diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 41cd35ed..3c083b99 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -4,8 +4,12 @@ matrix_dendrite_enabled: true -matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" -matrix_dendrite_docker_image_name_prefix: "docker.io/" +matrix_dendrite_container_image_self_build: false +matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/dendrite.git" + +matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" +matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" +matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_dendrite_docker_image_tag: "v0.12.0" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" @@ -17,6 +21,8 @@ matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats" matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin" matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" +matrix_dendrite_docker_src_files_path: "{{ matrix_dendrite_base_path }}/docker-src" + # By default, we make Dendrite only serve HTTP (not HTTPS). # HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`). # @@ -85,14 +91,14 @@ matrix_dendrite_systemd_wanted_services_list: [] # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars//dendrite.yaml.j2" matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2" -matrix_dendrite_client_api_registration_shared_secret: '' +matrix_dendrite_client_api_registration_shared_secret: "" matrix_dendrite_allow_guest_access: false matrix_dendrite_max_file_size_bytes: 10485760 # Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client. # This is likely required if Dendrite is running behind a reverse proxy server. -matrix_dendrite_sync_api_real_ip_header: 'X-Forwarded-For' +matrix_dendrite_sync_api_real_ip_header: "X-Forwarded-For" # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_dendrite_tmp_directory_size_mb: 500 @@ -147,7 +153,7 @@ matrix_dendrite_metrics_password: "metrics" # Postgres database information matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}" -matrix_dendrite_database_hostname: '' +matrix_dendrite_database_hostname: "" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" matrix_dendrite_federation_api_database: "dendrite_federationapi" diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 283e8b01..d96ddaeb 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -1,17 +1,21 @@ --- - - name: Ensure Dendrite paths exist ansible.builtin.file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - "{{ matrix_dendrite_config_dir_path }}" - - "{{ matrix_dendrite_bin_path }}" - - "{{ matrix_dendrite_ext_path }}" - - "{{ matrix_dendrite_nats_storage_path }}" + - { path: "{{ matrix_dendrite_config_dir_path }}", when: true } + - { path: "{{ matrix_dendrite_bin_path }}", when: true } + - { path: "{{ matrix_dendrite_ext_path }}", when: true } + - { path: "{{ matrix_dendrite_nats_storage_path }}", when: true } + - { + path: "{{ matrix_dendrite_docker_src_files_path }}", + when: "{{ matrix_dendrite_container_image_self_build }}", + } + when: "item.when | bool" # This will throw a Permission Denied error if already mounted using fuse - name: Check Dendrite media store path @@ -37,11 +41,23 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" + when: "not matrix_dendrite_container_image_self_build | bool" register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed +- name: Ensure Dendrite repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_dendrite_container_image_self_build_repo }}" + dest: "{{ matrix_dendrite_docker_src_files_path }}" + version: "{{ matrix_dendrite_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_dendrite_git_pull_results + when: "matrix_dendrite_container_image_self_build | bool" + # We do this so that the signing key would get generated. # We don't use the `docker_container` module, because using it with `cap_drop` requires # a very recent version, which is not available for a lot of people yet. @@ -72,6 +88,11 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Ensure Dendrite Docker image is built + ansible.builtin.command: + cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" + when: "matrix_dendrite_container_image_self_build | bool" + - name: Ensure Dendrite container network is created community.general.docker_network: name: "{{ matrix_dendrite_container_network }}"