Merge branch 'master' into pub.solar
This commit is contained in:
commit
07e8f04fa9
22
CHANGELOG.md
22
CHANGELOG.md
|
@ -1,3 +1,25 @@
|
|||
# 2021-01-17
|
||||
|
||||
## matrix-corporal goes 2.0
|
||||
|
||||
[matrix-corporal v2 has been released](https://github.com/devture/matrix-corporal/releases/tag/2.0.0) and the playbook also supports it now.
|
||||
|
||||
No manual intervention is required in the common case.
|
||||
|
||||
The new [matrix-corporal](https://github.com/devture/matrix-corporal) version is also the first one to support Interactive Authentication. If you wish to enable that (hint: you should), you'll need to set up the [REST auth password provider](docs/configuring-playbook-rest-auth.md). There's more information in [our matrix-corporal docs](docs/configuring-playbook-matrix-corporal.md).
|
||||
|
||||
|
||||
# 2021-01-14
|
||||
|
||||
## Moving from cronjobs to systemd timers
|
||||
|
||||
We no longer use cronjobs for Let's Encrypt SSL renewal and `matrix-nginx-proxy`/`matrix-coturn` reloading. Instead, we've switched to systemd timers.
|
||||
|
||||
The largest benefit of this is that we no longer require you to install a cron daemon, thus simplifying our install procedure.
|
||||
|
||||
The playbook will migrate you from cronjobs to systemd timers automatically. This is just a heads up.
|
||||
|
||||
|
||||
# 2021-01-08
|
||||
|
||||
## (Breaking Change) New SSL configuration
|
||||
|
|
|
@ -146,7 +146,7 @@ This playbook sets up your server using the following Docker images:
|
|||
|
||||
- [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) - [Matrix Corporal](https://github.com/devture/matrix-corporal): reconciliator and gateway for a managed Matrix server (optional)
|
||||
|
||||
- [devture/zeratax-matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) - [matrix-registration](https://github.com/ZerataX/matrix-registration): a simple python application to have a token based matrix registration (optional)
|
||||
- [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) - [matrix-registration](https://github.com/ZerataX/matrix-registration): a simple python application to have a token based matrix registration (optional)
|
||||
|
||||
- [nginx](https://hub.docker.com/_/nginx/) - the [nginx](http://nginx.org/) web server (optional)
|
||||
|
||||
|
|
|
@ -12,7 +12,6 @@ matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
|
|||
matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
|
||||
```
|
||||
|
||||
|
||||
## Set up Double Puppeting
|
||||
|
||||
If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-telegram/wiki/Authentication#replacing-telegram-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it.
|
||||
|
|
|
@ -11,7 +11,9 @@ The playbook can install and configure [matrix-corporal](https://github.com/devt
|
|||
In short, it's a sort of automation and firewalling service, which is helpful if you're instaling Matrix services in a controlled corporate environment.
|
||||
See that project's documentation to learn what it does and why it might be useful to you.
|
||||
|
||||
If you decide that you'd like to let this playbook install it for you, you'd need to also [set up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md).
|
||||
If you decide that you'd like to let this playbook install it for you, you'd need to also:
|
||||
- (required) [set up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md)
|
||||
- (optional, but encouraged) [set up the REST authentication password provider module](configuring-playbook-rest-auth.md)
|
||||
|
||||
|
||||
## Playbook configuration
|
||||
|
@ -24,6 +26,15 @@ You would then need some configuration like this:
|
|||
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
||||
|
||||
# When matrix-corporal is acting as the primary authentication provider,
|
||||
# you need to set up the REST authentication password provider module
|
||||
# to make Interactive User Authentication work.
|
||||
# This is necessary for certain user actions (like E2EE, device management, etc).
|
||||
#
|
||||
# See configuring-playbook-rest-auth.md
|
||||
matrix_synapse_ext_password_provider_rest_auth_enabled: true
|
||||
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-corporal:41080/_matrix/corporal"
|
||||
|
||||
matrix_corporal_enabled: true
|
||||
|
||||
matrix_corporal_policy_provider_config: |
|
||||
|
@ -40,9 +51,9 @@ matrix_corporal_policy_provider_config: |
|
|||
matrix_corporal_http_api_enabled: true
|
||||
matrix_corporal_http_api_auth_token: "AUTH_TOKEN_HERE"
|
||||
|
||||
# If you need to change the reconciliator user's id from the default (matrix-corporal)..
|
||||
# If you need to change matrix-corporal's user id from the default (matrix-corporal).
|
||||
# In any case, you need to make sure this Matrix user is created on your server.
|
||||
matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal"
|
||||
matrix_corporal_corporal_user_id_local_part: "matrix-corporal"
|
||||
|
||||
# Because Corporal peridoically performs lots of user logins from the same IP,
|
||||
# you may need raise Synapse's ratelimits.
|
||||
|
|
|
@ -6,14 +6,16 @@
|
|||
- **Ubuntu** (16.04+, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
|
||||
- **Archlinux**
|
||||
|
||||
This playbook doesn't support running on ARM (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
|
||||
We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
|
||||
|
||||
This playbook somewhat supports running on non-`amd64` architectures like ARM. See [Alternative Architectures](alternative-architectures.md).
|
||||
|
||||
If your distro runs within an [LXC container](https://linuxcontainers.org/), you may hit [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/703). It can be worked around, if absolutely necessary, but we suggest that you avoid running from within an LXC container.
|
||||
|
||||
- `root` access to your server (or a user capable of elevating to `root` via `sudo`).
|
||||
|
||||
- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`)
|
||||
|
||||
- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
||||
|
||||
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
||||
|
||||
- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
||||
|
|
|
@ -18,8 +18,10 @@ List of roles where self-building the Docker image is currently possible:
|
|||
- `matrix-corporal`
|
||||
- `matrix-ma1sd`
|
||||
- `matrix-mailer`
|
||||
- `matrix-bridge-appservice-slack`
|
||||
- `matrix-bridge-mautrix-facebook`
|
||||
- `matrix-bridge-mautrix-hangouts`
|
||||
- `matrix-bridge-mautrix-telegram`
|
||||
- `matrix-bridge-mx-puppet-skype`
|
||||
|
||||
Adding self-building support to other roles is welcome. Feel free to contribute!
|
||||
|
|
|
@ -23,15 +23,13 @@ If you prefer to uninstall manually, run these commands (most are meant to be ex
|
|||
|
||||
- ensure all Matrix services are stopped: `ansible-playbook -i inventory/hosts setup.yml --tags=stop` (if you can't get Ansible working to run this command, you can run `systemctl stop 'matrix*'` manually on the server)
|
||||
|
||||
- delete the Matrix-related systemd `.service` files (`rm -f /etc/systemd/system/matrix*.service`) and reload systemd (`systemctl daemon-reload`)
|
||||
|
||||
- delete all Matrix-related cronjobs (`rm -f /etc/cron.d/matrix*`)
|
||||
- delete the Matrix-related systemd `.service` and `.timer` files (`rm -f /etc/systemd/system/matrix*.{service,timer}`) and reload systemd (`systemctl daemon-reload`)
|
||||
|
||||
- delete some helper scripts (`rm -f /usr/local/bin/matrix*`)
|
||||
|
||||
- delete some cached Docker images (`docker system prune -a`) or just delete them all (`docker rmi $(docker images -aq)`)
|
||||
|
||||
- delete the Docker network: `docker network rm matrix` (might have been deleted already if you ran the `docker system prune` command)
|
||||
- delete the Docker networks: `docker network rm matrix matrix-coturn` (might have been deleted already if you ran the `docker system prune` command)
|
||||
|
||||
- uninstall Docker itself, if necessary
|
||||
|
||||
|
|
|
@ -110,6 +110,8 @@ matrix_appservice_webhooks_systemd_required_services_list: |
|
|||
# We don't enable bridges by default.
|
||||
matrix_appservice_slack_enabled: false
|
||||
|
||||
matrix_appservice_slack_container_self_build: "{{ matrix_architecture != 'amd64' }}"
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-slack over the container network.
|
||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||
# matrix-appservice-slack's client-server port to the local host.
|
||||
|
@ -305,6 +307,9 @@ matrix_mautrix_signal_database_password: "{{ matrix_synapse_macaroon_secret_key
|
|||
# We don't enable bridges by default.
|
||||
matrix_mautrix_telegram_enabled: false
|
||||
|
||||
# Images are multi-arch (amd64 and arm64, but not arm32).
|
||||
matrix_mautrix_telegram_container_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
|
||||
|
||||
matrix_mautrix_telegram_systemd_required_services_list: |
|
||||
{{
|
||||
['docker.service']
|
||||
|
@ -669,6 +674,9 @@ matrix_corporal_matrix_homeserver_api_endpoint: "http://matrix-synapse:8008"
|
|||
|
||||
matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
||||
|
||||
# This is only useful if there's REST auth provider to make use of it.
|
||||
matrix_corporal_http_gateway_internal_rest_auth_enabled: "{{ matrix_synapse_ext_password_provider_rest_auth_enabled }}"
|
||||
|
||||
matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registration_shared_secret }}"
|
||||
|
||||
######################################################################
|
||||
|
|
|
@ -48,7 +48,16 @@ matrix_base_data_path_mode: "750"
|
|||
|
||||
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
|
||||
matrix_systemd_path: "/etc/systemd/system"
|
||||
|
||||
# Specifies the path to use for the `HOME` environment variable for systemd unit files.
|
||||
# Docker 20.10 complains with `WARNING: Error loading config file: .dockercfg: $HOME is not defined`
|
||||
# if `$HOME` is not defined, so we define something to make it happy.
|
||||
matrix_systemd_unit_home_path: /root
|
||||
|
||||
# This is now unused. We keep it so that cleanup tasks can use it.
|
||||
# To be removed in the future.
|
||||
matrix_cron_path: "/etc/cron.d"
|
||||
|
||||
matrix_local_bin_path: "/usr/local/bin"
|
||||
|
||||
matrix_host_command_docker: "/usr/bin/env docker"
|
||||
|
|
|
@ -20,8 +20,6 @@ else
|
|||
rm -f {{ matrix_systemd_path }}/$s
|
||||
done
|
||||
systemctl daemon-reload
|
||||
echo "Remove matrix cronjobs"
|
||||
find /etc/cron.d/ -name "matrix-*" -delete
|
||||
echo "Remove matrix scripts"
|
||||
find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete
|
||||
echo "Remove unused Docker images and resources"
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}"
|
||||
when: matrix_bot_matrix_reminder_bot_enabled|bool
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord.service'] }}"
|
||||
when: matrix_appservice_discord_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc.service'] }}"
|
||||
when: matrix_appservice_irc_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
|
||||
|
||||
|
|
|
@ -3,6 +3,10 @@
|
|||
|
||||
matrix_appservice_slack_enabled: true
|
||||
|
||||
matrix_appservice_slack_container_self_build: false
|
||||
matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
|
||||
matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
|
||||
|
||||
matrix_appservice_slack_docker_image: "docker.io/matrixdotorg/matrix-appservice-slack:release-1.5.0"
|
||||
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
when: "matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack.service'] }}"
|
||||
when: matrix_appservice_slack_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -8,9 +8,11 @@
|
|||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_appservice_slack_base_path }}"
|
||||
- "{{ matrix_appservice_slack_config_path }}"
|
||||
- "{{ matrix_appservice_slack_data_path }}"
|
||||
- { path: "{{ matrix_appservice_slack_base_path }}", when: true }
|
||||
- { path: "{{ matrix_appservice_slack_config_path }}", when: true }
|
||||
- { path: "{{ matrix_appservice_slack_data_path }}", when: true }
|
||||
- { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_self_build }}" }
|
||||
when: item.when|bool
|
||||
|
||||
- set_fact:
|
||||
matrix_appservice_slack_requires_restart: false
|
||||
|
@ -35,6 +37,26 @@
|
|||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}"
|
||||
when: "not matrix_appservice_slack_container_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-appservice-slack repository is present when self-building
|
||||
git:
|
||||
repo: "{{ matrix_appservice_slack_docker_repo }}"
|
||||
dest: "{{ matrix_appservice_slack_docker_src_files_path }}"
|
||||
force: "yes"
|
||||
register: matrix_appservice_slack_git_pull_results
|
||||
when: "matrix_appservice_slack_container_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-appservice-slack Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_appservice_slack_docker_image }}"
|
||||
source: build
|
||||
force_source: yes
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_appservice_slack_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_appservice_slack_container_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
|
||||
|
||||
- name: Ensure Matrix Appservice Slack config installed
|
||||
copy:
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
when: "matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks.service'] }}"
|
||||
when: matrix_appservice_webhooks_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}"
|
||||
when: matrix_mautrix_facebook_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}"
|
||||
when: matrix_mautrix_hangouts_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal', 'matrix-mautrix-signal-daemon'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}"
|
||||
when: matrix_mautrix_signal_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -13,6 +13,7 @@ Wants={{ service }}
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon
|
||||
|
|
|
@ -13,6 +13,7 @@ Wants={{ service }}
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal
|
||||
|
||||
|
|
|
@ -3,6 +3,10 @@
|
|||
|
||||
matrix_mautrix_telegram_enabled: true
|
||||
|
||||
matrix_mautrix_telegram_container_self_build: false
|
||||
matrix_mautrix_telegram_docker_repo: "https://mau.dev/tulir/mautrix-telegram.git"
|
||||
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
|
||||
|
||||
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
|
||||
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.9.0"
|
||||
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}"
|
||||
when: matrix_mautrix_telegram_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -34,24 +34,46 @@
|
|||
when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists|bool"
|
||||
when: "matrix_mautrix_telegram_database_engine == 'postgres'"
|
||||
|
||||
- name: Ensure Mautrix Telegram paths exist
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_mautrix_telegram_base_path }}", when: true }
|
||||
- { path: "{{ matrix_mautrix_telegram_config_path }}", when: true }
|
||||
- { path: "{{ matrix_mautrix_telegram_data_path }}", when: true }
|
||||
- { path: "{{ matrix_mautrix_telegram_docker_src_files_path }}", when: "{{ matrix_mautrix_telegram_container_self_build }}" }
|
||||
when: item.when|bool
|
||||
|
||||
- name: Ensure Mautrix Telegram image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_mautrix_telegram_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}"
|
||||
when: "not matrix_mautrix_telegram_container_self_build|bool"
|
||||
|
||||
- name: Ensure Mautrix Telegram paths exist
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_mautrix_telegram_base_path }}"
|
||||
- "{{ matrix_mautrix_telegram_config_path }}"
|
||||
- "{{ matrix_mautrix_telegram_data_path }}"
|
||||
- name: Ensure matrix-mautrix-telegram repository is present when self-building
|
||||
git:
|
||||
repo: "{{ matrix_mautrix_telegram_docker_repo }}"
|
||||
dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}"
|
||||
force: "yes"
|
||||
register: matrix_mautrix_telegram_git_pull_results
|
||||
when: "matrix_mautrix_telegram_container_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-mautrix-telegram Docker image is build
|
||||
docker_image:
|
||||
name: "{{ matrix_mautrix_telegram_docker_image }}"
|
||||
source: build
|
||||
force_source: yes
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_mautrix_telegram_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_mautrix_telegram_container_self_build|bool and matrix_mautrix_telegram_git_pull_results.changed"
|
||||
|
||||
- name: Check if an old database file already exists
|
||||
stat:
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}"
|
||||
when: matrix_mautrix_whatsapp_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
engine_variable_name: 'matrix_mautrix_whatsapp_database_engine'
|
||||
engine_old: 'sqlite'
|
||||
systemd_services_to_stop: ['matrix-mautrix-whatsapp.service']
|
||||
pgloader_options: ['--with "quote identifiers"']
|
||||
|
||||
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}"
|
||||
when: matrix_mx_puppet_discord_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}"
|
||||
when: matrix_mx_puppet_instagram_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype.service'] }}"
|
||||
when: matrix_mx_puppet_skype_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}"
|
||||
when: matrix_mx_puppet_slack_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}"
|
||||
when: matrix_mx_puppet_steam_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}"
|
||||
when: matrix_mx_puppet_twitter_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge.service'] }}"
|
||||
when: matrix_sms_bridge_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}"
|
||||
when: matrix_client_element_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
|
|
|
@ -9,6 +9,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-client-element
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-client-element
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
- name: Deterimne whether we should make services autostart
|
||||
- name: Determine whether we should make services autostart
|
||||
set_fact:
|
||||
matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled|default('') == '' else matrix_services_autostart_enabled|bool }}"
|
||||
|
||||
|
@ -46,7 +46,7 @@
|
|||
Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate.
|
||||
with_items: "{{ matrix_systemd_services_list }}"
|
||||
when:
|
||||
- "ansible_facts.services[item + '.service']|default(none) is none or ansible_facts.services[item + '.service'].state != 'running'"
|
||||
- "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')"
|
||||
when: " ansible_distribution != 'Archlinux'"
|
||||
|
||||
- block:
|
||||
|
|
|
@ -24,7 +24,7 @@ matrix_corporal_systemd_required_services_list: ['docker.service']
|
|||
|
||||
matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
|
||||
matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_corporal_docker_image_tag: "1.11.0"
|
||||
matrix_corporal_docker_image_tag: "2.1.0"
|
||||
matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
|
||||
|
@ -50,10 +50,16 @@ matrix_corporal_matrix_registration_shared_secret: ""
|
|||
matrix_corporal_matrix_timeout_milliseconds: 45000
|
||||
|
||||
matrix_corporal_reconciliation_retry_interval_milliseconds: 30000
|
||||
matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal"
|
||||
matrix_corporal_corporal_user_id_local_part: "matrix-corporal"
|
||||
|
||||
matrix_corporal_http_gateway_timeout_milliseconds: 60000
|
||||
|
||||
# If enabled, matrix-corporal exposes a `POST /_matrix/corporal/_matrix-internal/identity/v1/check_credentials` API
|
||||
# on the gateway (Client-Server API) server.
|
||||
# This API can then be used together with the REST Auth password provider by pointing it to matrix-corporal (e.g. `http://matrix-corporal:41080/_matrix/corporal`).
|
||||
# Doing so allows Interactive Authentication to work.
|
||||
matrix_corporal_http_gateway_internal_rest_auth_enabled: false
|
||||
|
||||
matrix_corporal_http_api_enabled: false
|
||||
matrix_corporal_http_api_auth_token: ""
|
||||
matrix_corporal_http_api_timeout_milliseconds: 15000
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}"
|
||||
when: matrix_corporal_enabled|bool
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`"
|
||||
when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''"
|
||||
|
||||
|
||||
- name: (Deprecation) Catch and report renamed corporal variables
|
||||
fail:
|
||||
msg: >-
|
||||
|
@ -25,3 +24,4 @@
|
|||
when: "item.old in vars"
|
||||
with_items:
|
||||
- {'old': 'matrix_corporal_container_expose_ports', 'new': '<superseded by matrix_corporal_container_http_gateway_host_bind_port and matrix_corporal_container_http_api_host_bind_port>'}
|
||||
- {'old': 'matrix_corporal_reconciliation_user_id_local_part', 'new': 'matrix_corporal_corporal_user_id_local_part'}
|
||||
|
|
|
@ -7,14 +7,20 @@
|
|||
"TimeoutMilliseconds": {{ matrix_corporal_matrix_timeout_milliseconds }}
|
||||
},
|
||||
|
||||
"Corporal": {
|
||||
"UserID": "@{{ matrix_corporal_corporal_user_id_local_part }}:{{ matrix_domain }}"
|
||||
},
|
||||
|
||||
"Reconciliation": {
|
||||
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}",
|
||||
"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
|
||||
},
|
||||
|
||||
"HttpGateway": {
|
||||
"ListenAddress": "0.0.0.0:41080",
|
||||
"TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }}
|
||||
"TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }},
|
||||
"InternalRESTAuth": {
|
||||
"Enabled": {{ matrix_corporal_http_gateway_internal_rest_auth_enabled|to_json }}
|
||||
}
|
||||
},
|
||||
|
||||
"HttpApi": {
|
||||
|
|
|
@ -9,6 +9,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ matrix_coturn_enabled: true
|
|||
matrix_coturn_container_image_self_build: false
|
||||
matrix_coturn_container_image_self_build_repo: "https://github.com/instrumentisto/coturn-docker-image.git"
|
||||
|
||||
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:4.5.1.3"
|
||||
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:4.5.2"
|
||||
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn.service'] }}"
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn-reload.timer'] }}"
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self buildig it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
|
|
|
@ -8,8 +8,14 @@
|
|||
- setup-all
|
||||
- setup-coturn
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_coturn.yml"
|
||||
when: run_setup|bool
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: "run_setup|bool and matrix_coturn_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-coturn
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: "run_setup|bool and not matrix_coturn_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-coturn
|
||||
|
|
|
@ -1,137 +0,0 @@
|
|||
---
|
||||
|
||||
#
|
||||
# Tasks related to setting up Coturn
|
||||
#
|
||||
|
||||
- name: Ensure Matrix Coturn path exists
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"}
|
||||
when: matrix_coturn_enabled|bool and item.when
|
||||
|
||||
- name: Ensure Coturn image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}"
|
||||
when: matrix_coturn_enabled|bool and not matrix_coturn_container_image_self_build
|
||||
|
||||
- name: Ensure Coturn repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
register: matrix_coturn_git_pull_results
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build"
|
||||
|
||||
- name: Ensure Coturn Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: build
|
||||
force_source: "{{ matrix_coturn_git_pull_results.changed }}"
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure Coturn configuration path exists
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- name: Ensure turnserver.conf installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/turnserver.conf.j2"
|
||||
dest: "{{ matrix_coturn_config_path }}"
|
||||
mode: 0644
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- name: Ensure Coturn network is created in Docker
|
||||
docker_network:
|
||||
name: "{{ matrix_coturn_docker_network }}"
|
||||
driver: bridge
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- name: Ensure matrix-coturn.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
mode: 0644
|
||||
register: matrix_coturn_systemd_service_result
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-coturn.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_systemd_service_result.changed"
|
||||
|
||||
# This may be unnecessary when more long-lived certificates are used.
|
||||
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
|
||||
# Reloading doesn't hurt anyway, so there's no need to make this more flexible.
|
||||
- name: Ensure periodic reloading of matrix-coturn is configured for SSL renewal (matrix-coturn-reload)
|
||||
template:
|
||||
src: "{{ role_path }}/templates/cron.d/matrix-coturn-ssl-reload.j2"
|
||||
dest: /etc/cron.d/matrix-coturn-ssl-reload
|
||||
mode: 0644
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
||||
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of Coturn (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Ensure matrix-coturn-ssl-reload cronjob removed
|
||||
file:
|
||||
path: /etc/cron.d/matrix-coturn-ssl-reload
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool"
|
||||
|
||||
- name: Check existence of matrix-coturn service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
register: matrix_coturn_service_stat
|
||||
when: "not matrix_coturn_enabled|bool"
|
||||
|
||||
- name: Ensure matrix-coturn is stopped
|
||||
service:
|
||||
name: matrix-coturn
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-coturn.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-coturn.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure Matrix coturn paths don't exist
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool"
|
||||
|
||||
- name: Ensure coturn Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool"
|
104
roles/matrix-coturn/tasks/setup_install.yml
Normal file
104
roles/matrix-coturn/tasks/setup_install.yml
Normal file
|
@ -0,0 +1,104 @@
|
|||
---
|
||||
|
||||
# This is a cleanup/migration task. It can be removed some time in the future.
|
||||
- name: (Migration) Remove deprecated cronjob
|
||||
file:
|
||||
path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload"
|
||||
state: absent
|
||||
|
||||
- name: Ensure Matrix Coturn path exists
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"}
|
||||
when: "item.when|bool"
|
||||
|
||||
- name: Ensure Coturn image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}"
|
||||
when: "not matrix_coturn_container_image_self_build|bool"
|
||||
|
||||
- block:
|
||||
- name: Ensure Coturn repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
register: matrix_coturn_git_pull_results
|
||||
|
||||
- name: Ensure Coturn Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: build
|
||||
force_source: "{{ matrix_coturn_git_pull_results.changed }}"
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_coturn_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure Coturn configuration path exists
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure turnserver.conf installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/turnserver.conf.j2"
|
||||
dest: "{{ matrix_coturn_config_path }}"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure Coturn network is created in Docker
|
||||
docker_network:
|
||||
name: "{{ matrix_coturn_docker_network }}"
|
||||
driver: bridge
|
||||
|
||||
- name: Ensure matrix-coturn.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
mode: 0644
|
||||
register: matrix_coturn_systemd_service_change_results
|
||||
|
||||
# This may be unnecessary when more long-lived certificates are used.
|
||||
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
|
||||
# Reloading doesn't hurt anyway, so there's no need to make this more flexible.
|
||||
- name: Ensure reloading systemd units installed, if necessary
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/{{ item }}.j2"
|
||||
dest: "{{ matrix_systemd_path }}/{{ item }}"
|
||||
mode: 0644
|
||||
register: "matrix_coturn_systemd_service_change_results"
|
||||
when: "matrix_coturn_tls_enabled|bool"
|
||||
with_items:
|
||||
- matrix-coturn-reload.service
|
||||
- matrix-coturn-reload.timer
|
||||
|
||||
# A similar task exists in `setup_uninstall.yml`
|
||||
- name: Ensure reloading systemd units uninstalled, if unnecessary
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
register: "matrix_coturn_systemd_service_change_results"
|
||||
when: "not matrix_coturn_tls_enabled|bool"
|
||||
with_items:
|
||||
- matrix-coturn-reload.service
|
||||
- matrix-coturn-reload.timer
|
||||
|
||||
- name: Ensure systemd reloaded if systemd units changed
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_coturn_systemd_service_change_results.changed"
|
47
roles/matrix-coturn/tasks/setup_uninstall.yml
Normal file
47
roles/matrix-coturn/tasks/setup_uninstall.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
|
||||
- name: Check existence of matrix-coturn service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
register: matrix_coturn_service_stat
|
||||
when: "not matrix_coturn_enabled|bool"
|
||||
|
||||
- name: Ensure matrix-coturn is stopped
|
||||
service:
|
||||
name: matrix-coturn
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
when: "matrix_coturn_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure matrix-coturn-reload.timer is stopped
|
||||
service:
|
||||
name: matrix-coturn
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
failed_when: false
|
||||
when: "matrix_coturn_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure systemd units don't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/{{ item }}"
|
||||
state: absent
|
||||
register: matrix_coturn_systemd_unit_uninstallation_result
|
||||
with_items:
|
||||
- matrix-coturn.service
|
||||
- matrix-coturn-reload.service
|
||||
- matrix-coturn-reload.timer
|
||||
|
||||
- name: Ensure systemd reloaded after unit removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_coturn_systemd_unit_uninstallation_result.changed|bool"
|
||||
|
||||
- name: Ensure Matrix coturn paths don't exist
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Ensure coturn Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
state: absent
|
|
@ -1 +0,0 @@
|
|||
20 4 */5 * * root {{ matrix_host_command_systemctl }} reload matrix-coturn.service
|
|
@ -0,0 +1,6 @@
|
|||
[Unit]
|
||||
Description=Reloads matrix-coturn so that new SSL certificates can kick in
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ matrix_host_command_systemctl }} reload matrix-coturn.service
|
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Reloads matrix-coturn periodically so that new SSL certificates can kick in
|
||||
|
||||
[Timer]
|
||||
Unit=matrix-coturn-reload.service
|
||||
OnCalendar=Sunday *-*-* 13:00:00
|
||||
RandomizedDelaySec=3h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
|
@ -9,6 +9,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn
|
||||
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}"
|
||||
when: matrix_dimension_enabled|bool
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension
|
||||
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}"
|
||||
when: "matrix_dynamic_dns_enabled|bool"
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dynamic-dns
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dynamic-dns
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}"
|
||||
when: matrix_email2matrix_enabled|bool
|
||||
|
|
|
@ -7,6 +7,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix
|
||||
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web', 'matrix-jitsi-prosody', 'matrix-jitsi-jicofo', 'matrix-jitsi-jvb'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}"
|
||||
when: matrix_jitsi_enabled|bool
|
||||
|
|
|
@ -9,6 +9,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
|
||||
|
||||
|
|
|
@ -5,10 +5,13 @@ matrix_ma1sd_enabled: true
|
|||
|
||||
matrix_ma1sd_container_image_self_build: false
|
||||
matrix_ma1sd_container_image_self_build_repo: "https://github.com/ma1uta/ma1sd.git"
|
||||
matrix_ma1sd_container_image_self_build_branch: "{{ matrix_ma1sd_version }}"
|
||||
|
||||
matrix_ma1sd_architecture: "amd64"
|
||||
|
||||
matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}"
|
||||
matrix_ma1sd_version: "2.4.0"
|
||||
|
||||
matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:{{ matrix_ma1sd_version }}-{{ matrix_ma1sd_architecture }}"
|
||||
matrix_ma1sd_docker_image_name_prefix: "{{ 'localhost/' if matrix_ma1sd_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}"
|
||||
when: matrix_ma1sd_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
|
|
|
@ -79,21 +79,24 @@
|
|||
git:
|
||||
repo: "{{ matrix_ma1sd_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_ma1sd_docker_src_files_path }}"
|
||||
version: "{{ matrix_ma1sd_docker_image.split(':')[1].split('-')[0] }}"
|
||||
version: "{{ matrix_ma1sd_container_image_self_build_branch }}"
|
||||
force: "yes"
|
||||
register: matrix_ma1sd_git_pull_results
|
||||
|
||||
- name: Ensure ma1sd Docker image is built
|
||||
shell: "./gradlew dockerBuild"
|
||||
shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild"
|
||||
args:
|
||||
chdir: "{{ matrix_ma1sd_docker_src_files_path }}"
|
||||
|
||||
- name: Ensure ma1sd Docker image is tagged correctly
|
||||
docker_image:
|
||||
# The build script always tags the image with something like `ma1uta/ma1sd:2.4.0`.
|
||||
# Remove the `-{{ matrix_ma1sd_architecture }}` suffix and our `localhost/` prefix (applied when self-building)
|
||||
# to get to what has actually been built, so we can retag it as `{{ matrix_ma1sd_docker_image }}`.
|
||||
name: "{{ matrix_ma1sd_docker_image.split('-')[0].replace('localhost/', '') }}"
|
||||
# The build script always tags the image with 2 tags:
|
||||
# - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`)
|
||||
# or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release)
|
||||
# - generic one: `ma1uta/ma1sd:latest-dev`
|
||||
#
|
||||
# It's hard to predict the first one, so we'll use the latter.
|
||||
name: "ma1uta/ma1sd:latest-dev"
|
||||
repository: "{{ matrix_ma1sd_docker_image }}"
|
||||
force_tag: yes
|
||||
source: local
|
||||
|
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
|
|||
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
|
||||
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
|
||||
|
||||
matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:4.93.1-r0"
|
||||
matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:4.93-r1"
|
||||
matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
@ -19,6 +19,8 @@ matrix_mailer_container_user_gid: 101
|
|||
# A list of extra arguments to pass to the container
|
||||
matrix_mailer_container_extra_arguments: []
|
||||
|
||||
matrix_mailer_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
|
||||
matrix_mailer_relay_use: false
|
||||
matrix_mailer_relay_host_name: "mail.example.com"
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}"
|
||||
when: matrix_mailer_enabled|bool
|
||||
|
|
|
@ -6,3 +6,4 @@ SMARTHOST={{ matrix_mailer_relay_host_name }}::{{ matrix_mailer_relay_host_port
|
|||
SMTP_USERNAME={{ matrix_mailer_relay_auth_username }}
|
||||
SMTP_PASSWORD={{ matrix_mailer_relay_auth_password }}
|
||||
{% endif %}
|
||||
HOSTNAME={{ matrix_mailer_hostname }}
|
||||
|
|
|
@ -7,9 +7,12 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer
|
||||
|
||||
# --hostname gives us a friendlier hostname than the default.
|
||||
# The real hostname is passed via a `HOSTNAME` environment variable though.
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
|
||||
|
|
|
@ -215,10 +215,6 @@ matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
|
|||
# A list of strings containing additional configuration blocks to add to the base domain server configuration.
|
||||
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
||||
|
||||
# Specifies when to reload the matrix-nginx-proxy service so that
|
||||
# a new SSL certificate could go into effect.
|
||||
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
||||
|
||||
# Specifies the SSL configuration that should be used for the SSL protocols and ciphers
|
||||
# This is based on the Mozilla Server Side TLS Recommended configurations.
|
||||
#
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + [item.name] }}"
|
||||
when: "item.applicable|bool and item.enableable|bool"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
|
|
|
@ -10,71 +10,56 @@
|
|||
- "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew"
|
||||
- "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal"
|
||||
- "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter"
|
||||
|
||||
- "/etc/cron.d/matrix-ssl-lets-encrypt"
|
||||
- "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
|
||||
#
|
||||
# Tasks related to setting up Let's Encrypt's management of certificates
|
||||
#
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
with_items:
|
||||
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars"
|
||||
- block:
|
||||
- name: Ensure certbot Docker image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ssl_lets_encrypt_certbot_docker_image_force_pull }}"
|
||||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "Detected an undefined required variable"
|
||||
with_items:
|
||||
- "matrix_ssl_lets_encrypt_support_email"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and vars[item] is none"
|
||||
- name: Obtain Let's Encrypt certificates
|
||||
include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
|
||||
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
|
||||
loop_control:
|
||||
loop_var: domain_name
|
||||
|
||||
- name: Ensure certbot Docker image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ssl_lets_encrypt_certbot_docker_image_force_pull }}"
|
||||
- name: Ensure Let's Encrypt SSL renewal script installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
|
||||
dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
mode: 0750
|
||||
|
||||
- name: Ensure SSL renewal systemd units installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/{{ item.name }}.j2"
|
||||
dest: "{{ matrix_systemd_path }}/{{ item.name }}"
|
||||
mode: 0644
|
||||
when: "item.applicable|bool"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
- name: Obtain Let's Encrypt certificates
|
||||
include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
|
||||
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
|
||||
loop_control:
|
||||
loop_var: domain_name
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
- name: Ensure Let's Encrypt SSL renewal script installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
|
||||
dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
mode: 0750
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
- name: Ensure periodic SSL renewal cronjob configured
|
||||
template:
|
||||
src: "{{ role_path }}/templates/cron.d/matrix-ssl-lets-encrypt.j2"
|
||||
dest: /etc/cron.d/matrix-ssl-lets-encrypt
|
||||
mode: 0644
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of Let's Encrypt's management of certificates
|
||||
#
|
||||
|
||||
- name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
|
||||
file:
|
||||
path: /etc/cron.d/matrix-ssl-lets-encrypt
|
||||
state: absent
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
- block:
|
||||
- name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/{{ item.name }}"
|
||||
state: absent
|
||||
when: "{{ not item.applicable }}"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
|
||||
- name: Ensure Let's Encrypt SSL renewal script removed
|
||||
file:
|
||||
path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
state: absent
|
||||
- name: Ensure Let's Encrypt SSL renewal script removed
|
||||
file:
|
||||
path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
state: absent
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
|
|
|
@ -12,6 +12,8 @@
|
|||
# People who configured this to disable Riot, would now wish to be disabling Element.
|
||||
# We now also have `matrix_nginx_proxy_proxy_riot_compat_redirect_`, but that's something else and is disabled by default.
|
||||
- {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}
|
||||
- {'old': 'matrix_ssl_lets_encrypt_renew_cron_time_definition', 'new': '<not configurable anymore>'}
|
||||
- {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': '<not configurable anymore>'}
|
||||
|
||||
- name: Fail on unknown matrix_ssl_retrieval_method
|
||||
fail:
|
||||
|
@ -24,3 +26,22 @@
|
|||
msg: >-
|
||||
`matrix_nginx_proxy_ssl_preset` needs to be set to a known value.
|
||||
when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']"
|
||||
|
||||
- block:
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
with_items:
|
||||
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
when: "item.old in vars"
|
||||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "Detected an undefined required variable"
|
||||
with_items:
|
||||
- "matrix_ssl_lets_encrypt_support_email"
|
||||
when: "vars[item] is none"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
MAILTO="{{ matrix_ssl_lets_encrypt_support_email }}"
|
||||
15 4 * * * root {{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
20 5 * * * root {{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service
|
||||
{% endif %}
|
|
@ -12,6 +12,7 @@ DefaultDependencies=no
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
|
||||
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
[Unit]
|
||||
Description=Renews Let's Encrypt SSL certificates
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
|
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Renews Let's Encrypt SSL certificates periodically
|
||||
|
||||
[Timer]
|
||||
Unit=matrix-ssl-lets-encrypt-certificates-renew.service
|
||||
OnCalendar=Sunday *-*-* 05:00:00
|
||||
RandomizedDelaySec=3h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
|
@ -0,0 +1,6 @@
|
|||
[Unit]
|
||||
Description=Reloads matrix-nginx-proxy so that new SSL certificates can kick in
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service
|
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Reloads matrix-nginx-proxy periodically so that new SSL certificates can kick in
|
||||
|
||||
[Timer]
|
||||
Unit=matrix-ssl-nginx-proxy-reload.service
|
||||
OnCalendar=Sunday *-*-* 13:00:00
|
||||
RandomizedDelaySec=3h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
|
@ -24,7 +24,6 @@ docker run \
|
|||
{% if matrix_ssl_lets_encrypt_staging %}
|
||||
--staging \
|
||||
{% endif %}
|
||||
--quiet \
|
||||
--standalone \
|
||||
--preferred-challenges http \
|
||||
--agree-tos \
|
||||
|
|
|
@ -1,4 +1,18 @@
|
|||
---
|
||||
|
||||
# Tells whether this role had executed or not. Toggled to `true` during runtime.
|
||||
matrix_nginx_proxy_role_executed: false
|
||||
matrix_nginx_proxy_role_executed: false
|
||||
|
||||
matrix_ssl_renewal_systemd_units_list:
|
||||
- name: matrix-ssl-lets-encrypt-certificates-renew.service
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
|
||||
enableable: false
|
||||
- name: matrix-ssl-lets-encrypt-certificates-renew.timer
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
|
||||
enableable: true
|
||||
- name: matrix-ssl-nginx-proxy-reload.service
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled|bool }}"
|
||||
enableable: false
|
||||
- name: matrix-ssl-nginx-proxy-reload.timer
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled|bool }}"
|
||||
enableable: true
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}"
|
||||
when: matrix_postgres_enabled|bool
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue