pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2023-03-26 12:11:09 +02:00
parent 369d909210 ba166cd258
commit 54ae00cb05
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
59 changed files with 728 additions and 624 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
CHANGELOG.md
View file

@ -1,3 +1,31 @@
# 2023-03-22
## ntfy Web App is disabled by default
ntfy provides a web app, which is now disabled by default, because it may be unknown to and unused by most users of this playbook. You can enable it by setting `ntfy_web_root: "app"` (see [ntfy documentation](docs/configuring-playbook-ntfy.md)).
This change was already applied a while before this entry, but as some users were reporting the missing web app, this entry was added (see [#2529](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2529)).
# 2023-03-21
## The matrix-prometheus role lives independently now
**TLDR**: the `matrix-prometheus` role is now included from the [ansible-role-prometheus](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus) repository, part of the [MASH playbook](https://github.com/mother-of-all-self-hosting/mash-playbook). Some variables have been renamed. All functionality remains intact.
The `matrix-prometheus` role has been relocated in its own repository, part of the [MASH playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) project - an Ansible playbook for self-hosting [a growing list of FOSS software](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md). If hosting a Prometheus stack on the Matrix server itself did not stand right with you or you always wanted to host most stuff, you can now use this new playbook to do so.
Extracting the Prometheus role out of this Matrix playbook required huge internal refactoring to the way the Prometheus configuration (scraping jobs) is generated. If you notice any breakage after upgrading, let us know.
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're using Prometheus or not.
If you're making use of Prometheus via this playbook, you will need to update variable references in your `vars.yml` file:
- `matrix_prometheus_docker_image_` -> `matrix_prometheus_container_image_`
- `matrix_prometheus_` -> `prometheus_`
- some other internal variables have changed, but the playbook will tell you about them
# 2023-03-12
## synapse-auto-compressor support
@ -830,7 +858,7 @@ See our [Setting up the ntfy push notifications server](docs/configuring-playboo
**If you are using the [Hookshot bridge](docs/configuring-playbook-bridge-hookshot.md)**, you may find that:
1. **Metrics may not be enabled by default anymore**:
- If Prometheus is enabled (`matrix_prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network.
- If Prometheus is enabled (`prometheus_enabled: true`), then Hookshot metrics will be enabled automatically (`matrix_hookshot_metrics_enabled: true`). These metrics will be collected from the local (in-container) Prometheus over the container network.
- **If Prometheus is not enabled** (you are either not using Prometheus or are using an external one), **Hookshot metrics will not be enabled by default anymore**. Feel free to enable them by setting `matrix_hookshot_metrics_enabled: true`. Also, see below.
2. When metrics are meant to be **consumed by an external Prometheus server**, `matrix_hookshot_metrics_proxying_enabled` needs to be set to `true`, so that metrics would be exposed (proxied) "publicly" on `https://matrix.DOMAIN/metrics/hookshot`. To make use of this, you'll also need to enable the new `https://matrix.DOMAIN/metrics/*` endpoints mentioned above, using `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. Learn more in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation.
3. **We've changed the URL we're exposing Hookshot metrics at** for external Prometheus servers. Until now, you were advised to consume Hookshot metrics from `https://stats.DOMAIN/hookshot/metrics` (working in conjunction with `matrix_nginx_proxy_proxy_synapse_metrics`). From now on, **this no longer works**. As described above, you need to start consuming metrics from `https://matrix.DOMAIN/metrics/hookshot`.

4
docs/ansible.md
View file

@ -65,7 +65,7 @@ docker run -it --rm \
-w /work \
-v `pwd`:/work \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.13.6-r0-2
docker.io/devture/ansible:2.13.6-r0-3
```
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
@ -86,7 +86,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.13.6-r0
docker.io/devture/ansible:2.13.6-r0-3
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

9
docs/configuring-playbook-ntfy.md
View file

@ -21,6 +21,9 @@ ntfy_enabled: true
# Uncomment the line below and change it, if you'd like.
# matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
# Uncomment to enable the ntfy web app (disabled by default)
# ntfy_web_root: app # defaults to "disable"
# Uncomment and change to inject additional configuration options.
# ntfy_configuration_extension_yaml: |
# log_level: DEBUG
@ -81,6 +84,12 @@ If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choos
If the matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below.
### Web App
ntfy also has a web app to subscribe to and push to topics from the browser. This may be helpful to further troubleshoot UnifiedPush problems or to use ntfy for other purposes. The web app only runs in the browser locally (after downloading the JavaScript).
The web app is disabled in this playbook by default as the expectation is that most users won't use it. You can either use the [official hosted one](https://ntfy.sh/app) (it supports using other public reachable ntfy instances) or host it yourself by setting `ntfy_web_root: "app"` and re-running Ansible.
## Troubleshooting

6
docs/configuring-playbook-prometheus-grafana.md
View file

@ -7,7 +7,7 @@ You can enable this with the following settings in your configuration file (`inv
Remember to add `stats.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
```yaml
matrix_prometheus_enabled: true
prometheus_enabled: true
# You can remove this, if unnecessary.
prometheus_node_exporter_enabled: true
@ -39,7 +39,7 @@ The retention policy of Prometheus metrics is [15 days by default](https://prome
Name | Description
-----|----------
`matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
`prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
`prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures
`prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus.
`matrix_prometheus_nginxlog_exporter_enabled`|[NGINX Log Exporter](configuring-playbook-prometheus-nginxlog.md) is an addon of sorts to expose NGINX logs to Prometheus.
@ -57,7 +57,7 @@ Most of our docker containers run with limited system access, but the `prometheu
## Collecting metrics to an external Prometheus server
**If the integrated Prometheus server is enabled** (`matrix_prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly".
**If the integrated Prometheus server is enabled** (`prometheus_enabled: true`), metrics are collected by it from each service via communication that happens over the container network. Each service does not need to expose its metrics "publicly".
When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network.

4
docs/configuring-playbook-prometheus-nginxlog.md
View file

@ -12,7 +12,7 @@ You can enable this role by adding the following settings in your configuration
matrix_prometheus_nginxlog_exporter_enabled: true
# required depency
matrix_prometheus_enabled: true
prometheus_enabled: true
# optional for visualization
grafana_enabled: true
@ -20,7 +20,7 @@ grafana_enabled: true
x | Prerequisites | Variable | Description
|:--:|:--:|:--:|:--|
**REQUIRED** | `matrix-prometheus`| `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
**REQUIRED** | `matrix-prometheus`| `prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
_Optional_ | [`matrix-grafana`](configuring-playbook-prometheus-grafana.md) | [`grafana_enabled`](configuring-playbook-prometheus-grafana.md)|[Grafana](https://grafana.com) is the visual component. It shows (on the `stats.<your-domain>` subdomain) graphs that we're interested in. When enabled the `NGINX PROXY` dashboard is automatically added.
## Docker Image Compatibility

11
docs/configuring-playbook-sliding-sync-proxy.md
View file

@ -40,6 +40,17 @@ matrix_sliding_sync_enabled: true
After potentially [adjusting DNS records](#adjusting-dns-records) and configuring the playbook, run the [installation](installing.md) command again: `just install-all`.
### External databases
Please note that, if your setup utilizes an external database, you must also establish configuration for the sliding sync proxy. Alter the defaults below to suit your configuration:
```yaml
matrix_sliding_sync_database_username: 'matrix_sliding_sync'
matrix_sliding_sync_database_password: ''
matrix_sliding_sync_database_hostname: ''
matrix_sliding_sync_database_port: 5432
matrix_sliding_sync_database_name: 'matrix_sliding_sync'
```
## Usage

12
docs/importing-postgres.md
View file

@ -20,17 +20,17 @@ Before doing the actual import, **you need to upload your Postgres dump file to
## Importing
To import, run this command (make sure to replace `<server-path-to-postgres-dump.sql>` with a file path on your server):
To import, run this command (make sure to replace `SERVER_PATH_TO_POSTGRES_DUMP_FILE` with a file path on your server):
```sh
ansible-playbook -i inventory/hosts setup.yml \
--extra-vars='server_path_postgres_dump=<server-path-to-postgres-dump.sql> postgres_default_import_database=matrix' \
--tags=import-postgres
just run-tags import-postgres \
--extra-vars=server_path_postgres_dump=SERVER_PATH_TO_POSTGRES_DUMP_FILE \
--extra-vars=postgres_default_import_database=matrix
```
**Notes**:
- `<server-path-to-postgres-dump.sql>` must be a file path to a Postgres dump file on the server (not on your local machine!)
- `SERVER_PATH_TO_POSTGRES_DUMP_FILE` must be a file path to a Postgres dump file on the server (not on your local machine!)
- `postgres_default_import_database` defaults to `matrix`, which is useful for importing multiple databases (for dumps made with `pg_dumpall`). If you're importing a single database (e.g. `synapse`), consider changing `postgres_default_import_database` accordingly
@ -86,7 +86,7 @@ In this case you can use the command suggested in the import task to clear the d
# systemctl start matrix-postgres
```
Now on your local machine run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-postgres` to prepare the database roles etc.
Now on your local machine run `just run-tags setup-postgres` to prepare the database roles etc.
If not, you probably get this error. `synapse` is the correct table owner, but the role is missing in database.
```

2
docs/installing.md
View file

@ -17,7 +17,7 @@ Here are some playbook tags that you should be familiar with:
- `install-all` - like `setup-all`, but skips uninstallation tasks. Useful for maintaining your setup quickly when its components remain unchanged. If you adjust your `vars.yml` to remove components, you'd need to run `setup-all` though, or these components will still remain installed
- `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag).
- `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/**/tasks/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag).
- `install-SERVICE` (e.g. `install-bot-postmoogle`) - like `setup-SERVICE`, but skips uninstallation tasks. See `install-all` above for additional information.

6
docs/maintenance-postgres.md
View file

@ -41,7 +41,7 @@ To perform a `FULL` Postgres [VACUUM](https://www.postgresql.org/docs/current/sq
Example:
```bash
ansible-playbook -i inventory/hosts setup.yml --tags=run-postgres-vacuum,start
just run-tags run-postgres-vacuum,start
```
**Note**: this will automatically stop Synapse temporarily and restart it later. You'll also need plenty of available disk space in your Postgres data directory (usually `/matrix/postgres/data`).
@ -78,7 +78,9 @@ Upgrades must be performed manually.
This playbook can upgrade your existing Postgres setup with the following command:
ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres
```sh
just run-tags upgrade-postgres
```
**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.**

2
docs/prerequisites.md
View file

@ -20,6 +20,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
- the [passlib](https://passlib.readthedocs.io/en/stable/index.html) Python library installed on the computer you run Ansible. On most distros, you need to install some `python-passlib` or `py3-passlib` package, etc.
- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.
- [`just`](https://github.com/casey/just) for running `just roles`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually

175
group_vars/matrix_servers
View file

@ -37,6 +37,26 @@ matrix_playbook_ssl_enabled: "{{ matrix_playbook_ssl_retrieval_method in ['lets-
# #
########################################################################
########################################################################
# #
# aux #
# #
########################################################################
aux_directory_default_owner: "{{ matrix_user_username }}"
aux_directory_default_group: "{{ matrix_user_groupname }}"
aux_file_default_owner: "{{ matrix_user_username }}"
aux_file_default_group: "{{ matrix_user_groupname }}"
########################################################################
# #
# /aux #
# #
########################################################################
########################################################################
# #
# base #
@ -318,13 +338,13 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
+
([{'name': 'matrix-prometheus.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-core']}] if matrix_prometheus_enabled else [])
([{'name': (prometheus_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus']}] if prometheus_enabled else [])
+
([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-exporters']}] if prometheus_node_exporter_enabled else [])
([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-node-exporter']}] if prometheus_node_exporter_enabled else [])
+
([{'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-exporters']}] if prometheus_postgres_exporter_enabled else [])
([{'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-postgres-exporter']}] if prometheus_postgres_exporter_enabled else [])
+
([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-exporters']}] if matrix_prometheus_nginxlog_exporter_enabled else [])
([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-nginxlog-exporter']}] if matrix_prometheus_nginxlog_exporter_enabled else [])
+
([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['matrix', 'redis']}] if redis_enabled else [])
+
@ -851,7 +871,7 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if
# - `matrix_mautrix_facebook_metrics_enabled`
# - `matrix_mautrix_facebook_proxying_metrics_enabled`
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
matrix_mautrix_facebook_metrics_enabled: "{{ matrix_prometheus_enabled }}"
matrix_mautrix_facebook_metrics_enabled: "{{ prometheus_enabled }}"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
@ -984,7 +1004,7 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if
# - `matrix_mautrix_instagram_metrics_enabled`
# - `matrix_mautrix_instagram_proxying_metrics_enabled`
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
matrix_mautrix_instagram_metrics_enabled: "{{ matrix_prometheus_enabled }}"
matrix_mautrix_instagram_metrics_enabled: "{{ prometheus_enabled }}"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
@ -1035,7 +1055,7 @@ matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provi
# - `matrix_mautrix_signal_metrics_enabled`
# - `matrix_mautrix_signal_proxying_metrics_enabled`
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
matrix_mautrix_signal_metrics_enabled: "{{ matrix_prometheus_enabled }}"
matrix_mautrix_signal_metrics_enabled: "{{ prometheus_enabled }}"
matrix_mautrix_signal_database_engine: 'postgres'
matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
@ -1165,7 +1185,7 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# - `matrix_mautrix_twitter_metrics_enabled`
# - `matrix_mautrix_twitter_proxying_metrics_enabled`
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
matrix_mautrix_twitter_metrics_enabled: "{{ matrix_prometheus_enabled }}"
matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
@ -1271,7 +1291,7 @@ matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret an
# - `matrix_hookshot_metrics_enabled`
# - `matrix_hookshot_metrics_proxying_enabled`
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
matrix_hookshot_metrics_enabled: "{{ matrix_prometheus_enabled }}"
matrix_hookshot_metrics_enabled: "{{ prometheus_enabled }}"
matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}"
matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}"
@ -1633,6 +1653,7 @@ matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic
# We don't enable bots by default.
matrix_bot_honoroit_enabled: false
matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_bot_honoroit_systemd_required_services_list: |
{{
@ -1651,6 +1672,27 @@ matrix_bot_honoroit_database_hostname: "{{ devture_postgres_connection_hostname
matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}"
matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_bot_honoroit_container_network: "{{ matrix_docker_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-bot-honoroit' }}"
# For now, we attach this to the matrix-nginx-proxy network (unless that's the same network as the main one for us),
# because that's where the homeserver is expected to be accessed from.
# In the future, this will need to be redone.
matrix_bot_honoroit_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_bot_honoroit_container_network != matrix_nginx_proxy_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_bot_honoroit_container_network else [])
) | unique
}}
matrix_bot_honoroit_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_honoroit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
# /matrix-bot-honoroit
@ -2741,6 +2783,10 @@ devture_postgres_managed_databases_auto: |
'name': matrix_dendrite_user_api_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_relay_api_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_push_server_database,
'username': matrix_dendrite_database_user,
@ -3010,7 +3056,7 @@ devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(
matrix_sygnal_enabled: false
# If someone instals Prometheus via the playbook, they most likely wish to monitor Sygnal.
matrix_sygnal_metrics_prometheus_enabled: "{{ matrix_prometheus_enabled }}"
matrix_sygnal_metrics_prometheus_enabled: "{{ prometheus_enabled }}"
matrix_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
@ -3263,7 +3309,7 @@ matrix_synapse_tls_private_key_path: ~
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled) }}"
# If someone instals Prometheus via the playbook, they most likely wish to monitor Synapse.
matrix_synapse_metrics_enabled: "{{ matrix_prometheus_enabled }}"
matrix_synapse_metrics_enabled: "{{ prometheus_enabled }}"
matrix_synapse_email_enabled: "{{ matrix_mailer_enabled }}"
matrix_synapse_email_smtp_host: "matrix-mailer"
@ -3428,6 +3474,7 @@ matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_trae
#
######################################################################
######################################################################
#
# etke/prometheus_node_exporter
@ -3443,7 +3490,9 @@ prometheus_node_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-node
prometheus_node_exporter_uid: "{{ matrix_user_uid }}"
prometheus_node_exporter_gid: "{{ matrix_user_gid }}"
# _server_fqn is the old var, _hostname - the new one. Seamless migration
prometheus_node_exporter_server_fqn: "{{ matrix_server_fqn_matrix }}"
prometheus_node_exporter_hostname: "{{ prometheus_node_exporter_server_fqn }}"
prometheus_node_exporter_container_network: "{{ matrix_docker_network }}"
@ -3460,6 +3509,7 @@ prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_
#
######################################################################
######################################################################
#
# etke/prometheus_postgres_exporter
@ -3504,6 +3554,7 @@ prometheus_postgres_exporter_systemd_required_services_list: |
#
######################################################################
######################################################################
#
# matrix-prometheus-nginxlog-exporter
@ -3518,45 +3569,101 @@ matrix_prometheus_nginxlog_exporter_enabled: false
#
######################################################################
######################################################################
#
# matrix-prometheus
# prometheus
#
######################################################################
matrix_prometheus_enabled: false
prometheus_enabled: false
matrix_prometheus_container_network: "{{ matrix_docker_network }}"
prometheus_identifier: matrix-prometheus
prometheus_base_path: "{{ matrix_base_data_path }}/prometheus"
prometheus_uid: "{{ matrix_user_uid }}"
prometheus_gid: "{{ matrix_user_gid }}"
prometheus_container_additional_networks: |
{{
(
([prometheus_node_exporter_container_network] if prometheus_self_node_scraper_enabled and prometheus_node_exporter_container_network != prometheus_container_network else [])
+
([matrix_synapse_container_network] if matrix_prometheus_services_connect_scraper_synapse_enabled and matrix_synapse_container_network != prometheus_container_network else [])
+
([prometheus_postgres_exporter_container_network] if matrix_prometheus_services_connect_scraper_postgres_enabled and prometheus_postgres_exporter_container_network != prometheus_container_network else [])
+
([matrix_hookshot_container_network] if matrix_prometheus_services_connect_scraper_hookshot_enabled and matrix_hookshot_container_network != prometheus_container_network else [])
+
([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
) | unique
}}
# Normally, matrix-nginx-proxy is enabled and nginx can reach Prometheus over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# Prometheus' HTTP port to the local host.
matrix_prometheus_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
prometheus_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_prometheus_scraper_synapse_enabled: "{{ matrix_synapse_enabled and matrix_synapse_metrics_enabled }}"
matrix_prometheus_scraper_synapse_targets: ['matrix-synapse:{{ matrix_synapse_metrics_port }}']
matrix_prometheus_scraper_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_prometheus_scraper_synapse_rules_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
prometheus_config_rule_files_auto: |
{{
(['synapse-v2.rules'] if matrix_prometheus_services_connect_synapse_rules_enabled else [])
}}
matrix_prometheus_scraper_node_enabled: "{{ prometheus_node_exporter_enabled }}"
matrix_prometheus_scraper_node_targets: "{{ [prometheus_node_exporter_identifier + ':9100'] if prometheus_node_exporter_enabled else [] }}"
prometheus_self_node_scraper_enabled: "{{ prometheus_node_exporter_enabled }}"
prometheus_self_node_scraper_static_configs_target: "{{ (prometheus_node_exporter_identifier + ':9100') if prometheus_node_exporter_enabled else '' }}"
matrix_prometheus_scraper_postgres_enabled: "{{ prometheus_postgres_exporter_enabled }}"
matrix_prometheus_scraper_postgres_targets: "{{ [prometheus_postgres_exporter_identifier + ':' + prometheus_postgres_exporter_port | string] if matrix_prometheus_scraper_postgres_enabled else [] }}"
matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|default(false) }}"
matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | string +':'+ matrix_hookshot_metrics_port | string] if matrix_hookshot_metrics_enabled else [] }}"
matrix_prometheus_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_prometheus_scraper_nginxlog_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_metrics_port | string)
| default('') }}"
prometheus_config_scrape_configs_auto: |
{{
(matrix_prometheus_services_connect_scraper_synapse_configs if matrix_prometheus_services_connect_scraper_synapse_enabled else [])
+
(matrix_prometheus_services_connect_scraper_postgres_scrape_configs if matrix_prometheus_services_connect_scraper_postgres_enabled else [])
+
(matrix_prometheus_services_connect_scraper_hookshot_scrape_configs if matrix_prometheus_services_connect_scraper_hookshot_enabled else [])
+
(matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs if matrix_prometheus_services_connect_scraper_nginxlog_enabled else [])
}}
######################################################################
#
# /matrix-prometheus
# /prometheus
#
######################################################################
######################################################################
#
# matrix-prometheus-services-connect
#
######################################################################
matrix_prometheus_services_connect_synapse_enabled: "{{ prometheus_enabled and matrix_synapse_enabled }}"
matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
matrix_prometheus_services_connect_synapse_rules_download_dir_path: "{{ prometheus_config_path }}"
matrix_prometheus_services_connect_synapse_rules_download_owner: "{{ prometheus_uid }}"
matrix_prometheus_services_connect_synapse_rules_download_group: "{{ prometheus_gid }}"
matrix_prometheus_services_connect_scraper_synapse_enabled: "{{ matrix_synapse_enabled and matrix_synapse_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_target: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_prometheus_services_connect_scraper_postgres_enabled: "{{ prometheus_postgres_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_postgres_static_configs_target: "{{ prometheus_postgres_exporter_identifier }}:{{ prometheus_postgres_exporter_port | string }}"
matrix_prometheus_services_connect_scraper_hookshot_enabled: "{{ matrix_hookshot_enabled and matrix_hookshot_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_hookshot_static_configs_target: "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port | string }}"
matrix_prometheus_services_connect_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ matrix_prometheus_nginxlog_exporter_container_hostname }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port | string }}"
######################################################################
#
# /matrix-prometheus-services-connect
#
######################################################################
######################################################################
#
# etke/grafana
@ -3581,7 +3688,7 @@ grafana_container_additional_networks: |
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_prometheus_container_network] if matrix_prometheus_enabled and matrix_prometheus_container_network != grafana_container_network else [])
([prometheus_container_network] if prometheus_enabled and prometheus_container_network != grafana_container_network else [])
) | unique
}}
@ -3602,7 +3709,7 @@ grafana_provisioning_datasources: |
'type': 'prometheus',
'access': 'proxy',
'url': 'http://matrix-prometheus:9090',
}] if matrix_prometheus_enabled else [])
}] if prometheus_enabled else [])
}}
grafana_dashboard_download_urls: |
@ -3639,6 +3746,8 @@ grafana_default_home_dashboard_path: |-
#
######################################################################
######################################################################
#
# matrix-registration

32
justfile
View file

@ -1,44 +1,58 @@
# Shows help
default:
@just --list --justfile {{ justfile() }}
@just --list --justfile {{ justfile() }}
# Pulls external Ansible roles
roles:
rm -rf roles/galaxy
ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
#!/usr/bin/env sh
set -euo pipefail
if [ -x "$(command -v agru)" ]; then
agru
else
rm -rf roles/galaxy
ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
fi
# Updates requirements.yml if there are any new tags available. Requires agru
update:
@agru -u
# Runs ansible-lint against all roles in the playbook
lint:
ansible-lint
ansible-lint
# Runs the playbook with --tags=install-all,ensure-matrix-users-created,start and optional arguments
install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,start" extra_args)
# Runs installation tasks for a single service
install-service service *extra_args:
just --justfile {{ justfile() }} run --tags=install-{{ service }},start-group --extra-vars=group={{ service }} {{ extra_args }}
# Runs the playbook with --tags=setup-all,ensure-matrix-users-created,start and optional arguments
setup-all *extra_args: (run-tags "setup-all,ensure-matrix-users-created,start" extra_args)
# Runs the playbook with the given list of arguments
run +extra_args:
time ansible-playbook -i inventory/hosts setup.yml {{ extra_args }}
time ansible-playbook -i inventory/hosts setup.yml {{ extra_args }}
# Runs the playbook with the given list of comma-separated tags and optional arguments
run-tags tags *extra_args:
just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
# Runs the playbook in user-registration mode
register-user username password admin_yes_or_no *extra_args:
time ansible-playbook -i inventory/hosts setup.yml --tags=register-user --extra-vars="username={{ username }} password={{ password }} admin={{ admin_yes_or_no }}" {{ extra_args }}
time ansible-playbook -i inventory/hosts setup.yml --tags=register-user --extra-vars="username={{ username }} password={{ password }} admin={{ admin_yes_or_no }}" {{ extra_args }}
# Starts all services
start-all *extra_args: (run-tags "start-all" extra_args)
# Starts a specific service group
start-group group *extra_args:
@just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
@just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
# Stops all services
stop-all *extra_args: (run-tags "stop-all" extra_args)
# Stops a specific service group
stop-group group *extra_args:
@just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
@just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}

6
playbooks/matrix.yml
View file

@ -92,8 +92,9 @@
- galaxy/prometheus_node_exporter
- galaxy/prometheus_postgres_exporter
- custom/matrix-prometheus-nginxlog-exporter
- custom/matrix-prometheus
- galaxy/prometheus
- galaxy/grafana
- custom/matrix-prometheus-services-connect
- custom/matrix-prometheus-services-proxy-connect
- custom/matrix-registration
- custom/matrix-client-element
@ -112,7 +113,8 @@
- galaxy/ntfy
- custom/matrix-nginx-proxy
- custom/matrix-coturn
- custom/matrix-aux
- role: galaxy/aux
- role: galaxy/com.devture.ansible.role.postgres_backup

46
requirements.yml
View file

@ -1,61 +1,47 @@
---
- src: geerlingguy.docker
- src: git+https://github.com/geerlingguy/ansible-role-docker
version: 6.1.0
name: geerlingguy.docker
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
version: 129c8590e106b83e6f4c259649a613c6279e937a
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: 3d5bb2976815958cdce3f368fa34fb51554f899b
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
version: a1bb78d194434b38005f3a9e623bfa4b2c06c7bc
version: 38764398bf82b06a1736c3bfedc71dfd229e4b52
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
version: 8e9ec48a09284c84704d7a2dce17da35f181574d
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
version: v1.5.0-3
version: v1.5.0-7
- src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git
version: v0.11.1-2
version: v0.12.0-0
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
version: v1.2.3-1.7.8-0
version: v1.2.4-1.7.9-0
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
version: v9.4.3-0
version: v9.4.7-0
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
version: v2.1.2-0
version: v2.2.0-0
- src: git+https://gitlab.com/etke.cc/roles/redis.git
version: v7.0.9-0
version: v7.0.10-0
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
version: v1.8.18-2
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
version: v0.1.1-1
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: v2.9.8-2
version: v2.9.9-0
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: v2.8.1-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
version: v1.0.0-0
name: aux
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v2.43.0-0
name: prometheus

81
roles/custom/matrix-aux/defaults/main.yml
View file

@ -1,81 +0,0 @@
---
# matrix-aux is a role that manages auxiliary files and directories on your Matrix server.
#
# Certain components (like matrix-synapse, etc.) may sometimes require additional templates (email templates, privacy policies, etc.).
# This role allows such files to be managed by the playbook.
#
# Note that files and directories created via this role are not automatically made available for containers to use.
# If you use this role to put files in a directory that's already mounted into a container,
# you can access the files without additional work.
# Otherwise, you'd need to mount the file/directory to the container that needs it.
# Roles usually provide a `matrix_*_additional_volumes` or `matrix_*_container_extra_arguments` variable
# that you can use to mount an additional volume.
# The default permission mode when creating directories using `matrix_aux_directory_definitions`
matrix_aux_directory_default_mode: '0750'
# Holds a list of directories to create on the server.
#
# By default, directories are:
# - created with permissions as specified in `matrix_aux_directory_default_mode`
# - owned by the `matrix_user_username` user and `matrix_user_groupname` group (usually `matrix:matrix`)
#
# Example:
#
# matrix_aux_directory_definitions:
# - dest: /matrix/aux
#
# - dest: /matrix/another
# mode: '0700'
# owner: 'some-user'
# group: 'some-group'
matrix_aux_directory_definitions: []
# The default permission mode when creating directories using `matrix_aux_directory_definitions`
matrix_aux_file_default_mode: '0640'
# Holds a list of files to create on the server.
#
# By default, files are:
# - created with permissions as specified in `matrix_aux_file_default_mode`
# - owned by the `matrix_user_username` user and `matrix_user_groupname` group (usually `matrix:matrix`)
#
# You can define the file content inline (in your `vars.yml` file) or as an external file (see the example below).
# Defining the content inline in `vars.yml` has the benefit of not splitting your configuration into multiple files,
# but rather keeping everything inside `vars.yml` (which also gets backed up on the server in `/matrix/vars.yml`).
#
# Note: parent paths for files must exist.
# If you've defined a file with a destination of `/matrix/some/path/file.txt`,
# then you likely need to add `/matrix/some/path` to `matrix_aux_directory_definitions` as well.
# You don't need to do this for directories that the playbook already creates for you.
#
# Use a `content` key for text content and `src` with a location to a file for binary content.
# The `content` key does not support binary content (see https://github.com/ansible/ansible/issues/11594).
#
# Example:
#
# matrix_aux_file_definitions:
# - dest: "{{ matrix_synapse_config_dir_path }}/something.html"
# content: |
# <!doctype html>
# <html><body>Something</body></html>
#
# - dest: /matrix/aux/some-other-file.txt
# content: "Something"
# mode: '0600'
# owner: 'some-user'
# group: 'some-group'
#
# - dest: /matrix/aux/yet-another-file.txt
# content: "{{ lookup('template', '/path/to/file.txt.j2') }}"
# mode: '0600'
# owner: 'some-user'
# group: 'some-group'
#
# - dest: /matrix/aux/binary-file.dat
# src: "/path/to/binary.dat"
# mode: '0600'
# owner: 'some-user'
# group: 'some-group'
matrix_aux_file_definitions: []

9
roles/custom/matrix-aux/tasks/main.yml
View file

@ -1,9 +0,0 @@
---
- tags:
- setup-all
- setup-aux-files
- install-all
- install-aux-files
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"

20
roles/custom/matrix-aux/tasks/setup.yml
View file

@ -1,20 +0,0 @@
---
- name: Ensure AUX directories are created
ansible.builtin.file:
dest: "{{ item.dest }}"
state: directory
owner: "{{ item.owner | default(matrix_user_username) }}"
group: "{{ item.group | default(matrix_user_groupname) }}"
mode: "{{ item.mode | default(matrix_aux_directory_default_mode) }}"
with_items: "{{ matrix_aux_directory_definitions }}"
- name: Ensure AUX files are created
ansible.builtin.copy:
src: "{{ item.src if 'src' in item else omit }}"
content: "{{ item.content if 'content' in item else omit }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner | default(matrix_user_username) }}"
group: "{{ item.group | default(matrix_user_groupname) }}"
mode: "{{ item.mode | default(matrix_aux_file_default_mode) }}"
with_items: "{{ matrix_aux_file_definitions }}"

28
roles/custom/matrix-bot-chatgpt/defaults/main.yml
View file

@ -4,19 +4,22 @@
matrix_bot_chatgpt_enabled: true
matrix_bot_chatgpt_container_image_self_build: false
matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}"
matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src"
matrix_bot_chatgpt_version: 3.0.0
matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}"
matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}"
matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}"
matrix_bot_chatgpt_container_image_self_build: false
matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
matrix_bot_chatgpt_container_image_self_build_repo_version: "{{ 'main' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}"
matrix_bot_chatgpt_container_image: "{{ matrix_bot_chatgpt_container_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_container_image_tag }}"
matrix_bot_chatgpt_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else matrix_bot_chatgpt_container_image_registry_prefix }}"
matrix_bot_chatgpt_container_image_tag: "{{ matrix_bot_chatgpt_version }}"
matrix_bot_chatgpt_container_image_force_pull: "{{ matrix_bot_chatgpt_container_image.endswith(':latest') }}"
matrix_bot_chatgpt_container_image_registry_prefix: ghcr.io/
matrix_bot_chatgpt_base_path: "{{ matrix_base_data_path }}/chatgpt"
matrix_bot_chatgpt_config_path: "{{ matrix_bot_chatgpt_base_path }}/config"
matrix_bot_chatgpt_data_path: "{{ matrix_bot_chatgpt_base_path }}/data"
matrix_bot_chatgpt_container_src_path: "{{ matrix_bot_chatgpt_base_path }}/container-src"
# A list of extra arguments to pass to the container
matrix_bot_chatgpt_container_extra_arguments: []
@ -54,6 +57,9 @@ matrix_bot_chatgpt_matrix_default_prefix: "!chatgpt " # MATRIX_DEFAULT_PREFIX=
matrix_bot_chatgpt_matrix_default_prefix_reply: false # MATRIX_DEFAULT_PREFIX_REPLY=
# Matrix Access Control (optional)
#
# Lists of space-separated entries. Example:
# matrix_bot_chatgpt_matrix_whitelist: ":{{ matrix_domain }} :second-domain.com :third-domain.com"
matrix_bot_chatgpt_matrix_blacklist: ''
matrix_bot_chatgpt_matrix_whitelist: ':{{ matrix_domain }}'
@ -73,11 +79,11 @@ matrix_bot_chatgpt_matrix_rich_text: true # MATRIX_RICH_TEXT=true
# - @*:another.com
# matrix_bot_chatgpt_admins: "{{ [matrix_admin] if matrix_admin else [] }}"
# Log level
# matrix_bot_chatgpt_loglevel: 'INFO'
# Additional environment variables to pass to the chatgpt container
#
# You can discover additional environment variables from:
# https://github.com/matrixgpt/matrix-chatgpt-bot/blob/main/src/env.ts
#
# Example:
# matrix_bot_chatgpt_environment_variables_extension: |
# chatgpt_TEXT_DONE=Done

63
roles/custom/matrix-bot-chatgpt/tasks/install.yml Normal file
View file

@ -0,0 +1,63 @@
---
- name: Ensure chatgpt paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_bot_chatgpt_config_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_data_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_container_src_path }}", when: matrix_bot_chatgpt_container_image_self_build}
when: "item.when | bool"
- name: Ensure chatgpt environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_chatgpt_config_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure chatgpt container image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_chatgpt_container_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_chatgpt_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_chatgpt_container_image_force_pull }}"
when: "not matrix_bot_chatgpt_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- when: matrix_bot_chatgpt_container_image_self_build | bool
block:
- name: Ensure chatgpt repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_chatgpt_container_image_self_build_repo }}"
version: "{{ matrix_bot_chatgpt_container_image_self_build_repo_version }}"
dest: "{{ matrix_bot_chatgpt_container_src_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_chatgpt_git_pull_results
- name: Ensure chatgpt container image is built
community.docker.docker_image:
name: "{{ matrix_bot_chatgpt_container_image }}"
source: build
force_source: "{{ matrix_bot_chatgpt_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_chatgpt_container_src_path }}"
pull: true
- name: Ensure matrix-bot-chatgpt.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-chatgpt.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
mode: 0644

4
roles/custom/matrix-bot-chatgpt/tasks/main.yml
View file

@ -11,11 +11,11 @@
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
- tags:
- setup-all
- setup-bot-chatgpt
block:
- when: not matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"

63
roles/custom/matrix-bot-chatgpt/tasks/setup_install.yml
View file

@ -1,63 +0,0 @@
---
- name: Ensure chatgpt paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_bot_chatgpt_config_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_data_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_docker_src_files_path }}", when: matrix_bot_chatgpt_container_image_self_build}
when: "item.when | bool"
- name: Ensure chatgpt environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_chatgpt_config_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure chatgpt image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_chatgpt_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_chatgpt_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_chatgpt_docker_image_force_pull }}"
when: "not matrix_bot_chatgpt_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure chatgpt repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_chatgpt_docker_repo }}"
version: "{{ matrix_bot_chatgpt_docker_repo_version }}"
dest: "{{ matrix_bot_chatgpt_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_chatgpt_git_pull_results
when: "matrix_bot_chatgpt_container_image_self_build | bool"
- name: Ensure chatgpt image is built
community.docker.docker_image:
name: "{{ matrix_bot_chatgpt_docker_image }}"
source: build
force_source: "{{ matrix_bot_chatgpt_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_chatgpt_docker_src_files_path }}"
pull: true
when: "matrix_bot_chatgpt_container_image_self_build | bool"
- name: Ensure matrix-bot-chatgpt.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-chatgpt.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
mode: 0644
register: matrix_bot_chatgpt_systemd_service_result

0
roles/custom/matrix-bot-chatgpt/tasks/setup_uninstall.yml → roles/custom/matrix-bot-chatgpt/tasks/uninstall.yml
View file

15
roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml
View file

@ -9,7 +9,6 @@
- {'name': 'matrix_bot_chatgpt_openai_api_key', when: true}
- {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true}
- name: Fail if OpenAI configuration not up-to-date.
ansible.builtin.fail:
msg: >-
@ -20,3 +19,17 @@
- {'name': 'matrix_bot_chatgpt_openai_email'}
- {'name': 'matrix_bot_chatgpt_openai_password'}
- {'name': 'matrix_bot_chatgpt_openai_login_type'}
- name: (Deprecation) Catch and report renamed ChatGPT settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_chatgpt_docker_image', 'new': 'matrix_bot_chatgpt_container_image'}
- {'old': 'matrix_bot_chatgpt_docker_image_name_prefix', 'new': 'matrix_bot_chatgpt_container_image_name_prefix'}
- {'old': 'matrix_bot_chatgpt_docker_image_force_pull', 'new': 'matrix_bot_chatgpt_container_image_force_pull'}
- {'old': 'matrix_bot_chatgpt_docker_repo', 'new': 'matrix_bot_chatgpt_container_image_self_build_repo'}
- {'old': 'matrix_bot_chatgpt_docker_repo_version', 'new': 'matrix_bot_chatgpt_container_image_self_build_repo_version'}
- {'old': 'matrix_bot_chatgpt_docker_src_files_path', 'new': 'matrix_bot_chatgpt_container_src_path'}

6
roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2
View file

@ -16,7 +16,9 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-chatgpt \
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
--rm \
--name=matrix-bot-chatgpt \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -29,7 +31,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
{% for arg in matrix_bot_chatgpt_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_chatgpt_docker_image }}
{{ matrix_bot_chatgpt_container_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'

45
roles/custom/matrix-bot-honoroit/defaults/main.yml
View file

@ -4,6 +4,13 @@
matrix_bot_honoroit_enabled: true
# The hostname at which honoroit is served.
matrix_bot_honoroit_hostname: ''
# The path at which honoroit is exposed.
# This value must either be `/` or not end with a slash (e.g. `/honoroit`).
matrix_bot_honoroit_path_prefix: /
matrix_bot_honoroit_container_image_self_build: false
matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
@ -19,6 +26,44 @@ matrix_bot_honoroit_config_path: "{{ matrix_bot_honoroit_base_path }}/config"
matrix_bot_honoroit_data_path: "{{ matrix_bot_honoroit_base_path }}/data"
matrix_bot_honoroit_data_store_path: "{{ matrix_bot_honoroit_data_path }}/store"
# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_bot_honoroit_container_network: matrix-bot-honoroit
# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_bot_honoroit_container_additional_networks: []
# matrix_bot_honoroit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_bot_honoroit_container_labels_additional_labels`.
matrix_bot_honoroit_container_labels_traefik_enabled: true
matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_bot_honoroit_container_network }}"
matrix_bot_honoroit_container_labels_traefik_hostname: "{{ matrix_bot_honoroit_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/honoroit`).
matrix_bot_honoroit_container_labels_traefik_path_prefix: "{{ matrix_bot_honoroit_path_prefix }}"
matrix_bot_honoroit_container_labels_traefik_rule: "Host(`{{ matrix_bot_honoroit_container_labels_traefik_hostname }}`){% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_honoroit_container_labels_traefik_path_prefix }}`){% endif %}"
matrix_bot_honoroit_container_labels_traefik_priority: 0
matrix_bot_honoroit_container_labels_traefik_entrypoints: web-secure
matrix_bot_honoroit_container_labels_traefik_tls: "{{ matrix_bot_honoroit_container_labels_traefik_entrypoints != 'web' }}"
matrix_bot_honoroit_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_bot_honoroit_container_labels_traefik_additional_response_headers_custom`
matrix_bot_honoroit_container_labels_traefik_additional_response_headers: "{{ matrix_bot_honoroit_container_labels_traefik_additional_response_headers_auto | combine(matrix_bot_honoroit_container_labels_traefik_additional_response_headers_custom) }}"
matrix_bot_honoroit_container_labels_traefik_additional_response_headers_auto: {}
matrix_bot_honoroit_container_labels_traefik_additional_response_headers_custom: {}
# matrix_bot_honoroit_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_bot_honoroit_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_bot_honoroit_container_labels_additional_labels: ''
# A list of extra arguments to pass to the container
matrix_bot_honoroit_container_extra_arguments: []

9
roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
View file

@ -40,13 +40,16 @@
- {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
when: "item.when | bool"
- name: Ensure honoroit environment variables file created
- name: Ensure honoroit support files installed
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_honoroit_config_path }}/env"
src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_bot_honoroit_config_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
with_items:
- env
- labels
- name: Ensure honoroit image is pulled
community.docker.docker_image:

45
roles/custom/matrix-bot-honoroit/templates/labels.j2 Normal file
View file

@ -0,0 +1,45 @@
{% if matrix_bot_honoroit_container_labels_traefik_enabled %}
traefik.enable=true
{% if matrix_bot_honoroit_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_bot_honoroit_container_labels_traefik_docker_network }}
{% endif %}
{% set middlewares = [] %}
{% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %}
traefik.http.middlewares.matrix-bot-honoroit-slashless-redirect.redirectregex.regex=({{ matrix_bot_honoroit_container_labels_traefik_path_prefix | quote }})$
traefik.http.middlewares.matrix-bot-honoroit-slashless-redirect.redirectregex.replacement=${1}/
{% set middlewares = middlewares + ['matrix-bot-honoroit-slashless-redirect'] %}
{% endif %}
{% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %}
traefik.http.middlewares.matrix-bot-honoroit-strip-prefix.stripprefix.prefixes={{ matrix_bot_honoroit_container_labels_traefik_path_prefix }}
{% set middlewares = middlewares + ['matrix-bot-honoroit-strip-prefix'] %}
{% endif %}
{% if matrix_bot_honoroit_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
{% for name, value in matrix_bot_honoroit_container_labels_traefik_additional_response_headers.items() %}
traefik.http.middlewares.matrix-bot-honoroit-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
{% endfor %}
{% set middlewares = middlewares + ['matrix-bot-honoroit-add-headers'] %}
{% endif %}
traefik.http.routers.matrix-bot-honoroit.rule={{ matrix_bot_honoroit_container_labels_traefik_rule }}
{% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %}
traefik.http.routers.matrix-bot-honoroit.priority={{ matrix_bot_honoroit_container_labels_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-bot-honoroit.service=matrix-bot-honoroit
{% if middlewares | length > 0 %}
traefik.http.routers.matrix-bot-honoroit.middlewares={{ middlewares | join(',') }}
{% endif %}
traefik.http.routers.matrix-bot-honoroit.entrypoints={{ matrix_bot_honoroit_container_labels_traefik_entrypoints }}
traefik.http.routers.matrix-bot-honoroit.tls={{ matrix_bot_honoroit_container_labels_traefik_tls | to_json }}
{% if matrix_bot_honoroit_container_labels_traefik_tls %}
traefik.http.routers.matrix-bot-honoroit.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }}
{% endif %}
traefik.http.services.matrix-bot-honoroit.loadbalancer.server.port=8080
{% endif %}
{{ matrix_bot_honoroit_container_labels_additional_labels }}

13
roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
View file

@ -16,19 +16,28 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-honoroit \
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-bot-honoroit \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
--network={{ matrix_bot_honoroit_container_network }} \
--env-file={{ matrix_bot_honoroit_config_path }}/env \
--label-file={{ matrix_bot_honoroit_config_path }}/labels \
--mount type=bind,src={{ matrix_bot_honoroit_data_path }},dst=/data \
{% for arg in matrix_bot_honoroit_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_honoroit_docker_image }}
{% for network in matrix_bot_honoroit_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-honoroit
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-honoroit
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true'
Restart=always

4
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 2.7.0
matrix_hookshot_version: 3.0.1
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@ -200,6 +200,8 @@ matrix_hookshot_permissions: []
matrix_hookshot_bot_displayname: Hookshot Bot
matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d'
matrix_hookshot_container_network: "{{ matrix_docker_network }}"
# A list of extra arguments to pass to the container
matrix_hookshot_container_extra_arguments: []

5
roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
View file

@ -107,6 +107,11 @@
group: "{{ matrix_user_groupname }}"
when: matrix_hookshot_github_enabled | bool and matrix_hookshot_github_private_key|length > 0
- name: Ensure matrix-hookshot container network is created
community.general.docker_network:
name: "{{ matrix_hookshot_container_network }}"
driver: bridge
- name: Ensure matrix-hookshot.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2"

4
roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2
View file

@ -20,8 +20,8 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_hookshot_base_path }}:/data:z \
--network={{ matrix_hookshot_container_network }} \
--mount type=bind,src={{ matrix_hookshot_base_path }},dst=/data \
{% for port in matrix_hookshot_container_http_host_bind_ports %}
-p {{ port }} \
{% endfor %}

2
roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false
matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
matrix_mautrix_discord_version: v0.1.1
matrix_mautrix_discord_version: v0.2.0
# See: https://mau.dev/mautrix/discord/container_registry
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"

2
roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_version: v0.8.2
matrix_mautrix_whatsapp_version: v0.8.3
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"

2
roles/custom/matrix-client-element/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.24
matrix_client_element_version: v1.11.25
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-corporal/defaults/main.yml
View file

@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']
matrix_corporal_version: 2.5.1
matrix_corporal_version: 2.5.2
matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility

14
roles/custom/matrix-coturn/defaults/main.yml
View file

@ -112,11 +112,25 @@ matrix_coturn_user_quota: null
matrix_coturn_total_quota: null
# Controls whether `no-tcp-relay` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L419-L422
matrix_coturn_no_tcp_relay_enabled: true
# Controls whether `no-multicast-peers` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L629-L632
matrix_coturn_no_multicast_peers_enabled: true
# Controls whether `no-rfc5780` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L770-L781
matrix_coturn_no_rfc5780_enabled: true
# Controls whether `no-stun-backward-compatibility` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L783-L789
matrix_coturn_no_stun_backward_compatibility_enabled: true
# Controls whether `response-origin-only-with-rfc5780` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L791-L796
matrix_coturn_response_origin_only_with_rfc5780_enabled: true
# Additional configuration to be passed to turnserver.conf
# Example:
# matrix_coturn_additional_configuration: |

12
roles/custom/matrix-coturn/templates/turnserver.conf.j2
View file

@ -35,6 +35,18 @@ prod
no-tcp-relay
{% endif %}
{% if matrix_coturn_no_rfc5780_enabled %}
no-rfc5780
{% endif %}
{% if matrix_coturn_no_stun_backward_compatibility_enabled %}
no-stun-backward-compatibility
{% endif %}
{% if matrix_coturn_response_origin_only_with_rfc5780_enabled %}
response-origin-only-with-rfc5780
{% endif %}
{% if matrix_coturn_user_quota != None %}
user-quota={{ matrix_coturn_user_quota }}
{% endif %}

1
roles/custom/matrix-dendrite/defaults/main.yml
View file

@ -157,6 +157,7 @@ matrix_dendrite_room_database: "dendrite_room"
matrix_dendrite_sync_api_database: "dendrite_syncapi"
matrix_dendrite_user_api_database: "dendrite_userapi"
matrix_dendrite_push_server_database: "dendrite_pushserver"
matrix_dendrite_relay_api_database: "dendrite_relayapi"
matrix_dendrite_mscs_database: "dendrite_mscs"
matrix_dendrite_client_api_turn_uris: []

1
roles/custom/matrix-dendrite/tasks/validate_config.yml
View file

@ -33,4 +33,5 @@
- {'old': 'matrix_dendrite_userapi_auto_join_rooms', 'new': 'matrix_dendrite_user_api_auto_join_rooms'}
- {'old': 'matrix_dendrite_federationapi_database', 'new': 'matrix_dendrite_federation_api_database'}
- {'old': 'matrix_dendrite_pushserver_database', 'new': 'matrix_dendrite_push_server_database'}
- {'old': 'matrix_dendrite_relayapi_database', 'new': 'matrix_dendrite_relay_api_database'}
- {'old': 'matrix_dendrite_keyserver_database', 'new': 'matrix_dendrite_key_server_database'}

6
roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
View file

@ -399,6 +399,12 @@ push_server:
max_idle_conns: 2
conn_max_lifetime: -1
#
#
relay_api:
database:
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_relay_api_database }}?sslmode=disable
# Configuration for Opentracing.
# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on
# how this works and how to set it up.

2
roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml
View file

@ -28,6 +28,8 @@ matrix_prometheus_nginxlog_exporter_dashboard_urls: []
matrix_prometheus_nginxlog_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-nginxlog-exporter"
matrix_prometheus_nginxlog_exporter_config_path: "{{ matrix_prometheus_nginxlog_exporter_base_path }}/config"
matrix_prometheus_nginxlog_exporter_container_network: "{{ matrix_docker_network }}"
# A list of extra docker arguments to pass to the container
matrix_prometheus_nginxlog_exporter_container_extra_arguments: []

5
roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml
View file

@ -30,6 +30,11 @@
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure prometheus-nginxlog-exporter container network is created
community.general.docker_network:
name: "{{ matrix_prometheus_nginxlog_exporter_container_network }}"
driver: bridge
- name: Ensure matrix-prometheus-nginxlog-exporter.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2"

2
roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml
View file

@ -13,7 +13,7 @@
This role has added to configs in 'matrix-nginx-proxy', 'matrix-synapse-reverse-proxy-companion' and 'matrix-prometheus'.
Running 'setup-synapse-reverse-proxy-companion' WILL NOT remove those settings from those roles.
Run the playbook again with the `setup-all` tag or all three 'setup-nginx-proxy,setup-synapse-reverse-proxy-companion,setup-prometheus' tags while
'matrix_prometheus_enabled: false' to rebuild their configs.
'prometheus_enabled: false' to rebuild their configs.
when: not ('setup-all' in ansible_run_tags or ('setup-nginx-proxy' in ansible_run_tags and 'setup-synapse-reverse-proxy-companion' in ansible_run_tags and 'setup-prometheus' in ansible_run_tags))
- name: Ensure matrix-prometheus-nginxlog-exporter is stopped

4
roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml
View file

@ -3,9 +3,9 @@
- name: Fail if Prometheus not enabled
ansible.builtin.fail:
msg: >
You need to set `matrix_prometheus_enabled: true` or configure an external Prometheus database
You need to set `prometheus_enabled: true` or configure an external Prometheus database
as this roles requires Prometheus for data storage.
when: not matrix_prometheus_enabled and not matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled
when: not prometheus_enabled and not matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled
- name: Fail if docker image not availble for arch
ansible.builtin.fail:

2
roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2
View file

@ -22,7 +22,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
--network={{ matrix_prometheus_nginxlog_exporter_container_network }} \
{% if matrix_prometheus_nginxlog_exporter_container_http_host_bind_port %}
-p {{ matrix_prometheus_nginxlog_exporter_container_http_host_bind_port }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port }} \
{% endif %}

144
roles/custom/matrix-prometheus-services-connect/defaults/main.yml Normal file
View file

@ -0,0 +1,144 @@
---
# matrix-prometheus-services-connect is a role which helps integrate
# the various Matrix services with the Prometheus role.
# Controls whether Synapse integration should be done
matrix_prometheus_services_connect_synapse_enabled: false
# Controls whether the synapse rules shall be loaded into Prometheus
matrix_prometheus_services_connect_synapse_rules_enabled: "{{ matrix_prometheus_services_connect_synapse_enabled }}"
# Controls whether the synapse rules shall be downloaded
matrix_prometheus_services_connect_synapse_rules_download_enabled: "{{ matrix_prometheus_services_connect_synapse_rules_enabled }}"
matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: master
matrix_prometheus_services_connect_synapse_rules_download_src_url: "https://raw.githubusercontent.com/matrix-org/synapse/{{ matrix_prometheus_services_connect_synapse_rules_download_synapse_tag }}/contrib/prometheus/synapse-v2.rules"
matrix_prometheus_services_connect_synapse_rules_download_dir_path: ''
matrix_prometheus_services_connect_synapse_rules_download_owner: ''
matrix_prometheus_services_connect_synapse_rules_download_group: ''
# Controls whether Synapse shall be scraped
matrix_prometheus_services_connect_scraper_synapse_enabled: false
# Controls scraping the Synapse processes
matrix_prometheus_services_connect_scraper_synapse_job_name: synapse
matrix_prometheus_services_connect_scraper_synapse_metrics_path: /_synapse/metrics
matrix_prometheus_services_connect_scraper_synapse_scrape_interval: 15s
matrix_prometheus_services_connect_scraper_synapse_scrape_timeout: 15s
matrix_prometheus_services_connect_scraper_synapse_configs: |
{{
[{
'job_name': matrix_prometheus_services_connect_scraper_synapse_job_name,
'metrics_path': matrix_prometheus_services_connect_scraper_synapse_metrics_path,
'scrape_interval': matrix_prometheus_services_connect_scraper_synapse_scrape_interval,
'scrape_timeout': matrix_prometheus_services_connect_scraper_synapse_scrape_timeout,
'static_configs': matrix_prometheus_services_connect_scraper_synapse_static_configs,
}]
}}
matrix_prometheus_services_connect_scraper_synapse_static_configs: |
{{
(matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs if matrix_prometheus_services_connect_scraper_synapse_main_process_enabled else [])
+
(matrix_prometheus_services_connect_scraper_synapse_workers_static_configs if matrix_prometheus_services_connect_scraper_synapse_workers_enabled else [])
}}
# Controls whether the Synapse main process shall be scraped
matrix_prometheus_services_connect_scraper_synapse_main_process_enabled: "{{ matrix_prometheus_services_connect_scraper_synapse_enabled }}"
matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs: |
{{
[{
'targets': [matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_target],
'labels': {
'instance': matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_instance,
'job': matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_job,
'index': 0,
}
}]
}}
matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_target: ''
matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_instance: "{{ matrix_domain }}"
matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_job: master
# Controls whether Synapse workers shall be scraped
matrix_prometheus_services_connect_scraper_synapse_workers_enabled: "{{ matrix_prometheus_services_connect_scraper_synapse_enabled and matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list | length > 0 }}"
matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list: []
matrix_prometheus_services_connect_scraper_synapse_workers_static_configs_as_yaml: |
{% for worker in matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list %}
{% if worker.metrics_port != 0 %}
- targets: ['{{ worker.name }}:{{ worker.metrics_port }}']
labels:
instance: {{ matrix_prometheus_services_connect_scraper_synapse_workers_static_configs_instance | to_json }}
worker_id: {{ worker.id | to_json }}
job: {{ worker.type | to_json }}
app: {{ worker.app | to_json }}
{% endif %}
{% endfor %}
matrix_prometheus_services_connect_scraper_synapse_workers_static_configs_instance: "{{ matrix_domain }}"
matrix_prometheus_services_connect_scraper_synapse_workers_static_configs: "{{ [] if matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list | length == 0 else matrix_prometheus_services_connect_scraper_synapse_workers_static_configs_as_yaml | from_yaml }}"
# Controls whether Postgres (postgres-exporter) shall be scraped
matrix_prometheus_services_connect_scraper_postgres_enabled: false
matrix_prometheus_services_connect_scraper_postgres_job_name: postgres
matrix_prometheus_services_connect_scraper_postgres_metrics_path: /metrics
matrix_prometheus_services_connect_scraper_postgres_scrape_interval: 15s
matrix_prometheus_services_connect_scraper_postgres_scrape_timeout: 15s
matrix_prometheus_services_connect_scraper_postgres_static_configs: "{{ [{'targets': [matrix_prometheus_services_connect_scraper_postgres_static_configs_target]}] }}"
matrix_prometheus_services_connect_scraper_postgres_static_configs_target: ''
# The final scrape config for the Postgers scraper
matrix_prometheus_services_connect_scraper_postgres_scrape_configs: |
{{
[{
'job_name': matrix_prometheus_services_connect_scraper_postgres_job_name,
'metrics_path': matrix_prometheus_services_connect_scraper_postgres_metrics_path,
'scrape_interval': matrix_prometheus_services_connect_scraper_postgres_scrape_interval,
'scrape_timeout': matrix_prometheus_services_connect_scraper_postgres_scrape_timeout,
'static_configs': matrix_prometheus_services_connect_scraper_postgres_static_configs,
}]
}}
# Controls whether Hookshot shall be scraped
matrix_prometheus_services_connect_scraper_hookshot_enabled: false
matrix_prometheus_services_connect_scraper_hookshot_job_name: hookshot
matrix_prometheus_services_connect_scraper_hookshot_metrics_path: /metrics
matrix_prometheus_services_connect_scraper_hookshot_scrape_interval: 15s
matrix_prometheus_services_connect_scraper_hookshot_scrape_timeout: 15s
matrix_prometheus_services_connect_scraper_hookshot_static_configs: "{{ [{'targets': [matrix_prometheus_services_connect_scraper_hookshot_static_configs_target]}] }}"
matrix_prometheus_services_connect_scraper_hookshot_static_configs_target: ''
# The final scrape config for the Hookshot scraper
matrix_prometheus_services_connect_scraper_hookshot_scrape_configs: |
{{
[{
'job_name': matrix_prometheus_services_connect_scraper_hookshot_job_name,
'metrics_path': matrix_prometheus_services_connect_scraper_hookshot_metrics_path,
'scrape_interval': matrix_prometheus_services_connect_scraper_hookshot_scrape_interval,
'scrape_timeout': matrix_prometheus_services_connect_scraper_hookshot_scrape_timeout,
'static_configs': matrix_prometheus_services_connect_scraper_hookshot_static_configs,
}]
}}
# Controls whether nginxlog shall be scraped
matrix_prometheus_services_connect_scraper_nginxlog_enabled: false
matrix_prometheus_services_connect_scraper_nginxlog_job_name: nginxlog
matrix_prometheus_services_connect_scraper_nginxlog_metrics_path: /metrics
matrix_prometheus_services_connect_scraper_nginxlog_scrape_interval: 15s
matrix_prometheus_services_connect_scraper_nginxlog_scrape_timeout: 15s
matrix_prometheus_services_connect_scraper_nginxlog_static_configs: "{{ [{'targets': [matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target]}] }}"
matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: ''
# The final scrape config for the nginxlog scraper
matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs: |
{{
[{
'job_name': matrix_prometheus_services_connect_scraper_nginxlog_job_name,
'metrics_path': matrix_prometheus_services_connect_scraper_nginxlog_metrics_path,
'scrape_interval': matrix_prometheus_services_connect_scraper_nginxlog_scrape_interval,
'scrape_timeout': matrix_prometheus_services_connect_scraper_nginxlog_scrape_timeout,
'static_configs': matrix_prometheus_services_connect_scraper_nginxlog_static_configs,
}]
}}

14
roles/custom/matrix-prometheus-services-connect/tasks/install_synapse_rules.yml Normal file
View file

@ -0,0 +1,14 @@
---
- name: Download synapse-v2.rules
ansible.builtin.get_url:
url: "{{ matrix_prometheus_services_connect_synapse_rules_download_src_url }}"
dest: "{{ matrix_prometheus_services_connect_synapse_rules_download_dir_path }}/synapse-v2.rules"
force: true
mode: 0440
owner: "{{ matrix_prometheus_services_connect_synapse_rules_download_owner }}"
group: "{{ matrix_prometheus_services_connect_synapse_rules_download_group }}"
register: result
retries: "{{ devture_playbook_help_geturl_retries_count }}"
delay: "{{ devture_playbook_help_geturl_retries_delay }}"
until: result is not failed

11
roles/custom/matrix-prometheus-services-connect/tasks/main.yml Normal file
View file

@ -0,0 +1,11 @@
---
- tags:
- setup-all
- setup-prometheus
- setup-prometheus-services-connect
- install-all
- install-prometheus-services-connect
block:
- when: matrix_prometheus_services_connect_synapse_rules_download_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/install_synapse_rules.yml"

90
roles/custom/matrix-prometheus/defaults/main.yml
View file

@ -1,90 +0,0 @@
---
# matrix-prometheus is an open-source systems monitoring and alerting toolkit
# See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
# Project source code URL: https://github.com/prometheus/prometheus
matrix_prometheus_enabled: false
matrix_prometheus_version: v2.42.0
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
matrix_prometheus_base_path: "{{ matrix_base_data_path }}/prometheus"
matrix_prometheus_config_path: "{{ matrix_prometheus_base_path }}/config"
matrix_prometheus_data_path: "{{ matrix_prometheus_base_path }}/data"
# A list of extra arguments to pass to the container
matrix_prometheus_container_extra_arguments: []
# List of systemd services that matrix-prometheus.service depends on
matrix_prometheus_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-prometheus.service wants
matrix_prometheus_systemd_wanted_services_list: []
# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_prometheus_container_network: ''
# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_prometheus_container_additional_networks: []
# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9090 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9090"), or empty string to not expose.
matrix_prometheus_container_http_host_bind_port: ''
# A list of default arguments to pass to the prometheus process
matrix_prometheus_process_default_arguments:
- "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/prometheus"
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
- "--web.console.templates=/usr/share/prometheus/consoles"
# A list of extra arguments to pass to the prometheus process
matrix_prometheus_process_extra_arguments: []
# holds the final list of process arguments
matrix_prometheus_process_arguments: "{{ matrix_prometheus_process_default_arguments + matrix_prometheus_process_extra_arguments }}"
# Tells whether the "synapse" scraper configuration is enabled.
matrix_prometheus_scraper_synapse_enabled: false
# Tells whether to download and load a Synapse rules file
matrix_prometheus_scraper_synapse_rules_enabled: "{{ matrix_prometheus_scraper_synapse_enabled }}"
matrix_prometheus_scraper_synapse_rules_synapse_tag: "master"
matrix_prometheus_scraper_synapse_rules_download_url: "https://raw.githubusercontent.com/matrix-org/synapse/{{ matrix_prometheus_scraper_synapse_rules_synapse_tag }}/contrib/prometheus/synapse-v2.rules"
matrix_prometheus_scraper_synapse_targets: []
matrix_prometheus_scraper_synapse_workers_enabled_list: []
# Tells whether the "node" scraper configuration is enabled.
# This configuration aims to scrape the current node (this server).
matrix_prometheus_scraper_node_enabled: false
# Target addresses for the "node" scraper configuration.
# Unless you define this as a non-empty list, it gets populated at runtime with the IP address of `matrix-prometheus-node-exporter` and port 9100.
matrix_prometheus_scraper_node_targets: []
# Default prometheus configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_prometheus_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_prometheus_configuration_yaml: "{{ lookup('template', 'templates/prometheus.yml.j2') }}"
matrix_prometheus_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_prometheus_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_prometheus_configuration_yaml`.
matrix_prometheus_configuration_extension: "{{ matrix_prometheus_configuration_extension_yaml | from_yaml if matrix_prometheus_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_prometheus_configuration_yaml`.
matrix_prometheus_configuration: "{{ matrix_prometheus_configuration_yaml | from_yaml | combine(matrix_prometheus_configuration_extension, recursive=True) }}"

20
roles/custom/matrix-prometheus/tasks/main.yml
View file

@ -1,20 +0,0 @@
---
- tags:
- setup-all
- setup-prometheus
- install-all
- install-prometheus
block:
- when: matrix_prometheus_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_prometheus_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
- tags:
- setup-all
- setup-prometheus
block:
- when: not matrix_prometheus_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

57
roles/custom/matrix-prometheus/tasks/setup_install.yml
View file

@ -1,57 +0,0 @@
---
- name: Ensure matrix-prometheus image is pulled
community.docker.docker_image:
name: "{{ matrix_prometheus_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure Prometheus paths exists
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_prometheus_base_path }}"
- "{{ matrix_prometheus_config_path }}"
- "{{ matrix_prometheus_data_path }}"
- name: Download synapse-v2.rules
ansible.builtin.get_url:
url: "{{ matrix_prometheus_scraper_synapse_rules_download_url }}"
dest: "{{ matrix_prometheus_config_path }}/synapse-v2.rules"
force: true
mode: 0440
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: "matrix_prometheus_scraper_synapse_rules_enabled | bool"
register: result
retries: "{{ devture_playbook_help_geturl_retries_count }}"
delay: "{{ devture_playbook_help_geturl_retries_delay }}"
until: result is not failed
- name: Ensure prometheus.yml installed
ansible.builtin.copy:
content: "{{ matrix_prometheus_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_prometheus_config_path }}/prometheus.yml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Prometheus container network is created
community.general.docker_network:
name: "{{ matrix_prometheus_container_network }}"
driver: bridge
- name: Ensure matrix-prometheus.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-prometheus.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service"
mode: 0644

20
roles/custom/matrix-prometheus/tasks/setup_uninstall.yml
View file

@ -1,20 +0,0 @@
---
- name: Check existence of matrix-prometheus service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service"
register: matrix_prometheus_service_stat
- when: matrix_prometheus_service_stat.stat.exists | bool
block:
- name: Ensure matrix-prometheus is stopped
ansible.builtin.service:
name: matrix-prometheus
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-prometheus.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service"
state: absent

15
roles/custom/matrix-prometheus/tasks/validate_config.yml
View file

@ -1,15 +0,0 @@
---
- name: Fail if Synapse metrics or Prometheus Node Exporter not enabled
ansible.builtin.fail:
msg: >
You need to enable `matrix_prometheus_scraper_synapse_enabled` and/or `matrix_prometheus_scraper_node_enabled` for Prometheus grab metrics.
when: "not matrix_prometheus_scraper_synapse_enabled and not matrix_prometheus_scraper_node_enabled"
- name: Fail if required Prometheus settings not defined
ansible.builtin.fail:
msg: >
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- matrix_prometheus_container_network

73
roles/custom/matrix-prometheus/templates/prometheus.yml.j2
View file

@ -1,73 +0,0 @@
#jinja2: lstrip_blocks: "True"
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
{% if matrix_prometheus_scraper_synapse_rules_enabled %}
- 'synapse-v2.rules'
{% endif %}
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: 'prometheus'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
scrape_timeout: 5s
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
static_configs:
- targets: ['localhost:9090']
{% if matrix_prometheus_scraper_synapse_enabled %}
- job_name: 'synapse'
metrics_path: '/_synapse/metrics'
static_configs:
- targets: {{ matrix_prometheus_scraper_synapse_targets|to_json }}
labels:
instance: {{ matrix_domain | to_json }}
job: master
index: 0
{% for worker in matrix_prometheus_scraper_synapse_workers_enabled_list %}
{% if worker.metrics_port != 0 %}
- targets: ['{{ worker.name }}:{{ worker.metrics_port }}']
labels:
instance: {{ matrix_domain | to_json }}
worker_id: {{ worker.id | to_json }}
job: {{ worker.type | to_json }}
app: {{ worker.app | to_json }}
{% endif %}
{% endfor %}
{% endif %}
{% if matrix_prometheus_scraper_node_enabled %}
- job_name: node
static_configs:
- targets: {{ matrix_prometheus_scraper_node_targets|to_json }}
{% endif %}
{% if matrix_prometheus_scraper_postgres_enabled %}
- job_name: postgres
static_configs:
- targets: {{ matrix_prometheus_scraper_postgres_targets|to_json }}
{% endif %}
{% if matrix_prometheus_scraper_hookshot_enabled %}
- job_name: hookshot
static_configs:
- targets: {{ matrix_prometheus_scraper_hookshot_targets|to_json }}
{% endif %}
{% if matrix_prometheus_scraper_nginxlog_enabled %}
- job_name: nginxlog
static_configs:
- targets:
- {{ matrix_prometheus_scraper_nginxlog_server_port}}
{% endif %}

51
roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2
View file

@ -1,51 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=matrix-prometheus
{% for service in matrix_prometheus_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_prometheus_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus 2>/dev/null || true'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-prometheus \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_prometheus_container_network }} \
{% if matrix_prometheus_container_http_host_bind_port %}
-p {{ matrix_prometheus_container_http_host_bind_port }}:9090 \
{% endif %}
-v {{ matrix_prometheus_config_path }}:/etc/prometheus:z \
-v {{ matrix_prometheus_data_path }}:/prometheus:z \
{% for arg in matrix_prometheus_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }}
{% for network in matrix_prometheus_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-prometheus
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-prometheus
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-prometheus
[Install]
WantedBy=multi-user.target

2
roles/custom/matrix-rageshake/defaults/main.yml
View file

@ -16,7 +16,7 @@ matrix_rageshake_path_prefix: /
# There are no stable container image tags yet.
# See: https://github.com/matrix-org/rageshake/issues/69
matrix_rageshake_version: "master"
matrix_rageshake_version: 1.9.0
matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake"
matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config"

2
roles/custom/matrix-sliding-sync/defaults/main.yml
View file

@ -76,7 +76,7 @@ matrix_sliding_sync_systemd_required_services_list: ["docker.service"]
matrix_sliding_sync_systemd_wanted_services_list: []
# Controls the SYNCV3_SERVER environment variable
matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}"
matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_url }}"
# Controls the SYNCV3_SECRET environment variable
matrix_sliding_sync_environment_variable_syncv3_secret: ''

3
roles/custom/matrix_playbook_migration/defaults/main.yml
View file

@ -20,3 +20,6 @@ matrix_playbook_migration_matrix_redis_migration_validation_enabled: true
# Controls if (`matrix_etherpad` -> `etherpad`) validation will run.
matrix_playbook_migration_matrix_etherpad_migration_validation_enabled: true
# Controls if (`matrix_aux` -> `aux`) validation will run.
matrix_playbook_migration_matrix_aux_migration_validation_enabled: true

34
roles/custom/matrix_playbook_migration/tasks/validate_config.yml
View file

@ -39,6 +39,25 @@
- {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'devture_traefik_certs_dumper_enabled'}
- {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'devture_traefik_enabled'}
# Most important variables from the old Prometheus role here, for people who miss the changelog entry
- {'old': 'matrix_prometheus_enabled', 'new': 'prometheus_enabled'}
- {'old': 'matrix_prometheus_process_default_arguments', 'new': 'prometheus_process_default_arguments'}
- {'old': 'matrix_prometheus_process_extra_arguments', 'new': 'prometheus_process_extra_arguments'}
- {'old': 'matrix_prometheus_configuration_extension_yaml', 'new': 'prometheus_configuration_extension_yaml'}
- {'old': 'matrix_prometheus_scraper_synapse_enabled', 'new': 'matrix_prometheus_services_connect_synapse_enabled'}
- {'old': 'matrix_prometheus_scraper_synapse_targets', 'new': '<superseded by matrix_prometheus_services_connect_scraper_synapse_main_process_static_configs_target>'}
- {'old': 'matrix_prometheus_scraper_synapse_workers_enabled_list', 'new': 'matrix_prometheus_services_connect_scraper_synapse_workers_enabled_list'}
- {'old': 'matrix_prometheus_scraper_synapse_rules_synapse_tag', 'new': 'matrix_prometheus_services_connect_synapse_rules_download_synapse_tag'}
- {'old': 'matrix_prometheus_scraper_node_enabled', 'new': 'prometheus_self_node_scraper_enabled'}
- {'old': 'matrix_prometheus_scraper_node_targets', 'new': '<superseded by prometheus_self_node_scraper_static_configs_target>'}
- {'old': 'matrix_prometheus_scraper_postgres_enabled', 'new': 'matrix_prometheus_services_connect_scraper_postgres_enabled'}
- {'old': 'matrix_prometheus_scraper_postgres_targets', 'new': '<superseded by matrix_prometheus_services_connect_scraper_postgres_static_configs_target>'}
- {'old': 'matrix_prometheus_scraper_hookshot_enabled', 'new': 'matrix_prometheus_services_connect_scraper_hookshot_enabled'}
- {'old': 'matrix_prometheus_scraper_hookshot_targets', 'new': '<superseded by matrix_prometheus_services_connect_scraper_hookshot_static_configs_target>'}
- {'old': 'matrix_prometheus_scraper_nginxlog_enabled', 'new': 'matrix_prometheus_services_connect_scraper_nginxlog_enabled'}
- {'old': 'matrix_prometheus_scraper_nginxlog_server_port', 'new': 'matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target'}
- {'old': 'XXXXX', 'new': 'XXXXX'}
- name: (Deprecation) Catch and report matrix_postgres variables
ansible.builtin.fail:
msg: |-
@ -157,3 +176,18 @@
Please change your configuration (vars.yml) to rename all variables (`matrix_etherpad_` -> `etherpad_`).
We found usage of the following variables: {{ matrix_playbook_migration_etherpad_migration_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_etherpad_migration_vars | length > 0"
- when: matrix_playbook_migration_matrix_aux_migration_validation_enabled | bool
block:
- ansible.builtin.set_fact:
matrix_playbook_migration_aux_migration_vars: |-
{{ vars | dict2items | selectattr('key', 'match', 'matrix_aux_.*') | list | items2dict }}
- name: (Deprecation) Catch and report matrix_aux variables
ansible.builtin.fail:
msg: >-
The matrix-aux role that used to be part of this playbook has been replaced by https://github.com/mother-of-all-self-hosting/ansible-role-aux.
The new role is compatible with the old one, but uses different names for its variables.
Please change your configuration (vars.yml) to rename all variables (`matrix_aux_` -> `aux_`).
We found usage of the following variables: {{ matrix_playbook_migration_aux_migration_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_aux_migration_vars | length > 0"