diff --git a/roles/matrix-ldap-registration-proxy/defaults/main.yml b/roles/matrix-ldap-registration-proxy/defaults/main.yml index 712e1101..8f7a2e2d 100644 --- a/roles/matrix-ldap-registration-proxy/defaults/main.yml +++ b/roles/matrix-ldap-registration-proxy/defaults/main.yml @@ -7,6 +7,9 @@ matrix_ldap_registration_proxy_enabled: true matrix_ldap_registration_proxy_container_image_self_build_repo: "https://gitlab.com/activism.international/matrix_ldap_registration_proxy.git" matrix_ldap_registration_proxy_container_image_self_build_branch: "{{ matrix_ldap_registration_proxy_version }}" +matrix_ldap_registration_proxy_docker_image: "{{ matrix_ldap_registration_proxy_docker_image_name_prefix }}activism.international/matrix_ldap_registration_proxy:{{ matrix_ldap_registration_proxy_version }}" +matrix_ldap_registration_proxy_docker_image_name_prefix: "localhost/" + matrix_ldap_registration_proxy_version: "296246afc6a9b3105e67fcf6621cf05ebc74b873" matrix_ldap_registration_proxy_base_path: "{{ matrix_base_data_path }}/matrix_ldap_registration_proxy" @@ -14,6 +17,8 @@ matrix_ldap_registration_proxy_base_path: "{{ matrix_base_data_path }}/matrix_ld matrix_ldap_registration_proxy_docker_src_files_path: "{{ matrix_ldap_registration_proxy_base_path }}/docker-src/matrix_ldap_registration_proxy" matrix_ldap_registration_proxy_config_path: "{{ matrix_ldap_registration_proxy_base_path }}/config" +matrix_ldap_registration_proxy_appservice_public_enabled: false + matrix_ldap_registration_proxy_ldap_uri: "" matrix_ldap_registration_proxy_ldap_base_dn: "" matrix_ldap_registration_proxy_ldap_user: "" @@ -22,7 +27,7 @@ matrix_ldap_registration_proxy_matrix_server_name: "{{ matrix_domain }}" matrix_ldap_registration_proxy_matrix_server_url: "https://{{ matrix_server_fqn_matrix }}" # Controls whether the self-check feature should validate SSL certificates. -matrix_matrix_ldap_registration_proxy_self_check_validate_certificates: true +matrix_ldap_registration_proxy_self_check_validate_certificates: true matrix_ldap_registration_proxy_container_port: 8080 # Controls whether the matrix_ldap_registration_proxy container exposes its HTTP port (tcp/{{ matrix_ldap_registration_proxy_container_port }} in the container). diff --git a/roles/matrix-ldap-registration-proxy/tasks/init.yml b/roles/matrix-ldap-registration-proxy/tasks/init.yml index 15017333..f7ed52c5 100644 --- a/roles/matrix-ldap-registration-proxy/tasks/init.yml +++ b/roles/matrix-ldap-registration-proxy/tasks/init.yml @@ -7,7 +7,7 @@ when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ldap_registration_proxy_container_image_self_build and matrix_ldap_registration_proxy_enabled | bool" - ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-matrix-ldap-registration-proxy.service'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ldap-registration-proxy.service'] }}" when: matrix_ldap_registration_proxy_enabled | bool - block: @@ -49,7 +49,7 @@ NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy reverse proxy. Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}` - URL endpoint to the matrix-matrix-ldap-proxy container. + URL endpoint to the matrix-ldap-proxy container. You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable. when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-ldap-registration-proxy/tasks/main.yml b/roles/matrix-ldap-registration-proxy/tasks/main.yml index 576fc1f4..5815774e 100644 --- a/roles/matrix-ldap-registration-proxy/tasks/main.yml +++ b/roles/matrix-ldap-registration-proxy/tasks/main.yml @@ -5,19 +5,19 @@ - always - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_matrix_ldap_registration_proxy_enabled | bool" + when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" tags: - setup-all - setup-matrix-ldap-registration-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_matrix_ldap_registration_proxy_enabled | bool" + when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" tags: - setup-all - setup-matrix-ldap-registration-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_matrix_ldap_registration_proxy_enabled | bool" + when: "run_setup | bool and not matrix_ldap_registration_proxy_enabled | bool" tags: - setup-all - setup-matrix-ldap-registration-proxy diff --git a/roles/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml b/roles/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml index cc542edf..3225a3ae 100644 --- a/roles/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml +++ b/roles/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml @@ -3,7 +3,7 @@ - name: Check existence of matrix-matrix_ldap_registration_proxy service ansible.builtin.stat: path: "{{ matrix_systemd_path }}/matrix-ldap-registration-proxy.service" - register: matrix_matrix_ldap_registration_proxy_service_stat + register: matrix_ldap_registration_proxy_service_stat - name: Ensure matrix-matrix_ldap_registration_proxy is stopped ansible.builtin.service: @@ -12,25 +12,25 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" - name: Ensure matrix-ldap-registration-proxy.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-ldap-registration-proxy.service" state: absent - when: "matrix_matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" - name: Ensure Matrix matrix_ldap_registration_proxy paths don't exist ansible.builtin.file: - path: "{{ matrix_matrix_ldap_registration_proxy_base_path }}" + path: "{{ matrix_ldap_registration_proxy_base_path }}" state: absent - name: Ensure matrix_ldap_registration_proxy Docker image doesn't exist docker_image: - name: "{{ matrix_matrix_ldap_registration_proxy_docker_image }}" + name: "{{ matrix_ldap_registration_proxy_docker_image }}" state: absent diff --git a/roles/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 b/roles/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 index afbabe72..4c68ed46 100644 --- a/roles/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 +++ b/roles/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-matrix_ldap_registration_proxy 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-matrix_ldap_registration_proxy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix_ldap_registration_proxy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix_ldap_registration_proxy 2>/dev/null || true' # matrix_ldap_registration_proxy writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option.