pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2022-11-26 00:19:12 +01:00
commit 3dbe8fc232
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
329 changed files with 3676 additions and 5339 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
CHANGELOG.md
View file

@ -1,3 +1,26 @@
# 2022-11-25
## 2x-5x performance improvements in playbook runtime
**TLDR**: the playbook is 2x faster for running `--tags=setup-all` (and various other tags). It also has new `--tags=install-*` tags (like `--tags=install-all`), which skip uninstallation tasks and bring an additional 2.5x speedup. In total, the playbook can maintain your server 5 times faster.
Our [etke.cc managed Matrix hosting service](https://etke.cc) runs maintenance against hundreds of servers, so the playbook being fast means a lot.
The [etke.cc Ansible playbook](https://gitlab.com/etke.cc/ansible) (which is an extension of this one) is growing to support more and more services (besides just Matrix), so the Matrix playbook being leaner prevents runtimes from becoming too slow and improves the customer experience.
Even when running `ansible-playbook` manually (as most of us here do), it's beneficial not to waste time and CPU resources.
Recently, a few large optimizations have been done to this playbook and its external roles (see [The playbook now uses external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) and don't forget to run `make roles`):
1. Replacing Ansible `import_tasks` calls with `include_tasks`, which decreased runtime in half. Using `import_tasks` is slower and causes Ansible to go through and skip way too many tasks (tasks which could have been skipped altogether by not having Ansible include them in the first place). On an experimental VM, **deployment time was decreased from ~530 seconds to ~250 seconds**.
2. Introducing new `install-*` tags (`install-all` and `install-COMPONENT`, e.g. `install-synapse`, `install-bot-postmoogle`), which only run Ansible tasks pertaining to installation, while skipping uninstallation tasks. In most cases, people are maintaining the same setup or they're *adding* new components. Removing components is rare. Running thousands of uninstallation tasks each time is wasteful. On an experimental VM, **deployment time was decreased from ~250 seconds (`--tags=setup-all`) to ~100 seconds (`--tags=install-all`)**.
You can still use `--tags=setup-all`. In fact, that's the best way to ensure your server is reconciled with the `vars.yml` configuration.
If you know you haven't uninstalled any services since the last time you ran the playbook, you could run `--tags=install-all` instead and benefit from quicker runtimes.
It should be noted that a service may become "eligible for uninstallation" even if your `vars.yml` file remains the same. In rare cases, we toggle services from being auto-installed to being optional, like we did on the 17th of March 2022 when we made [ma1sd not get installed by default](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#compatibility-break-ma1sd-identity-server-no-longer-installed-by-default). In such rare cases, you'd also need to run `--tags=setup-all`.
# 2022-11-22
# Automatic `matrix_architecture` determination

2
docs/configuring-playbook-bridge-hookshot.md
View file

@ -54,7 +54,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |
See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml).
See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml).
The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.

4
docs/configuring-playbook-own-webserver.md
View file

@ -176,6 +176,8 @@ matrix_nginx_proxy_container_extra_arguments:
- '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
# (The 'default' certificate resolver must be defined in Traefik config)
- '--label "traefik.http.routers.matrix-nginx-proxy.tls.certResolver=default"'
# Traefik requires that we declare which service this router is using
- '--label "traefik.http.routers.matrix-nginx-proxy.service=matrix-nginx-proxy"'
# The Nginx proxy container uses port 8080 internally
- '--label "traefik.http.services.matrix-nginx-proxy.loadbalancer.server.port=8080"'
@ -185,6 +187,8 @@ matrix_nginx_proxy_container_extra_arguments:
- '--label "traefik.http.routers.matrix-nginx-proxy-federation.entrypoints=federation"'
# (The 'default' certificate resolver must be defined in Traefik config)
- '--label "traefik.http.routers.matrix-nginx-proxy-federation.tls.certResolver=default"'
# Traefik requires that we declare which service this router is using
- '--label "traefik.http.routers.matrix-nginx-proxy-federation.service=matrix-nginx-proxy-federation"'
# The Nginx proxy container uses port `matrix_nginx_proxy_proxy_matrix_federation_port (8448) internally
- '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}"'
- '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.scheme={{ "https" if matrix_nginx_proxy_https_enabled else "http" }}"'

8
docs/configuring-playbook-telemetry.md
View file

@ -12,15 +12,17 @@ growth of the Matrix community, and helps to make Matrix a success.
If you'd like to **help by enabling submission of general usage statistics** for your homeserver, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_synapse_report_stats: true
matrix_synapse_report_stats: true # for synapse
matrix_dendrite_report_stats: true # for dendrite
```
## Usage statistics being submitted
When enabled, Synapse will regularly upload a few dozen statistics about your server.
When enabled, your homeserver will regularly upload a few dozen statistics about your server.
This data includes your homeserver's domain, the total number of users, the number of active
users, the total number of rooms, and the number of messages sent per day on your homeserver.
See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics)
See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) or [Dendrite's documentation](https://github.com/matrix-org/dendrite/blob/main/docs/FAQ.md#what-is-being-reported-when-enabling-phone-home-statistics)
for the full list of statistics that are reported.

14
docs/installing.md
View file

@ -13,17 +13,21 @@ The general command syntax is: `ansible-playbook -i inventory/hosts setup.yml --
Here are some playbook tags that you should be familiar with:
- `setup-all` - runs all setup tasks for all components, but does not start/restart services
- `setup-all` - runs all setup tasks (installation and uninstallation) for all components, but does not start/restart services
- `install-all` - like `setup-all`, but skips uninstallation tasks. Useful for maintaining your setup quickly when its components remain unchanged. If you adjust your `vars.yml` to remove components, you'd need to run `setup-all` though, or these components will still remain installed
- `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag).
- `install-SERVICE` (e.g. `install-bot-postmoogle`) - like `setup-SERVICE`, but skips uninstallation tasks. See `install-all` above for additional information.
- `start` - starts all systemd services and makes them start automatically in the future
- `stop` - stops all systemd services
- `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created
`setup-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
`setup-*` tags and `install-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
## 1. Installing Matrix
@ -40,7 +44,7 @@ There 2 ways to start the installation process - depending on whether you're [In
If this is **a brand new** Matrix server and you **won't be importing old data into it**, run all these tags:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start
```
This will do a full installation and start all Matrix services.
@ -56,7 +60,7 @@ Starting its services or messing with its database now will affect your data imp
To do the installation **without** starting services, run only the `setup-all` tag:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
ansible-playbook -i inventory/hosts setup.yml --tags=install-all
```
When this command completes, services won't be running yet.
@ -82,6 +86,8 @@ Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-t
Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match.
Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [Playbook tags introduction](#playbook-tags-introduction)
## 3. Finalize the installation

490
group_vars/matrix_servers
View file

@ -25,6 +25,298 @@ matrix_playbook_docker_installation_enabled: true
# #
########################################################################
########################################################################
# #
# base #
# #
########################################################################
matrix_homeserver_container_extra_arguments_auto: |
{{
(['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else [])
+
(['--mount type=bind,src=' + matrix_appservice_webhooks_config_path + '/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro'] if matrix_appservice_webhooks_enabled else [])
+
(['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
+
(['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_hangouts_config_path + '/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro'] if matrix_mautrix_hangouts_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro'] if matrix_mautrix_instagram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_instagram_config_path + '/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro'] if matrix_mx_puppet_instagram_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_slack_config_path + '/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro'] if matrix_mx_puppet_slack_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_steam_config_path + '/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro'] if matrix_mx_puppet_steam_enabled else [])
+
(['--mount type=bind,src=' + matrix_mx_puppet_twitter_config_path + '/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro'] if matrix_mx_puppet_twitter_enabled else [])
+
(['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else [])
+
(['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else [])
}}
matrix_homeserver_app_service_config_files_auto: |
{{
(['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else [])
+
(['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else [])
+
(['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
+
(['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else [])
+
(['/matrix-appservice-webhooks-registration.yaml'] if matrix_appservice_webhooks_enabled else [])
+
(['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
+
(['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else [])
+
(['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else [])
+
(['/hookshot-registration.yml'] if matrix_hookshot_enabled else [])
+
(['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
+
(['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else [])
+
(['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else [])
+
(['/matrix-mautrix-hangouts-registration.yaml'] if matrix_mautrix_hangouts_enabled else [])
+
(['/matrix-mautrix-instagram-registration.yaml'] if matrix_mautrix_instagram_enabled else [])
+
(['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
+
(['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
+
(['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
+
(['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else [])
+
(['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else [])
+
(['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else [])
+
(['/matrix-mx-puppet-instagram-registration.yaml'] if matrix_mx_puppet_instagram_enabled else [])
+
(['/matrix-mx-puppet-slack-registration.yaml'] if matrix_mx_puppet_slack_enabled else [])
+
(['/matrix-mx-puppet-steam-registration.yaml'] if matrix_mx_puppet_steam_enabled else [])
+
(['/matrix-mx-puppet-twitter-registration.yaml'] if matrix_mx_puppet_twitter_enabled else [])
+
(['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else [])
+
(['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else [])
}}
########################################################################
# #
# /base #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
# This list is not exhaustive and final.
# Synapse workers are still injected into the list at runtime.
# Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
#
# Priority levels are like this:
# - core services (the homeserver) get a level of ~1000
# - services that core services depend on (database, Redis, ntfy, etc.) get a lower level - between 500 and 1000
# - reverse-proxying services get level 3000
# - Matrix utility services (bridges, bots) get a level of 2000/2200, so that:
# - they can start before the reverse-proxy
# - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with
# - monitoring services (Prometheus, Grafana, ..) get a level of 4000 - they can start later than all-of-Matrix
# - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix
devture_systemd_service_manager_services_list_auto: |
{{
([{'name': 'matrix-backup-borg.timer', 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if matrix_backup_borg_enabled else [])
+
([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron']}] if matrix_bot_buscarron_enabled else [])
+
([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb']}] if matrix_bot_go_neb_enabled else [])
+
([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit']}] if matrix_bot_honoroit_enabled else [])
+
([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
+
([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
+
([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot']}] if matrix_bot_maubot_enabled else [])
+
([{'name': 'matrix-bot-mjolnir.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'mjolnir']}] if matrix_bot_mjolnir_enabled else [])
+
([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'postmoogle']}] if matrix_bot_postmoogle_enabled else [])
+
([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
+
([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else [])
+
([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else [])
+
([{'name': 'matrix-appservice-kakaotalk-node.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk', 'appservice-kakaotalk-node']}] if matrix_appservice_kakaotalk_enabled else [])
+
([{'name': 'matrix-appservice-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-slack']}] if matrix_appservice_slack_enabled else [])
+
([{'name': 'matrix-appservice-webhooks.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-webhooks']}] if matrix_appservice_webhooks_enabled else [])
+
([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'beeper-linkedin']}] if matrix_beeper_linkedin_enabled else [])
+
([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else [])
+
([{'name': 'matrix-heisenbridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'heisenbridge']}] if matrix_heisenbridge_enabled else [])
+
([{'name': 'matrix-hookshot.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'hookshot']}] if matrix_hookshot_enabled else [])
+
([{'name': 'matrix-mautrix-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-discord']}] if matrix_mautrix_discord_enabled else [])
+
([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-facebook']}] if matrix_mautrix_facebook_enabled else [])
+
([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-googlechat']}] if matrix_mautrix_googlechat_enabled else [])
+
([{'name': 'matrix-mautrix-hangouts.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-hangouts']}] if matrix_mautrix_hangouts_enabled else [])
+
([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-instagram']}] if matrix_mautrix_instagram_enabled else [])
+
([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else [])
+
([{'name': 'matrix-mautrix-signal-daemon.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal-daemon']}] if matrix_mautrix_signal_enabled else [])
+
([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else [])
+
([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
+
([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else [])
+
([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else [])
+
([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-groupme']}] if matrix_mx_puppet_groupme_enabled else [])
+
([{'name': 'matrix-mx-puppet-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-instagram']}] if matrix_mx_puppet_instagram_enabled else [])
+
([{'name': 'matrix-mx-puppet-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-slack']}] if matrix_mx_puppet_slack_enabled else [])
+
([{'name': 'matrix-mx-puppet-steam.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-steam']}] if matrix_mx_puppet_steam_enabled else [])
+
([{'name': 'matrix-mx-puppet-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-twitter']}] if matrix_mx_puppet_twitter_enabled else [])
+
([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else [])
+
([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
+
([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny']}] if matrix_client_cinny_enabled else [])
+
([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element']}] if matrix_client_element_enabled else [])
+
([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen']}] if matrix_client_hydrogen_enabled else [])
+
([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
+
([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
+
([{'name': 'matrix-coturn.service', 'priority': 4000, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
+
([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
+
([{'name': 'matrix-dimension.service', 'priority': 2500, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else [])
+
([{'name': 'matrix-dynamic-dns.service', 'priority': 5000, 'groups': ['matrix', 'dynamic-dns']}] if matrix_dynamic_dns_enabled else [])
+
([{'name': 'matrix-email2matrix.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'email2matrix']}] if matrix_email2matrix_enabled else [])
+
([{'name': 'matrix-etherpad.service', 'priority': 4000, 'groups': ['matrix', 'etherpad']}] if matrix_etherpad_enabled else [])
+
([{'name': 'matrix-grafana.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if matrix_grafana_enabled else [])
+
([{'name': 'matrix-jitsi-web.service', 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if matrix_jitsi_enabled else [])
+
([{'name': 'matrix-jitsi-prosody.service', 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if matrix_jitsi_enabled else [])
+
([{'name': 'matrix-jitsi-jicofo.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if matrix_jitsi_enabled else [])
+
([{'name': 'matrix-jitsi-jvb.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if matrix_jitsi_enabled else [])
+
([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
+
([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else [])
+
([{'name': 'matrix-mailer.service', 'priority': 2000, 'groups': ['matrix', 'mailer']}] if matrix_mailer_enabled else [])
+
([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else [])
+
(matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable'))
+
([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else [])
+
([{'name': 'matrix-postgres.service', 'priority': 500, 'groups': ['matrix', 'postgres']}] if matrix_postgres_enabled else [])
+
([{'name': 'matrix-postgres-backup.service', 'priority': 3000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if matrix_postgres_backup_enabled else [])
+
([{'name': 'matrix-prometheus.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-core']}] if matrix_prometheus_enabled else [])
+
([{'name': 'matrix-prometheus-node-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_node_exporter_enabled else [])
+
([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else [])
+
([{'name': 'matrix-redis', 'priority': 750, 'groups': ['matrix', 'redis']}] if matrix_redis_enabled else [])
+
([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration']}] if matrix_registration_enabled else [])
+
([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else [])
+
([{'name': 'matrix-goofys.service', 'priority': 800, 'groups': ['matrix', 'goofys']}] if matrix_s3_media_store_enabled else [])
+
([{'name': 'matrix-synapse-s3-storage-provider-migrate.timer', 'priority': 5000, 'groups': ['matrix']}] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
+
([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
+
([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
}}
########################################################################
# #
# /com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
########################################################################
@ -130,14 +422,14 @@ matrix_appservice_discord_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token') | to_uuid }}"
matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token', rounds=655555) | to_uuid }}"
matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token') | to_uuid }}"
matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token', rounds=655555) | to_uuid }}"
# We only make this use Postgres if our own Postgres server is enabled.
# It's only then (for now) that we can automatically create the necessary database and user for this service.
matrix_appservice_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db') | to_uuid }}"
matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -162,12 +454,12 @@ matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture !
# matrix-appservice-webhooks' client-server port to the local host.
matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_webhooks_matrix_port) }}"
matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}"
matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token', rounds=655555) | to_uuid }}"
matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token', rounds=655555) | to_uuid }}"
matrix_appservice_webhooks_systemd_required_services_list: |
{{
@ -201,12 +493,12 @@ matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not
# matrix-appservice-slack's client-server port to the local host.
matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_slack_slack_port) }}"
matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token') | to_uuid }}"
matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}"
matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token', rounds=655555) | to_uuid }}"
matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token') | to_uuid }}"
matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token', rounds=655555) | to_uuid }}"
matrix_appservice_slack_systemd_required_services_list: |
{{
@ -219,7 +511,7 @@ matrix_appservice_slack_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_appservice_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db') | to_uuid }}"
matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -256,12 +548,12 @@ matrix_appservice_irc_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token') | to_uuid }}"
matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token', rounds=655555) | to_uuid }}"
matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token') | to_uuid }}"
matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}"
matrix_appservice_irc_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}"
matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db') | to_uuid }}"
matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
######################################################################
@ -292,14 +584,14 @@ matrix_appservice_kakaotalk_systemd_required_services_list: |
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
}}
matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}"
matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}"
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -330,15 +622,15 @@ matrix_beeper_linkedin_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token') | to_uuid }}"
matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token', rounds=655555) | to_uuid }}"
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token') | to_uuid }}"
matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}"
matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db') | to_uuid }}"
matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -368,15 +660,15 @@ matrix_go_skype_bridge_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}"
matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token', rounds=655555) | to_uuid }}"
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}"
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token', rounds=655555) | to_uuid }}"
matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}"
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -406,11 +698,11 @@ matrix_mautrix_facebook_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token') | to_uuid }}"
matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token') | to_uuid }}"
matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook') | to_uuid }}"
matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}"
matrix_mautrix_facebook_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9008' }}"
@ -421,7 +713,7 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db') | to_uuid }}"
matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -452,9 +744,9 @@ matrix_mautrix_hangouts_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token') | to_uuid }}"
matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
@ -462,7 +754,7 @@ matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db') | to_uuid }}"
matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -493,9 +785,9 @@ matrix_mautrix_googlechat_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token') | to_uuid }}"
matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token') | to_uuid }}"
matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
@ -503,7 +795,7 @@ matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_p
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db') | to_uuid }}"
matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -534,9 +826,9 @@ matrix_mautrix_instagram_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token') | to_uuid }}"
matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token') | to_uuid }}"
matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
@ -545,7 +837,7 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db') | to_uuid }}"
matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -580,14 +872,14 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token') | to_uuid }}"
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token') | to_uuid }}"
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_signal_database_engine: 'postgres'
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}"
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@ -623,11 +915,11 @@ matrix_mautrix_telegram_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token') | to_uuid }}"
matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token') | to_uuid }}"
matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram') | to_uuid }}"
matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram', rounds=655555) | to_uuid }}"
matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}"
@ -635,7 +927,7 @@ matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_telegram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db') | to_uuid }}"
matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -665,14 +957,14 @@ matrix_mautrix_twitter_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}"
matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if matrix_postgres_enabled else '' }}"
######################################################################
#
@ -702,15 +994,15 @@ matrix_mautrix_whatsapp_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token') | to_uuid }}"
matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token') | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db') | to_uuid }}"
matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -740,15 +1032,15 @@ matrix_mautrix_discord_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}"
matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}"
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
# This will be fixed in the upcoming `0.5.0` release of conduit.
@ -778,10 +1070,10 @@ matrix_sms_bridge_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token') | to_uuid }}"
matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token', rounds=655555) | to_uuid }}"
matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}"
matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token') | to_uuid }}"
matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token', rounds=655555) | to_uuid }}"
######################################################################
#
@ -798,9 +1090,9 @@ matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_
# We don't enable bridges by default.
matrix_heisenbridge_enabled: false
matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok') | to_uuid }}"
matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}"
matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok') | to_uuid }}"
matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok', rounds=655555) | to_uuid }}"
matrix_heisenbridge_systemd_wanted_services_list: |
{{
@ -826,9 +1118,9 @@ matrix_hookshot_enabled: false
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok', rounds=655555) | to_uuid }}"
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}"
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok', rounds=655555) | to_uuid }}"
matrix_hookshot_systemd_wanted_services_list: |
{{
@ -888,15 +1180,15 @@ matrix_mx_puppet_slack_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}"
matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}"
matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db') | to_uuid }}"
matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -926,9 +1218,9 @@ matrix_mx_puppet_twitter_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}"
matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}"
matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
@ -936,7 +1228,7 @@ matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_p
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db') | to_uuid }}"
matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -967,15 +1259,15 @@ matrix_mx_puppet_instagram_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok') | to_uuid }}"
matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}"
matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db') | to_uuid }}"
matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -1005,15 +1297,15 @@ matrix_mx_puppet_discord_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}"
matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}"
matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -1043,15 +1335,15 @@ matrix_mx_puppet_steam_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok') | to_uuid }}"
matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}"
matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db') | to_uuid }}"
matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -1081,15 +1373,15 @@ matrix_mx_puppet_groupme_systemd_required_services_list: |
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}"
matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}"
matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok', rounds=655555) | to_uuid }}"
matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}"
matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -1119,7 +1411,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db') | to_uuid }}"
matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
######################################################################
@ -1190,7 +1482,7 @@ matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_pr
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -1221,7 +1513,7 @@ matrix_bot_honoroit_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_honoroit_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db') | to_uuid }}"
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
######################################################################
@ -1252,7 +1544,7 @@ matrix_bot_buscarron_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}"
matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}"
matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
######################################################################
@ -1284,7 +1576,7 @@ matrix_bot_postmoogle_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db') | to_uuid }}"
matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}"
matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
@ -1400,8 +1692,8 @@ matrix_backup_borg_systemd_required_services_list: |
matrix_cactus_comments_enabled: false
# Derive secret values from homeserver secret
matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token') | to_uuid }}"
matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token') | to_uuid }}"
matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token', rounds=655555) | to_uuid }}"
matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token', rounds=655555) | to_uuid }}"
matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
matrix_cactus_comments_systemd_required_services_list: |
@ -1471,7 +1763,7 @@ matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}"
matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid }}"
matrix_coturn_tls_enabled: "{{ matrix_ssl_retrieval_method != 'none' }}"
matrix_coturn_tls_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_server_fqn_matrix }}/fullchain.pem"
@ -1523,7 +1815,7 @@ matrix_dimension_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_dimension_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db') | to_uuid }}"
matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -1550,7 +1842,7 @@ matrix_etherpad_systemd_required_services_list: |
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
}}
matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db') | to_uuid }}"
matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -1605,9 +1897,9 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_pro
matrix_jitsi_prosody_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:5280' }}"
matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri') | to_uuid }}"
matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo') | to_uuid }}"
matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb') | to_uuid }}"
matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
matrix_jitsi_web_stun_servers: |
{{
@ -1727,7 +2019,7 @@ matrix_ma1sd_systemd_wanted_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_ma1sd_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db') | to_uuid }}"
matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -2346,9 +2638,9 @@ matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if mat
# For exposing the Synapse worker (and metrics) ports to the local host.
matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}"
matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db') | to_uuid }}"
matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}"
matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac') | to_uuid }}"
matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}"
# We do not enable TLS in Synapse by default.
# TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse.
@ -2413,8 +2705,8 @@ matrix_synapse_redis_enabled: "{{ matrix_redis_enabled }}"
matrix_synapse_redis_host: "{{ 'matrix-redis' if matrix_redis_enabled else '' }}"
matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_redis_enabled else '' }}"
matrix_synapse_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}"
matrix_synapse_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}"
matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
######################################################################
#
@ -2528,7 +2820,7 @@ matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url |
######################################################################
matrix_prometheus_postgres_exporter_enabled: false
matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db') | to_uuid }}"
matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}"
matrix_prometheus_postgres_exporter_systemd_required_services_list: |
{{
@ -2626,7 +2918,7 @@ matrix_registration_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_registration_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db') | to_uuid }}"
matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}"
######################################################################
#
@ -2683,9 +2975,9 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_
matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}"
matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}"
matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"
matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}"
matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}"
# Even if TURN doesn't support TLS (it does by default),
# it doesn't hurt to try a secure connection anyway.
@ -2723,8 +3015,8 @@ matrix_dendrite_systemd_wanted_services_list: |
(['matrix-coturn.service'] if matrix_coturn_enabled else [])
}}
matrix_dendrite_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}"
matrix_dendrite_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}"
matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"
######################################################################
#

3
playbooks/matrix.yml
View file

@ -100,6 +100,9 @@
- custom/matrix-user-creator
- custom/matrix-common-after
- when: devture_systemd_service_manager_enabled | bool
role: galaxy/com.devture.ansible.role.systemd_service_manager
# This is pretty much last, because we want it to better serve as a "last known good configuration".
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
- when: devture_playbook_state_preserver_enabled | bool

9
requirements.yml
View file

@ -4,7 +4,7 @@
version: 6.0.3
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
version: 7047b40314c1020e97ed3f15b44876fa88faf874
version: 6ba3be490b6f4c6f35ea109aeb8e533fa231b3a5
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
@ -13,10 +13,13 @@
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: 461ace97fcf0e36c76747b36fcad8587d9b072f5
version: 660f384f176a9ea3b5cc702bde39e7dc10bf6186
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
version: f1c78d4e85e875129790c58335d0e44385683f6b
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6

6
roles/custom/matrix-aux/tasks/main.yml
View file

@ -1,7 +1,9 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
when: run_stop | bool
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"
tags:
- setup-all
- setup-aux-files
- install-all
- install-aux-files

4
roles/custom/matrix-backup-borg/tasks/init.yml
View file

@ -1,4 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}"
when: matrix_backup_borg_enabled | bool

23
roles/custom/matrix-backup-borg/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
tags:
- setup-all
- setup-backup-borg
- install-all
- install-backup-borg
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
tags:
- setup-all
- setup-backup-borg
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_backup_borg_enabled | bool"
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_backup_borg_enabled | bool"
tags:
- setup-all
- setup-backup-borg

50
roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml
View file

@ -1,41 +1,25 @@
---
- name: Check existence of matrix-backup-borg service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
register: matrix_backup_borg_service_stat
- name: Ensure matrix-backup-borg is stopped
ansible.builtin.service:
name: matrix-backup-borg
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- when: matrix_backup_borg_service_stat.stat.exists | bool
block:
- name: Ensure matrix-backup-borg is stopped
ansible.builtin.service:
name: matrix-backup-borg
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-backup-borg.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
state: absent
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- name: Ensure matrix-backup-borg.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
state: absent
- name: Ensure matrix-backup-borg.timer doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
state: absent
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- name: Ensure systemd reloaded after matrix-backup-borg.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- name: Ensure Matrix borg paths don't exist
ansible.builtin.file:
path: "{{ matrix_backup_borg_base_path }}"
state: absent
- name: Ensure borg Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_backup_borg_docker_image }}"
state: absent
- name: Ensure matrix-backup-borg.timer doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
state: absent

13
roles/custom/matrix-base/defaults/main.yml
View file

@ -1,4 +1,5 @@
---
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
@ -12,6 +13,15 @@ matrix_domain: ~
# Example value: "@someone:{{ matrix_domain }}"
matrix_admin: ''
# matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc.
#
# Unless you're wrapping this playbook in another one
# where you optionally wish to disable homeserver integration, you don't need to use this.
#
# Note: disabling this does not mean that a homeserver won't get installed.
# Whether homeserver software is installed depends on other (`matrix_HOMESERVER_enabled`) variables - see `group_vars/matrix_servers`.
matrix_homeserver_enabled: true
# Homeserver admin contacts and support page as per MSC 1929
# See: https://github.com/matrix-org/matrix-spec-proposals/pull/1929
# Users in form:
@ -253,6 +263,9 @@ matrix_well_known_matrix_server_enabled: true
# See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc.
matrix_well_known_matrix_support_enabled: false
matrix_homeserver_container_extra_arguments_auto: []
matrix_homeserver_app_service_config_files_auto: []
# Variables to Control which parts of our roles run.
run_postgres_import: true
run_postgres_upgrade: true

28
roles/custom/matrix-base/tasks/main.yml
View file

@ -1,33 +1,39 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/system_check.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
tags:
- setup-all
- install-all
# This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
# which are required by many other roles.
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
when: run_setup | bool
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
tags:
- always
- setup-system-user
- common
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
when: run_setup | bool
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
tags:
- setup-all
- install-all
- common
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
when: run_setup | bool
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
tags:
- setup-all
- setup-ma1sd
- setup-synapse
- setup-dendrite
- setup-conduit
- setup-nginx-proxy
- install-all
- install-ma1sd
- install-synapse
- install-dendrite
- install-conduit
- install-nginx-proxy

7
roles/custom/matrix-base/tasks/setup_matrix_user.yml
View file

@ -7,10 +7,6 @@
state: present
register: matrix_group
- name: Set Matrix Group GID Variable
ansible.builtin.set_fact:
matrix_user_gid: "{{ matrix_group.gid }}"
- name: Ensure Matrix user is created
ansible.builtin.user:
name: "{{ matrix_user_username }}"
@ -22,6 +18,7 @@
system: true
register: matrix_user
- name: Set Matrix Group UID Variable
- name: Initialize matrix_user_uid and matrix_user_gid
ansible.builtin.set_fact:
matrix_user_uid: "{{ matrix_user.uid }}"
matrix_user_gid: "{{ matrix_group.gid }}"

23
roles/custom/matrix-base/tasks/system_check.yml
View file

@ -1,23 +0,0 @@
---
# We generally support Ansible 2.7.1 and above.
- name: Fail if running on Ansible < 2.7.1
ansible.builtin.fail:
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
when:
- "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
# Though we do not support Ansible 2.9.6 which is buggy
- name: Fail if running on Ansible 2.9.6 on Ubuntu
ansible.builtin.fail:
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
when:
- ansible_distribution == 'Ubuntu'
- "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
- name: Fail if using python2 on Archlinux
ansible.builtin.fail:
msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
when:
- ansible_distribution == 'Archlinux'
- ansible_python.version.major != 3

2
roles/custom/matrix-base/tasks/sanity_check.yml → roles/custom/matrix-base/tasks/validate_config.yml
View file

@ -25,6 +25,8 @@
The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value.
If you're observing this error on a new installation, you should ensure that the `matrix_homeserver_generic_secret_key` is defined.
If you think you've defined it, but are still getting this error, then it's likely that you have a typo
in your domain name in `inventory/hosts` or in one of the directories leading up to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.
If you're observing this error on an existing homeserver installation, you can fix it easily and in a backward-compatible way by adding
`{% raw %}matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"{% endraw %}`

7
roles/custom/matrix-base/vars/main.yml
View file

@ -1,7 +0,0 @@
---
# This will contain a list of enabled services that the playbook is managing.
# Each component is expected to append its service name to this list.
matrix_systemd_services_list: []
matrix_homeserver_container_runtime_injected_arguments: []
matrix_homeserver_app_service_runtime_injected_config_files: []

5
roles/custom/matrix-bot-buscarron/tasks/init.yml
View file

@ -1,5 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}"
when: matrix_bot_buscarron_enabled | bool

23
roles/custom/matrix-bot-buscarron/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
tags:
- setup-all
- setup-bot-buscarron
- install-all
- install-bot-buscarron
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
tags:
- setup-all
- setup-bot-buscarron
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
tags:
- setup-all
- setup-bot-buscarron

43
roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml
View file

@ -5,32 +5,21 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
register: matrix_bot_buscarron_service_stat
- name: Ensure matrix-buscarron is stopped
ansible.builtin.service:
name: matrix-bot-buscarron
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
- when: matrix_bot_buscarron_service_stat.stat.exists | bool
block:
- name: Ensure matrix-buscarron is stopped
ansible.builtin.service:
name: matrix-bot-buscarron
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-buscarron.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
state: absent
when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-buscarron.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
state: absent
- name: Ensure systemd reloaded after matrix-bot-buscarron.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_buscarron_service_stat.stat.exists | bool"
- name: Ensure Matrix buscarron paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_buscarron_base_path }}"
state: absent
- name: Ensure buscarron Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_bot_buscarron_docker_image }}"
state: absent
- name: Ensure Matrix buscarron paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_buscarron_base_path }}"
state: absent

5
roles/custom/matrix-bot-go-neb/tasks/init.yml
View file

@ -1,5 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
when: matrix_bot_go_neb_enabled | bool

23
roles/custom/matrix-bot-go-neb/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
tags:
- setup-all
- setup-bot-go-neb
- install-all
- install-bot-go-neb
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
tags:
- setup-all
- setup-bot-go-neb
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
tags:
- setup-all
- setup-bot-go-neb

43
roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml
View file

@ -5,32 +5,21 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
register: matrix_bot_go_neb_service_stat
- name: Ensure matrix-go-neb is stopped
ansible.builtin.service:
name: matrix-bot-go-neb
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
- when: matrix_bot_go_neb_service_stat.stat.exists | bool
block:
- name: Ensure matrix-go-neb is stopped
ansible.builtin.service:
name: matrix-bot-go-neb
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-go-neb.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
state: absent
when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-go-neb.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
state: absent
- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_go_neb_service_stat.stat.exists | bool"
- name: Ensure Matrix go-neb paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_go_neb_base_path }}"
state: absent
- name: Ensure go-neb Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_bot_go_neb_docker_image }}"
state: absent
- name: Ensure Matrix go-neb paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_go_neb_base_path }}"
state: absent

5
roles/custom/matrix-bot-honoroit/tasks/init.yml
View file

@ -1,5 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
when: matrix_bot_honoroit_enabled | bool

23
roles/custom/matrix-bot-honoroit/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
tags:
- setup-all
- setup-bot-honoroit
- install-all
- install-bot-honoroit
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
tags:
- setup-all
- setup-bot-honoroit
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
tags:
- setup-all
- setup-bot-honoroit

43
roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml
View file

@ -5,32 +5,21 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
register: matrix_bot_honoroit_service_stat
- name: Ensure matrix-honoroit is stopped
ansible.builtin.service:
name: matrix-bot-honoroit
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
- when: matrix_bot_honoroit_service_stat.stat.exists | bool
block:
- name: Ensure matrix-honoroit is stopped
ansible.builtin.service:
name: matrix-bot-honoroit
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-honoroit.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
state: absent
when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-honoroit.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
state: absent
- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_honoroit_service_stat.stat.exists | bool"
- name: Ensure Matrix honoroit paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_honoroit_base_path }}"
state: absent
- name: Ensure honoroit Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_bot_honoroit_docker_image }}"
state: absent
- name: Ensure Matrix honoroit paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_honoroit_base_path }}"
state: absent

5
roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml
View file

@ -1,5 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}"
when: matrix_bot_matrix_registration_bot_enabled | bool

23
roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_bot_matrix_registration_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool"
- when: matrix_bot_matrix_registration_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-bot-matrix-registration-bot
- install-all
- install-bot-matrix-registration-bot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool"
tags:
- setup-all
- setup-bot-matrix-registration-bot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_matrix_registration_bot_enabled | bool"
- block:
- when: not matrix_bot_matrix_registration_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-matrix-registration-bot

43
roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml
View file

@ -5,32 +5,21 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
register: matrix_bot_matrix_registration_bot_service_stat
- name: Ensure matrix-matrix-registration-bot is stopped
ansible.builtin.service:
name: matrix-bot-matrix-registration-bot
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
- when: matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool
block:
- name: Ensure matrix-matrix-registration-bot is stopped
ansible.builtin.service:
name: matrix-bot-matrix-registration-bot
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
state: absent
when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
state: absent
- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool"
- name: Ensure Matrix matrix-registration-bot paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_matrix_registration_bot_base_path }}"
state: absent
- name: Ensure matrix-registration-bot Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
state: absent
- name: Ensure Matrix matrix-registration-bot paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_matrix_registration_bot_base_path }}"
state: absent

5
roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml
View file

@ -1,5 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}"
when: matrix_bot_matrix_reminder_bot_enabled | bool

23
roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_bot_matrix_reminder_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool"
- when: matrix_bot_matrix_reminder_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-bot-matrix-reminder-bot
- install-all
- install-bot-matrix-reminder-bot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool"
tags:
- setup-all
- setup-bot-matrix-reminder-bot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_matrix_reminder_bot_enabled | bool"
- block:
- when: not matrix_bot_matrix_reminder_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-matrix-reminder-bot

43
roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml
View file

@ -5,32 +5,21 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
register: matrix_bot_matrix_reminder_bot_service_stat
- name: Ensure matrix-matrix-reminder-bot is stopped
ansible.builtin.service:
name: matrix-bot-matrix-reminder-bot
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool"
- when: matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool
block:
- name: Ensure matrix-matrix-reminder-bot is stopped
ansible.builtin.service:
name: matrix-bot-matrix-reminder-bot
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
state: absent
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
state: absent
- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool"
- name: Ensure Matrix matrix-reminder-bot paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_matrix_reminder_bot_base_path }}"
state: absent
- name: Ensure matrix-reminder-bot Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
state: absent
- name: Ensure Matrix matrix-reminder-bot paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_matrix_reminder_bot_base_path }}"
state: absent

5
roles/custom/matrix-bot-maubot/tasks/init.yml → roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml
View file

@ -1,10 +1,5 @@
---
- name: Add maubot to the systemd service list
ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}"
when: matrix_bot_maubot_enabled | bool
- name: Configure nginx for maubot
block:
- name: Generate Maubot proxying configuration for matrix-nginx-proxy

30
roles/custom/matrix-bot-maubot/tasks/main.yml
View file

@ -1,23 +1,29 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- block:
- when: matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
- block:
- when: matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-bot-maubot
- install-all
- install-bot-maubot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_bot_maubot_enabled|bool"
tags:
- setup-all
- setup-bot-maubot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_bot_maubot_enabled|bool"
- block:
- when: not matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-maubot

43
roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml
View file

@ -5,32 +5,21 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
register: matrix_bot_maubot_service_stat
- name: Ensure matrix-bot-maubot is stopped
ansible.builtin.service:
name: matrix-bot-maubot
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_maubot_service_stat.stat.exists | bool"
- when: matrix_bot_maubot_service_stat.stat.exists | bool
block:
- name: Ensure matrix-bot-maubot is stopped
ansible.builtin.service:
name: matrix-bot-maubot
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-maubot.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
state: absent
when: "matrix_bot_maubot_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-maubot.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
state: absent
- name: Ensure systemd reloaded after matrix-bot-maubot.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_maubot_service_stat.stat.exists | bool"
- name: Ensure Matrix maubot paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_maubot_base_path }}"
state: absent
- name: Ensure maubot Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_bot_maubot_docker_image }}"
state: absent
- name: Ensure Matrix maubot paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_maubot_base_path }}"
state: absent

11
roles/custom/matrix-bot-mjolnir/tasks/init.yml
View file

@ -1,11 +0,0 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}"
when: matrix_bot_mjolnir_enabled | bool

23
roles/custom/matrix-bot-mjolnir/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_bot_mjolnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool"
- when: matrix_bot_mjolnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-bot-mjolnir
- install-all
- install-bot-mjolnir
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool"
tags:
- setup-all
- setup-bot-mjolnir
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_mjolnir_enabled | bool"
- block:
- when: not matrix_bot_mjolnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-mjolnir

43
roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml
View file

@ -5,32 +5,21 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service"
register: matrix_bot_mjolnir_service_stat
- name: Ensure matrix-bot-mjolnir is stopped
ansible.builtin.service:
name: matrix-bot-mjolnir
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_mjolnir_service_stat.stat.exists | bool"
- when: matrix_bot_mjolnir_service_stat.stat.exists | bool
block:
- name: Ensure matrix-bot-mjolnir is stopped
ansible.builtin.service:
name: matrix-bot-mjolnir
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-mjolnir.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service"
state: absent
when: "matrix_bot_mjolnir_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-mjolnir.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service"
state: absent
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_mjolnir_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-mjolnir paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_mjolnir_base_path }}"
state: absent
- name: Ensure mjolnir Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_bot_mjolnir_docker_image }}"
state: absent
- name: Ensure matrix-bot-mjolnir paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_mjolnir_base_path }}"
state: absent

5
roles/custom/matrix-bot-postmoogle/tasks/init.yml
View file

@ -1,5 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-postmoogle.service'] }}"
when: matrix_bot_postmoogle_enabled | bool

23
roles/custom/matrix-bot-postmoogle/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_bot_postmoogle_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool"
- when: matrix_bot_postmoogle_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-bot-postmoogle
- install-all
- install-bot-postmoogle
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool"
tags:
- setup-all
- setup-bot-postmoogle
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_postmoogle_enabled | bool"
- block:
- when: not matrix_bot_postmoogle_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-postmoogle

43
roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml
View file

@ -5,32 +5,21 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service"
register: matrix_bot_postmoogle_service_stat
- name: Ensure matrix-postmoogle is stopped
ansible.builtin.service:
name: matrix-bot-postmoogle
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
- when: matrix_bot_postmoogle_service_stat.stat.exists | bool
block:
- name: Ensure matrix-postmoogle is stopped
ansible.builtin.service:
name: matrix-bot-postmoogle
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-postmoogle.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service"
state: absent
when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-postmoogle.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service"
state: absent
- name: Ensure systemd reloaded after matrix-bot-postmoogle.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
- name: Ensure Matrix postmoogle paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_postmoogle_base_path }}"
state: absent
- name: Ensure postmoogle Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_bot_postmoogle_docker_image }}"
state: absent
- name: Ensure Matrix postmoogle paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_postmoogle_base_path }}"
state: absent

29
roles/custom/matrix-bridge-appservice-discord/tasks/init.yml
View file

@ -1,29 +0,0 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role.
when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord.service'] }}"
when: matrix_appservice_discord_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-discord-registration.yaml"]
}}
when: matrix_appservice_discord_enabled | bool

23
roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_appservice_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_appservice_discord_enabled | bool"
- when: matrix_appservice_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-appservice-discord
- install-all
- install-appservice-discord
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_appservice_discord_enabled | bool"
tags:
- setup-all
- setup-appservice-discord
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_appservice_discord_enabled | bool"
- block:
- when: not matrix_appservice_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-discord

29
roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service"
register: matrix_appservice_discord_service_stat
- name: Ensure matrix-appservice-discord is stopped
ansible.builtin.service:
name: matrix-appservice-discord
state: stopped
enabled: false
daemon_reload: true
when: "matrix_appservice_discord_service_stat.stat.exists"
- when: matrix_appservice_discord_service_stat.stat.exists | bool
block:
- name: Ensure matrix-appservice-discord is stopped
ansible.builtin.service:
name: matrix-appservice-discord
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-appservice-discord.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service"
state: absent
when: "matrix_appservice_discord_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-appservice-discord.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_discord_service_stat.stat.exists"
- name: Ensure matrix-appservice-discord.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service"
state: absent

36
roles/custom/matrix-bridge-appservice-irc/tasks/init.yml
View file

@ -1,36 +0,0 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the matrix-appservice-irc image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled"
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
when: "matrix_appservice_irc_enabled | bool and matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc.service'] }}"
when: matrix_appservice_irc_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-irc-registration.yaml"]
}}
when: matrix_appservice_irc_enabled | bool

23
roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_appservice_irc_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_appservice_irc_enabled | bool"
- when: matrix_appservice_irc_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-appservice-irc
- install-all
- install-appservice-irc
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_appservice_irc_enabled | bool"
tags:
- setup-all
- setup-appservice-irc
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_appservice_irc_enabled | bool"
- block:
- when: not matrix_appservice_irc_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-irc

2
roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
View file

@ -60,7 +60,7 @@
- when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
- ansible.builtin.set_fact:
matrix_appservice_irc_requires_restart: true

29
roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service"
register: matrix_appservice_irc_service_stat
- name: Ensure matrix-appservice-irc is stopped
ansible.builtin.service:
name: matrix-appservice-irc
state: stopped
enabled: false
daemon_reload: true
when: "matrix_appservice_irc_service_stat.stat.exists"
- when: matrix_appservice_irc_service_stat.stat.exists | bool
block:
- name: Ensure matrix-appservice-irc is stopped
ansible.builtin.service:
name: matrix-appservice-irc
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-appservice-irc.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service"
state: absent
when: "matrix_appservice_irc_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-appservice-irc.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_irc_service_stat.stat.exists"
- name: Ensure matrix-appservice-irc.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service"
state: absent

28
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml
View file

@ -1,28 +0,0 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the appservice-kakaotalk image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_kakaotalk_container_image_self_build and matrix_appservice_kakaotalk_enabled"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] }}"
when: matrix_appservice_kakaotalk_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-kakaotalk-registration.yaml"]
}}
when: matrix_appservice_kakaotalk_enabled | bool

23
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_appservice_kakaotalk_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
- when: matrix_appservice_kakaotalk_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-appservice-kakaotalk
- install-all
- install-appservice-kakaotalk
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
tags:
- setup-all
- setup-appservice-kakaotalk
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_appservice_kakaotalk_enabled | bool"
- block:
- when: not matrix_appservice_kakaotalk_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-kakaotalk

8
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
View file

@ -1,13 +1,5 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-matrix-appservice-kakaotalk role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- name: Ensure matrix-appservice-kakaotalk image is pulled
community.docker.docker_image:
name: "{{ matrix_appservice_kakaotalk_docker_image }}"

11
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml
View file

@ -11,7 +11,7 @@
state: stopped
enabled: false
daemon_reload: true
when: "matrix_appservice_kakaotalk_service_stat.stat.exists"
when: matrix_appservice_kakaotalk_service_stat.stat.exists | bool
- name: Check existence of matrix-appservice-kakaotalk-node service
ansible.builtin.stat:
@ -24,7 +24,7 @@
state: stopped
enabled: false
daemon_reload: true
when: "matrix_appservice_kakaotalk_node_service_stat.stat.exists"
when: matrix_appservice_kakaotalk_node_service_stat.stat.exists | bool
- name: Ensure matrix-appservice-kakaotalk.service files don't exist
ansible.builtin.file:
@ -33,9 +33,4 @@
with_items:
- "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service"
- "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service"
when: "matrix_appservice_kakaotalk_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_kakaotalk_service_stat.stat.exists or matrix_appservice_kakaotalk_node_service_stat.stat.exists"
when: matrix_appservice_kakaotalk_service_stat.stat.exists | bool or matrix_appservice_kakaotalk_node_service_stat.stat.exists | bool

91
roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
View file

@ -1,91 +0,0 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the matrix-appservice-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled"
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack.service'] }}"
when: matrix_appservice_slack_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-slack-registration.yaml"]
}}
when: matrix_appservice_slack_enabled | bool
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- when: matrix_appservice_slack_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_appservice_slack_matrix_nginx_proxy_configuration: |
location {{ matrix_appservice_slack_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }};
{% endif %}
}
- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_appservice_slack_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
URL endpoint to the matrix-appservice-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml Normal file
View file

@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_appservice_slack_matrix_nginx_proxy_configuration: |
location {{ matrix_appservice_slack_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }};
{% endif %}
}
- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_appservice_slack_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
URL endpoint to the matrix-appservice-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

30
roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
View file

@ -1,23 +1,29 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- block:
- when: matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_appservice_slack_enabled | bool"
- block:
- when: matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-appservice-slack
- install-all
- install-appservice-slack
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_appservice_slack_enabled | bool"
tags:
- setup-all
- setup-appservice-slack
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_appservice_slack_enabled | bool"
- block:
- when: not matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-slack

2
roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
View file

@ -26,7 +26,7 @@
- when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
- ansible.builtin.set_fact:
matrix_appservice_slack_requires_restart: true

29
roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
register: matrix_appservice_slack_service_stat
- name: Ensure matrix-appservice-slack is stopped
ansible.builtin.service:
name: matrix-appservice-slack
state: stopped
enabled: false
daemon_reload: true
when: "matrix_appservice_slack_service_stat.stat.exists"
- when: matrix_appservice_slack_service_stat.stat.exists | bool
block:
- name: Ensure matrix-appservice-slack is stopped
ansible.builtin.service:
name: matrix-appservice-slack
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-appservice-slack.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
state: absent
when: "matrix_appservice_slack_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-appservice-slack.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_slack_service_stat.stat.exists"
- name: Ensure matrix-appservice-slack.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
state: absent

86
roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
View file

@ -1,86 +0,0 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks.service'] }}"
when: matrix_appservice_webhooks_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-webhooks-registration.yaml"]
}}
when: matrix_appservice_webhooks_enabled | bool
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- when: matrix_appservice_webhooks_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
resolver 127.0.0.11 valid=5s;
set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
proxy_pass http://$backend/$1;
}
{% else %}
{# Generic configuration for use outside of our container setup #}
location {{ matrix_appservice_webhooks_public_endpoint }}/ {
proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
}
{% endif %}
- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
URL endpoint to the matrix-appservice-webhooks container.
You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

46
roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml Normal file
View file

@ -0,0 +1,46 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
resolver 127.0.0.11 valid=5s;
set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
proxy_pass http://$backend/$1;
}
{% else %}
{# Generic configuration for use outside of our container setup #}
location {{ matrix_appservice_webhooks_public_endpoint }}/ {
proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
}
{% endif %}
- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
URL endpoint to the matrix-appservice-webhooks container.
You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

30
roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
View file

@ -1,23 +1,29 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- block:
- when: matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool"
- block:
- when: matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-appservice-webhooks
- install-all
- install-appservice-webhooks
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool"
tags:
- setup-all
- setup-appservice-webhooks
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_appservice_webhooks_enabled | bool"
- block:
- when: not matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-webhooks

29
roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service"
register: matrix_appservice_webhooks_service_stat
- name: Ensure matrix-appservice-webhooks is stopped
ansible.builtin.service:
name: matrix-appservice-webhooks
state: stopped
enabled: false
daemon_reload: true
when: "matrix_appservice_webhooks_service_stat.stat.exists"
- when: matrix_appservice_webhooks_service_stat.stat.exists | bool
block:
- name: Ensure matrix-appservice-webhooks is stopped
ansible.builtin.service:
name: matrix-appservice-webhooks
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-appservice-webhooks.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service"
state: absent
when: "matrix_appservice_webhooks_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_webhooks_service_stat.stat.exists"
- name: Ensure matrix-appservice-webhooks.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service"
state: absent

22
roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml
View file

@ -1,22 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}"
when: matrix_beeper_linkedin_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-beeper-linkedin-registration.yaml"]
}}
when: matrix_beeper_linkedin_enabled | bool

23
roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_beeper_linkedin_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_beeper_linkedin_enabled | bool"
- when: matrix_beeper_linkedin_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-beeper-linkedin
- install-all
- install-beeper-linkedin
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup and matrix_beeper_linkedin_enabled"
tags:
- setup-all
- setup-beeper-linkedin
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup and not matrix_beeper_linkedin_enabled"
- block:
- when: not matrix_beeper_linkedin_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-beeper-linkedin

7
roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
View file

@ -1,12 +1,5 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- name: Ensure Beeper LinkedIn paths exists
ansible.builtin.file:
path: "{{ item.path }}"

29
roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
register: matrix_beeper_linkedin_service_stat
- name: Ensure matrix-beeper-linkedin is stopped
ansible.builtin.service:
name: matrix-beeper-linkedin
state: stopped
enabled: false
daemon_reload: true
when: "matrix_beeper_linkedin_service_stat.stat.exists"
- when: matrix_beeper_linkedin_service_stat.stat.exists | bool
block:
- name: Ensure matrix-beeper-linkedin is stopped
ansible.builtin.service:
name: matrix-beeper-linkedin
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-beeper-linkedin.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
state: absent
when: "matrix_beeper_linkedin_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_beeper_linkedin_service_stat.stat.exists"
- name: Ensure matrix-beeper-linkedin.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
state: absent

21
roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml
View file

@ -1,21 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}"
when: matrix_go_skype_bridge_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-go-skype-bridge-registration.yaml"]
}}
when: matrix_go_skype_bridge_enabled | bool

23
roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_go_skype_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool"
- when: matrix_go_skype_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-go-skype-bridge
- install-all
- install-go-skype-bridge
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool"
tags:
- setup-all
- setup-go-skype-bridge
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_go_skype_bridge_enabled | bool"
- block:
- when: not matrix_go_skype_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-go-skype-bridge

8
roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
View file

@ -1,13 +1,5 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_go_skype_bridge_requires_restart: false

29
roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "/etc/systemd/system/matrix-go-skype-bridge.service"
register: matrix_go_skype_bridge_service_stat
- name: Ensure matrix-go-skype-bridge is stopped
ansible.builtin.service:
name: matrix-go-skype-bridge
state: stopped
enabled: false
daemon_reload: true
when: "matrix_go_skype_bridge_service_stat.stat.exists"
- when: matrix_go_skype_bridge_service_stat.stat.exists | bool
block:
- name: Ensure matrix-go-skype-bridge is stopped
ansible.builtin.service:
name: matrix-go-skype-bridge
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-go-skype-bridge.service doesn't exist
ansible.builtin.file:
path: "/etc/systemd/system/matrix-go-skype-bridge.service"
state: absent
when: "matrix_go_skype_bridge_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_go_skype_bridge_service_stat.stat.exists"
- name: Ensure matrix-go-skype-bridge.service doesn't exist
ansible.builtin.file:
path: "/etc/systemd/system/matrix-go-skype-bridge.service"
state: absent

29
roles/custom/matrix-bridge-heisenbridge/tasks/init.yml
View file

@ -1,29 +0,0 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-heisenbridge role needs to execute before the matrix-synapse role.
when: "matrix_heisenbridge_enabled and matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-heisenbridge.service'] }}"
when: matrix_heisenbridge_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/heisenbridge-registration.yaml"]
}}
when: matrix_heisenbridge_enabled | bool

16
roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
View file

@ -1,17 +1,17 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_heisenbridge_enabled | bool"
- block:
- when: matrix_heisenbridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-heisenbridge
- install-all
- install-heisenbridge
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_heisenbridge_enabled | bool"
- block:
- when: not matrix_heisenbridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-heisenbridge

29
roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
register: matrix_heisenbridge_service_stat
- name: Ensure matrix-heisenbridge is stopped
ansible.builtin.service:
name: matrix-heisenbridge
state: stopped
enabled: false
daemon_reload: true
when: "matrix_heisenbridge_service_stat.stat.exists"
- when: matrix_heisenbridge_service_stat.stat.exists | bool
block:
- name: Ensure matrix-heisenbridge is stopped
ansible.builtin.service:
name: matrix-heisenbridge
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-heisenbridge.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
state: absent
when: "matrix_heisenbridge_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-heisenbridge.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_heisenbridge_service_stat.stat.exists"
- name: Ensure matrix-heisenbridge.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
state: absent

141
roles/custom/matrix-bridge-hookshot/tasks/init.yml
View file

@ -1,141 +0,0 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-hookshot role needs to execute before the matrix-synapse role.
when: "matrix_hookshot_enabled and matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}"
when: matrix_hookshot_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/hookshot-registration.yml"]
}}
when: matrix_hookshot_enabled | bool
- when: matrix_hookshot_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_configuration: |
location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
{% endif %}
proxy_set_header Host $host;
}
{% if matrix_hookshot_provisioning_enabled %}
location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
proxy_pass http://$backend/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
- name: Register hookshot proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_configuration]
}}
- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
location /metrics/hookshot {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
proxy_pass http://$backend/metrics;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
{% endif %}
}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
}}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
URL endpoint to the matrix-hookshot container.
You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

111
roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml Normal file
View file

@ -0,0 +1,111 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_configuration: |
location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
{% endif %}
proxy_set_header Host $host;
}
{% if matrix_hookshot_provisioning_enabled %}
location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
proxy_pass http://$backend/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
- name: Register hookshot proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_configuration]
}}
- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
location /metrics/hookshot {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
proxy_pass http://$backend/metrics;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
{% endif %}
}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
}}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
URL endpoint to the matrix-hookshot container.
You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

30
roles/custom/matrix-bridge-hookshot/tasks/main.yml
View file

@ -1,23 +1,29 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- block:
- when: matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_hookshot_enabled | bool"
- block:
- when: matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-hookshot
- install-all
- install-hookshot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_hookshot_enabled | bool"
tags:
- setup-all
- setup-hookshot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_hookshot_enabled | bool"
- block:
- when: not matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-hookshot

29
roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service"
register: matrix_hookshot_service_stat
- name: Ensure matrix-hookshot is stopped
ansible.builtin.service:
name: matrix-hookshot
state: stopped
enabled: false
daemon_reload: true
when: "matrix_hookshot_service_stat.stat.exists"
- when: matrix_hookshot_service_stat.stat.exists | bool
block:
- name: Ensure matrix-hookshot is stopped
ansible.builtin.service:
name: matrix-hookshot
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-hookshot.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service"
state: absent
when: "matrix_hookshot_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-hookshot.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_hookshot_service_stat.stat.exists"
- name: Ensure matrix-hookshot.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service"
state: absent

21
roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml
View file

@ -1,21 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-discord.service'] }}"
when: matrix_mautrix_discord_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_discord_config_path }}/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-discord-registration.yaml"]
}}
when: matrix_mautrix_discord_enabled | bool

24
roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
View file

@ -1,22 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_discord_enabled | bool"
- block:
- when: matrix_mautrix_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-mautrix-discord
- install-all
- install-mautrix-discord
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup and matrix_mautrix_discord_enabled"
tags:
- setup-all
- setup-mautrix-discord
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup and not matrix_mautrix_discord_enabled"
- block:
- when: not matrix_mautrix_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-discord

8
roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
View file

@ -1,13 +1,5 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-mautrix-discord role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_mautrix_discord_requires_restart: false

29
roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service"
register: matrix_mautrix_discord_service_stat
- name: Ensure matrix-mautrix-discord is stopped
ansible.builtin.service:
name: matrix-mautrix-discord
state: stopped
enabled: false
daemon_reload: true
when: "matrix_mautrix_discord_service_stat.stat.exists"
- when: matrix_mautrix_discord_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-discord is stopped
ansible.builtin.service:
name: matrix-mautrix-discord
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-discord.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service"
state: absent
when: "matrix_mautrix_discord_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-discord.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_discord_service_stat.stat.exists"
- name: Ensure matrix-mautrix-discord.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service"
state: absent

75
roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
View file

@ -1,75 +0,0 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the Mautrix-Facebook image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}"
when: matrix_mautrix_facebook_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-facebook-registration.yaml"]
}}
when: matrix_mautrix_facebook_enabled | bool
- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_facebook_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_facebook_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-facebook:29319";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9008;
{% endif %}
}
- name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_facebook_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}`
URL endpoint to the matrix-mautrix-facebook container.
You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml Normal file
View file

@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_facebook_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_facebook_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-facebook:29319";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9008;
{% endif %}
}
- name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_facebook_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}`
URL endpoint to the matrix-mautrix-facebook container.
You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

30
roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
View file

@ -1,23 +1,29 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- block:
- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool"
- block:
- when: matrix_mautrix_facebook_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_facebook_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-mautrix-facebook
- install-all
- install-mautrix-facebook
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool"
tags:
- setup-all
- setup-mautrix-facebook
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_mautrix_facebook_enabled | bool"
- block:
- when: not matrix_mautrix_facebook_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-facebook

8
roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
View file

@ -1,13 +1,5 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_mautrix_facebook_requires_restart: false

29
roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service"
register: matrix_mautrix_facebook_service_stat
- name: Ensure matrix-mautrix-facebook is stopped
ansible.builtin.service:
name: matrix-mautrix-facebook
state: stopped
enabled: false
daemon_reload: true
when: "matrix_mautrix_facebook_service_stat.stat.exists"
- when: matrix_mautrix_facebook_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-facebook is stopped
ansible.builtin.service:
name: matrix-mautrix-facebook
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-facebook.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service"
state: absent
when: "matrix_mautrix_facebook_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_facebook_service_stat.stat.exists"
- name: Ensure matrix-mautrix-facebook.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service"
state: absent

74
roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
View file

@ -1,74 +0,0 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the Mautrix-Google Chat image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-googlechat.service'] }}"
when: matrix_mautrix_googlechat_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-googlechat-registration.yaml"]
}}
when: matrix_mautrix_googlechat_enabled | bool
- when: matrix_mautrix_googlechat_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_googlechat_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-googlechat:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
URL endpoint to the matrix-mautrix-googlechat container.
You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

43
roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml Normal file
View file

@ -0,0 +1,43 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_googlechat_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-googlechat:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
URL endpoint to the matrix-mautrix-googlechat container.
You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

30
roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
View file

@ -1,23 +1,29 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- block:
- when: matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool"
- block:
- when: matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-mautrix-googlechat
- install-all
- install-mautrix-googlechat
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool"
tags:
- setup-all
- setup-mautrix-googlechat
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_mautrix_googlechat_enabled | bool"
- block:
- when: not matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-googlechat

8
roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
View file

@ -1,13 +1,5 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-mautrix-googlechat role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_mautrix_googlechat_requires_restart: false

29
roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service"
register: matrix_mautrix_googlechat_service_stat
- name: Ensure matrix-mautrix-googlechat is stopped
ansible.builtin.service:
name: matrix-mautrix-googlechat
state: stopped
enabled: false
daemon_reload: true
when: "matrix_mautrix_googlechat_service_stat.stat.exists"
- when: matrix_mautrix_googlechat_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-googlechat is stopped
ansible.builtin.service:
name: matrix-mautrix-googlechat
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-googlechat.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service"
state: absent
when: "matrix_mautrix_googlechat_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_googlechat_service_stat.stat.exists"
- name: Ensure matrix-mautrix-googlechat.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service"
state: absent

74
roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
View file

@ -1,74 +0,0 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the Mautrix-Hangouts image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}"
when: matrix_mautrix_hangouts_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-hangouts-registration.yaml"]
}}
when: matrix_mautrix_hangouts_enabled | bool
- when: matrix_mautrix_hangouts_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_hangouts_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-hangouts:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
URL endpoint to the matrix-mautrix-hangouts container.
You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml Normal file
View file

@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_hangouts_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-hangouts:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
URL endpoint to the matrix-mautrix-hangouts container.
You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

30
roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
View file

@ -1,23 +1,29 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- block:
- when: matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool"
- block:
- when: matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-mautrix-hangouts
- install-all
- install-mautrix-hangouts
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool"
tags:
- setup-all
- setup-mautrix-hangouts
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_mautrix_hangouts_enabled | bool"
- block:
- when: not matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-hangouts

8
roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
View file

@ -1,13 +1,5 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_mautrix_hangouts_requires_restart: false

29
roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml
View file

@ -5,21 +5,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service"
register: matrix_mautrix_hangouts_service_stat
- name: Ensure matrix-mautrix-hangouts is stopped
ansible.builtin.service:
name: matrix-mautrix-hangouts
state: stopped
enabled: false
daemon_reload: true
when: "matrix_mautrix_hangouts_service_stat.stat.exists"
- when: matrix_mautrix_hangouts_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-hangouts is stopped
ansible.builtin.service:
name: matrix-mautrix-hangouts
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-hangouts.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service"
state: absent
when: "matrix_mautrix_hangouts_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_hangouts_service_stat.stat.exists"
- name: Ensure matrix-mautrix-hangouts.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service"
state: absent

28
roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml
View file

@ -1,28 +0,0 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the Mautrix-Instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}"
when: matrix_mautrix_instagram_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-instagram-registration.yaml"]
}}
when: matrix_mautrix_instagram_enabled | bool

23
roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
View file

@ -1,23 +1,20 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- block:
- when: matrix_mautrix_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool"
- when: matrix_mautrix_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-mautrix-instagram
- install-all
- install-mautrix-instagram
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool"
tags:
- setup-all
- setup-mautrix-instagram
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_mautrix_instagram_enabled | bool"
- block:
- when: not matrix_mautrix_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-instagram

7
roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
View file

@ -1,11 +1,4 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-mautrix-instagram role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- name: Ensure Mautrix instagram image is pulled
community.docker.docker_image:

29
roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml
View file

@ -4,21 +4,16 @@
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service"
register: matrix_mautrix_instagram_service_stat
- name: Ensure matrix-mautrix-instagram is stopped
ansible.builtin.service:
name: matrix-mautrix-instagram
state: stopped
enabled: false
daemon_reload: true
when: "matrix_mautrix_instagram_service_stat.stat.exists"
- when: matrix_mautrix_instagram_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-instagram is stopped
ansible.builtin.service:
name: matrix-mautrix-instagram
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-instagram.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service"
state: absent
when: "matrix_mautrix_instagram_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_instagram_service_stat.stat.exists"
- name: Ensure matrix-mautrix-instagram.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service"
state: absent

Some files were not shown because too many files have changed in this diff Show more