker serves `replication` endpoints (used by stream writers, etc.) +# - `webserving` - tells whether this type of worker serves web (client or federation) requests, so that it can be injected as a dependency to the reverse-proxy # # Example of what this needs to look like, if you're defining it manually: # matrix_synapse_workers_enabled_list: -# - { type: generic_worker, instanceId: '18111', port: 18111, metrics_port: 19111 } -# - { type: generic_worker, instanceId: '18112', port: 18112, metrics_port: 19112 } -# - { type: generic_worker, instanceId: '18113', port: 18113, metrics_port: 19113 } -# - { type: generic_worker, instanceId: '18114', port: 18114, metrics_port: 19114 } -# - { type: generic_worker, instanceId: '18115', port: 18115, metrics_port: 19115 } -# - { type: generic_worker, instanceId: '18116', port: 18116, metrics_port: 19116 } -# - { type: pusher, instanceId: '0', port: 0, metrics_port: 19200 } -# - { type: appservice, instanceId: '0', port: 0, metrics_port: 19300 } -# - { type: federation_sender, instanceId: '0', port: 0, metrics_port: 19400 } -# - { type: media_repository, instanceId: '18551', port: 18551, metrics_port: 19551 } +# - { 'id': 'generic-worker-0', 'name': 'matrix-synapse-worker-generic-0', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18111, 'metrics_port': 19111, 'webserving': true } +# - { 'id': 'generic-worker-1', 'name': 'matrix-synapse-worker-generic-1', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18112, 'metrics_port': 19112, 'webserving': true } +# - { 'id': 'generic-worker-2', 'name': 'matrix-synapse-worker-generic-2', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18113, 'metrics_port': 19113, 'webserving': true } +# - { 'id': 'generic-worker-3', 'name': 'matrix-synapse-worker-generic-3', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18114, 'metrics_port': 19114, 'webserving': true } +# - { 'id': 'generic-worker-4', 'name': 'matrix-synapse-worker-generic-4', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18115, 'metrics_port': 19115, 'webserving': true } +# - { 'id': 'generic-worker-5', 'name': 'matrix-synapse-worker-generic-5', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18116, 'metrics_port': 19116, 'webserving': true } +# - { 'id': 'stream-writer-0-events', 'name': 'matrix-synapse-worker-stream-writer-0-events', 'type': 'stream_writer', 'app': 'generic_worker', 'stream_writer_stream': 'events', 'port': 0, 'replication_port': 25011, metrics_port: 19111, 'webserving': false } +# - { 'id': 'stream-writer-1-typing', 'name': 'matrix-synapse-worker-stream-writer-1-typing', 'type': 'stream_writer', 'app': 'generic_worker', 'stream_writer_stream': 'typing', 'port': 20012, 'replication_port': 25012, metrics_port: 19112, 'webserving': true } +# - { 'id': 'pusher-0', 'name': 'matrix-synapse-worker-pusher-0', 'type': 'pusher', 'app': 'pusher', 'port': 0, 'metrics_port': 19200, 'webserving': false } +# - { 'id': 'appservice-0', 'name': 'matrix-synapse-worker-appservice-0', 'type': 'appservice', 'port': 0, 'metrics_port': 19300, 'webserving': false } +# - { 'id': 'federation-sender-0', 'name': 'matrix-synapse-worker-federation-sender-0', 'type': 'federation_sender', 'port': 0, 'metrics_port': 19400, 'webserving': false } +# - { 'id': 'media-repository-0', 'name': 'matrix-synapse-worker-media-repository-0', 'type': 'media_repository', 'port': 18551, 'metrics_port': 19551, 'webserving': true } matrix_synapse_workers_enabled_list: [] +# matrix_synapse_instance_map holds the instance map used for mapping worker names (for certain generic workers only!) to where they live (host, port which handles replication traffic). +# This is populated automatically based on `matrix_synapse_workers_enabled_list` during runtime, so you're not required to tweak it manually. +matrix_synapse_instance_map: {} + # Redis information matrix_synapse_redis_enabled: false matrix_synapse_redis_host: "" @@ -593,6 +791,32 @@ matrix_synapse_ext_encryption_config_yaml: | patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels | to_json }} +# matrix_synapse_ext_synapse_s3_storage_provider_enabled controls whether to enable https://github.com/matrix-org/synapse-s3-storage-provider +# Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`). +# Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider. +matrix_synapse_ext_synapse_s3_storage_provider_enabled: false +matrix_synapse_ext_synapse_s3_storage_provider_version: 1.1.2 +# Controls whether media from this (local) server is stored in s3-storage-provider +matrix_synapse_ext_synapse_s3_storage_provider_store_local: true +# Controls whether media from remote servers is stored in s3-storage-provider +matrix_synapse_ext_synapse_s3_storage_provider_store_remote: true +# Controls whether files are stored to S3 at the same time they are stored on the local filesystem. +# For slightly improved reliability, consider setting this to `true`. +# Even with asynchronous uploading to S3 (`false` value), data loss shouldn't be possible, +# because the local filesystem is a reliable data store anyway. +matrix_synapse_ext_synapse_s3_storage_provider_store_synchronous: false +matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD +matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size: 40 +# matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count is a day value (number) for the `s3_media_upload update-db` command. +# It specifies how old files need to have been inactive to be eligible for migration from the local filesystem to the S3 data store. +# By default, we use `0` which says "all files are eligible for migration". +matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0 + matrix_s3_media_store_enabled: false matrix_s3_media_store_custom_endpoint_enabled: false matrix_s3_goofys_docker_image: "ewoutp/goofys:latest" @@ -637,6 +861,30 @@ matrix_synapse_spam_checker: [] # Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime. matrix_synapse_modules: [] +# matrix_synapse_media_storage_providers contains the Synapse `media_storage_providers` configuration setting. +# To add your own custom `media_storage_providers`, use `matrix_synapse_media_storage_providers_custom`. +matrix_synapse_media_storage_providers: "{{ matrix_synapse_media_storage_providers_auto + matrix_synapse_media_storage_providers_custom }}" + +# matrix_synapse_media_storage_providers_auto contains a list of storage providers that are added by the playbook based on other configuration +matrix_synapse_media_storage_providers_auto: | + {{ + [] + + + [ + lookup('ansible.builtin.template', role_path + '/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2') | from_yaml + ] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [] + }} + +# matrix_synapse_media_storage_providers_custom contains your own custom list of storage providers. +# You're meant to define each custom module as valid keys and values, not as a YAML string that needs to be parsed. +# +# Example: +# matrix_synapse_media_storage_providers_custom: +# - module: module.SomeModule +# store_local: True +# # ... +matrix_synapse_media_storage_providers_custom: [] + matrix_synapse_encryption_enabled_by_default_for_room_type: "off" matrix_synapse_trusted_key_servers: diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml similarity index 90% rename from roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index 00cc1650..6ba5946d 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -9,8 +9,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml similarity index 73% rename from roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index 3869f1aa..5d36a234 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -1,28 +1,9 @@ --- -- name: Ensure git installed (RedHat) - ansible.builtin.yum: - name: - - git +- name: Ensure git installed + ansible.builtin.package: + name: git state: present - update_cache: false - when: "ansible_os_family == 'RedHat'" - -- name: Ensure git installed (Debian) - ansible.builtin.apt: - name: - - git - state: present - update_cache: false - when: "ansible_os_family == 'Debian'" - -- name: Ensure git installed (Archlinux) - pacman: - name: - - git - state: present - update_cache: false - when: "ansible_distribution == 'Archlinux'" - name: Clone mjolnir-antispam git repository ansible.builtin.git: diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/rest-auth/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml similarity index 91% rename from roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 489f1140..3c4d8cb5 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -14,8 +14,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml new file mode 100644 index 00000000..008161cb --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml @@ -0,0 +1,5 @@ +--- + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-s3-storage-provider-migrate.timer'] }}" + when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml new file mode 100644 index 00000000..aefa49fe --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml @@ -0,0 +1,10 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml" + when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml" + when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml" + when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml new file mode 100644 index 00000000..684fb2c9 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml @@ -0,0 +1,52 @@ +--- + +# We install this into Synapse by making `matrix_synapse_ext_synapse_s3_storage_provider_enabled` influence other variables: +# - `matrix_synapse_media_storage_providers` (via `matrix_synapse_media_storage_providers_auto`) +# - `matrix_synapse_container_image_customizations_enabled` +# - `matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled` +# +# Below are additional tasks for setting up various helper scripts, etc. + +- name: Ensure s3-storage-provider env file installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2" + dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/env" + mode: 0640 + +- name: Ensure s3-storage-provider data path exists + ansible.builtin.file: + path: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure s3-storage-provider database.yaml file installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/database.yaml.j2" + dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data/database.yaml" + mode: 0640 + +- name: Ensure s3-storage-provider scripts installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/usr-local-bin/{{ item }}.j2" + dest: "{{ matrix_local_bin_path }}/{{ item }}" + mode: 0750 + with_items: + - matrix-synapse-s3-storage-provider-shell + - matrix-synapse-s3-storage-provider-migrate + +- name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer are installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/systemd/{{ item }}.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" + mode: 0640 + with_items: + - matrix-synapse-s3-storage-provider-migrate.service + - matrix-synapse-s3-storage-provider-migrate.timer + register: matrix_synapse_s3_storage_provider_systemd_service_result + +- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service installation + ansible.builtin.service: + daemon_reload: true + when: matrix_synapse_s3_storage_provider_systemd_service_result.changed | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml new file mode 100644 index 00000000..a828070c --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer don't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" + state: absent + with_items: + - matrix-synapse-s3-storage-provider-migrate.timer + - matrix-synapse-s3-storage-provider-migrate.service + register: matrix_synapse_s3_storage_provider_migrate_sevice_removal + +- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service removal + ansible.builtin.service: + daemon_reload: true + when: matrix_synapse_s3_storage_provider_migrate_sevice_removal.changed | bool + +- name: Ensure s3-storage-provider files don't exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-shell" + - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate" + - "{{ matrix_synapse_ext_s3_storage_provider_path }}" diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml new file mode 100644 index 00000000..d71809fe --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml @@ -0,0 +1,18 @@ +--- + +- name: Fail if required s3-storage-provider settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) for using s3-storage-provider. + when: "vars[item] == ''" + with_items: + - "matrix_synapse_ext_synapse_s3_storage_provider_config_bucket" + - "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name" + - "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id" + - "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key" + +- name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid + ansible.builtin.fail: + msg: >- + `matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url` needs to look like a URL (`http://` or `https://` prefix). + when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url != '' and not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')" diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/custom/matrix-synapse/tasks/ext/setup.yml similarity index 85% rename from roles/matrix-synapse/tasks/ext/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/setup.yml index d944f257..6cf1afaa 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/custom/matrix-synapse/tasks/ext/setup.yml @@ -11,3 +11,5 @@ - ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml" - ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup.yml" + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup.yml" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml similarity index 94% rename from roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index 055d671a..6dead736 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -19,8 +19,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml similarity index 73% rename from roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 23a382f2..15fe220a 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -3,31 +3,12 @@ - name: Fail if Synapse Simple Antispam blocked homeservers is not set ansible.builtin.fail: msg: "Synapse Simple Antispam is enabled, but no blocked homeservers have been set in matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers" - when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers|length == 0" + when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers | length == 0" -- name: Ensure git installed (RedHat) - ansible.builtin.yum: - name: - - git +- name: Ensure git installed + ansible.builtin.package: + name: git state: present - update_cache: false - when: "ansible_os_family == 'RedHat'" - -- name: Ensure git installed (Debian) - ansible.builtin.apt: - name: - - git - state: present - update_cache: false - when: "ansible_os_family == 'Debian'" - -- name: Ensure git installed (Archlinux) - pacman: - name: - - git - state: present - update_cache: false - when: "ansible_distribution == 'Archlinux'" - name: Clone synapse-simple-antispam git repository ansible.builtin.git: diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/goofys/setup.yml b/roles/custom/matrix-synapse/tasks/goofys/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/goofys/setup.yml rename to roles/custom/matrix-synapse/tasks/goofys/setup.yml diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml similarity index 84% rename from roles/matrix-synapse/tasks/goofys/setup_install.yml rename to roles/custom/matrix-synapse/tasks/goofys/setup_install.yml index e3c34150..7649beb4 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,16 +1,18 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_fuse_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_fuse_installed - name: Ensure Goofys Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_s3_goofys_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_s3_goofys_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed # This will throw a Permission Denied error if already mounted @@ -39,7 +41,7 @@ - name: Ensure matrix-goofys.service installed ansible.builtin.template: src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-goofys.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" mode: 0644 register: matrix_goofys_systemd_service_result diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml similarity index 82% rename from roles/matrix-synapse/tasks/goofys/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml index da78003f..ddfa5cf6 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-goofys service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-goofys.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" register: matrix_goofys_service_stat - name: Ensure matrix-goofys is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-goofys.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-goofys.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" state: absent when: "matrix_goofys_service_stat.stat.exists" @@ -31,6 +31,6 @@ state: absent - name: Ensure Goofys Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_s3_goofys_docker_image }}" state: absent diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/custom/matrix-synapse/tasks/import_media_store.yml similarity index 98% rename from roles/matrix-synapse/tasks/import_media_store.yml rename to roles/custom/matrix-synapse/tasks/import_media_store.yml index 133debe3..bdd99ca4 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/custom/matrix-synapse/tasks/import_media_store.yml @@ -51,13 +51,13 @@ # This can only work with local files, not if the media store is on Amazon S3, # as it won't be accessible in such a case. - name: Ensure provided media store directory is synchronized - synchronize: + ansible.posix.synchronize: src: "{{ server_path_media_store }}/" dest: "{{ matrix_synapse_media_store_path }}" delete: true # It's wasteful to preserve owner/group now. We chown below anyway. owner: false - ansible.builtin.group: false + group: false times: true delegate_to: "{{ inventory_hostname }}" diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/custom/matrix-synapse/tasks/init.yml similarity index 85% rename from roles/matrix-synapse/tasks/init.yml rename to roles/custom/matrix-synapse/tasks/init.yml index 77696bce..9146936a 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/custom/matrix-synapse/tasks/init.yml @@ -8,15 +8,15 @@ # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # we'll generate it dynamically. -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" - when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list|length == 0" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" + when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}" when: matrix_synapse_enabled | bool -- name: Ensure systemd services for workers are injected - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml" +- name: Ensure workers are injected into various places + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml" with_items: "{{ matrix_synapse_workers_enabled_list }}" loop_control: loop_var: matrix_synapse_worker_details @@ -26,7 +26,11 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" when: matrix_s3_media_store_enabled | bool -- block: +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/init.yml" + when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + +- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -65,15 +69,15 @@ matrix_synapse_worker_nginx_metrics_configuration_block: | {% for worker in matrix_synapse_workers_enabled_list %} {% if worker.metrics_port != 0 %} - location /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} { + location /metrics/synapse/worker/{{ worker.id }} { resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; + set $backend "{{ worker.name }}:{{ worker.metrics_port }}"; proxy_pass http://$backend/_synapse/metrics; proxy_set_header Host $host; } {% endif %} {% endfor %} - when: matrix_synapse_workers_enabled_list|length > 0 + when: matrix_synapse_workers_enabled_list | length > 0 - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) ansible.builtin.set_fact: @@ -83,5 +87,4 @@ + [matrix_synapse_worker_nginx_metrics_configuration_block] }} - when: matrix_synapse_workers_enabled_list|length > 0 - when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool + when: matrix_synapse_workers_enabled_list | length > 0 diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml similarity index 100% rename from roles/matrix-synapse/tasks/main.yml rename to roles/custom/matrix-synapse/tasks/main.yml diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/custom/matrix-synapse/tasks/register_user.yml similarity index 91% rename from roles/matrix-synapse/tasks/register_user.yml rename to roles/custom/matrix-synapse/tasks/register_user.yml index 8c344b2d..81748449 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/custom/matrix-synapse/tasks/register_user.yml @@ -28,6 +28,6 @@ when: "start_result.changed" - name: Register user - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}" register: matrix_synapse_register_user_result changed_when: matrix_synapse_register_user_result.rc == 0 diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml similarity index 74% rename from roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml rename to roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 221a7570..e5cf8e8e 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -6,7 +6,7 @@ - name: Generate rust-synapse-compress-state room compression command ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_compress_room_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} @@ -21,14 +21,16 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_compress_room_command_result - changed_when: matrix_synapse_rust_synapse_compress_state_compress_room_command_result.rc == 0 + failed_when: not matrix_synapse_rust_synapse_compress_state_compress_room_command_result.finished or matrix_synapse_rust_synapse_compress_state_compress_room_command_result.rc != 0 + changed_when: matrix_synapse_rust_synapse_compress_state_compress_room_command_result.finished and matrix_synapse_rust_synapse_compress_state_compress_room_command_result.rc == 0 -- ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_compress_room_command_result" +- ansible.builtin.debug: + var: "matrix_synapse_rust_synapse_compress_state_compress_room_command_result" - name: Generate Postgres compression SQL import command ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_psql_import_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} @@ -44,7 +46,8 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_psql_import_command_result - changed_when: matrix_synapse_rust_synapse_compress_state_psql_import_command_result.rc == 0 + failed_when: not matrix_synapse_rust_synapse_compress_state_psql_import_command_result.finished + changed_when: matrix_synapse_rust_synapse_compress_state_psql_import_command_result.finished and matrix_synapse_rust_synapse_compress_state_psql_import_command_result.rc == 0 - name: Clean up ansible.builtin.file: diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml similarity index 89% rename from roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml rename to roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index fcea8606..17124e25 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -43,20 +43,20 @@ group: "{{ matrix_user_groupname }}" - name: Ensure rust-synapse-compress-state image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_rust_synapse_compress_state_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_rust_synapse_compress_state_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Generate rust-synapse-compress-state room find command ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_find_rooms_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} @@ -70,6 +70,7 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_find_rooms_command_result + failed_when: not matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.finished changed_when: false # We expect the output to be like this: @@ -85,16 +86,18 @@ # # Row 3 contains a space when there's no result. -- block: - - ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" +- when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines | length != 4" + block: + - ansible.builtin.debug: + var: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" - name: Fail if room find result is not what we expect ansible.builtin.fail: msg: >- Expecting 4 lines in the "find rooms" result. - when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4" -- block: +- when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '" + block: # matrix_synapse_rust_synapse_compress_state_eligible_rooms is a list # of dictionaries like this: {'room_id': '!some-id', 'count': 2461329} - ansible.builtin.set_fact: @@ -113,7 +116,6 @@ with_items: "{{ matrix_synapse_rust_synapse_compress_state_eligible_rooms }}" loop_control: loop_var: room_details - when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '" - name: Show notice about lack of rooms to compress ansible.builtin.debug: diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/custom/matrix-synapse/tasks/self_check_client_api.yml similarity index 100% rename from roles/matrix-synapse/tasks/self_check_client_api.yml rename to roles/custom/matrix-synapse/tasks/self_check_client_api.yml diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml similarity index 100% rename from roles/matrix-synapse/tasks/self_check_federation_api.yml rename to roles/custom/matrix-synapse/tasks/self_check_federation_api.yml diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/custom/matrix-synapse/tasks/setup_synapse.yml similarity index 79% rename from roles/matrix-synapse/tasks/setup_synapse.yml rename to roles/custom/matrix-synapse/tasks/setup_synapse.yml index d4e6ae95..13a5819e 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/custom/matrix-synapse/tasks/setup_synapse.yml @@ -11,6 +11,8 @@ - {path: "{{ matrix_synapse_config_dir_path }}", when: true} - {path: "{{ matrix_synapse_ext_path }}", when: true} - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"} + - {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"} + - {path: "{{ matrix_synapse_ext_s3_storage_provider_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"} # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. diff --git a/roles/matrix-synapse/tasks/synapse/setup.yml b/roles/custom/matrix-synapse/tasks/synapse/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/synapse/setup.yml rename to roles/custom/matrix-synapse/tasks/synapse/setup.yml diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml similarity index 80% rename from roles/matrix-synapse/tasks/synapse/setup_install.yml rename to roles/custom/matrix-synapse/tasks/synapse/setup_install.yml index e4ec0f67..429179de 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml @@ -18,7 +18,8 @@ group: "{{ matrix_user_groupname }}" when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists" -- block: +- when: "matrix_synapse_container_image_self_build | bool" + block: - name: Ensure Synapse repository is present on self-build ansible.builtin.git: repo: "{{ matrix_synapse_container_image_self_build_repo }}" @@ -30,7 +31,7 @@ register: matrix_synapse_git_pull_results - name: Check if Synapse Docker image exists - ansible.builtin.command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" + ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" register: matrix_synapse_docker_image_check_result changed_when: false @@ -41,27 +42,45 @@ ansible.builtin.shell: chdir: "{{ matrix_synapse_docker_src_files_path }}" cmd: | - {{ matrix_host_command_docker }} build \ + {{ devture_systemd_docker_base_host_command_docker }} build \ -t "{{ matrix_synapse_docker_image }}" \ -f docker/Dockerfile \ . environment: DOCKER_BUILDKIT: 1 when: "matrix_synapse_git_pull_results.changed | bool or matrix_synapse_docker_image_check_result.stdout == ''" - when: "matrix_synapse_container_image_self_build | bool" - name: Ensure Synapse Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}" when: "not matrix_synapse_container_image_self_build" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed +- when: "matrix_synapse_container_image_customizations_enabled | bool" + block: + - name: Ensure customizations Dockerfile is created + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/customizations/Dockerfile.j2" + dest: "{{ matrix_synapse_customized_docker_src_files_path }}/Dockerfile" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + + - name: Ensure customized Docker image for Synapse is built + community.docker.docker_image: + name: "{{ matrix_synapse_docker_image_customized }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_synapse_customized_docker_src_files_path }}" + pull: true + - name: Check if a Synapse signing key exists ansible.builtin.stat: path: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.key" @@ -106,7 +125,7 @@ - name: Ensure matrix-synapse.service installed ansible.builtin.template: src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-synapse.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" mode: 0644 register: matrix_synapse_systemd_service_result diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml similarity index 75% rename from roles/matrix-synapse/tasks/synapse/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml index 17b1b8c4..17fa8a4f 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-synapse service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-synapse.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" register: matrix_synapse_service_stat - name: Ensure matrix-synapse is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-synapse.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-synapse.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" state: absent when: "matrix_synapse_service_stat.stat.exists" @@ -26,9 +26,12 @@ when: "matrix_synapse_service_stat.stat.exists" - name: Ensure Synapse Docker image doesn't exist - docker_image: - name: "{{ matrix_synapse_docker_image }}" + community.docker.docker_image: + name: "{{ item }}" state: absent + with_items: + - "{{ matrix_synapse_docker_image_final }}" + - "{{ matrix_synapse_docker_image }}" - name: Ensure sample prometheus.yml for external scraping is deleted ansible.builtin.file: diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml new file mode 100644 index 00000000..d88884d0 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml @@ -0,0 +1,152 @@ +--- +# Below is a huge hack for dynamically building a list of workers and finally assigning it to `matrix_synapse_workers_enabled_list`. +# +# set_fact within a loop does not work reliably in Ansible (it only executes on the first iteration for some reason), +# so we're forced to do something much uglier. + +- name: Build generic workers + ansible.builtin.set_fact: + worker: + id: "generic-worker-{{ item }}" + name: "matrix-synapse-worker-generic-{{ item }}" + type: 'generic_worker' + app: 'generic_worker' + webserving: true + port: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" + metrics_port: "{{ matrix_synapse_workers_generic_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_generic_workers" + loop: "{{ range(0, matrix_synapse_workers_generic_workers_count | int) | list }}" + +- name: Build stream writer workers + ansible.builtin.set_fact: + worker: + id: "stream-writer-{{ idx }}-{{ item.stream }}" + # Names must not include understores. Certain stream writer streams (to_device, account_data, ..) do, so we fix them up. + name: "matrix-synapse-worker-stream-writer-{{ idx }}-{{ item.stream | replace('_', '-') }}" + type: 'stream_writer' + app: "generic_worker" + webserving: "{{ item.stream in matrix_synapse_workers_webserving_stream_writer_types }}" + stream_writer_stream: "{{ item.stream }}" + port: "{{ matrix_synapse_workers_stream_writer_workers_http_port_range_start + idx }}" + replication_port: "{{ matrix_synapse_workers_stream_writer_workers_replication_port_range_start + idx }}" + metrics_port: "{{ matrix_synapse_workers_stream_writer_workers_metrics_range_start + idx }}" + register: "matrix_synapse_workers_list_results_stream_writer_workers" + loop: "{{ matrix_synapse_workers_stream_writers }}" + loop_control: + index_var: idx + +- name: Populate matrix_synapse_stream_writers from enabled stream writer workers list + ansible.builtin.set_fact: + matrix_synapse_stream_writers: "{{ matrix_synapse_stream_writers | combine({item.ansible_facts.worker.stream_writer_stream: [item.ansible_facts.worker.name]}, list_merge='append') }}" + with_items: "{{ matrix_synapse_workers_list_results_stream_writer_workers.results }}" + +- name: Build federation sender workers + ansible.builtin.set_fact: + worker: + id: "federation-sender-{{ item }}" + name: "matrix-synapse-worker-federation-sender-{{ item }}" + type: 'federation_sender' + app: 'federation_sender' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_federation_sender_workers" + loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count | int) | list }}" + +- name: Populate matrix_synapse_federation_sender_instances from enabled federation sender workers list + ansible.builtin.set_fact: + matrix_synapse_federation_sender_instances: "{{ matrix_synapse_federation_sender_instances + [item.ansible_facts.worker.name] }}" + with_items: "{{ matrix_synapse_workers_list_results_federation_sender_workers.results }}" + +# This type of worker can only have a count of 1, at most +- name: Build pusher workers + ansible.builtin.set_fact: + worker: + id: "pusher-{{ item }}" + name: "matrix-synapse-worker-pusher-{{ item }}" + type: 'pusher' + app: 'pusher' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_pusher_workers" + loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count | int) | list }}" + +# This type of worker can only have a count of 1, at most +- name: Build appservice workers + ansible.builtin.set_fact: + worker: + id: "appservice-{{ item }}" + name: "matrix-synapse-worker-appservice-{{ item }}" + type: 'appservice' + app: 'generic_worker' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_appservice_workers" + loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count | int) | list }}" + +# This type of worker can only have a count of 1, at most +- name: Build user_dir workers + ansible.builtin.set_fact: + worker: + id: "user-dir-{{ item }}" + name: "matrix-synapse-worker-user-dir-{{ item }}" + type: 'user_dir' + app: 'generic_worker' + webserving: true + port: "{{ matrix_synapse_workers_user_dir_workers_port_range_start + item }}" + metrics_port: "{{ matrix_synapse_workers_user_dir_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_user_dir_workers" + loop: "{{ range(0, matrix_synapse_workers_user_dir_workers_count | int) | list }}" + +# This type of worker can only have a count of 1, at most +- name: Build background workers + ansible.builtin.set_fact: + worker: + id: "background-{{ item }}" + name: "matrix-synapse-worker-background-{{ item }}" + type: 'background' + app: 'generic_worker' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_background_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_background_workers" + loop: "{{ range(0, matrix_synapse_workers_background_workers_count | int) | list }}" + +- name: Build media_repository workers + ansible.builtin.set_fact: + worker: + id: "media-repository-{{ item }}" + name: "matrix-synapse-worker-media-repository-{{ item }}" + type: 'media_repository' + app: 'media_repository' + webserving: true + port: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" + metrics_port: "{{ matrix_synapse_workers_media_repository_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_media_repository_workers" + loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count | int) | list }}" + +- ansible.builtin.set_fact: + matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list | default([]) + [item.ansible_facts.worker] }}" + with_items: | + {{ + matrix_synapse_workers_list_results_generic_workers.results + + + matrix_synapse_workers_list_results_stream_writer_workers.results + + + matrix_synapse_workers_list_results_federation_sender_workers.results + + + matrix_synapse_workers_list_results_pusher_workers.results + + + matrix_synapse_workers_list_results_appservice_workers.results + + + matrix_synapse_workers_list_results_user_dir_workers.results + + + matrix_synapse_workers_list_results_media_repository_workers.results + + + matrix_synapse_workers_list_results_background_workers.results + }} + +- ansible.builtin.set_fact: + matrix_synapse_workers_enabled_list: "{{ matrix_synapse_dynamic_workers_list }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml similarity index 90% rename from roles/matrix-synapse/tasks/synapse/workers/setup.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml index 836d5a66..1458cc0a 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml @@ -4,7 +4,7 @@ # This is a temporary cleanup for people who ran that version. - name: Ensure old matrix-synapse.service.wants directory is gone ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-synapse.service.wants" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service.wants" state: absent # Same. This was part of a previous version of the worker setup. diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml similarity index 96% rename from roles/matrix-synapse/tasks/synapse/workers/setup_install.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml index c264805a..74ca6c35 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml @@ -16,7 +16,7 @@ - name: Determine current worker systemd services ansible.builtin.find: - path: "{{ matrix_systemd_path }}" + path: "{{ devture_systemd_docker_base_systemd_path }}" patterns: "matrix-synapse-worker.*.service" use_regex: true register: matrix_synapse_workers_current_systemd_services diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml similarity index 95% rename from roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index 98c81a2e..2b0d21df 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -25,7 +25,7 @@ - name: Find worker systemd services to be cleaned ansible.builtin.find: - path: "{{ matrix_systemd_path }}" + path: "{{ devture_systemd_docker_base_systemd_path }}" patterns: "matrix-synapse-worker.*.service" use_regex: true register: matrix_synapse_workers_current_systemd_services diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml new file mode 100644 index 00000000..4542f19c --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml @@ -0,0 +1,70 @@ +--- +# The tasks below run before `validate_config.yml`. +# To avoid failing with a cryptic error message, we'll do validation here. +# +# This check is mostly relevant to people who explicitly define `matrix_synapse_workers_enabled_list` +# (Synapse Workers users from the earlier days of this PR - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456). +# +# In the future, it should be possible to remove this check. +# Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right. +- name: Fail if required property not defined for worker + ansible.builtin.fail: + msg: "Synapse workers (like {{ matrix_synapse_worker_details | to_json }}) need to define a `{{ item }}` property" + with_items: + - id + - name + - type + - app + - port + - webserving + when: "item not in matrix_synapse_worker_details" + +# Names are used for container names and systemd services. +# Routing happens based on container names, so Synapse processes that try to route to workers with underscores in the name will complain. Example: +# > InvalidCodepoint Codepoint U+005F at position 46 of 'matrix-synapse-worker-stream-writer-3-account_data' not allowed +- name: Fail if worker name includes underscore + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `name`: `{{ matrix_synapse_worker_details.name }}`. It must not include underscores" + when: "'_' in matrix_synapse_worker_details.name" + +- name: Fail if worker type unknown + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `type`: `{{ matrix_synapse_worker_details.type }}`. Supported types are: {{ matrix_synapse_known_worker_types | join(', ') }}" + when: "matrix_synapse_worker_details.type not in matrix_synapse_known_worker_types" + +- name: Fail if worker app unknown + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `app`: `{{ matrix_synapse_worker_details.app }}`. Supported types are: {{ matrix_synapse_workers_avail_list | join(', ') }}" + when: "matrix_synapse_worker_details.app not in matrix_synapse_workers_avail_list" + +- when: "matrix_synapse_worker_details.type == 'stream_writer'" + block: + - name: Fail if stream_writer_stream not defined for stream_writer worker + ansible.builtin.fail: + msg: >- + Synapse stream_writer workers (such as {{ item }}) need to define a valid `stream_writer_stream` property + (not `{{ matrix_synapse_worker_details.stream_writer_stream | default('undefined') }}`). + Supported types are: {{ matrix_synapse_workers_known_stream_writer_stream_types | join(', ') }} + when: "'stream_writer_stream' not in matrix_synapse_worker_details or matrix_synapse_worker_details.stream_writer_stream not in matrix_synapse_workers_known_stream_writer_stream_types" + + - name: Fail if replication_port not defined for stream_writer worker + ansible.builtin.fail: + msg: "Synapse background workers of type stream_writer (such as {{ item }}) need to define a valid `replication_port` property" + when: "'replication_port' not in matrix_synapse_worker_details" + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" + +- ansible.builtin.set_fact: + matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" + when: matrix_synapse_worker_details.webserving | bool + +# Inject stream writers into the instance map. +- ansible.builtin.set_fact: + matrix_synapse_instance_map: "{{ matrix_synapse_instance_map | combine({matrix_synapse_worker_details.name: {'host': matrix_synapse_worker_details.name, 'port': matrix_synapse_worker_details.replication_port}}) }}" + when: matrix_synapse_worker_details.type in matrix_synapse_known_instance_map_eligible_worker_types + +# Inject pusher instances. +- ansible.builtin.set_fact: + matrix_synapse_federation_pusher_instances: "{{ matrix_synapse_federation_pusher_instances + [matrix_synapse_worker_details.name] }}" + when: matrix_synapse_worker_details.type == 'pusher' diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml similarity index 63% rename from roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml index d6d4924f..6910445e 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml @@ -1,13 +1,9 @@ --- - ansible.builtin.set_fact: - matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}" - -- ansible.builtin.set_fact: - matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_systemd_service_name }}" - -- ansible.builtin.set_fact: - matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.type }}_{{ matrix_synapse_worker_details.instanceId }}.yaml" + matrix_synapse_worker_systemd_service_name: "{{ matrix_synapse_worker_details.name }}" + matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_details.name }}" + matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.name }}.yaml" - name: Ensure configuration exists for {{ matrix_synapse_worker_systemd_service_name }} ansible.builtin.template: @@ -20,5 +16,5 @@ - name: Ensure systemd service exists for {{ matrix_synapse_worker_systemd_service_name }} ansible.builtin.template: src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse-worker.service.j2" - dest: "{{ matrix_systemd_path }}/{{ matrix_synapse_worker_systemd_service_name }}.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_synapse_worker_systemd_service_name }}.service" mode: 0644 diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/custom/matrix-synapse/tasks/update_user_password.yml similarity index 84% rename from roles/matrix-synapse/tasks/update_user_password.yml rename to roles/custom/matrix-synapse/tasks/update_user_password.yml index 586bf51b..3ddc4b8d 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/custom/matrix-synapse/tasks/update_user_password.yml @@ -36,11 +36,11 @@ when: "start_result.changed or postgres_start_result.changed" - name: Generate password hash - ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" + ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password | quote }}" register: password_hash changed_when: false - name: Update user password hash - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username | quote }} {{ password_hash.stdout | quote }}" register: matrix_synapse_update_user_password_result changed_when: matrix_synapse_update_user_password_result.rc == 0 diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml similarity index 75% rename from roles/matrix-synapse/tasks/validate_config.yml rename to roles/custom/matrix-synapse/tasks/validate_config.yml index ba60abf8..0758c88f 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/custom/matrix-synapse/tasks/validate_config.yml @@ -12,26 +12,20 @@ - "matrix_synapse_database_password" - "matrix_synapse_database_database" -- name: Fail if asking to configure deprecaed workers (appservice, userdir) - ansible.builtin.fail: - msg: >- - `{{ item }}` cannot be more than 0. - This type of worker has been deprecated since Synapse v1.59. - Please remove your `{{ item }}` configuration to solve this problem. - See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types - when: "vars[item]|int != 0" - with_items: - - "matrix_synapse_workers_appservice_workers_count" - - "matrix_synapse_workers_user_dir_workers_count" - - name: Fail if asking for more than 1 instance of single-instance workers ansible.builtin.fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. - when: "vars[item]|int > 1" + when: "vars[item] | int > 1" with_items: - - "matrix_synapse_workers_pusher_workers_count" - - "matrix_synapse_workers_federation_sender_workers_count" + - "matrix_synapse_workers_appservice_workers_count" + - "matrix_synapse_workers_user_dir_workers_count" + - "matrix_synapse_workers_background_workers_count" + - "matrix_synapse_workers_stream_writer_typing_stream_workers_count" + - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count" + - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count" + - "matrix_synapse_workers_stream_writer_receipts_stream_workers_count" + - "matrix_synapse_workers_stream_writer_presence_stream_workers_count" - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: @@ -61,6 +55,10 @@ - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} - {'old': 'matrix_synapse_version_arm64', 'new': ''} - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} + - {'old': 'matrix_synapse_account_threepid_delegates_email', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_count', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml ansible.builtin.fail: diff --git a/roles/matrix-synapse/templates/goofys/env-goofys.j2 b/roles/custom/matrix-synapse/templates/goofys/env-goofys.j2 similarity index 100% rename from roles/matrix-synapse/templates/goofys/env-goofys.j2 rename to roles/custom/matrix-synapse/templates/goofys/env-goofys.j2 diff --git a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 similarity index 71% rename from roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 rename to roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index df4a4f23..a1174bce 100644 --- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -7,11 +7,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill %n -ExecStartPre=-{{ matrix_host_command_docker }} rm %n +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill %n +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm %n -ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name %n \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \ @@ -27,9 +27,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' TimeoutStartSec=5min -ExecStop=-{{ matrix_host_command_docker }} stop %n -ExecStop=-{{ matrix_host_command_docker }} kill %n -ExecStop=-{{ matrix_host_command_docker }} rm %n +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop %n +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill %n +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm %n ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} Restart=always RestartSec=5 diff --git a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 new file mode 100644 index 00000000..3919e955 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 @@ -0,0 +1,7 @@ +FROM {{ matrix_synapse_docker_image }} + +{% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled %} +RUN pip install synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }} +{% endif %} + +{{ matrix_synapse_container_image_customizations_dockerfile_body_custom }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/database.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/database.yaml.j2 new file mode 100644 index 00000000..ed11645e --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/database.yaml.j2 @@ -0,0 +1,5 @@ +user: {{ matrix_synapse_database_user | to_json }} +password: {{ matrix_synapse_database_password | to_json }} +database: {{ matrix_synapse_database_database | to_json }} +host: {{ matrix_synapse_database_host | to_json }} +port: {{ matrix_synapse_database_port | to_json }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 new file mode 100644 index 00000000..6dfcbe41 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 @@ -0,0 +1,11 @@ +AWS_ACCESS_KEY_ID={{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id }} +AWS_SECRET_ACCESS_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key }} +AWS_DEFAULT_REGION={{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name }} + +ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url }} +BUCKET={{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket }} +STORAGE_CLASS={{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class }} + +MEDIA_PATH=/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }} + +UPDATE_DB_DURATION={{ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count }}d diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 new file mode 100644 index 00000000..97b0f5f2 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 @@ -0,0 +1,14 @@ +module: s3_storage_provider.S3StorageProviderBackend +store_local: {{ matrix_synapse_ext_synapse_s3_storage_provider_store_local | to_json }} +store_remote: {{ matrix_synapse_ext_synapse_s3_storage_provider_store_remote | to_json }} +store_synchronous: {{ matrix_synapse_ext_synapse_s3_storage_provider_store_synchronous | to_json }} +config: + bucket: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket | to_json }} + region_name: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name | to_json }} + endpoint_url: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url | to_json }} + access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }} + secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }} + + storage_class: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class | to_json }} + + threadpool_size: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size | to_json }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 new file mode 100644 index 00000000..159681a0 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 @@ -0,0 +1,7 @@ +[Unit] +Description=Migrates locally-stored Synapse media store files to S3 + +[Service] +Type=oneshot +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStart={{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.timer.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.timer.j2 new file mode 100644 index 00000000..5013c7a8 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Migrates locally-stored Synapse media store files to S3 + +[Timer] +Unit=matrix-synapse-s3-storage-provider-migrate.service +OnCalendar=*-*-* 05:00:00 + +[Install] +WantedBy=timers.target diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 new file mode 100644 index 00000000..d48ae122 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 @@ -0,0 +1,13 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +{{ devture_systemd_docker_base_host_command_docker }} run \ + --rm \ + --env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \ + --mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ + --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \ + --workdir=/data \ + --network={{ matrix_docker_network }} \ + --entrypoint=/bin/bash \ + {{ matrix_synapse_docker_image_final }} \ + -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT' diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 new file mode 100644 index 00000000..b46e89b7 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 @@ -0,0 +1,13 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +{{ devture_systemd_docker_base_host_command_docker }} run \ + -it \ + --rm \ + --env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \ + --mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ + --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \ + --workdir=/data \ + --network={{ matrix_docker_network }} \ + --entrypoint=/bin/bash \ + {{ matrix_synapse_docker_image_final }} diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 similarity index 98% rename from roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 rename to roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 87cedb40..9b02346c 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -349,19 +349,6 @@ listeners: # c.f. https://github.com/matrix-org/synapse/tree/master/contrib/systemd-with-workers/README.md worker_app: synapse.app.homeserver - -# thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ -# reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list %} -send_federation: false -{% endif %} -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list %} -enable_media_repo: false -{% endif %} -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list %} -start_pushers: false -{% endif %} - daemonize: false {% endif %} @@ -977,6 +964,8 @@ rc_joins: {{ matrix_synapse_rc_joins|to_json }} # per_second: 0.003 # burst_count: 5 # +rc_invites: {{ matrix_synapse_rc_invites|to_json }} + #rc_third_party_invite: # per_second: 0.2 # burst_count: 10 @@ -1021,6 +1010,7 @@ federation_rr_transactions_per_room_per_second: {{ matrix_synapse_federation_rr_ # following if you are using a separate media store worker. # #enable_media_repo: false +enable_media_repo: {{ matrix_synapse_enable_media_repo | to_json }} # Directory where uploaded images and attachments are stored. # @@ -1039,6 +1029,7 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # store_synchronous: false # config: # directory: /mnt/some/other/directory +media_storage_providers: {{ matrix_synapse_media_storage_providers | to_json }} # The largest allowed upload size in bytes # @@ -1417,14 +1408,10 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # #default_identity_server: https://matrix.org -# Handle threepid (email/phone etc) registration and password resets through a set of +# Handle threepid (phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to # reset passwords for accounts! # -# Be aware that if `email` is not set, and SMTP options have not been -# configured in the email config block, registration and user password resets via -# email will be globally disabled. -# # Additionally, if `msisdn` is not set, registration and password resets via msisdn # will be disabled regardless, and users will not be able to associate an msisdn # identifier to their account. This is due to Synapse currently not supporting @@ -1439,7 +1426,6 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # https://matrix.org/docs/spec/identity_service/latest # account_threepid_delegates: - email: {{ matrix_synapse_account_threepid_delegates_email|to_json }} msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }} # Whether users are allowed to change their displayname after it has @@ -1587,11 +1573,11 @@ metrics_flags: # #known_servers: true -# Whether or not to report anonymized homeserver usage statistics. +# Whether or not to report homeserver usage statistics. # report_stats: {{ matrix_synapse_report_stats|to_json }} -# The endpoint to report the anonymized homeserver usage statistics to. +# The endpoint to report homeserver usage statistics to. # Defaults to https://matrix.org/report-usage-stats/push # #report_stats_endpoint: https://example.com/report-usage-stats/push @@ -1645,7 +1631,7 @@ room_prejoin_state: # A list of application service config files to use # -app_service_config_files: {{ matrix_synapse_app_service_config_files|to_json }} +app_service_config_files: {{ matrix_synapse_app_service_config_files_final|to_json }} # Uncomment to enable tracking of application service IP addresses. Implicitly # enables MAU tracking for application service users. @@ -2854,6 +2840,7 @@ opentracing: # Uncomment if using a federation sender worker. # #send_federation: false +send_federation: {{ matrix_synapse_send_federation | to_json }} # It is possible to run multiple federation sender workers, in which case the # work is balanced across them. @@ -2865,6 +2852,14 @@ opentracing: # #federation_sender_instances: # - federation_sender1 +{% if matrix_synapse_federation_sender_instances | length > 0 %} +federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_json }} +{% endif %} + +{% if matrix_synapse_federation_pusher_instances | length > 0 %} +pusher_instances: {{ matrix_synapse_federation_pusher_instances | to_json }} +{% endif %} +start_pushers: {{ matrix_synapse_start_pushers | to_json }} # When using workers this should be a map from `worker_name` to the # HTTP replication listener of the worker, if configured. @@ -2873,6 +2868,7 @@ opentracing: # worker1: # host: localhost # port: 8034 +instance_map: {{ matrix_synapse_instance_map | to_json }} # Experimental: When using workers you can define which workers should # handle event persistence and typing notifications. Any worker @@ -2881,11 +2877,27 @@ opentracing: #stream_writers: # events: worker1 # typing: worker1 +stream_writers: {{ matrix_synapse_stream_writers | to_json }} + +{% if matrix_synapse_notify_appservices_from_worker != '' %} +notify_appservices_from_worker: {{ matrix_synapse_notify_appservices_from_worker | to_json }} +{% endif %} + +{% if matrix_synapse_update_user_directory_from_worker != '' %} +update_user_directory_from_worker: {{ matrix_synapse_update_user_directory_from_worker | to_json }} +{% endif %} # The worker that is used to run background tasks (e.g. cleaning up expired # data). If not provided this defaults to the main process. # #run_background_tasks_on: worker1 +{% if matrix_synapse_run_background_tasks_on != '' %} +run_background_tasks_on: {{ matrix_synapse_run_background_tasks_on | to_json }} +{% endif %} + +{% if matrix_synapse_media_instance_running_background_jobs != '' %} +media_instance_running_background_jobs: {{ matrix_synapse_media_instance_running_background_jobs | to_json }} +{% endif %} # A shared secret used by the replication APIs to authenticate HTTP requests # from workers. diff --git a/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 b/roles/custom/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 similarity index 89% rename from roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 rename to roles/custom/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 index b194c3c2..1501697d 100644 --- a/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 @@ -24,8 +24,8 @@ scrape_configs: job: "master" index: "0" {% for worker in matrix_synapse_workers_enabled_list %} - - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' - metrics_path: /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} + - job_name: '{{ worker.name }}' + metrics_path: /metrics/synapse/worker/{{ worker.id }} scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: @@ -35,6 +35,7 @@ scrape_configs: static_configs: - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: + worker_id: {{ worker.id }} job: "{{ worker.type }}" - index: "{{ worker.instanceId }}" + app: {{ worker.app }} {% endfor %} diff --git a/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 b/roles/custom/matrix-synapse/templates/synapse/synapse.log.config.j2 similarity index 100% rename from roles/matrix-synapse/templates/synapse/synapse.log.config.j2 rename to roles/custom/matrix-synapse/templates/synapse/synapse.log.config.j2 diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 similarity index 63% rename from roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 rename to roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 43dc42d1..3d50ac9b 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -6,15 +6,15 @@ After=matrix-synapse.service [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' # Intentional delay, so that the homeserver can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_worker_container_name }} \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_synapse_worker_container_name }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -39,17 +39,17 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor {% for volume in matrix_synapse_container_additional_volumes %} -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \ {% endfor %} - {% for arg in matrix_synapse_container_extra_arguments %} + {% for arg in matrix_synapse_container_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_synapse_docker_image }} \ - run -m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} + {{ matrix_synapse_docker_image_final }} \ + run -m synapse.app.{{ matrix_synapse_worker_details.app }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} -ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 SyslogIdentifier={{ matrix_synapse_worker_container_name }} diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 similarity index 71% rename from roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 rename to roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 2b59748f..7f6c2336 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -12,7 +12,7 @@ Wants={{ service }} {% if matrix_synapse_workers_enabled %} {% for matrix_synapse_worker_details in matrix_synapse_workers_enabled_list %} -Wants=matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.port }}.service +Wants={{ matrix_synapse_worker_details.name }}.service {% endfor %} {% endif %} @@ -20,9 +20,9 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse 2>/dev/null || true' {% if matrix_s3_media_store_enabled %} # Allow for some time before starting, so that media store can mount. # Mounting can happen later too, but if we start writing, @@ -30,7 +30,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre={{ matrix_host_command_sleep }} 3 {% endif %} -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-synapse \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -57,15 +57,15 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {% for volume in matrix_synapse_container_additional_volumes %} -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \ {% endfor %} - {% for arg in matrix_synapse_container_extra_arguments %} + {% for arg in matrix_synapse_container_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_synapse_docker_image }} \ + {{ matrix_synapse_docker_image_final }} \ run -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse diff --git a/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 b/roles/custom/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 similarity index 100% rename from roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 rename to roles/custom/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 diff --git a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 new file mode 100644 index 00000000..2b0df98d --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -0,0 +1,64 @@ +#jinja2: lstrip_blocks: "True" +worker_app: synapse.app.{{ matrix_synapse_worker_details.app }} +worker_name: {{ matrix_synapse_worker_details.name }} + +worker_daemonize: false +worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config + +{% if matrix_synapse_replication_listener_enabled %} +worker_replication_host: matrix-synapse +worker_replication_http_port: {{ matrix_synapse_replication_http_port }} +{% endif %} + +{% if matrix_synapse_worker_details.type == 'generic_worker' %} +worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} +{% endif %} + +{% set http_resources = [] %} + +{% if matrix_synapse_worker_details.type == 'user_dir' %} + {% set http_resources = http_resources + ['client'] %} +{% endif %} +{% if matrix_synapse_worker_details.type == 'generic_worker' %} + {% set http_resources = http_resources + ['client', 'federation'] %} +{% endif %} +{# + None of the background workers need to handle federation traffic. + Only some of the stream writers need to handle client traffic. +#} +{% if matrix_synapse_worker_details.type == 'stream_writer' and matrix_synapse_worker_details.webserving %} + {% set http_resources = http_resources + ['client'] %} +{% endif %} +{% if matrix_synapse_worker_details.type == 'media_repository' %} + {% set http_resources = http_resources + ['media'] %} +{% endif %} + +{% set replication_http_resources = [] %} +{% if matrix_synapse_worker_details.type == 'stream_writer' %} + {# All background workers need to handle replication traffic. #} + {% set replication_http_resources = replication_http_resources + ['replication'] %} +{% endif %} + +{% if http_resources|length > 0 or matrix_synapse_metrics_enabled or replication_http_resources|length > 0 %} +worker_listeners: +{% if http_resources|length > 0 %} + - type: http + bind_addresses: ['::'] + x_forwarded: true + port: {{ matrix_synapse_worker_details.port }} + resources: + - names: {{ http_resources|to_json }} +{% endif %} +{% if matrix_synapse_metrics_enabled %} + - type: metrics + bind_addresses: ['0.0.0.0'] + port: {{ matrix_synapse_worker_details.metrics_port }} +{% endif %} +{% if replication_http_resources|length > 0 %} + - type: http + bind_addresses: ['::'] + port: {{ matrix_synapse_worker_details.replication_port }} + resources: + - names: {{ replication_http_resources|to_json }} +{% endif %} +{% endif %} diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml new file mode 100644 index 00000000..4da28410 --- /dev/null +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -0,0 +1,241 @@ +--- + +matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" +matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" + +# Tells whether this role had executed or not. Toggled to `true` during runtime. +matrix_synapse_role_executed: false + +matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" + +# A Synapse generic worker can handle both federation and client-server API endpoints. +# We wish to split these, as we normally serve federation separately and don't want them mixed up. +# +# This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), +# which takes a list of various strings and removes the ones NOT containing `/_matrix/client` anywhere in them. +# +# We intentionally don't do a diff between everything possible (`matrix_synapse_workers_generic_worker_endpoints`) and `matrix_synapse_workers_generic_worker_federation_endpoints`, +# because `matrix_synapse_workers_generic_worker_endpoints` also contains things like `/_synapse/client/`, etc. +# While /_synapse/client/ endpoints are somewhat client-server API-related, they're: +# - neither part of the client-server API spec (and are thus, different) +# - nor always OK to forward to a worker (we're supposed to obey `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_client_api_enabled`) +# +# It's also not too many of these APIs (only `^/_synapse/client/password_reset/email/submit_token$` at the time of this writing / 2021-01-24), +# so it's not that important whether we forward them or not. +# +# Basically, we aim to cover most things. Skipping `/_synapse/client` or a few other minor things doesn't matter too much. +matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*') | list | difference([none]) }}" + +# A Synapse generic worker can handle both federation and client-server API endpoints. +# We wish to split these, as we normally serve federation separately and don't want them mixed up. +# +# This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), +# which takes a list of various strings and removes the ones NOT containing `/_matrix/federation` or `/_matrix/key` anywhere in them. +matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', matrix_synapse_workers_generic_worker_federation_endpoints_regex) | list | difference([none]) }}" + +# matrix_synapse_workers_generic_worker_federation_endpoints_regex contains the regex used in matrix_synapse_workers_generic_worker_federation_endpoints. +# It's intentionally put in a separate variable, to avoid tripping ansible-lint's jinja[spacing] rule. +matrix_synapse_workers_generic_worker_federation_endpoints_regex: '.*(/_matrix/federation|/_matrix/key).*' + +# matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints contains the endpoints serviced by the `typing` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream +matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints: + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing + +# matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints contains the endpoints serviced by the `to_device` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream +matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + +# matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints contains the endpoints serviced by the `account_data` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream +matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/.*/tags + - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + +# matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints contains the endpoints serviced by the `recepts` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream +matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + +# matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints contains the endpoints serviced by the `presence` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream +matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints: + - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + +# matrix_synapse_workers_user_dir_worker_client_server_endpoints contains the endpoints serviced by the `type = user_dir` (`app = generic_worker`) worker. +# See: https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory +matrix_synapse_workers_user_dir_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + +# matrix_synapse_workers_known_stream_writer_stream_types contains the list of stream writer stream types that the playbook recognizes. +# This is used for validation purposes. If adding support for a new type, besides adding it to this list, +# don't forget to actually configure it where appropriate (see worker.yaml.j2`, the nginx proxy configuration, etc). +matrix_synapse_workers_known_stream_writer_stream_types: ['events', 'typing', 'to_device', 'account_data', 'receipts', 'presence'] + +# matrix_synapse_workers_webserving_stream_writer_types contains a list of stream writer types that serve web (client) requests. +# Not all stream writers serve web requests. Some just perform background tasks. +matrix_synapse_workers_webserving_stream_writer_types: ['typing', 'to_device', 'account_data', 'receipts', 'presence'] + +# matrix_synapse_workers_systemd_services_list contains a list of systemd services (one for each worker systemd service which serves web requests). +# This list is built during runtime. +# Not all workers serve web requests. Those that don't won't be injected here. +matrix_synapse_webserving_workers_systemd_services_list: [] + +# matrix_synapse_known_worker_types contains the list of known worker types. +# +# A worker type is different than a worker app (e.g. `generic_worker`). +# For example, the `stream_writer` worker type is served by the `generic_worker` app, but is a separate type that we recognize. +# +# Some other types (`appservice` and `user_dir`) used to be Synapse worker apps, which got subsequently deprecated. +# We still allow these types of workers and map them to the `generic_worker` app, +# which is why we make sure they're part of the list below. +# We use the `unique` filter because they're part of `matrix_synapse_workers_avail_list` too (for now; scheduled for removal). +matrix_synapse_known_worker_types: | + {{ + ( + matrix_synapse_workers_avail_list + + + ['stream_writer'] + + + ['appservice'] + + + ['user_dir'] + + + ['background'] + ) | unique + }} + +# matrix_synapse_known_instance_map_eligible_worker_types contains the list of worker types that are to be injected into `matrix_synapse_instance_map`. +matrix_synapse_known_instance_map_eligible_worker_types: + - stream_writer + +# The following section contains content that had previously been generated by a script (`workers-doc-to-yaml.awk`) processing https://github.com/matrix-org/synapse/raw/master/docs/workers.md, +# but is now maintained manually due to: +# - the script being tripped up by the content and generating somewhat inaccurate definitions, which had to be fixed up manually. +# - the script being complicated and unmaintainable +### workers:start +matrix_synapse_workers_generic_worker_endpoints: + # Sync requests + - ^/_matrix/client/(r0|v3)/sync$ + - ^/_matrix/client/(api/v1|r0|v3)/events$ + - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ + - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ + + # Federation requests + - ^/_matrix/federation/v1/event/ + - ^/_matrix/federation/v1/state/ + - ^/_matrix/federation/v1/state_ids/ + - ^/_matrix/federation/v1/backfill/ + - ^/_matrix/federation/v1/get_missing_events/ + - ^/_matrix/federation/v1/publicRooms + - ^/_matrix/federation/v1/query/ + - ^/_matrix/federation/v1/make_join/ + - ^/_matrix/federation/v1/make_leave/ + - ^/_matrix/federation/(v1|v2)/send_join/ + - ^/_matrix/federation/(v1|v2)/send_leave/ + - ^/_matrix/federation/(v1|v2)/invite/ + - ^/_matrix/federation/v1/event_auth/ + - ^/_matrix/federation/v1/exchange_third_party_invite/ + - ^/_matrix/federation/v1/user/devices/ + - ^/_matrix/key/v2/query + - ^/_matrix/federation/v1/hierarchy/ + + # Inbound federation transaction request + - ^/_matrix/federation/v1/send/ + + # Client API requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ + - ^/_matrix/client/v1/rooms/.*/hierarchy$ + - ^/_matrix/client/(v1|unstable)/rooms/.*/relations/ + - ^/_matrix/client/v1/rooms/.*/threads$ + - ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ + - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ + - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(r0|v3|unstable)/account/whoami$ + - ^/_matrix/client/(r0|v3|unstable)/devices$ + - ^/_matrix/client/versions$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ + + # Encryption requests + # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri` + - ^/_matrix/client/(r0|v3|unstable)/keys/query$ + - ^/_matrix/client/(r0|v3|unstable)/keys/changes$ + - ^/_matrix/client/(r0|v3|unstable)/keys/claim$ + - ^/_matrix/client/(r0|v3|unstable)/room_keys/ + - ^/_matrix/client/(r0|v3|unstable)/keys/upload/ + + # Registration/login requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ + - ^/_matrix/client/(r0|v3|unstable)/register$ + - ^/_matrix/client/v1/register/m.login.registration_token/validity$ + + # Event sending requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ + + # Start of intentionally-ignored-endpoints + # + # We ignore these below, because they're better sent to dedicated workers (various stream writers). + # If a stream writer is enabled, the endpoint should be routed to the stream writer, not to a generic worker. + # If a stream writer of a given type is not enabled, then a generic worker may process it. + # Because it's difficult to handle these individually based on which stream writer is enabled and which isn't, + # we just disable them here. + # + # # Account data requests + # - ^/_matrix/client/(r0|v3|unstable)/.*/tags + # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + # + # # Receipts requests + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + # + # # Presence requests + # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # + # # User directory search requests + # - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + # End of intentionally-ignored-endpoints + + +matrix_synapse_workers_media_repository_endpoints: + # Handles the media repository. It can handle all endpoints starting with: + + - ^/_matrix/media/ + + # ... and the following regular expressions matching media-specific administration APIs: + + - ^/_synapse/admin/v1/purge_media_cache$ + - ^/_synapse/admin/v1/room/.*/media.*$ + - ^/_synapse/admin/v1/user/.*/media.*$ + - ^/_synapse/admin/v1/media/.*$ + - ^/_synapse/admin/v1/quarantine_media/.*$ + - ^/_synapse/admin/v1/users/.*/media$ + +matrix_synapse_workers_user_dir_endpoints: + # Handles searches in the user directory. It can handle REST endpoints matching + # the following regular expressions: + + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + +matrix_synapse_workers_avail_list: + - appservice + - federation_sender + - generic_worker + - media_repository + - pusher + - user_dir +### workers:end diff --git a/roles/custom/matrix-user-creator/defaults/main.yml b/roles/custom/matrix-user-creator/defaults/main.yml new file mode 100644 index 00000000..5c90a1e0 --- /dev/null +++ b/roles/custom/matrix-user-creator/defaults/main.yml @@ -0,0 +1,22 @@ +--- + +# matrix-user-creator is a role that aims to automate initial Matrix user account creation. +# +# This role only supports initial user account creation and will not manage subsequent user-type changes +# or password changes. +# +# The playbook registers various bot user accounts automatically using this role by injecting +# user creation definitions into the `matrix_user_creator_users_auto` variable. +# +# To get started creating your own Matrix user accounts, use the `matrix_user_creator_users_additional` variable. + +# matrix_user_creator_users_auto holds a list of users that should be created on the Matrix homeserver. +# The playbook adds some user definitions here to have them end up in `matrix_user_creator_users` (see `vars/main.yml`) and get automatically created. +# This value is influenced by the playbook and will be overwritten elsewhere (`group_vars/`, etc.) +# To add your own user definitions, use the `matrix_user_creator_users_additional` variable. +matrix_user_creator_users_auto: [] + +# matrix_user_creator_users_additional holds a list of users that should be created on the Matrix homeserver. +# Add your own users here to have them end up in `matrix_user_creator_users` (see `vars/main.yml`) and get automatically created. +# For example syntax for this variable, see the documentation for `matrix_user_creator_users` in `vars/main.yml`. +matrix_user_creator_users_additional: [] diff --git a/roles/custom/matrix-user-creator/tasks/main.yml b/roles/custom/matrix-user-creator/tasks/main.yml new file mode 100644 index 00000000..ba20504f --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- when: matrix_user_creator_users | length > 0 + ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" + tags: + # This role intentionally doesn't do work on a `setup-all` tag. + # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data, + # which would make importing a database dump problematic. + - ensure-matrix-users-created diff --git a/roles/custom/matrix-user-creator/tasks/setup.yml b/roles/custom/matrix-user-creator/tasks/setup.yml new file mode 100644 index 00000000..73dfd454 --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/setup.yml @@ -0,0 +1,33 @@ +--- + +- name: Validate Matrix users to create + ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/validate_user.yml" + with_items: "{{ matrix_user_creator_users }}" + loop_control: + loop_var: user + # Suppress logging to avoid dumping the credentials to the shell + no_log: true + +- name: Ensure systemd is reloaded before starting the homeserver + ansible.builtin.service: + daemon_reload: true + +- name: Ensure homeserver is started before creating Matrix users + ansible.builtin.service: + name: "matrix-{{ matrix_homeserver_implementation }}.service" + state: started + daemon_reload: true + register: matrix_user_registrator_homeserver_start_result + +- name: Wait a while, so that the homeserver can manage to start before creating Matrix users + ansible.builtin.pause: + seconds: 7 + when: matrix_user_registrator_homeserver_start_result.changed | bool + +- name: Ensure Matrix users are created + ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/ensure_user_registered_{{ matrix_homeserver_implementation }}.yml" + with_items: "{{ matrix_user_creator_users }}" + loop_control: + loop_var: user + # Suppress logging to avoid dumping the credentials to the shell + no_log: true diff --git a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduit.yml b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduit.yml new file mode 100644 index 00000000..8bbd147b --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduit.yml @@ -0,0 +1,5 @@ +--- + +- name: Ensure Conduit user registered - {{ user.username | quote }} + ansible.builtin.debug: + msg: "Not registering user. To register Conduit users, message the Conduit bot" diff --git a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_dendrite.yml b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_dendrite.yml new file mode 100644 index 00000000..2fede49f --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_dendrite.yml @@ -0,0 +1,17 @@ +--- + +- name: Ensure Dendrite user registered - {{ user.username | quote }} + ansible.builtin.command: + cmd: |- + {{ devture_systemd_docker_base_host_command_docker }} exec matrix-dendrite + create-account + -config /data/dendrite.yaml + -username {{ user.username | quote }} + -password {{ user.initial_password | quote }} + {% if user.initial_type == 'admin' %} + -admin + {% endif %} + -url http://localhost:{{ matrix_dendrite_http_bind_port }} + register: matrix_dendrite_register_user_result + changed_when: matrix_dendrite_register_user_result.rc == 0 and 'Desired user ID is already taken' not in matrix_dendrite_register_user_result.stderr + failed_when: matrix_dendrite_register_user_result.rc != 0 and 'Desired user ID is already taken' not in matrix_dendrite_register_user_result.stderr diff --git a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml new file mode 100644 index 00000000..00189e5c --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml @@ -0,0 +1,22 @@ +--- + +- name: Ensure Synapse user registered - {{ user.username | quote }} + ansible.builtin.command: + cmd: |- + {{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse + register_new_matrix_user + -u {{ user.username | quote }} + -p {{ user.initial_password | quote }} + -c /data/homeserver.yaml + {% if user.initial_type == 'admin' %} + --admin + {% else %} + --no-admin + {% if user.initial_type != 'user' %} + --user_type={{ user.initial_type | quote }} + {% endif %} + {% endif %} + http://localhost:{{ matrix_synapse_container_client_api_port }} + register: matrix_synapse_register_user_result + changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout + failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout diff --git a/roles/custom/matrix-user-creator/tasks/util/validate_user.yml b/roles/custom/matrix-user-creator/tasks/util/validate_user.yml new file mode 100644 index 00000000..e35475d4 --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/util/validate_user.yml @@ -0,0 +1,16 @@ +--- + +- name: Fail if invalid username + ansible.builtin.fail: + msg: "Empty usernames values are not allowed ({{ user }})" + when: not (user.username | default('')) + +- name: Fail if invalid initial_password for user - {{ user.username }} + ansible.builtin.fail: + msg: "Empty initial_password values are not allowed" + when: not (user.initial_password | default('')) + +- name: Fail if invalid initial_type for user - {{ user.username }} + ansible.builtin.fail: + msg: "User initial_type `{{ user.initial_type | default('undefined') }}` is not supported" + when: user.initial_type | default('undefined') not in ['admin', 'user', 'bot', 'support'] diff --git a/roles/custom/matrix-user-creator/vars/main.yml b/roles/custom/matrix-user-creator/vars/main.yml new file mode 100644 index 00000000..7b65bb8a --- /dev/null +++ b/roles/custom/matrix-user-creator/vars/main.yml @@ -0,0 +1,34 @@ +--- + +# matrix_user_creator_users holds a list of users that should be created on the Matrix homeserver. +# +# Removing a user from this list will not automatically delete/disable the Matrix user on the homeserver. +# +# As the `initial_password` / `initial_type` field names indicate, these are just initial values. +# Changing the password or type values subsequently will not update the already existing user's details. +# +# The known user types are: 'admin', 'user', 'bot', 'support'. +# These are inspired by Synapse's user types. +# 'admin' and 'user' types are generally recognized across homeservers. +# Other homeservers may not support 'bot' and 'support'. Such homeservers will fall back to whatever types they do support. +# +# Example: +# matrix_user_creator_users: +# - username: root +# initial_password: some-password +# initial_type: admin +# +# - username: john +# initial_password: some-password +# initial_type: user +# +# - username: bot.matrix-reminder-bot +# initial_password: some-password +# initial_type: bot +# +# - username: bot.matrix-reminder-bot +# initial_password: some-password +# initial_type: support +# +# To create you own users, use the `matrix_user_creator_users_additional` variable. +matrix_user_creator_users: "{{ matrix_user_creator_users_auto + matrix_user_creator_users_additional }}" diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml new file mode 100644 index 00000000..c346a759 --- /dev/null +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -0,0 +1,5 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + tags: + - setup-all diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml new file mode 100644 index 00000000..0b738a57 --- /dev/null +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -0,0 +1,26 @@ +--- + +- name: (Deprecation) Catch and report renamed Matrix playbook settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_vars_yml_snapshotting_enabled', 'new': 'devture_playbook_state_preserver_vars_preservation_enabled'} + - {'old': 'matrix_vars_yml_snapshotting_src', 'new': 'devture_playbook_state_preserver_vars_preservation_src'} + - {'old': 'matrix_playbook_commit_hash_preservation_enabled', 'new': 'devture_playbook_state_preserver_commit_hash_preservation_enabled'} + + - {'old': 'matrix_ntpd_package', 'new': 'devture_timesync_ntpd_package'} + - {'old': 'matrix_ntpd_service', 'new': 'devture_timesync_ntpd_service'} + + - {'old': 'matrix_systemd_unit_home_path', 'new': 'devture_systemd_docker_base_systemd_unit_home_path'} + - {'old': 'matrix_systemd_path', 'new': 'devture_systemd_docker_base_systemd_path'} + - {'old': 'matrix_host_command_docker', 'new': 'devture_systemd_docker_base_host_command_docker'} + - {'old': 'matrix_host_command_sh', 'new': 'devture_systemd_docker_base_host_command_sh'} + - {'old': 'matrix_host_command_systemctl', 'new': 'devture_systemd_docker_base_host_command_systemctl'} + + - {'old': 'matrix_container_retries_count', 'new': 'devture_playbook_help_container_retries_count'} + - {'old': 'matrix_container_retries_delay', 'new': 'devture_playbook_help_container_retries_delay'} + - {'old': 'matrix_geturl_retries_count', 'new': 'devture_playbook_help_geturl_retries_count'} + - {'old': 'matrix_geturl_retries_delay', 'new': 'devture_playbook_help_geturl_retries_delay'} diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml deleted file mode 100644 index 47d2d9e8..00000000 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# This is for both RedHat 7 and 8 -- name: Ensure fuse installed (RedHat) - ansible.builtin.yum: - name: - - fuse - state: present - when: ansible_os_family == 'RedHat' - -# This is for both Debian and Raspbian -- name: Ensure fuse installed (Debian/Raspbian) - ansible.builtin.apt: - name: - - fuse - state: present - when: ansible_os_family == 'Debian' - -- name: Ensure fuse installed (Archlinux) - pacman: - name: - - fuse3 - state: present - when: ansible_distribution == 'Archlinux' diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml deleted file mode 100644 index ae22fb49..00000000 --- a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# This is for both RedHat 7 and 8 -- name: Ensure openssl installed (RedHat) - ansible.builtin.yum: - name: - - openssl - state: present - when: ansible_os_family == 'RedHat' - -# This is for both Debian and Raspbian -- name: Ensure openssl installed (Debian/Raspbian) - ansible.builtin.apt: - name: - - openssl - state: present - when: ansible_os_family == 'Debian' - -- name: Ensure openssl installed (Archlinux) - pacman: - name: - - openssl - state: present - when: ansible_distribution == 'Archlinux' diff --git a/roles/matrix-bot-mjolnir/templates/production.yaml.j2 b/roles/matrix-bot-mjolnir/templates/production.yaml.j2 deleted file mode 100644 index e5eb3aea..00000000 --- a/roles/matrix-bot-mjolnir/templates/production.yaml.j2 +++ /dev/null @@ -1,162 +0,0 @@ -# Where the homeserver is located (client-server URL). This should point at -# pantalaimon if you're using that. -homeserverUrl: "{{ matrix_homeserver_url }}" - -# The access token for the bot to use. Do not populate if using Pantalaimon. -accessToken: "{{ matrix_bot_mjolnir_access_token }}" - -# Pantalaimon options (https://github.com/matrix-org/pantalaimon) -#pantalaimon: -# # If true, accessToken above is ignored and the username/password below will be -# # used instead. The access token of the bot will be stored in the dataPath. -# use: false -# -# # The username to login with. -# username: mjolnir -# -# # The password to login with. Can be removed after the bot has logged in once and -# # stored the access token. -# password: your_password - -# The directory the bot should store various bits of information in -dataPath: "/data" - -# If true (the default), only users in the `managementRoom` can invite the bot -# to new rooms. -autojoinOnlyIfManager: true - -# If `autojoinOnlyIfManager` is false, only the members in this group can invite -# the bot to new rooms. -#acceptInvitesFromGroup: '+example:example.org' - -# If the bot is invited to a room and it won't accept the invite (due to the -# conditions above), report it to the management room. Defaults to disabled (no -# reporting). -recordIgnoredInvites: false - -# The room ID where people can use the bot. The bot has no access controls, so -# anyone in this room can use the bot - secure your room! -# This should be a room alias or room ID - not a matrix.to URL. -# Note: Mjolnir is fairly verbose - expect a lot of messages from it. -managementRoom: "{{ matrix_bot_mjolnir_management_room }}" - -# Set to false to make the management room a bit quieter. -verboseLogging: false - -# The log level for the logs themselves. One of DEBUG, INFO, WARN, and ERROR. -# This should be at INFO or DEBUG in order to get support for Mjolnir problems. -logLevel: "INFO" - -# Set to false to disable synchronizing the ban lists on startup. If true, this -# is the same as running !mjolnir sync immediately after startup. -syncOnStartup: true - -# Set to false to prevent Mjolnir from checking its permissions on startup. This -# is recommended to be left as "true" to catch room permission problems (state -# resets, etc) before Mjolnir is needed. -verifyPermissionsOnStartup: true - -# If true, Mjolnir won't actually ban users or apply server ACLs, but will -# think it has. This is useful to see what it does in a scenario where the -# bot might not be trusted fully, yet. Default false (do bans/ACLs). -noop: false - -# Set to true to use /joined_members instead of /state to figure out who is -# in the room. Using /state is preferred because it means that users are -# banned when they are invited instead of just when they join, though if your -# server struggles with /state requests then set this to true. -fasterMembershipChecks: false - -# A case-insensitive list of ban reasons to automatically redact a user's -# messages for. Typically this is useful to avoid having to type two commands -# to the bot. Use asterisks to represent globs (ie: "spam*testing" would match -# "spam for testing" as well as "spamtesting"). -automaticallyRedactForReasons: - - "spam" - - "advertising" - -# A list of rooms to protect (matrix.to URLs) -#protectedRooms: -# - "https://matrix.to/#/#yourroom:example.org" - -# Set this option to true to protect every room the bot is joined to. Note that -# this effectively makes the protectedRooms and associated commands useless because -# the bot by nature must be joined to the room to protect it. -# -# Note: the management room is *excluded* from this condition. Add it to the -# protected rooms to protect it. -# -# Note: ban list rooms the bot is watching but didn't create will not be protected. -# Manually add these rooms to the protected rooms list if you want them protected. -protectAllJoinedRooms: false - -# Misc options for command handling and commands -commands: - # If true, Mjolnir will respond to commands like !help and !ban instead of - # requiring a prefix. This is useful if Mjolnir is the only bot running in - # your management room. - # - # Note that Mjolnir can be pinged by display name instead of having to use - # the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" - # will ban a user. - allowNoPrefix: false - - # In addition to the bot's display name, !mjolnir, and optionally no prefix - # above, the bot will respond to these names. The items here can be used either - # as display names or prefixed with exclamation points. - additionalPrefixes: - - "mjolnir_bot" - - # If true, ban commands that use wildcard characters require confirmation with - # an extra `--force` argument - confirmWildcardBan: true - -# Configuration specific to certain toggleable protections -#protections: -# # Configuration for the wordlist plugin, which can ban users based if they say certain -# # blocked words shortly after joining. -# wordlist: -# # A list of words which should be monitored by the bot. These will match if any part -# # of the word is present in the message in any case. e.g. "hello" also matches -# # "HEllO". Additionally, regular expressions can be used. -# words: -# - "CaSe" -# - "InSeNsAtIve" -# - "WoRd" -# - "LiSt" -# -# # How long after a user joins the server should the bot monitor their messages. After -# # this time, users can say words from the wordlist without being banned automatically. -# # Set to zero to disable (users will always be banned if they say a bad word) -# minutesBeforeTrusting: 20 - -# Options for monitoring the health of the bot -health: - # healthz options. These options are best for use in container environments - # like Kubernetes to detect how healthy the service is. The bot will report - # that it is unhealthy until it is able to process user requests. Typically - # this means that it'll flag itself as unhealthy for a number of minutes - # before saying "Now monitoring rooms" and flagging itself healthy. - # - # Health is flagged through HTTP status codes, defined below. - healthz: - # Whether the healthz integration should be enabled (default false) - enabled: false - - # The port to expose the webserver on. Defaults to 8080. - port: 8080 - - # The address to listen for requests on. Defaults to all addresses. - address: "0.0.0.0" - - # The path to expose the monitoring endpoint at. Defaults to `/healthz` - endpoint: "/healthz" - - # The HTTP status code which reports that the bot is healthy/ready to - # process requests. Typically this should not be changed. Defaults to - # 200. - healthyStatus: 200 - - # The HTTP status code which reports that the bot is not healthy/ready. - # Defaults to 418. - unhealthyStatus: 418 diff --git a/roles/matrix-client-hydrogen/templates/config.json.j2 b/roles/matrix-client-hydrogen/templates/config.json.j2 deleted file mode 100644 index 0c4331b6..00000000 --- a/roles/matrix-client-hydrogen/templates/config.json.j2 +++ /dev/null @@ -1,16 +0,0 @@ -{ - "push": { - "appId": "io.element.hydrogen.web", - "gatewayUrl": "https://matrix.org", - "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" - }, - "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string|to_json }}, - "bugReportEndpointUrl": "https://element.io/bugreports/submit", - "themeManifests": [ - "assets/theme-Element.json" - ], - "defaultTheme": { - "light": "element-light", - "dark": "element-dark" - } -} diff --git a/roles/matrix-common-after/tasks/dump_runtime_results.yml b/roles/matrix-common-after/tasks/dump_runtime_results.yml deleted file mode 100644 index 4074a625..00000000 --- a/roles/matrix-common-after/tasks/dump_runtime_results.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Ansible outputs the message in the `item=` field. -# It's unnecessary to output it again in the actual message, so we don't. -- ansible.builtin.debug: - msg: "" - with_items: "{{ matrix_playbook_runtime_results }}" - when: "matrix_playbook_runtime_results is defined and matrix_playbook_runtime_results|length > 0" diff --git a/roles/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 b/roles/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 deleted file mode 100644 index 5332b964..00000000 --- a/roles/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 +++ /dev/null @@ -1,12 +0,0 @@ -#jinja2: lstrip_blocks: "True" -#!/bin/bash - -if [ $# -ne 2 ]; then - echo "Usage: "$0" " - exit 1 -fi - -user=$1 -password=$2 - -docker exec matrix-dendrite create-account -config /data/dendrite.yaml -username "$user" -password "$password" diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 deleted file mode 100644 index 6f2ff101..00000000 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ /dev/null @@ -1,36 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Dynamic DNS -{% for service in matrix_dynamic_dns_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_dynamic_dns_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - -e PUID={{ matrix_user_uid }} \ - -e PGID={{ matrix_user_gid }} \ - -v {{ matrix_dynamic_dns_config_path }}:/config:z \ - {% for arg in matrix_dynamic_dns_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_dynamic_dns_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-dynamic-dns - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 deleted file mode 100644 index 47c15117..00000000 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ /dev/null @@ -1,34 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Email2Matrix -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - -p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \ - --mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \ - {% for arg in matrix_email2matrix_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_email2matrix_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-email2matrix - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-etherpad/tasks/validate_config.yml b/roles/matrix-etherpad/tasks/validate_config.yml deleted file mode 100644 index bf78c36f..00000000 --- a/roles/matrix-etherpad/tasks/validate_config.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Fail if Etherpad is enabled without the Dimension integrations manager - ansible.builtin.fail: - msg: >- - To integrate Etherpad notes with Matrix rooms you need to set "matrix_dimension_enabled" to true - when: "not matrix_dimension_enabled | bool" - -- name: Fail if no database is configured for Etherpad - ansible.builtin.fail: - msg: >- - Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname" - when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled diff --git a/roles/matrix-grafana/tasks/validate_config.yml b/roles/matrix-grafana/tasks/validate_config.yml deleted file mode 100644 index cc48c559..00000000 --- a/roles/matrix-grafana/tasks/validate_config.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Fail if Prometheus not enabled - ansible.builtin.fail: - msg: > - You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana. - when: "not matrix_prometheus_enabled" diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 deleted file mode 100644 index 694fdc7f..00000000 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ /dev/null @@ -1,33 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix jitsi-jicofo server -{% for service in matrix_jitsi_jicofo_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ - --mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \ - {% for arg in matrix_jitsi_jicofo_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_jitsi_jicofo_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-jitsi-jicofo - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 deleted file mode 100644 index 735f4538..00000000 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ /dev/null @@ -1,233 +0,0 @@ -#jinja2: lstrip_blocks: "True" - -{% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} -{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} -{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} -{% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'frontend_proxy') | list %} -{% if matrix_nginx_proxy_synapse_workers_enabled %} - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; - {% endif %} - # Round Robin "upstream" pools for workers - - {% if generic_workers %} - upstream generic_worker_upstream { - # ensures that requests from the same client will always be passed - # to the same server (except when this server is unavailable) - hash $http_x_forwarded_for; - - {% for worker in generic_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} - - {% if frontend_proxy_workers %} - upstream frontend_proxy_upstream { - {% for worker in frontend_proxy_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} - - {% if media_repository_workers %} - upstream media_repository_upstream { - {% for worker in media_repository_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} - - {% if user_dir_workers %} - upstream user_dir_upstream { - {% for worker in user_dir_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} -{% endif %} - -server { - listen 12080; - {% if matrix_nginx_proxy_enabled %} - server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; - {% endif %} - - server_tokens off; - root /dev/null; - - gzip on; - gzip_types text/plain application/json; - - {% if matrix_nginx_proxy_synapse_workers_enabled %} - {# Workers redirects BEGIN #} - - {% if generic_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker - {% for location in matrix_nginx_proxy_synapse_generic_worker_client_server_locations %} - location ~ {{ location }} { - proxy_pass http://generic_worker_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% endif %} - - {% if media_repository_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository - {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} - location ~ {{ location }} { - proxy_pass http://media_repository_upstream$request_uri; - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_buffering on; - proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; - proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; - proxy_force_ranges on; - add_header X-Cache-Status $upstream_cache_status; - {% endif %} - } - {% endfor %} - {% endif %} - - {% if user_dir_workers %} - # FIXME: obsolete if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappuser_dir - {% for location in matrix_nginx_proxy_synapse_user_dir_locations %} - location ~ {{ location }} { - proxy_pass http://user_dir_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% endif %} - - {% if frontend_proxy_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfrontend_proxy - {% for location in matrix_nginx_proxy_synapse_frontend_proxy_locations %} - location ~ {{ location }} { - proxy_pass http://frontend_proxy_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% if matrix_nginx_proxy_synapse_presence_disabled %} - # FIXME: keep in sync with synapse workers documentation manually - location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status { - proxy_pass http://frontend_proxy_upstream$request_uri; - proxy_set_header Host $host; - } - {% endif %} - {% endif %} - {# Workers redirects END #} - {% endif %} - - - {% for configuration_block in matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks %} - {{- configuration_block }} - {% endfor %} - - {# Everything else just goes to the API server ##} - location / { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - } -} - -{% if matrix_nginx_proxy_proxy_synapse_federation_api_enabled %} -server { - listen 12088; - {% if matrix_nginx_proxy_enabled %} - server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; - {% endif %} - - server_tokens off; - - root /dev/null; - - gzip on; - gzip_types text/plain application/json; - - {% if matrix_nginx_proxy_synapse_workers_enabled %} - {% if generic_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker - {% for location in matrix_nginx_proxy_synapse_generic_worker_federation_locations %} - location ~ {{ location }} { - proxy_pass http://generic_worker_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% endif %} - {% if media_repository_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository - {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} - location ~ {{ location }} { - proxy_pass http://media_repository_upstream$request_uri; - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_buffering on; - proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; - proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; - proxy_force_ranges on; - add_header X-Cache-Status $upstream_cache_status; - {% endif %} - } - {% endfor %} - {% endif %} - {% endif %} - - location / { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - } -} -{% endif %} diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 deleted file mode 100644 index da292e5c..00000000 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ /dev/null @@ -1,38 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-ntfy -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - {% for arg in matrix_ntfy_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_ntfy_container_http_host_bind_port %} - -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ - {% endif %} - --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ - --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ - {{ matrix_ntfy_docker_image }} \ - serve - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-ntfy - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml deleted file mode 100644 index 877e5934..00000000 --- a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- - -# This utility aims to determine if there is some existing Postgres version in use or not. -# If there is, it also tries to detect the Docker image that corresponds to that version. - -- name: Initialize Postgres version determination variables (default to empty) - ansible.builtin.set_fact: - matrix_postgres_backup_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" - matrix_postgres_backup_detected_existing: false - matrix_postgres_backup_detected_version: "" - matrix_postgres_backup_detected_version_corresponding_docker_image: "" - -- name: Determine existing Postgres version (check PG_VERSION file) - ansible.builtin.stat: - path: "{{ matrix_postgres_backup_detection_pg_version_path }}" - register: result_pg_version_stat - -- ansible.builtin.set_fact: - matrix_postgres_backup_detected_existing: true - when: "result_pg_version_stat.stat.exists" - -- name: Determine existing Postgres version (read PG_VERSION file) - ansible.builtin.slurp: - src: "{{ matrix_postgres_backup_detection_pg_version_path }}" - register: result_pg_version - when: matrix_postgres_backup_detected_existing | bool - -- name: Determine existing Postgres version (make sense of PG_VERSION file) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version: "{{ result_pg_version['content'] | b64decode | replace('\n', '') }}" - when: matrix_postgres_backup_detected_existing | bool - -- name: Determine corresponding Docker image to detected version (assume default of latest) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_latest }}" - when: "matrix_postgres_backup_detected_version != ''" - -- name: Determine corresponding Docker image to detected version (use 9.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v9 }}" - when: "matrix_postgres_backup_detected_version.startswith('9.')" - -- name: Determine corresponding Docker image to detected version (use 10.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v10 }}" - when: "matrix_postgres_backup_detected_version == '10' or matrix_postgres_backup_detected_version.startswith('10.')" - -- name: Determine corresponding Docker image to detected version (use 11.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v11 }}" - when: "matrix_postgres_backup_detected_version == '11' or matrix_postgres_backup_detected_version.startswith('11.')" - -- name: Determine corresponding Docker image to detected version (use 12.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v12 }}" - when: "matrix_postgres_backup_detected_version == '12' or matrix_postgres_backup_detected_version.startswith('12.')" - -- name: Determine corresponding Docker image to detected version (use 13.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v13 }}" - when: "matrix_postgres_backup_detected_version == '13' or matrix_postgres_backup_detected_version.startswith('13.')" diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 deleted file mode 100644 index 4ecf3745..00000000 --- a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ /dev/null @@ -1,31 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Automatic Backup of Matrix Postgres server -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backup \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - --env-file={{ matrix_postgres_backup_path }}/env-postgres-backup \ - --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ - {{ matrix_postgres_backup_docker_image_to_use }} - -ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-postgres-backup - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-postgres/templates/env-postgres-psql.j2 b/roles/matrix-postgres/templates/env-postgres-psql.j2 deleted file mode 100644 index c61927a3..00000000 --- a/roles/matrix-postgres/templates/env-postgres-psql.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#jinja2: lstrip_blocks: "True" -PGUSER={{ matrix_postgres_connection_username }} -PGPASSWORD={{ matrix_postgres_connection_password }} -PGDATABASE={{ matrix_postgres_db_name }} \ No newline at end of file diff --git a/roles/matrix-synapse/files/workers-doc-to-yaml.awk b/roles/matrix-synapse/files/workers-doc-to-yaml.awk deleted file mode 100755 index 5b99d396..00000000 --- a/roles/matrix-synapse/files/workers-doc-to-yaml.awk +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/awk -# Hackish approach to get a machine-readable list of current matrix -# synapse REST API endpoints from the official documentation at -# https://github.com/matrix-org/synapse/raw/master/docs/workers.md -# -# invoke in shell with: -# URL=https://github.com/matrix-org/synapse/raw/master/docs/workers.md -# curl -L ${URL} | awk -f workers-doc-to-yaml.awk - - -function worker_stanza_append(string) { - worker_stanza = worker_stanza string -} - -function line_is_endpoint_url(line) { - # probably API endpoint if it starts with white-space and ^ or / - return (line ~ /^ +[\^\/].*\//) -} - -# Put YAML marker at beginning of file. -BEGIN { - print "---" - endpoint_conditional_comment = " # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually\n" -} - -# Enable further processing after the introductory text. -# Read each synapse worker section as record and its lines as fields. -/Available worker applications/ { - enable_parsing = 1 - # set record separator to markdown section header - RS = "\n### " - # set field separator to newline - FS = "\n" -} - -# Once parsing is active, this will process each section as record. -enable_parsing { - # Each worker section starts with a synapse.app.X headline - if ($1 ~ /synapse\.app\./) { - - # get rid of the backticks and extract worker type from headline - gsub("`", "", $1) - gsub("synapse.app.", "", $1) - worker_type = $1 - - # initialize empty worker stanza - worker_stanza = "" - - # track if any endpoints are mentioned in a specific section - worker_has_urls = 0 - - # some endpoint descriptions contain flag terms - endpoints_seem_conditional = 0 - - # also, collect a list of available workers - workers = (workers ? workers "\n" : "") " - " worker_type - - # loop through the lines (2 - number of fields in record) - for (i = 2; i < NF + 1; i++) { - # copy line for gsub replacements - line = $i - - # end all lines but the last with a linefeed - linefeed = (i < NF - 1) ? "\n" : "" - - # line starts with white-space and a hash: endpoint block headline - if (line ~ /^ +#/) { - - # copy to output verbatim, normalizing white-space - gsub(/^ +/, "", line) - worker_stanza_append(" " line linefeed) - - } else if (line_is_endpoint_url(line)) { - - # mark section for special output formatting - worker_has_urls = 1 - - # remove leading white-space - gsub(/^ +/, "", line) - api_endpoint_regex = line - - # FIXME: https://github.com/matrix-org/synapse/issues/new - # munge inconsistent media_repository endpoint notation - if (api_endpoint_regex == "/_matrix/media/") { - api_endpoint_regex = "^" line - } - - # FIXME: https://github.com/matrix-org/synapse/issues/7530 - # https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456#issuecomment-719015911 - if (api_endpoint_regex == "^/_matrix/client/(r0|v3|unstable)/auth/.*/fallback/web$") { - worker_stanza_append(" # FIXME: possible bug with SSO and multiple generic workers\n") - worker_stanza_append(" # see https://github.com/matrix-org/synapse/issues/7530\n") - worker_stanza_append(" # " api_endpoint_regex linefeed) - continue - } - - # disable endpoints which specify complications - if (endpoints_seem_conditional) { - # only add notice if previous line didn't match - if (!line_is_endpoint_url($(i - 1))) { - worker_stanza_append(endpoint_conditional_comment) - } - worker_stanza_append(" # " api_endpoint_regex linefeed) - } else { - # output endpoint regex - worker_stanza_append(" - " api_endpoint_regex linefeed) - } - - # white-space only line? - } else if (line ~ /^ *$/) { - - if (i > 3 && i < NF) { - # print white-space lines unless 1st or last line in section - worker_stanza_append(line linefeed) - } - - # nothing of the above: the line is regular documentation text - } else { - - # include this text line as comment - worker_stanza_append(" # " line linefeed) - - # and take note of words hinting at additional conditions to be met - if (line ~ /(^[Ii]f|care must be taken|can be handled for)/) { - endpoints_seem_conditional = 1 - } - } - } - - if (worker_has_urls) { - print "\nmatrix_synapse_workers_" worker_type "_endpoints:" - print worker_stanza - } else { - # include workers without endpoints as well for reference - print "\n# " worker_type " worker (no API endpoints) [" - print worker_stanza - print "# ]" - } - } -} - -END { - print "\nmatrix_synapse_workers_avail_list:" - print workers | "sort" -} - -# vim: tabstop=4 shiftwidth=4 expandtab autoindent diff --git a/roles/matrix-synapse/files/workers-doc-to-yaml.sh b/roles/matrix-synapse/files/workers-doc-to-yaml.sh deleted file mode 100755 index 5981523b..00000000 --- a/roles/matrix-synapse/files/workers-doc-to-yaml.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -# Fetch the synapse worker documentation and extract endpoint URLs -# matrix-org/synapse master branch points to current stable release - -URL=https://github.com/matrix-org/synapse/raw/master/docs/workers.md -curl -L ${URL} | awk -f workers-doc-to-yaml.awk > ../vars/workers.yml diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml deleted file mode 100644 index 4b007bc3..00000000 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -# Below is a huge hack for dynamically building a list of workers and finally assigning it to `matrix_synapse_workers_enabled_list`. -# -# set_fact within a loop does not work reliably in Ansible (it only executes on the first iteration for some reason), -# so we're forced to do something much uglier. - -- name: Build generic workers - ansible.builtin.set_fact: - worker: - type: 'generic_worker' - instanceId: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" - port: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" - metrics_port: "{{ matrix_synapse_workers_generic_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_generic_workers" - loop: "{{ range(0, matrix_synapse_workers_generic_workers_count | int) | list }}" - -- name: Build federation sender workers - ansible.builtin.set_fact: - worker: - type: 'federation_sender' - instanceId: "{{ item }}" - port: 0 - metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_federation_sender_workers" - loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count | int) | list }}" - -# This type of worker can only have a count of 1, at most -- name: Build pusher workers - ansible.builtin.set_fact: - worker: - type: 'pusher' - instanceId: "{{ item }}" - port: 0 - metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_pusher_workers" - loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count | int) | list }}" - -# This type of worker can only have a count of 1, at most -- name: Build appservice workers - ansible.builtin.set_fact: - worker: - type: 'appservice' - instanceId: "{{ item }}" - port: 0 - metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_appservice_workers" - loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count | int) | list }}" - -- name: Build media_repository workers - ansible.builtin.set_fact: - worker: - type: 'media_repository' - instanceId: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" - port: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" - metrics_port: "{{ matrix_synapse_workers_media_repository_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_media_repository_workers" - loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count | int) | list }}" - -- name: Build frontend_proxy workers - ansible.builtin.set_fact: - worker: - type: 'frontend_proxy' - instanceId: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" - port: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" - metrics_port: "{{ matrix_synapse_workers_frontend_proxy_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_frontend_proxy_workers" - loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count | int) | list }}" - -- ansible.builtin.set_fact: - matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list | default([]) + [item.ansible_facts.worker] }}" - with_items: | - {{ - matrix_synapse_workers_list_results_generic_workers.results - + - matrix_synapse_workers_list_results_federation_sender_workers.results - + - matrix_synapse_workers_list_results_pusher_workers.results - + - matrix_synapse_workers_list_results_appservice_workers.results - + - matrix_synapse_workers_list_results_media_repository_workers.results - + - matrix_synapse_workers_list_results_frontend_proxy_workers.results - }} - -- ansible.builtin.set_fact: - matrix_synapse_workers_enabled_list: "{{ matrix_synapse_dynamic_workers_list }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml deleted file mode 100644 index 2ecb3f2b..00000000 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# The tasks below run before `validate_config.yml`. -# To avoid failing with a cryptic error message, we'll do validation here. -# -# This check is mostly relevant to people who explicitly define `matrix_synapse_workers_enabled_list` -# (Synapse Workers users from the earlier days of this PR - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456). -# -# In the future, it should be possible to remove this check. -# Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right. -- name: Fail if instanceId not defined for worker - ansible.builtin.fail: - msg: "Synapse workers (like {{ matrix_synapse_worker_details | to_json }}) need to define an instanceId property (type + instanceId must be unique)" - when: "'instanceId' not in matrix_synapse_worker_details" - -- ansible.builtin.set_fact: - matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}.service" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_systemd_service_name] }}" diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 deleted file mode 100644 index 239de1f2..00000000 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ /dev/null @@ -1,46 +0,0 @@ -#jinja2: lstrip_blocks: "True" -worker_app: synapse.app.{{ matrix_synapse_worker_details.type }} -worker_name: {{ matrix_synapse_worker_details.type ~ ':' ~ matrix_synapse_worker_details.port }} - -{% if matrix_synapse_replication_listener_enabled %} -worker_replication_host: matrix-synapse -worker_replication_http_port: {{ matrix_synapse_replication_http_port }} -{% endif %} - -{% set has_listeners = (matrix_synapse_worker_details.type not in [ 'appservice', 'federation_sender', 'pusher' ] or matrix_synapse_metrics_enabled) %} - -{% set http_resources = [] %} - -{% if matrix_synapse_worker_details.type in ['generic_worker', 'frontend_proxy', 'user_dir'] %} - {% set http_resources = http_resources + ['client'] %} -{% endif %} -{% if matrix_synapse_worker_details.type in ['generic_worker'] %} - {% set http_resources = http_resources+ ['federation'] %} -{% endif %} -{% if matrix_synapse_worker_details.type in ['media_repository'] %} - {% set http_resources = http_resources + ['media'] %} -{% endif %} - -{% if http_resources|length > 0 or matrix_synapse_metrics_enabled %} -worker_listeners: -{% if http_resources|length > 0 %} - - type: http - bind_addresses: ['::'] - x_forwarded: true - port: {{ matrix_synapse_worker_details.port }} - resources: - - names: {{ http_resources|to_json }} -{% endif %} -{% if matrix_synapse_metrics_enabled %} - - type: metrics - bind_addresses: ['0.0.0.0'] - port: {{ matrix_synapse_worker_details.metrics_port }} -{% endif %} -{% endif %} - -{% if matrix_synapse_worker_details.type == 'frontend_proxy' %} -worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} -{% endif %} - -worker_daemonize: false -worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml deleted file mode 100644 index 2d9b62cf..00000000 --- a/roles/matrix-synapse/vars/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- - -matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" -matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" - -# Tells whether this role had executed or not. Toggled to `true` during runtime. -matrix_synapse_role_executed: false - -matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" - -# A Synapse generic worker can handle both federation and client-server API endpoints. -# We wish to split these, as we normally serve federation separately and don't want them mixed up. -# -# This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), -# which takes a list of various strings and removes the ones NOT containing `/_matrix/client` anywhere in them. -# -# We intentionally don't do a diff between everything possible (`matrix_synapse_workers_generic_worker_endpoints`) and `matrix_synapse_workers_generic_worker_federation_endpoints`, -# because `matrix_synapse_workers_generic_worker_endpoints` also contains things like `/_synapse/client/`, etc. -# While /_synapse/client/ endpoints are somewhat client-server API-related, they're: -# - neither part of the client-server API spec (and are thus, different) -# - nor always OK to forward to a worker (we're supposed to obey `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_client_api_enabled`) -# -# It's also not too many of these APIs (only `^/_synapse/client/password_reset/email/submit_token$` at the time of this writing / 2021-01-24), -# so it's not that important whether we forward them or not. -# -# Basically, we aim to cover most things. Skipping `/_synapse/client` or a few other minor things doesn't matter too much. -matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*') | list | difference([none]) }}" - -# A Synapse generic worker can handle both federation and client-server API endpoints. -# We wish to split these, as we normally serve federation separately and don't want them mixed up. -# -# This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), -# which takes a list of various strings and removes the ones NOT containing `/_matrix/federation` or `/_matrix/key` anywhere in them. -matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', matrix_synapse_workers_generic_worker_federation_endpoints_regex) | list | difference([none]) }}" - -# matrix_synapse_workers_generic_worker_federation_endpoints_regex contains the regex used in matrix_synapse_workers_generic_worker_federation_endpoints. -# It's intentionally put in a separate variable, to avoid tripping ansible-lint's var-spacing rule. -matrix_synapse_workers_generic_worker_federation_endpoints_regex: '.*(/_matrix/federation|/_matrix/key).*' diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml deleted file mode 100644 index e535d2cc..00000000 --- a/roles/matrix-synapse/vars/workers.yml +++ /dev/null @@ -1,467 +0,0 @@ ---- - -matrix_synapse_workers_generic_worker_endpoints: - # This worker can handle API requests matching the following regular expressions. - # These endpoints can be routed to any worker. If a worker is set up to handle a - # stream then, for maximum efficiency, additional endpoints should be routed to that - # worker: refer to the [stream writers](#stream-writers) section below for further - # information. - - # Sync requests - - ^/_matrix/client/(r0|v3)/sync$ - - ^/_matrix/client/(api/v1|r0|v3)/events$ - - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ - - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ - - # Federation requests - - ^/_matrix/federation/v1/event/ - - ^/_matrix/federation/v1/state/ - - ^/_matrix/federation/v1/state_ids/ - - ^/_matrix/federation/v1/backfill/ - - ^/_matrix/federation/v1/get_missing_events/ - - ^/_matrix/federation/v1/publicRooms - - ^/_matrix/federation/v1/query/ - - ^/_matrix/federation/v1/make_join/ - - ^/_matrix/federation/v1/make_leave/ - - ^/_matrix/federation/(v1|v2)/send_join/ - - ^/_matrix/federation/(v1|v2)/send_leave/ - - ^/_matrix/federation/(v1|v2)/invite/ - - ^/_matrix/federation/v1/event_auth/ - - ^/_matrix/federation/v1/exchange_third_party_invite/ - - ^/_matrix/federation/v1/user/devices/ - - ^/_matrix/key/v2/query - - ^/_matrix/federation/v1/hierarchy/ - - # Inbound federation transaction request - - ^/_matrix/federation/v1/send/ - - # Client API requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - - ^/_matrix/client/v1/rooms/.*/hierarchy$ - - ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ - - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ - - ^/_matrix/client/(r0|v3|unstable)/account/whoami$ - - ^/_matrix/client/(r0|v3|unstable)/devices$ - - ^/_matrix/client/versions$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ - - # Encryption requests - - ^/_matrix/client/(r0|v3|unstable)/keys/query$ - - ^/_matrix/client/(r0|v3|unstable)/keys/changes$ - - ^/_matrix/client/(r0|v3|unstable)/keys/claim$ - - ^/_matrix/client/(r0|v3|unstable)/room_keys/ - - # Registration/login requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - - ^/_matrix/client/(r0|v3|unstable)/register$ - - ^/_matrix/client/v1/register/m.login.registration_token/validity$ - - # Event sending requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ - -# These appear to be conditional and should not be enabled by default. -# We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. -# For now, they've been commented out manually. -# # Account data requests -# - ^/_matrix/client/(r0|v3|unstable)/.*/tags -# - ^/_matrix/client/(r0|v3|unstable)/.*/account_data -# -# # Receipts requests -# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt -# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers -# -# # Presence requests -# - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ - - # User directory search requests - - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - - # Additionally, the following REST endpoints can be handled for GET requests: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ - - # Pagination requests can also be handled, but all requests for a given - # room must be routed to the same instance. Additionally, care must be taken to - # ensure that the purge history admin API is not used while pagination requests - # for the room are in flight: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/messages$ - - # Additionally, the following endpoints should be included if Synapse is configured - # to use SSO (you only need to include the ones for whichever SSO provider you're - # using): - - # for all SSO providers - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect - # ^/_synapse/client/pick_idp$ - # ^/_synapse/client/pick_username - # ^/_synapse/client/new_user_consent$ - # ^/_synapse/client/sso_register$ - - # OpenID Connect requests. - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_synapse/client/oidc/callback$ - - # SAML requests. - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_synapse/client/saml2/authn_response$ - - # CAS requests. - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$ - - # Ensure that all SSO logins go to a single process. - # For multiple workers not handling the SSO endpoints properly, see - # [#7530](https://github.com/matrix-org/synapse/issues/7530) and - # [#9427](https://github.com/matrix-org/synapse/issues/9427). - - # Note that a HTTP listener with `client` and `federation` resources must be - # configured in the `worker_listeners` option in the worker config. - - # #### Load balancing - - # It is possible to run multiple instances of this worker app, with incoming requests - # being load-balanced between them by the reverse-proxy. However, different endpoints - # have different characteristics and so admins - # may wish to run multiple groups of workers handling different endpoints so that - # load balancing can be done in different ways. - - # For `/sync` and `/initialSync` requests it will be more efficient if all - # requests from a particular user are routed to a single instance. Extracting a - # user ID from the access token or `Authorization` header is currently left as an - # exercise for the reader. Admins may additionally wish to separate out `/sync` - # requests that have a `since` query parameter from those that don't (and - # `/initialSync`), as requests that don't are known as "initial sync" that happens - # when a user logs in on a new device and can be *very* resource intensive, so - # isolating these requests will stop them from interfering with other users ongoing - # syncs. - - # Federation and client requests can be balanced via simple round robin. - - # The inbound federation transaction request `^/_matrix/federation/v1/send/` - # should be balanced by source IP so that transactions from the same remote server - # go to the same process. - - # Registration/login requests can be handled separately purely to help ensure that - # unexpected load doesn't affect new logins and sign ups. - - # Finally, event sending requests can be balanced by the room ID in the URI (or - # the full URI, or even just round robin), the room ID is the path component after - # `/rooms/`. If there is a large bridge connected that is sending or may send lots - # of events, then a dedicated set of workers can be provisioned to limit the - # effects of bursts of events from that bridge on events sent by normal users. - - # #### Stream writers - - # Additionally, the writing of specific streams (such as events) can be moved off - # of the main process to a particular worker. - # (This is only supported with Redis-based replication.) - - # To enable this, the worker must have a HTTP replication listener configured, - # have a `worker_name` and be listed in the `instance_map` config. The same worker - # can handle multiple streams, but unless otherwise documented, each stream can only - # have a single writer. - - # For example, to move event persistence off to a dedicated worker, the shared - # configuration would include: - - # ```yaml - # instance_map: - # event_persister1: - # host: localhost - # port: 8034 - - # stream_writers: - # events: event_persister1 - # ``` - - # An example for a stream writer instance: - - # ```yaml - # {{#include systemd-with-workers/workers/event_persister.yaml}} - # ``` - - # Some of the streams have associated endpoints which, for maximum efficiency, should - # be routed to the workers handling that stream. See below for the currently supported - # streams and the endpoints associated with them: - - # ##### The `events` stream - - # The `events` stream experimentally supports having multiple writers, where work - # is sharded between them by room ID. Note that you *must* restart all worker - # instances when adding or removing event persisters. An example `stream_writers` - # configuration with multiple writers: - - # ```yaml - # stream_writers: - # events: - # - event_persister1 - # - event_persister2 - # ``` - - # ##### The `typing` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `typing` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing - - # ##### The `to_device` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `to_device` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ - - # ##### The `account_data` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `account_data` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(r0|v3|unstable)/.*/tags - # ^/_matrix/client/(r0|v3|unstable)/.*/account_data - - # ##### The `receipts` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `receipts` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt - # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers - - # ##### The `presence` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `presence` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ - - # #### Background tasks - - # There is also support for moving background tasks to a separate - # worker. Background tasks are run periodically or started via replication. Exactly - # which tasks are configured to run depends on your Synapse configuration (e.g. if - # stats is enabled). - - # To enable this, the worker must have a `worker_name` and can be configured to run - # background tasks. For example, to move background tasks to a dedicated worker, - # the shared configuration would include: - - # ```yaml - # run_background_tasks_on: background_worker - # ``` - - # You might also wish to investigate the `update_user_directory_from_worker` and - # `media_instance_running_background_jobs` settings. - - # An example for a dedicated background worker instance: - - # ```yaml - # {{#include systemd-with-workers/workers/background_worker.yaml}} - # ``` - - # #### Updating the User Directory - - # You can designate one generic worker to update the user directory. - - # Specify its name in the shared configuration as follows: - - # ```yaml - # update_user_directory_from_worker: worker_name - # ``` - - # This work cannot be load-balanced; please ensure the main process is restarted - # after setting this option in the shared configuration! - - # User directory updates allow REST endpoints matching the following regular - # expressions to work: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - - # The above endpoints can be routed to any worker, though you may choose to route - # it to the chosen user directory worker. - - # This style of configuration supersedes the legacy `synapse.app.user_dir` - # worker application type. - - - # #### Notifying Application Services - - # You can designate one generic worker to send output traffic to Application Services. - - # Specify its name in the shared configuration as follows: - - # ```yaml - # notify_appservices_from_worker: worker_name - # ``` - - # This work cannot be load-balanced; please ensure the main process is restarted - # after setting this option in the shared configuration! - - # This style of configuration supersedes the legacy `synapse.app.appservice` - # worker application type. - - -# pusher worker (no API endpoints) [ - # Handles sending push notifications to sygnal and email. Doesn't handle any - # REST endpoints itself, but you should set `start_pushers: False` in the - # shared configuration file to stop the main synapse sending push notifications. - - # To run multiple instances at once the `pusher_instances` option should list all - # pusher instances by their worker name, e.g.: - - # ```yaml - # pusher_instances: - # - pusher_worker1 - # - pusher_worker2 - # ``` - -# ] - -# appservice worker (no API endpoints) [ - # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the - # `notify_appservices_from_worker` option instead.](#notifying-application-services) - - # Handles sending output traffic to Application Services. Doesn't handle any - # REST endpoints itself, but you should set `notify_appservices: False` in the - # shared configuration file to stop the main synapse sending appservice notifications. - - # Note this worker cannot be load-balanced: only one instance should be active. - -# ] - -# federation_sender worker (no API endpoints) [ - # Handles sending federation traffic to other servers. Doesn't handle any - # REST endpoints itself, but you should set `send_federation: False` in the - # shared configuration file to stop the main synapse sending this traffic. - - # If running multiple federation senders then you must list each - # instance in the `federation_sender_instances` option by their `worker_name`. - # All instances must be stopped and started when adding or removing instances. - # For example: - - # ```yaml - # federation_sender_instances: - # - federation_sender1 - # - federation_sender2 - # ``` -# ] - -matrix_synapse_workers_media_repository_endpoints: - # Handles the media repository. It can handle all endpoints starting with: - - - ^/_matrix/media/ - - # ... and the following regular expressions matching media-specific administration APIs: - - - ^/_synapse/admin/v1/purge_media_cache$ - - ^/_synapse/admin/v1/room/.*/media.*$ - - ^/_synapse/admin/v1/user/.*/media.*$ - - ^/_synapse/admin/v1/media/.*$ - - ^/_synapse/admin/v1/quarantine_media/.*$ - - ^/_synapse/admin/v1/users/.*/media$ - - # You should also set `enable_media_repo: False` in the shared configuration - # file to stop the main synapse running background jobs related to managing the - # media repository. Note that doing so will prevent the main process from being - # able to handle the above endpoints. - - # In the `media_repository` worker configuration file, configure the http listener to - # expose the `media` resource. For example: - - # ```yaml - # worker_listeners: - # - type: http - # port: 8085 - # resources: - # - names: - # - media - # ``` - - # Note that if running multiple media repositories they must be on the same server - # and you must configure a single instance to run the background tasks, e.g.: - - # ```yaml - # media_instance_running_background_jobs: "media-repository-1" - # ``` - - # Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately). - -matrix_synapse_workers_user_dir_endpoints: - # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the - # `update_user_directory_from_worker` option instead.](#updating-the-user-directory) - - # Handles searches in the user directory. It can handle REST endpoints matching - # the following regular expressions: - - - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - - # When using this worker you must also set `update_user_directory: false` in the - # shared configuration file to stop the main synapse running background - # jobs related to updating the user directory. - - # Above endpoint is not *required* to be routed to this worker. By default, - # `update_user_directory` is set to `true`, which means the main process - # will handle updates. All workers configured with `client` can handle the above - # endpoint as long as either this worker or the main process are configured to - # handle it, and are online. - - # If `update_user_directory` is set to `false`, and this worker is not running, - # the above endpoint may give outdated results. - -matrix_synapse_workers_frontend_proxy_endpoints: - # Proxies some frequently-requested client endpoints to add caching and remove - # load from the main synapse. It can handle REST endpoints matching the following - # regular expressions: - - - ^/_matrix/client/(r0|v3|unstable)/keys/upload - - # If `use_presence` is False in the homeserver config, it can also handle REST - # endpoints matching the following regular expressions: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status - - # This "stub" presence handler will pass through `GET` request but make the - # `PUT` effectively a no-op. - - # It will proxy any requests it cannot handle to the main synapse instance. It - # must therefore be configured with the location of the main instance, via - # the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration - # file. For example: - - # ```yaml - # worker_main_http_uri: http://127.0.0.1:8008 - # ``` - -matrix_synapse_workers_avail_list: - - appservice - - federation_sender - - frontend_proxy - - generic_worker - - media_repository - - pusher - - user_dir diff --git a/setup.yml b/setup.yml index 0bc41281..5bbda0c1 100755 --- a/setup.yml +++ b/setup.yml @@ -3,67 +3,94 @@ hosts: "{{ target if target is defined else 'matrix_servers' }}" become: true - vars_files: - - roles/matrix-synapse/vars/workers.yml - roles: - - matrix-base - - matrix-dynamic-dns - - matrix-mailer - - matrix-postgres - - matrix-redis - - matrix-corporal - - matrix-bridge-appservice-discord - - matrix-bridge-appservice-slack - - matrix-bridge-appservice-webhooks - - matrix-bridge-appservice-irc - - matrix-bridge-beeper-linkedin - - matrix-bridge-go-skype-bridge - - matrix-bridge-mautrix-facebook - - matrix-bridge-mautrix-twitter - - matrix-bridge-mautrix-hangouts - - matrix-bridge-mautrix-googlechat - - matrix-bridge-mautrix-instagram - - matrix-bridge-mautrix-signal - - matrix-bridge-mautrix-telegram - - matrix-bridge-mautrix-whatsapp - - matrix-bridge-mautrix-wsproxy - - matrix-bridge-mx-puppet-discord - - matrix-bridge-mx-puppet-groupme - - matrix-bridge-mx-puppet-steam - - matrix-bridge-mx-puppet-slack - - matrix-bridge-mx-puppet-twitter - - matrix-bridge-mx-puppet-instagram - - matrix-bridge-sms - - matrix-bridge-heisenbridge - - matrix-bridge-hookshot - - matrix-bot-matrix-reminder-bot - - matrix-bot-matrix-registration-bot - - matrix-bot-buscarron - - matrix-bot-honoroit - - matrix-bot-go-neb - - matrix-bot-mjolnir - - matrix-synapse - - matrix-dendrite - - matrix-synapse-admin - - matrix-prometheus-node-exporter - - matrix-prometheus-postgres-exporter - - matrix-prometheus - - matrix-grafana - - matrix-registration - - matrix-client-element - - matrix-client-hydrogen - - matrix-client-cinny - - matrix-jitsi - - matrix-ma1sd - - matrix-dimension - - matrix-etherpad - - matrix-email2matrix - - matrix-sygnal - - matrix-ntfy - - matrix-nginx-proxy - - matrix-coturn - - matrix-aux - - matrix-postgres-backup - - matrix-backup-borg - - matrix-common-after + # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`). + - role: galaxy/com.devture.ansible.role.playbook_help + + - role: galaxy/com.devture.ansible.role.systemd_docker_base + + - role: custom/matrix_playbook_migration + + - when: devture_timesync_installation_enabled | bool + role: galaxy/com.devture.ansible.role.timesync + tags: + - setup-timesync + - setup-all + + - custom/matrix-base + - custom/matrix-dynamic-dns + - custom/matrix-mailer + - custom/matrix-postgres + - custom/matrix-redis + - custom/matrix-corporal + - custom/matrix-bridge-appservice-discord + - custom/matrix-bridge-appservice-slack + - custom/matrix-bridge-appservice-webhooks + - custom/matrix-bridge-appservice-irc + - custom/matrix-bridge-appservice-kakaotalk + - custom/matrix-bridge-beeper-linkedin + - custom/matrix-bridge-go-skype-bridge + - custom/matrix-bridge-mautrix-facebook + - custom/matrix-bridge-mautrix-twitter + - custom/matrix-bridge-mautrix-hangouts + - custom/matrix-bridge-mautrix-googlechat + - custom/matrix-bridge-mautrix-instagram + - custom/matrix-bridge-mautrix-signal + - custom/matrix-bridge-mautrix-telegram + - custom/matrix-bridge-mautrix-whatsapp + - custom/matrix-bridge-mautrix-wsproxy + - custom/matrix-bridge-mautrix-discord + - custom/matrix-bridge-mx-puppet-discord + - custom/matrix-bridge-mx-puppet-groupme + - custom/matrix-bridge-mx-puppet-steam + - custom/matrix-bridge-mx-puppet-slack + - custom/matrix-bridge-mx-puppet-twitter + - custom/matrix-bridge-mx-puppet-instagram + - custom/matrix-bridge-sms + - custom/matrix-bridge-heisenbridge + - custom/matrix-bridge-hookshot + - custom/matrix-bot-matrix-reminder-bot + - custom/matrix-bot-matrix-registration-bot + - custom/matrix-bot-maubot + - custom/matrix-bot-buscarron + - custom/matrix-bot-honoroit + - custom/matrix-bot-postmoogle + - custom/matrix-bot-go-neb + - custom/matrix-bot-mjolnir + - custom/matrix-cactus-comments + - custom/matrix-synapse + - custom/matrix-dendrite + - custom/matrix-conduit + - custom/matrix-synapse-admin + - custom/matrix-prometheus-node-exporter + - custom/matrix-prometheus-postgres-exporter + - custom/matrix-prometheus + - custom/matrix-grafana + - custom/matrix-registration + - custom/matrix-client-element + - custom/matrix-client-hydrogen + - custom/matrix-client-cinny + - custom/matrix-jitsi + - custom/matrix-ldap-registration-proxy + - custom/matrix-ma1sd + - custom/matrix-dimension + - custom/matrix-etherpad + - custom/matrix-email2matrix + - custom/matrix-sygnal + - custom/matrix-ntfy + - custom/matrix-nginx-proxy + - custom/matrix-coturn + - custom/matrix-aux + - custom/matrix-postgres-backup + - custom/matrix-backup-borg + - custom/matrix-user-creator + - custom/matrix-common-after + + # This is pretty much last, because we want it to better serve as a "last known good configuration". + # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 + - when: devture_playbook_state_preserver_enabled | bool + role: galaxy/com.devture.ansible.role.playbook_state_preserver + tags: + - setup-all + + - role: galaxy/com.devture.ansible.role.playbook_runtime_messages