diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 5cd4dd4c..89ab0768 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -54,7 +54,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | | metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | -See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml). +See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml). The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. diff --git a/roles/custom/matrix-bot-maubot/tasks/init.yml b/roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml similarity index 100% rename from roles/custom/matrix-bot-maubot/tasks/init.yml rename to roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml diff --git a/roles/custom/matrix-bot-maubot/tasks/main.yml b/roles/custom/matrix-bot-maubot/tasks/main.yml index 773f4b9f..5e48eed9 100644 --- a/roles/custom/matrix-bot-maubot/tasks/main.yml +++ b/roles/custom/matrix-bot-maubot/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_bot_maubot_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup|bool and matrix_bot_maubot_enabled|bool" diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml deleted file mode 100644 index e07f1afc..00000000 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- - -- when: matrix_appservice_slack_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_appservice_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_appservice_slack_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; - {% endif %} - } - - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_appservice_slack_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}` - URL endpoint to the matrix-appservice-slack container. - You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..4ddcb954 --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_appservice_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_appservice_slack_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; + {% endif %} + } + +- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_appservice_slack_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}` + URL endpoint to the matrix-appservice-slack container. + You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. + when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml index cd83f61f..608b0219 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_appservice_slack_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_appservice_slack_enabled | bool" diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml deleted file mode 100644 index 47a29875..00000000 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- - -- when: matrix_appservice_webhooks_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; - proxy_pass http://$backend/$1; - } - {% else %} - {# Generic configuration for use outside of our container setup #} - location {{ matrix_appservice_webhooks_public_endpoint }}/ { - proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; - } - {% endif %} - - - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}` - URL endpoint to the matrix-appservice-webhooks container. - You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable. - when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..2e4ad18e --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,46 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; + proxy_pass http://$backend/$1; + } + {% else %} + {# Generic configuration for use outside of our container setup #} + location {{ matrix_appservice_webhooks_public_endpoint }}/ { + proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; + } + {% endif %} + +- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}` + URL endpoint to the matrix-appservice-webhooks container. + You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable. + when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml index 30f05469..24908e83 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_appservice_webhooks_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool" diff --git a/roles/custom/matrix-bridge-hookshot/tasks/init.yml b/roles/custom/matrix-bridge-hookshot/tasks/init.yml deleted file mode 100644 index 625e3023..00000000 --- a/roles/custom/matrix-bridge-hookshot/tasks/init.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- - -- when: matrix_hookshot_enabled | bool - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_hookshot_matrix_nginx_proxy_configuration: | - location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; - {% endif %} - proxy_set_header Host $host; - } - {% if matrix_hookshot_provisioning_enabled %} - location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; - {% endif %} - proxy_set_header Host $host; - } - {% endif %} - {% if matrix_hookshot_widgets_enabled %} - location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; - proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; - {% endif %} - proxy_set_header Host $host; - } - {% endif %} - location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; - proxy_pass http://$backend/$1$is_args$args; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args; - {% endif %} - proxy_set_header Host $host; - } - - - name: Register hookshot proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_hookshot_matrix_nginx_proxy_configuration] - }} - - - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) - ansible.builtin.set_fact: - matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | - location /metrics/hookshot { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; - proxy_pass http://$backend/metrics; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; - {% endif %} - } - when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool - - - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] - }} - when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` - URL endpoint to the matrix-hookshot container. - You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. - when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..5712489c --- /dev/null +++ b/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,111 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_hookshot_matrix_nginx_proxy_configuration: | + location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + {% if matrix_hookshot_provisioning_enabled %} + location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; + proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} + {% if matrix_hookshot_widgets_enabled %} + location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; + proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} + location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; + proxy_pass http://$backend/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + +- name: Register hookshot proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_hookshot_matrix_nginx_proxy_configuration] + }} + +- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) + ansible.builtin.set_fact: + matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | + location /metrics/hookshot { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; + {% endif %} + } + when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool + +- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] + }} + when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` + URL endpoint to the matrix-hookshot container. + You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-hookshot/tasks/main.yml b/roles/custom/matrix-bridge-hookshot/tasks/main.yml index 99febe11..5d93af3a 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/main.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_hookshot_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_hookshot_enabled | bool" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml deleted file mode 100644 index 8a4229af..00000000 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- - -- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mautrix_facebook_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_facebook_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-facebook:29319"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9008; - {% endif %} - } - - - name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mautrix_facebook_matrix_nginx_proxy_configuration] - }} - - - name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}` - URL endpoint to the matrix-mautrix-facebook container. - You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. - when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..b9f95cb7 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_facebook_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_facebook_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-facebook:29319"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9008; + {% endif %} + } + +- name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mautrix_facebook_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}` + URL endpoint to the matrix-mautrix-facebook container. + You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml index 3ef2cb23..f166cc5e 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml deleted file mode 100644 index 17e6094d..00000000 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -- when: matrix_mautrix_googlechat_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_googlechat_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-googlechat:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}` - URL endpoint to the matrix-mautrix-googlechat container. - You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable. - when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..6a417b61 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,43 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_googlechat_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-googlechat:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } +- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}` + URL endpoint to the matrix-mautrix-googlechat container. + You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable. + when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml index 070abfcd..e20422a7 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_mautrix_googlechat_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml deleted file mode 100644 index 8850f1cf..00000000 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -- when: matrix_mautrix_hangouts_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_hangouts_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-hangouts:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` - URL endpoint to the matrix-mautrix-hangouts container. - You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. - when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..b5696c84 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_hangouts_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-hangouts:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + +- name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` + URL endpoint to the matrix-mautrix-hangouts container. + You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. + when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml index d6913689..a1b7115b 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_mautrix_hangouts_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml deleted file mode 100644 index d292edc0..00000000 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_telegram_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-telegram:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9006; - {% endif %} - } - - - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] - }} - - name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` - URL endpoint to the matrix-mautrix-telegram container. - You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. - when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..7bbd1551 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_telegram_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-telegram:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9006; + {% endif %} + } + +- name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` + URL endpoint to the matrix-mautrix-telegram container. + You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml index 471f0cf1..d4a5f805 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -1,7 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + +- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml deleted file mode 100644 index 217c733d..00000000 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- - -- when: matrix_mx_puppet_slack_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_slack_redirect_path }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; - {% endif %} - } - - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` - URL endpoint to the matrix-mx-puppet-slack container. - You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..c4e82a5b --- /dev/null +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_slack_redirect_path }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; + {% endif %} + } + +- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` + URL endpoint to the matrix-mx-puppet-slack container. + You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml index 869afc49..8850e6bc 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_mx_puppet_slack_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml deleted file mode 100644 index 4a0ea673..00000000 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- - -- when: matrix_mx_puppet_twitter_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_twitter_webhook_path }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; - {% endif %} - } - - - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` - URL endpoint to the matrix-mx-puppet-twitter container. - You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_twitter_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..df2b76fe --- /dev/null +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_twitter_webhook_path }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; + {% endif %} + } + +- name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` + URL endpoint to the matrix-mx-puppet-twitter container. + You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml index 20e4f686..87f94709 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_mx_puppet_twitter_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool" diff --git a/roles/custom/matrix-cactus-comments/tasks/init.yml b/roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml similarity index 93% rename from roles/custom/matrix-cactus-comments/tasks/init.yml rename to roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml index 5e094107..a1da604c 100644 --- a/roles/custom/matrix-cactus-comments/tasks/init.yml +++ b/roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml @@ -1,9 +1,6 @@ --- -- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool - tags: - - always - block: +- block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- diff --git a/roles/custom/matrix-cactus-comments/tasks/main.yml b/roles/custom/matrix-cactus-comments/tasks/main.yml index 857e2db1..4bef5153 100644 --- a/roles/custom/matrix-cactus-comments/tasks/main.yml +++ b/roles/custom/matrix-cactus-comments/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_cactus_comments_enabled | bool" diff --git a/roles/custom/matrix-etherpad/tasks/init.yml b/roles/custom/matrix-etherpad/tasks/init.yml deleted file mode 100644 index 159dbe87..00000000 --- a/roles/custom/matrix-etherpad/tasks/init.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- - -- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension' - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-etherpad role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Etherpad proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_etherpad_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; - - location {{ matrix_etherpad_public_endpoint }}/ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-etherpad:9001/; - {# These are proxy directives needed specifically by Etherpad #} - proxy_buffering off; - proxy_http_version 1.1; # recommended with keepalive connections - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used - # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% else %} - {# Generic configuration for use outside of our container setup #} - # A good guide for setting up your Etherpad behind nginx: - # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html - proxy_pass http://127.0.0.1:9001/; - {% endif %} - } - - - name: Register Etherpad proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([]) - + - [matrix_etherpad_matrix_nginx_proxy_configuration] - }} diff --git a/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..e32cdf96 --- /dev/null +++ b/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,46 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-etherpad role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Etherpad proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_etherpad_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; + + location {{ matrix_etherpad_public_endpoint }}/ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-etherpad:9001/; + {# These are proxy directives needed specifically by Etherpad #} + proxy_buffering off; + proxy_http_version 1.1; # recommended with keepalive connections + proxy_pass_header Server; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used + # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% else %} + {# Generic configuration for use outside of our container setup #} + # A good guide for setting up your Etherpad behind nginx: + # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html + proxy_pass http://127.0.0.1:9001/; + {% endif %} + } + +- name: Register Etherpad proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([]) + + + [matrix_etherpad_matrix_nginx_proxy_configuration] + }} diff --git a/roles/custom/matrix-etherpad/tasks/main.yml b/roles/custom/matrix-etherpad/tasks/main.yml index caf0dda5..a2c9e077 100644 --- a/roles/custom/matrix-etherpad/tasks/main.yml +++ b/roles/custom/matrix-etherpad/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension' + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: run_setup | bool and matrix_etherpad_enabled | bool diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml deleted file mode 100644 index f035e657..00000000 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -- when: matrix_ldap_registration_proxy_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: | - location {{ matrix_ldap_registration_proxy_registration_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}"; - proxy_pass http://$backend/register; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register; - {% endif %} - } - - - name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration] - }} - - name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}` - URL endpoint to the matrix-ldap-proxy container. - You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable. - when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..472503c9 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: | + location {{ matrix_ldap_registration_proxy_registration_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}"; + proxy_pass http://$backend/register; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register; + {% endif %} + } + +- name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}` + URL endpoint to the matrix-ldap-proxy container. + You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml index 5815774e..1bba9ad1 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_ldap_registration_proxy_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml deleted file mode 100644 index eda1b755..00000000 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- - -- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) - ansible.builtin.set_fact: - matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | - location /metrics/node-exporter { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-prometheus-node-exporter:9100"; - proxy_pass http://$backend/metrics; - {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} - proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } - - - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] - }} diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..24e05ed8 --- /dev/null +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,35 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + ansible.builtin.set_fact: + matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | + location /metrics/node-exporter { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-node-exporter:9100"; + proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + +- name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml index 81b0c702..145adfdd 100644 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" tags: diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml deleted file mode 100644 index d409e2dd..00000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- - -- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) - ansible.builtin.set_fact: - matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | - location /metrics/postgres-exporter { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-prometheus-postgres-exporter:9187"; - proxy_pass http://$backend/metrics; - {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} - proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } - - - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] - }} diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..121efc17 --- /dev/null +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,35 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + ansible.builtin.set_fact: + matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | + location /metrics/postgres-exporter { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-postgres-exporter:9187"; + proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + +- name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml index 43473587..59911efb 100644 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" tags: diff --git a/roles/custom/matrix-registration/tasks/init.yml b/roles/custom/matrix-registration/tasks/init.yml deleted file mode 100644 index a295cdfb..00000000 --- a/roles/custom/matrix-registration/tasks/init.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- - -- when: matrix_registration_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-registration role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_registration_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; - rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; - - location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-registration:5000"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8767/$1; - {% endif %} - - {# - Workaround matrix-registration serving the background image at /static - (see https://github.com/ZerataX/matrix-registration/issues/47) - #} - sub_filter_once off; - sub_filter_types text/css; - sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; - } - - - name: Register matrix-registration proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_registration_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}` - URL endpoint to the matrix-registration container. - You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable. - when: "matrix_registration_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..ac8f4c96 --- /dev/null +++ b/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,55 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-registration role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate matrix-registration proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_registration_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; + rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; + + location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-registration:5000"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8767/$1; + {% endif %} + + {# + Workaround matrix-registration serving the background image at /static + (see https://github.com/ZerataX/matrix-registration/issues/47) + #} + sub_filter_once off; + sub_filter_types text/css; + sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; + } + +- name: Register matrix-registration proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_registration_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}` + URL endpoint to the matrix-registration container. + You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-registration/tasks/main.yml b/roles/custom/matrix-registration/tasks/main.yml index 99b89e3d..1b129b2c 100644 --- a/roles/custom/matrix-registration/tasks/main.yml +++ b/roles/custom/matrix-registration/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_registration_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup | bool and matrix_registration_enabled | bool" diff --git a/roles/custom/matrix-synapse-admin/tasks/init.yml b/roles/custom/matrix-synapse-admin/tasks/init.yml deleted file mode 100644 index 78ebbdec..00000000 --- a/roles/custom/matrix-synapse-admin/tasks/init.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- - -- when: matrix_synapse_admin_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_synapse_admin_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; - - location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-admin:80"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8766/$1; - {% endif %} - } - - - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_synapse_admin_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` - URL endpoint to the matrix-synapse-admin container. - You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. - when: "matrix_synapse_admin_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..6a4af859 --- /dev/null +++ b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,46 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_synapse_admin_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; + + location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-admin:80"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8766/$1; + {% endif %} + } + +- name: Register Synapse Admin proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_synapse_admin_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` + URL endpoint to the matrix-synapse-admin container. + You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-synapse-admin/tasks/main.yml b/roles/custom/matrix-synapse-admin/tasks/main.yml index 0c6bd942..fed3dec6 100644 --- a/roles/custom/matrix-synapse-admin/tasks/main.yml +++ b/roles/custom/matrix-synapse-admin/tasks/main.yml @@ -1,8 +1,10 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_synapse_admin_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: run_setup | bool diff --git a/roles/custom/matrix-synapse/tasks/init.yml b/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml similarity index 92% rename from roles/custom/matrix-synapse/tasks/init.yml rename to roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml index 635ef8f2..f3ce0bf8 100644 --- a/roles/custom/matrix-synapse/tasks/init.yml +++ b/roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml @@ -2,17 +2,17 @@ # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # we'll generate it dynamically. -- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" - when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/inject_into_nginx_proxy.yml" + when: "matrix_synapse_workers_enabled | bool and matrix_synapse_workers_enabled_list | length == 0" - name: Ensure workers are injected into various places ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml" with_items: "{{ matrix_synapse_workers_enabled_list }}" loop_control: loop_var: matrix_synapse_worker_details - when: matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool + when: matrix_synapse_workers_enabled | bool -- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool +- when: matrix_synapse_metrics_proxying_enabled | bool block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml index 7068dcef..0cd35eb6 100644 --- a/roles/custom/matrix-synapse/tasks/main.yml +++ b/roles/custom/matrix-synapse/tasks/main.yml @@ -1,8 +1,19 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- when: matrix_synapse_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-synapse + - start + - start-all + - start-group + - restart + - restart-all + - restart-group + - stop + - stop-all + - stop-group - ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: run_setup | bool and matrix_synapse_enabled | bool diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml similarity index 100% rename from roles/custom/matrix-synapse/tasks/synapse/workers/init.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml