Merge branch 'master' into pub.solar
This commit is contained in:
commit
7f9ff30731
|
@ -13,4 +13,4 @@ skip_list:
|
|||
# before finally dumping it to a file.
|
||||
- template-instead-of-copy
|
||||
|
||||
offline: false
|
||||
offline: true
|
||||
|
|
4
.github/workflows/matrix.yml
vendored
4
.github/workflows/matrix.yml
vendored
|
@ -21,4 +21,6 @@ jobs:
|
|||
- name: Check out
|
||||
uses: actions/checkout@v3
|
||||
- name: Run ansible-lint
|
||||
uses: ansible-community/ansible-lint-action@main
|
||||
uses: ansible-community/ansible-lint-action@v6.8.2
|
||||
with:
|
||||
path: roles/custom
|
||||
|
|
69
CHANGELOG.md
69
CHANGELOG.md
|
@ -1,3 +1,72 @@
|
|||
# 2022-11-22
|
||||
|
||||
# Automatic `matrix_architecture` determination
|
||||
|
||||
From now on, the playbook automatically determines your server's architecture and sets the `matrix_architecture` variable accordingly.
|
||||
You no longer need to set this variable manually in your `vars.yml` file.
|
||||
|
||||
# Docker and the Docker SDK for Python are now installed via external roles
|
||||
|
||||
We're continuing our effort to make [the playbook use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things), so as to avoid doing everything ourselves and to facilitate code re-use.
|
||||
|
||||
Docker will now be installed on the server via the [geerlingguy.docker](https://github.com/geerlingguy/ansible-role-docker) Ansible role.
|
||||
If you'd like to manage the Docker installation yourself, you can disable the playbook's installation of Docker by setting `matrix_playbook_docker_installation_enabled: false`.
|
||||
|
||||
The Docker SDK for Python (named `docker-python`, `python-docker`, etc. on the different platforms) is now also installed by another role ([com.devture.ansible.role.docker_sdk_for_python](https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python)). To disable this role and install the necessary tools yourself, use `devture_docker_sdk_for_python_installation_enabled: false`.
|
||||
|
||||
If you're hitting issues with Docker installation or Docker SDK for Python installation, consider reporting bugs or contributing to these other projects.
|
||||
|
||||
These additional roles are downloaded into the playbook directory (to `roles/galaxy`) via an `ansible-galaxy ..` command. `make roles` is an easy shortcut for invoking the `ansible-galaxy` command to download these roles.
|
||||
|
||||
|
||||
# 2022-11-20
|
||||
|
||||
## (Backward Compatibility Break) Changing how reverse-proxying to Synapse works - now via a `matrix-synapse-reverse-proxy-companion` service
|
||||
|
||||
**TLDR**: There's now a `matrix-synapse-reverse-proxy-companion` nginx service, which helps with reverse-proxying to Synapse and its various worker processes (if workers are enabled), so that `matrix-nginx-proxy` can be relieved of this role. `matrix-nginx-proxy` still remains as the public SSL-terminating reverse-proxy in the playbook. `matrix-synapse-reverse-proxy-companion` is just one more reverse-proxy thrown into the mix for convenience. People with a more custom reverse-proxying configuration may be affected - see [Webserver configuration](#webserver-configuration) below.
|
||||
|
||||
### Background
|
||||
|
||||
Previously, `matrix-nginx-proxy` forwarded requests to Synapse directly. When Synapse is running in worker mode, the reverse-proxying configuration is more complicated (different requests need to go to different Synapse worker processes). `matrix-nginx-proxy` had configuration for sending each URL endpoint to the correct Synapse worker responsible for handling it. However, sometimes people like to disable `matrix-nginx-proxy` (for whatever reason) as detailed in [Using your own webserver, instead of this playbook's nginx proxy](docs/configuring-playbook-own-webserver.md).
|
||||
|
||||
Because `matrix-nginx-proxy` was so central to request forwarding, when it was disabled and Synapse was running with workers enabled, there was nothing which could forward requests to the correct place anymore.. which caused [problems such as this one affecting Dimension](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090).
|
||||
|
||||
### Solution
|
||||
|
||||
From now on, `matrix-nginx-proxy` is relieved of its function of reverse-proxying to Synapse and its various worker processes.
|
||||
This role is now handled by the new `matrix-synapse-reverse-proxy-companion` nginx service and works even if `matrix-nginx-proxy` is disabled.
|
||||
The purpose of the new `matrix-synapse-reverse-proxy-companion` service is to:
|
||||
|
||||
- serve as a companion to Synapse and know how to reverse-proxy to Synapse correctly (no matter if workers are enabled or not)
|
||||
|
||||
- provide a unified container address for reaching Synapse (no matter if workers are enabled or not)
|
||||
- `matrix-synapse-reverse-proxy-companion:8008` for Synapse Client-Server API traffic
|
||||
- `matrix-synapse-reverse-proxy-companion:8048` for Synapse Server-Server (Federation) API traffic
|
||||
|
||||
- simplify `matrix-nginx-proxy` configuration - it now only needs to send requests to `matrix-synapse-reverse-proxy-companion` or `matrix-dendrite`, etc., without having to worry about workers
|
||||
|
||||
- allow reverse-proxying to Synapse, even if `matrix-nginx-proxy` is disabled
|
||||
|
||||
`matrix-nginx-proxy` still remains as the public SSL-terminating reverse-proxy in the playbook. All traffic goes through it before reaching any of the services.
|
||||
It's just that now the Synapse traffic is routed through `matrix-synapse-reverse-proxy-companion` like this:
|
||||
|
||||
(`matrix-nginx-proxy` -> `matrix-synapse-reverse-proxy-companion` -> (`matrix-synapse` or some Synapse worker)).
|
||||
|
||||
Various services (like Dimension, etc.) still talk to Synapse via `matrix-nginx-proxy` (e.g. `http://matrix-nginx-proxy:12080`) preferentially. They only talk to Synapse via the reverse-proxy companion (e.g. `http://matrix-synapse-reverse-proxy-companion:8008`) if `matrix-nginx-proxy` is disabled. Services should not be talking to Synapse (e.g. `https://matrix-synapse:8008` directly anymore), because when workers are enabled, that's the Synapse `master` process and may not be serving all URL endpoints needed by the service.
|
||||
|
||||
### Webserver configuration
|
||||
|
||||
- if you're using `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: true`, which is the default for the playbook), you don't need to do anything
|
||||
|
||||
- if you're using your own `nginx` webserver running on the server, you shouldn't be affected. The `/matrix/nginx/conf.d` configuration and exposed ports that you're relying on will automatically be updated in a way that should work
|
||||
|
||||
- if you're using another local webserver (e.g. Apache, etc.) and haven't changed any ports (`matrix_*_host_bind_port` definitions), you shouldn't be affected. You're likely sending Matrix traffic to `127.0.0.1:8008` and `127.0.0.1:8048`. These ports (`8008` and `8048`) will still be exposed on `127.0.0.1` by default - just not by the `matrix-synapse` container from now on, but by the `matrix-synapse-reverse-proxy-companion` container instead
|
||||
|
||||
- if you've been exposing `matrix-synapse` ports (`matrix_synapse_container_client_api_host_bind_port`, etc.) manually, you should consider exposing `matrix-synapse-reverse-proxy-companion` ports instead
|
||||
|
||||
- if you're running Traefik and reverse-proxying directly to the `matrix-synapse` container, you should start reverse-proxying to the `matrix-synapse-reverse-proxy-companion` container instead. See [our updated Traefik example configuration](docs/configuring-playbook-own-webserver.md#sample-configuration-for-running-behind-traefik-20). Note: we now recommend calling the federation entry point `federation` (instead of `synapse`) and reverse-proxying the federation traffic via `matrix-nginx-proxy`, instead of sending it directly to Synapse (or `matrix-synapse-reverse-proxy-companion`). This makes the configuration simpler.
|
||||
|
||||
|
||||
# 2022-11-05
|
||||
|
||||
## (Backward Compatibility Break) A new default standalone mode for Etherpad
|
||||
|
|
2
Makefile
2
Makefile
|
@ -8,4 +8,4 @@ roles: ## Pull roles
|
|||
ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
|
||||
|
||||
lint: ## Runs ansible-lint against all roles in the playbook
|
||||
ansible-lint
|
||||
ansible-lint roles/custom
|
||||
|
|
263
README.md
263
README.md
|
@ -15,139 +15,146 @@ We run all services in [Docker](https://www.docker.com/) containers (see [the co
|
|||
|
||||
## Supported services
|
||||
|
||||
Using this playbook, you can get the following services configured on your server:
|
||||
Using this playbook, you can get the following list of services configured on your server. Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
|
||||
|
||||
- (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network
|
||||
|
||||
- (optional) a [Conduit](https://conduit.rs) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements
|
||||
|
||||
- (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse.
|
||||
|
||||
- (optional) [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys) or [`synapse-s3-storage-provider`](https://github.com/matrix-org/synapse-s3-storage-provider)
|
||||
|
||||
- (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible.
|
||||
|
||||
- (optional, default) a [coturn](https://github.com/coturn/coturn) STUN/TURN server for WebRTC audio/video calls
|
||||
|
||||
- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Element web UI
|
||||
|
||||
- (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default
|
||||
|
||||
- (optional) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server
|
||||
|
||||
- (optional, default) an [Exim](https://www.exim.org/) mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server)
|
||||
|
||||
- (optional, default) an [nginx](http://nginx.org/) web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md)
|
||||
|
||||
- (optional, advanced) the [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) REST authentication password provider module
|
||||
|
||||
- (optional, advanced) the [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) password provider module
|
||||
|
||||
- (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module
|
||||
|
||||
- (optional, advanced) the [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) a proxy that handles Matrix registration requests and forwards them to LDAP.
|
||||
|
||||
- (optional, advanced) the [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) spam checker module
|
||||
|
||||
- (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server
|
||||
|
||||
- (optional) the [mautrix-discord](https://github.com/mautrix/discord) bridge for bridging your Matrix server to [Discord](https://discord.com/) - see [docs/configuring-playbook-bridge-mautrix-discord.md](docs/configuring-playbook-bridge-mautrix-discord.md) for setup documentation
|
||||
|
||||
- (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)
|
||||
|
||||
- (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/)
|
||||
|
||||
- (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
|
||||
|
||||
- (optional) the [mautrix-twitter](https://github.com/mautrix/twitter) bridge for bridging your Matrix server to [Twitter](https://twitter.com/)
|
||||
|
||||
- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
|
||||
|
||||
- (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)
|
||||
|
||||
- (optional) the [mautrix-instagram](https://github.com/mautrix/instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/)
|
||||
|
||||
- (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/)
|
||||
|
||||
- (optional) the [beeper-linkedin](https://github.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/)
|
||||
|
||||
- (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
|
||||
|
||||
- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
|
||||
|
||||
- (optional) the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge for bridging your Matrix server to [Slack](https://slack.com/)
|
||||
|
||||
- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
|
||||
|
||||
- (optional) the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular
|
||||
|
||||
- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation
|
||||
|
||||
- (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation
|
||||
|
||||
- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
|
||||
|
||||
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms - see [docs/configuring-playbook-email2matrix.md](docs/configuring-playbook-email2matrix.md) for setup documentation
|
||||
|
||||
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients - see [docs/configuring-playbook-dimension.md](docs/configuring-playbook-dimension.md) for setup documentation
|
||||
|
||||
- (optional) [Etherpad](https://etherpad.org), an open source collaborative text editor - see [docs/configuring-playbook-etherpad.md](docs/configuring-playbook-etherpad.md) for setup documentation
|
||||
|
||||
- (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform - see [docs/configuring-playbook-jitsi.md](docs/configuring-playbook-jitsi.md) for setup documentation
|
||||
|
||||
- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
|
||||
|
||||
- (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation
|
||||
|
||||
- (optional) [maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-maubot.md](docs/configuring-playbook-bot-maubot.md) for setup documentation
|
||||
|
||||
- (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation
|
||||
|
||||
- (optional) [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email to matrix bot - see [docs/configuring-playbook-bot-postmoogle.md](docs/configuring-playbook-bot-postmoogle.md) for setup documentation
|
||||
|
||||
- (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation
|
||||
|
||||
- (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation
|
||||
|
||||
- (optional) [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), a web UI tool for administrating users and rooms on your Matrix server - see [docs/configuring-playbook-synapse-admin.md](docs/configuring-playbook-synapse-admin.md) for setup documentation
|
||||
|
||||
- (optional) [matrix-registration](https://github.com/ZerataX/matrix-registration), a simple python application to have a token based matrix registration - see [docs/configuring-playbook-matrix-registration.md](docs/configuring-playbook-matrix-registration.md) for setup documentation
|
||||
|
||||
- (optional) the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI - see [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](docs/configuring-playbook-prometheus-grafana.md) for setup documentation
|
||||
|
||||
- (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation
|
||||
|
||||
- (optional) the [ntfy](https://ntfy.sh) push notifications server - see [docs/configuring-playbook-ntfy.md](docs/configuring-playbook-ntfy.md) for setup documentation
|
||||
|
||||
- (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation
|
||||
|
||||
- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
|
||||
|
||||
- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation
|
||||
|
||||
- (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation
|
||||
|
||||
- (optional) [Cactus Comments](https://cactus.chat), a federated comment system built on matrix - see [docs/configuring-playbook-cactus-comments.md](docs/configuring-playbook-cactus-comments.md) for setup documentation
|
||||
|
||||
Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
|
||||
|
||||
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
|
||||
**Note**: the list below is exhaustive. It includes optional or even some advanced components that you will most likely not need.
|
||||
Sticking with the defaults (which install a subset of the above components) is the best choice, especially for a new installation.
|
||||
You can always re-run the playbook later to add or remove components.
|
||||
|
||||
|
||||
### Homeserver
|
||||
|
||||
The homeserver is the backbone of your matrix system. Choose one from the following list.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
| [Synapse](https://github.com/matrix-org/synapse) | ✓ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
|
||||
| [Conduit](https://conduit.rs) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
|
||||
| [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) |
|
||||
|
||||
### Clients
|
||||
|
||||
Web clients for matrix that you can host on your own domains.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
[Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) |
|
||||
| [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Web client | [Link](docs/configuring-playbook-client-hydrogen.md) |
|
||||
| [Cinny](https://github.com/ajbura/cinny) | x | Web client | [Link](docs/configuring-playbook-client-cinny.md) |
|
||||
|
||||
|
||||
|
||||
### Server Components
|
||||
|
||||
Services that run on the server to make the various parts of your installation work.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
| [PostgreSQL](https://www.postgresql.org/)| ✓ | Database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. | [Link](docs/configuring-playbook-external-postgres.md) |
|
||||
| [Coturn](https://github.com/coturn/coturn) | ✓ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
|
||||
| [nginx](http://nginx.org/) | ✓ | Web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md) | [Link](docs/configuring-playbook-nginx.md) |
|
||||
| [Let's Encrypt](https://letsencrypt.org/) | ✓ | Free SSL certificate, which secures the connection to the Synapse server and the Element web UI | [Link](docs/configuring-playbook-ssl-certificates.md) |
|
||||
| [ma1sd](https://github.com/ma1uta/ma1sd) | x | Matrix Identity Server | [Link](configuring-playbook-ma1sd.md)
|
||||
| [Exim](https://www.exim.org/) | ✓ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | - |
|
||||
| [Dimension](https://github.com/turt2live/matrix-dimension) | x | An open source integrations manager for matrix clients | [Link](docs/configuring-playbook-dimension.md) |
|
||||
| [Sygnal](https://github.com/matrix-org/sygnal) | x | Push gateway | [Link](docs/configuring-playbook-sygnal.md) |
|
||||
| [ntfy](https://ntfy.sh) | x | Push notifications server | [Link](docs/configuring-playbook-ntfy.md) |
|
||||
|
||||
|
||||
### Authentication
|
||||
|
||||
Extend and modify how users are authenticated on your homeserver.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
| [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) (advanced) | x | REST authentication password provider module | [Link](docs/configuring-playbook-rest-auth.md) |
|
||||
|[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | x | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) |
|
||||
| [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | x | LDAP Auth password provider module | [Link](configuring-playbook-ldap-auth.md) |
|
||||
| [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) (advanced) | x | A proxy that handles Matrix registration requests and forwards them to LDAP. | [Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md) |
|
||||
| [matrix-registration](https://github.com/ZerataX/matrix-registration) | x | A simple python application to have a token based matrix registration | [Link](docs/configuring-playbook-matrix-registration.md) |
|
||||
|
||||
|
||||
### File Storage
|
||||
|
||||
Use alternative file storage to the default `media_store` folder.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
| [Goofys](https://github.com/kahing/goofys) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3-goofys.md) |
|
||||
| [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3.md) |
|
||||
|
||||
### Bridges
|
||||
|
||||
Bridges can be used to connect your matrix installation with third-party communication networks.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
[mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) |
|
||||
| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) |
|
||||
| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) |
|
||||
| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) |
|
||||
| [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) |
|
||||
| [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) |
|
||||
| [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) |
|
||||
| [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge for bridging your Matrix server to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) |
|
||||
| [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge for bridging your Matrix server to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) |
|
||||
| [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) |
|
||||
| [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
|
||||
| [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge for bridging your Matrix server to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) |
|
||||
| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) |
|
||||
| [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) | x | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) | [Link](docs/configuring-playbook-bridge-appservice-webhooks.md) |
|
||||
| [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) | x | Bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) |
|
||||
| [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | x | Bridge for bridging your Matrix server to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) |
|
||||
| [Heisenbridge](https://github.com/hifi/heisenbridge) | x | Bridge for bridging your Matrix server to IRC bouncer-style | [Link](docs/configuring-playbook-bridge-heisenbridge.md) |
|
||||
| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | x | Bridge for bridging your Matrix server to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) |
|
||||
| [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) |
|
||||
| [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) | x | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-instagram.md) |
|
||||
| [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) | x | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-twitter.md) |
|
||||
| [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) | x | Bridge for [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) |
|
||||
| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | x | Bridge for [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) |
|
||||
| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | x | Bridge for [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) |
|
||||
| [Email2Matrix](https://github.com/devture/email2matrix) | x | Bridge for relaying email messages to Matrix rooms | [Link](docs/configuring-playbook-email2matrix.md) |
|
||||
|
||||
|
||||
### Bots
|
||||
|
||||
Bots provide various additional functionality to your installation.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
| [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) | x | Bot for scheduling one-off & recurring reminders and alarms | [Link](docs/configuring-playbook-bot-matrix-reminder-bot.md) |
|
||||
| [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) | x | Bot for invitations by creating and managing registration tokens | [Link](docs/configuring-playbook-bot-matrix-registration-bot.md) |
|
||||
| [maubot](https://github.com/maubot/maubot) | x | A plugin-based Matrix bot system | [Link](docs/configuring-playbook-bot-maubot.md) |
|
||||
| [honoroit](https://gitlab.com/etke.cc/honoroit) | x | A helpdesk bot | [Link](docs/configuring-playbook-bot-honoroit.md) |
|
||||
| [Postmoogle](https://gitlab.com/etke.cc/postmoogle) | x | Email to matrix bot | [Link](docs/configuring-playbook-bot-postmoogle.md) |
|
||||
| [Go-NEB](https://github.com/matrix-org/go-neb) | x | A multi functional bot written in Go | [Link](docs/configuring-playbook-bot-go-neb.md) |
|
||||
| [Mjolnir](https://github.com/matrix-org/mjolnir) | x | A moderation tool for Matrix | [Link](docs/configuring-playbook-bot-mjolnir.md) |
|
||||
| [Buscarron](https://gitlab.com/etke.cc/buscarron) | x | Web forms (HTTP POST) to matrix | [Link](docs/configuring-playbook-bot-buscarron.md) |
|
||||
|
||||
### Administration
|
||||
|
||||
Services that help you in administrating and monitoring your matrix installation.
|
||||
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
| [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) | x | A web UI tool for administrating users and rooms on your Matrix server | [Link](docs/configuring-playbook-synapse-admin.md) |
|
||||
| Metrics and Graphs | x | Consists of the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI | [Link](docs/configuring-playbook-prometheus-grafana.md) |
|
||||
| [Borg](https://borgbackup.org) | x | Backups | [Link](docs/configuring-playbook-backup-borg.md) |
|
||||
|
||||
### Misc
|
||||
|
||||
Various services that don't fit any other category.
|
||||
|
||||
| Name | Default? | Description | Documentation |
|
||||
| ---- | -------- | ----------- | ------------- |
|
||||
| [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) (advanced) | x | A spam checker module | [Link](docs/configuring-playbook-synapse-simple-antispam.md) |
|
||||
| [Matrix Corporal](https://github.com/devture/matrix-corporal) (advanced) | x | Reconciliator and gateway for a managed Matrix server | [Link](docs/configuring-playbook-matrix-corporal.md) |
|
||||
| [Etherpad](https://etherpad.org) | x | An open source collaborative text editor | [Link](docs/configuring-playbook-etherpad.md) |
|
||||
| [Jitsi](https://jitsi.org/) | x | An open source video-conferencing platform | [Link](docs/configuring-playbook-jitsi.md) |
|
||||
| [Cactus Comments](https://cactus.chat) | x | A federated comment system built on matrix | [Link](docs/configuring-playbook-cactus-comments.md) |
|
||||
|
||||
|
||||
## Installation
|
||||
|
||||
To configure and install Matrix on your own server, follow the [README in the docs/ directory](docs/README.md).
|
||||
|
|
|
@ -1,26 +1,18 @@
|
|||
# Alternative architectures
|
||||
|
||||
As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
|
||||
As stated in the [Prerequisites](prerequisites.md), currently only `amd64` (`x86_64`) is fully supported.
|
||||
|
||||
To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)):
|
||||
The playbook automatically determines the target server's architecture (the `matrix_architecture` variable) to be one of the following:
|
||||
|
||||
```yaml
|
||||
matrix_architecture: <your-matrix-server-architecture>
|
||||
```
|
||||
|
||||
Currently supported architectures are the following:
|
||||
- `amd64` (the default)
|
||||
- `arm64`
|
||||
- `amd64` (`x86_64`)
|
||||
- `arm32`
|
||||
- `arm64`
|
||||
|
||||
so for the Raspberry Pi, the following should be in your `vars.yml` file:
|
||||
Some tools and container images can be built on the host or other measures can be used to install on that architecture.
|
||||
|
||||
```yaml
|
||||
matrix_architecture: "arm32"
|
||||
```
|
||||
|
||||
## Implementation details
|
||||
|
||||
For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used for all components (except [Hydrogen](configuring-playbook-client-hydrogen.md), which goes through self-building).
|
||||
|
||||
For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.
|
||||
For other architecture (`arm64`, `arm32`), components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.
|
||||
|
|
|
@ -53,7 +53,7 @@ You can either [run Ansible in a container on the Matrix server itself](#running
|
|||
To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation.
|
||||
Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:
|
||||
|
||||
- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
|
||||
- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_playbook_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
|
||||
- **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around
|
||||
|
||||
Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md).
|
||||
|
|
32
docs/configuring-playbook-dendrite.md
Normal file
32
docs/configuring-playbook-dendrite.md
Normal file
|
@ -0,0 +1,32 @@
|
|||
# Configuring Dendrite (optional)
|
||||
|
||||
By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Dendrite](https://github.com/matrix-org/dendrite).
|
||||
|
||||
**NOTES**:
|
||||
|
||||
- **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Dendrite). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet.
|
||||
|
||||
- **homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding
|
||||
|
||||
The playbook provided settings for Dendrite are defined in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml) and they ultimately end up in the generated `/matrix/dendrite/config/dendrite.yaml` file (on the server). This file is generated from the [`roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2`](../roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2) template.
|
||||
|
||||
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
|
||||
|
||||
Alternatively, **if there is no pre-defined variable** for a Dendrite setting you wish to change:
|
||||
|
||||
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Dendrite's various settings that rarely get used.
|
||||
|
||||
- or, you can **extend and override the default configuration** ([`dendrite.yaml.j2`](../roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2)) by making use of the `matrix_dendrite_configuration_extension_yaml` variable. You can find information about this in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml).
|
||||
|
||||
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_dendrite_configuration` (or `matrix_dendrite_configuration_yaml`). You can find information about this in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml).
|
||||
|
||||
|
||||
|
||||
## Installation
|
||||
|
||||
To use Dendrite, you **generally** need the following additional `vars.yml` configuration:
|
||||
|
||||
```yaml
|
||||
matrix_homeserver_implementation: dendrite
|
||||
```
|
||||
|
|
@ -70,7 +70,7 @@ matrix_email2matrix_matrix_mappings:
|
|||
SkipMarkdown: true
|
||||
```
|
||||
|
||||
You can also set `MatrixHomeserverUrl` to `http://matrix-synapse:8008`, instead of the public `https://matrix.DOMAIN`.
|
||||
You can also set `MatrixHomeserverUrl` to `http://matrix-synapse-reverse-proxy-companion:8008`, instead of the public `https://matrix.DOMAIN`.
|
||||
However, that's more likely to break in the future if you switch to another server implementation than Synapse.
|
||||
|
||||
Re-run the playbook (`--tags=setup-email2matrix,start`) and try sending an email to `my-mailbox@matrix.DOMAIN`.
|
||||
|
|
|
@ -41,6 +41,13 @@ If you want to manage and remove old unused pads from Etherpad, you will first n
|
|||
Then from the plugin manager page (`https://etherpad.<your-domain>/admin/plugins` or `https://dimension.<your-domain>/etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
|
||||
|
||||
|
||||
## How to use Etherpad widgets without an Integration Manager (like Dimension)
|
||||
|
||||
This is how it works in Element, it might work quite similar with other clients:
|
||||
|
||||
To integrate a standalone etherpad in a room, create your pad by visiting `https://etherpad.DOMAIN`. When the pad opens, copy the URL and send a command like this to the room: `/addwidget URL`. You will then find your integrated Etherpad within the right sidebar in the `Widgets` section.
|
||||
|
||||
|
||||
## Set Dimension default to the self-hosted Etherpad (optional)
|
||||
|
||||
If you decided to install [Dimension integration manager](configuring-playbook-dimension.md) alongside Etherpad, the Dimension administrator users can configure the default URL template.
|
||||
|
|
|
@ -46,6 +46,9 @@ matrix_synapse_federation_port_enabled: false
|
|||
|
||||
# This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server.
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
|
||||
|
||||
# This stops the federation port on the synapse-reverse-proxy-companion side (normally `matrix-synapse-reverse-proxy-companion:8048` on the container network).
|
||||
matrix_synapse_reverse_proxy_companion_federation_api_enabled: false
|
||||
```
|
||||
|
||||
## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports
|
||||
|
|
|
@ -127,6 +127,70 @@ Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/
|
|||
|
||||
You may want to **limit the maximum video resolution**, to save up resources on both server and clients.
|
||||
|
||||
## (Optional) Additional JVBs
|
||||
|
||||
By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)) is deployed on the same host as the Matrix server. To allow more video-conferences to happen at the same time, you may need to provision additional JVB services on other hosts.
|
||||
|
||||
There is an ansible playbook that can be run with the following tag:
|
||||
` ansible-playbook -i inventory/hosts --limit jitsi_jvb_servers jitsi_jvb.yml --tags=common,setup-additional-jitsi-jvb,start`
|
||||
|
||||
For this role to work you will need an additional section in the ansible hosts file with the details of the JVB hosts, for example:
|
||||
```
|
||||
[jitsi_jvb_servers]
|
||||
<your jvb hosts> ansible_host=<ip address of the jvb host>
|
||||
```
|
||||
|
||||
Each JVB will require a server id to be set so that it can be uniquely identified and this allows Jitsi to keep track of which conferences are on which JVB.
|
||||
The server id is set with the variable `matrix_jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container.
|
||||
This variable can be set via the host file, a parameter to the ansible command or in the `vars.yaml` for the host which will have the additional JVB. For example:
|
||||
|
||||
``` yaml
|
||||
matrix_jitsi_jvb_server_id: 'jvb-2'
|
||||
```
|
||||
|
||||
``` INI
|
||||
[jitsi_jvb_servers]
|
||||
jvb-2.example.com ansible_host=192.168.0.2 matrix_jitsi_jvb_server_id=jvb-2
|
||||
jvb-3.example.com ansible_host=192.168.0.3 matrix_jitsi_jvb_server_id=jvb-2
|
||||
```
|
||||
|
||||
Note that the server id `jvb-1` is reserved for the JVB instance running on the Matrix host and therefore should not be used as the id of an additional jvb host.
|
||||
|
||||
The additional JVB will also need to expose the colibri web socket port and this can be done with the following variable:
|
||||
|
||||
```yaml
|
||||
matrix_jitsi_jvb_container_colibri_ws_host_bind_port: 9090
|
||||
```
|
||||
|
||||
The JVB will also need to know where the prosody xmpp server is located, similar to the server id this can be set in the vars for the JVB by using the variable
|
||||
`matrix_jitsi_xmpp_server`. The Jitsi prosody container is deployed on the matrix server by default so the value can be set to the matrix domain. For example:
|
||||
|
||||
```yaml
|
||||
matrix_jitsi_xmpp_server: "{{ matrix_domain }}"
|
||||
```
|
||||
|
||||
However, it can also be set the ip address of the matrix server. This can be useful if you wish to use a private ip. For example:
|
||||
|
||||
```yaml
|
||||
matrix_jitsi_xmpp_server: "192.168.0.1"
|
||||
```
|
||||
|
||||
The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable
|
||||
`matrix_nginx_proxy_proxy_jitsi_additional_jvbs`, which contains a dictionary of server ids to ip addresses.
|
||||
|
||||
For example,
|
||||
|
||||
``` yaml
|
||||
matrix_nginx_proxy_proxy_jitsi_additional_jvbs:
|
||||
jvb-2: 192.168.0.2
|
||||
jvb-3: 192.168.0.3
|
||||
```
|
||||
|
||||
|
||||
Applied together this will allow you to provision extra JVB instances which will register themselves with the prosody service and be available for jicofo
|
||||
to route conferences too.
|
||||
|
||||
|
||||
|
||||
## Apply changes
|
||||
|
||||
|
|
|
@ -40,8 +40,8 @@ No matter which external webserver you decide to go with, you'll need to:
|
|||
|
||||
Here are the variables required for the default configuration (Synapse and Element)
|
||||
```
|
||||
matrix_synapse_container_client_api_host_bind_port: '0.0.0.0:8008'
|
||||
matrix_synapse_container_federation_api_plain_host_bind_port: '0.0.0.0:8048'
|
||||
matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: '0.0.0.0:8008'
|
||||
matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: '0.0.0.0:8048'
|
||||
matrix_client_element_container_http_host_bind_port: "0.0.0.0:8765"
|
||||
```
|
||||
|
||||
|
@ -172,31 +172,22 @@ matrix_nginx_proxy_container_extra_arguments:
|
|||
|
||||
# The Nginx proxy container will receive traffic from these subdomains
|
||||
- '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`,`{{ matrix_server_fqn_jitsi }}`)"'
|
||||
|
||||
# (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
|
||||
- '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
|
||||
|
||||
# (The 'default' certificate resolver must be defined in Traefik config)
|
||||
- '--label "traefik.http.routers.matrix-nginx-proxy.tls.certResolver=default"'
|
||||
|
||||
# The Nginx proxy container uses port 8080 internally
|
||||
- '--label "traefik.http.services.matrix-nginx-proxy.loadbalancer.server.port=8080"'
|
||||
|
||||
matrix_synapse_container_extra_arguments:
|
||||
# May be unnecessary depending on Traefik config, but can't hurt
|
||||
- '--label "traefik.enable=true"'
|
||||
|
||||
# The Synapse container will receive traffic from this subdomain
|
||||
- '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"'
|
||||
|
||||
# (The 'synapse' entrypoint must bind to port 8448 in Traefik config)
|
||||
- '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"'
|
||||
|
||||
# Federation
|
||||
- '--label "traefik.http.routers.matrix-nginx-proxy-federation.rule=Host(`{{ matrix_server_fqn_matrix }}`)"'
|
||||
# (The 'federation' entrypoint must bind to port 8448 in Traefik config)
|
||||
- '--label "traefik.http.routers.matrix-nginx-proxy-federation.entrypoints=federation"'
|
||||
# (The 'default' certificate resolver must be defined in Traefik config)
|
||||
- '--label "traefik.http.routers.matrix-synapse.tls.certResolver=default"'
|
||||
|
||||
# The Synapse container uses port 8048 internally
|
||||
- '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"'
|
||||
- '--label "traefik.http.routers.matrix-nginx-proxy-federation.tls.certResolver=default"'
|
||||
# The Nginx proxy container uses port `matrix_nginx_proxy_proxy_matrix_federation_port (8448) internally
|
||||
- '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}"'
|
||||
- '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.scheme={{ "https" if matrix_nginx_proxy_https_enabled else "http" }}"'
|
||||
```
|
||||
|
||||
This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, `dimension.DOMAIN` and `jitsi.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver.
|
||||
|
@ -240,7 +231,7 @@ services:
|
|||
- "--providers.docker.network=traefik"
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--entrypoints.web-secure.address=:443"
|
||||
- "--entrypoints.synapse.address=:8448"
|
||||
- "--entrypoints.federation.address=:8448"
|
||||
- "--certificatesresolvers.default.acme.tlschallenge=true"
|
||||
- "--certificatesresolvers.default.acme.email=YOUR EMAIL"
|
||||
- "--certificatesresolvers.default.acme.storage=/letsencrypt/acme.json"
|
||||
|
|
|
@ -47,6 +47,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||
|
||||
- [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation (optional)
|
||||
|
||||
- [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation (optional)
|
||||
|
||||
- [Configuring Element](configuring-playbook-client-element.md) (optional)
|
||||
|
||||
- [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional)
|
||||
|
|
|
@ -317,7 +317,7 @@ If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by def
|
|||
Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:
|
||||
|
||||
```yaml
|
||||
matrix_docker_installation_enabled: true
|
||||
matrix_playbook_docker_installation_enabled: true
|
||||
```
|
||||
|
||||
### I run another webserver on the same server where I wish to install Matrix. What now?
|
||||
|
|
|
@ -80,6 +80,8 @@ This playbook can upgrade your existing Postgres setup with the following comman
|
|||
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres
|
||||
|
||||
**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.**
|
||||
|
||||
**The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`.
|
||||
To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"`
|
||||
|
||||
|
|
|
@ -6,11 +6,11 @@ The playbook supports self-building of various components, which don't have a co
|
|||
|
||||
For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building).
|
||||
|
||||
To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it directly. If not, it will build the image on the server itself.
|
||||
To make use of self-building, you don't need to do anything. If a component has an image for the specified architecture, the playbook will use it directly. If not, it will build the image on the server itself.
|
||||
|
||||
Note that **not all components support self-building yet**.
|
||||
|
||||
List of roles where self-building the Docker image is currently possible:
|
||||
Possibly outdated list of roles where self-building the Docker image is currently possible:
|
||||
- `matrix-synapse`
|
||||
- `matrix-synapse-admin`
|
||||
- `matrix-client-element`
|
||||
|
|
|
@ -21,11 +21,11 @@ https://matrix.DOMAIN {
|
|||
}
|
||||
|
||||
# Synapse Client<>Server API
|
||||
proxy /_matrix matrix-synapse:8008 {
|
||||
proxy /_matrix matrix-synapse-reverse-proxy-companion:8008 {
|
||||
transparent
|
||||
except /_matrix/identity/ /_matrix/client/r0/user_directory/search
|
||||
}
|
||||
proxy /_synapse/client matrix-synapse:8008 {
|
||||
proxy /_synapse/client matrix-synapse-reverse-proxy-companion:8008 {
|
||||
transparent
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,6 +9,23 @@
|
|||
# You can also override ANY variable (seen here or in any given role),
|
||||
# by re-defining it in your own configuration file (`inventory/host_vars/matrix.<your-domain>`).
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# Playbook #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
# Controls whether to install Docker or not
|
||||
# Also see `devture_docker_sdk_for_python_installation_enabled`.
|
||||
matrix_playbook_docker_installation_enabled: true
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /Playbook #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
|
@ -57,12 +74,10 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d
|
|||
|
||||
matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
|
||||
|
||||
# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}'.
|
||||
# This is because we explicitly disable them for the main Synapse process.
|
||||
matrix_homeserver_container_url: |-
|
||||
{{
|
||||
'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else {
|
||||
'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string),
|
||||
'synapse': ('http://matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string),
|
||||
'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string),
|
||||
'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string),
|
||||
}[matrix_homeserver_implementation]
|
||||
|
@ -71,7 +86,7 @@ matrix_homeserver_container_url: |-
|
|||
matrix_homeserver_container_federation_url: |-
|
||||
{{
|
||||
'http://matrix-nginx-proxy:12088' if matrix_nginx_proxy_enabled else {
|
||||
'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string),
|
||||
'synapse': ('http://matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string),
|
||||
'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string),
|
||||
'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string),
|
||||
}[matrix_homeserver_implementation]
|
||||
|
@ -1255,8 +1270,8 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in
|
|||
# We don't enable bots by default.
|
||||
matrix_bot_postmoogle_enabled: false
|
||||
matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}"
|
||||
matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem"
|
||||
matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem"
|
||||
matrix_bot_postmoogle_tls_cert: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/fullchain.pem {% endfor %}"
|
||||
matrix_bot_postmoogle_tls_key: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/privkey.pem {% endfor %}"
|
||||
|
||||
matrix_bot_postmoogle_systemd_required_services_list: |
|
||||
{{
|
||||
|
@ -1720,6 +1735,7 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr
|
|||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-nginx-proxy
|
||||
|
@ -1782,10 +1798,10 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-ngin
|
|||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088"
|
||||
|
||||
matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
|
||||
matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
|
||||
matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port | string}}"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port | string}}"
|
||||
matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "{{ 'matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:8008' }}"
|
||||
matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:8008"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "{{ 'matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:8048' }}"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:8048"
|
||||
|
||||
matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}"
|
||||
matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}"
|
||||
|
@ -1815,26 +1831,14 @@ matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_ret
|
|||
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1074
|
||||
matrix_nginx_proxy_ocsp_stapling_enabled: "{{ matrix_ssl_retrieval_method != 'self-signed' }}"
|
||||
|
||||
matrix_nginx_proxy_synapse_presence_disabled: "{{ not matrix_synapse_presence_enabled }}"
|
||||
|
||||
matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
|
||||
matrix_nginx_proxy_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
|
||||
matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
|
||||
matrix_nginx_proxy_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}"
|
||||
matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}"
|
||||
matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}"
|
||||
matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}"
|
||||
matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}"
|
||||
matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}"
|
||||
matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
|
||||
matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"
|
||||
|
||||
matrix_nginx_proxy_systemd_wanted_services_list: |
|
||||
{{
|
||||
['matrix-' + matrix_homeserver_implementation + '.service']
|
||||
+
|
||||
(matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled else [])
|
||||
+
|
||||
(['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else [])
|
||||
+
|
||||
(['matrix-corporal.service'] if matrix_corporal_enabled else [])
|
||||
+
|
||||
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
|
||||
|
@ -2330,16 +2334,6 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6
|
|||
# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.
|
||||
matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}"
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
|
||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it,
|
||||
# you can expose Synapse's ports to the host.
|
||||
#
|
||||
# For exposing the Matrix Client API's port (plain HTTP) to the local host.
|
||||
matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port | string }}"
|
||||
#
|
||||
# For exposing the Matrix Federation API's plain port (plain HTTP) to the local host.
|
||||
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port | string }}"
|
||||
#
|
||||
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
|
||||
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
||||
#
|
||||
|
@ -2428,6 +2422,37 @@ matrix_synapse_app_service_runtime_injected_config_files: "{{ matrix_homeserver_
|
|||
#
|
||||
######################################################################
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-synapse-reverse-proxy-companion
|
||||
#
|
||||
######################################################################
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_enabled: "{{ matrix_synapse_enabled }}"
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}"
|
||||
matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-synapse-reverse-proxy-companion
|
||||
#
|
||||
######################################################################
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-synapse-admin
|
||||
|
@ -2736,29 +2761,29 @@ matrix_conduit_systemd_required_services_list: |
|
|||
|
||||
matrix_user_creator_users_auto: |
|
||||
{{
|
||||
[{
|
||||
([{
|
||||
'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
|
||||
'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
|
||||
'initial_type': 'bot',
|
||||
}] if matrix_bot_matrix_reminder_bot_enabled else []
|
||||
}] if matrix_bot_matrix_reminder_bot_enabled else [])
|
||||
+
|
||||
[{
|
||||
([{
|
||||
'username': matrix_bot_honoroit_login,
|
||||
'initial_password': matrix_bot_honoroit_password,
|
||||
'initial_type': 'bot',
|
||||
}] if matrix_bot_honoroit_enabled else []
|
||||
}] if matrix_bot_honoroit_enabled else [])
|
||||
+
|
||||
[{
|
||||
([{
|
||||
'username': matrix_bot_postmoogle_login,
|
||||
'initial_password': matrix_bot_postmoogle_password,
|
||||
'initial_type': 'bot',
|
||||
}] if matrix_bot_postmoogle_enabled else []
|
||||
}] if matrix_bot_postmoogle_enabled else [])
|
||||
+
|
||||
[{
|
||||
([{
|
||||
'username': matrix_bot_buscarron_login,
|
||||
'initial_password': matrix_bot_buscarron_password,
|
||||
'initial_type': 'bot',
|
||||
}] if matrix_bot_buscarron_enabled else []
|
||||
}] if matrix_bot_buscarron_enabled else [])
|
||||
}}
|
||||
|
||||
######################################################################
|
||||
|
|
12
playbooks/jitsi_jvb.yml
Normal file
12
playbooks/jitsi_jvb.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
- name: "Set up additional Jitsi JVB servers"
|
||||
hosts: "jitsi_jvb_servers"
|
||||
become: true
|
||||
|
||||
roles:
|
||||
- role: galaxy/com.devture.ansible.role.playbook_help
|
||||
- role: galaxy/com.devture.ansible.role.systemd_docker_base
|
||||
|
||||
- custom/matrix-base
|
||||
- custom/matrix-jitsi
|
||||
- custom/matrix-common-after
|
110
playbooks/matrix.yml
Executable file
110
playbooks/matrix.yml
Executable file
|
@ -0,0 +1,110 @@
|
|||
---
|
||||
- name: "Set up a Matrix server"
|
||||
hosts: "{{ target if target is defined else 'matrix_servers' }}"
|
||||
become: true
|
||||
|
||||
roles:
|
||||
# Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`).
|
||||
- role: galaxy/com.devture.ansible.role.playbook_help
|
||||
|
||||
- role: galaxy/com.devture.ansible.role.systemd_docker_base
|
||||
|
||||
- role: custom/matrix_playbook_migration
|
||||
|
||||
- when: matrix_playbook_docker_installation_enabled | bool
|
||||
role: galaxy/geerlingguy.docker
|
||||
vars:
|
||||
docker_install_compose: false
|
||||
tags:
|
||||
- setup-docker
|
||||
- setup-all
|
||||
|
||||
- when: devture_docker_sdk_for_python_installation_enabled | bool
|
||||
role: galaxy/com.devture.ansible.role.docker_sdk_for_python
|
||||
tags:
|
||||
- setup-docker
|
||||
- setup-all
|
||||
|
||||
- when: devture_timesync_installation_enabled | bool
|
||||
role: galaxy/com.devture.ansible.role.timesync
|
||||
tags:
|
||||
- setup-timesync
|
||||
- setup-all
|
||||
|
||||
- custom/matrix-base
|
||||
- custom/matrix-dynamic-dns
|
||||
- custom/matrix-mailer
|
||||
- custom/matrix-postgres
|
||||
- custom/matrix-redis
|
||||
- custom/matrix-corporal
|
||||
- custom/matrix-bridge-appservice-discord
|
||||
- custom/matrix-bridge-appservice-slack
|
||||
- custom/matrix-bridge-appservice-webhooks
|
||||
- custom/matrix-bridge-appservice-irc
|
||||
- custom/matrix-bridge-appservice-kakaotalk
|
||||
- custom/matrix-bridge-beeper-linkedin
|
||||
- custom/matrix-bridge-go-skype-bridge
|
||||
- custom/matrix-bridge-mautrix-facebook
|
||||
- custom/matrix-bridge-mautrix-twitter
|
||||
- custom/matrix-bridge-mautrix-hangouts
|
||||
- custom/matrix-bridge-mautrix-googlechat
|
||||
- custom/matrix-bridge-mautrix-instagram
|
||||
- custom/matrix-bridge-mautrix-signal
|
||||
- custom/matrix-bridge-mautrix-telegram
|
||||
- custom/matrix-bridge-mautrix-whatsapp
|
||||
- custom/matrix-bridge-mautrix-discord
|
||||
- custom/matrix-bridge-mx-puppet-discord
|
||||
- custom/matrix-bridge-mx-puppet-groupme
|
||||
- custom/matrix-bridge-mx-puppet-steam
|
||||
- custom/matrix-bridge-mx-puppet-slack
|
||||
- custom/matrix-bridge-mx-puppet-twitter
|
||||
- custom/matrix-bridge-mx-puppet-instagram
|
||||
- custom/matrix-bridge-sms
|
||||
- custom/matrix-bridge-heisenbridge
|
||||
- custom/matrix-bridge-hookshot
|
||||
- custom/matrix-bot-matrix-reminder-bot
|
||||
- custom/matrix-bot-matrix-registration-bot
|
||||
- custom/matrix-bot-maubot
|
||||
- custom/matrix-bot-buscarron
|
||||
- custom/matrix-bot-honoroit
|
||||
- custom/matrix-bot-postmoogle
|
||||
- custom/matrix-bot-go-neb
|
||||
- custom/matrix-bot-mjolnir
|
||||
- custom/matrix-cactus-comments
|
||||
- custom/matrix-synapse
|
||||
- custom/matrix-synapse-reverse-proxy-companion
|
||||
- custom/matrix-dendrite
|
||||
- custom/matrix-conduit
|
||||
- custom/matrix-synapse-admin
|
||||
- custom/matrix-prometheus-node-exporter
|
||||
- custom/matrix-prometheus-postgres-exporter
|
||||
- custom/matrix-prometheus
|
||||
- custom/matrix-grafana
|
||||
- custom/matrix-registration
|
||||
- custom/matrix-client-element
|
||||
- custom/matrix-client-hydrogen
|
||||
- custom/matrix-client-cinny
|
||||
- custom/matrix-jitsi
|
||||
- custom/matrix-ldap-registration-proxy
|
||||
- custom/matrix-ma1sd
|
||||
- custom/matrix-dimension
|
||||
- custom/matrix-etherpad
|
||||
- custom/matrix-email2matrix
|
||||
- custom/matrix-sygnal
|
||||
- custom/matrix-ntfy
|
||||
- custom/matrix-nginx-proxy
|
||||
- custom/matrix-coturn
|
||||
- custom/matrix-aux
|
||||
- custom/matrix-postgres-backup
|
||||
- custom/matrix-backup-borg
|
||||
- custom/matrix-user-creator
|
||||
- custom/matrix-common-after
|
||||
|
||||
# This is pretty much last, because we want it to better serve as a "last known good configuration".
|
||||
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
|
||||
- when: devture_playbook_state_preserver_enabled | bool
|
||||
role: galaxy/com.devture.ansible.role.playbook_state_preserver
|
||||
tags:
|
||||
- setup-all
|
||||
|
||||
- role: galaxy/com.devture.ansible.role.playbook_runtime_messages
|
|
@ -1,5 +1,11 @@
|
|||
---
|
||||
|
||||
- src: geerlingguy.docker
|
||||
version: 6.0.3
|
||||
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
||||
version: 7047b40314c1020e97ed3f15b44876fa88faf874
|
||||
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
|
||||
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
|
||||
|
||||
|
|
|
@ -86,7 +86,7 @@ matrix_federation_public_port: 8448
|
|||
# Recognized values by us are 'amd64', 'arm32' and 'arm64'.
|
||||
# Not all architectures support all services, so your experience (on non-amd64) may vary.
|
||||
# See docs/alternative-architectures.md
|
||||
matrix_architecture: amd64
|
||||
matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}"
|
||||
|
||||
# The architecture for Debian packages.
|
||||
# See: https://wiki.debian.org/SupportedArchitectures
|
||||
|
@ -253,14 +253,6 @@ matrix_well_known_matrix_server_enabled: true
|
|||
# See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc.
|
||||
matrix_well_known_matrix_support_enabled: false
|
||||
|
||||
# Controls whether Docker is automatically installed.
|
||||
# If you change this to false you must install and update Docker manually. You also need to install the docker (https://pypi.org/project/docker/) Python package.
|
||||
matrix_docker_installation_enabled: true
|
||||
|
||||
# Controls the Docker package that is installed.
|
||||
# Possible values are "docker-ce" (default) and "docker.io" (Debian).
|
||||
matrix_docker_package_name: docker-ce
|
||||
|
||||
# Variables to Control which parts of our roles run.
|
||||
run_postgres_import: true
|
||||
run_postgres_upgrade: true
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Get rid of old files and directories
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{ matrix_base_data_path }}/environment-variables"
|
||||
- "{{ matrix_base_data_path }}/scratchpad"
|
|
@ -1,16 +1,10 @@
|
|||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/system_check.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
|
||||
when: run_setup | bool
|
||||
tags:
|
||||
- setup-all
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/server_base/setup.yml"
|
||||
when: run_setup | bool
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
|
||||
|
@ -21,11 +15,13 @@
|
|||
tags:
|
||||
- always
|
||||
- setup-system-user
|
||||
- common
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
|
||||
when: run_setup | bool
|
||||
tags:
|
||||
- setup-all
|
||||
- common
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
|
||||
when: run_setup | bool
|
||||
|
|
|
@ -5,21 +5,6 @@
|
|||
msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
|
||||
when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']"
|
||||
|
||||
# We generally support Ansible 2.7.1 and above.
|
||||
- name: Fail if running on Ansible < 2.7.1
|
||||
ansible.builtin.fail:
|
||||
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
|
||||
when:
|
||||
- "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
|
||||
|
||||
# Though we do not support Ansible 2.9.6 which is buggy
|
||||
- name: Fail if running on Ansible 2.9.6 on Ubuntu
|
||||
ansible.builtin.fail:
|
||||
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
|
||||
when:
|
||||
- ansible_distribution == 'Ubuntu'
|
||||
- "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
|
@ -55,8 +40,14 @@
|
|||
- {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element | default('') }}"}
|
||||
- {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url | default('') }}"}
|
||||
- {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url | default('') }}"}
|
||||
- {'var': matrix_architecture, 'value': "{{ matrix_architecture | default('') }}"}
|
||||
when: "item.value is none or item.value == ''"
|
||||
|
||||
- name: Fail if matrix_architecture is set incorrectly
|
||||
ansible.builtin.fail:
|
||||
msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
|
||||
when: matrix_architecture not in ['amd64', 'arm32', 'arm64']
|
||||
|
||||
- name: Fail if uppercase domain used
|
||||
ansible.builtin.fail:
|
||||
msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
|
||||
|
@ -66,20 +57,6 @@
|
|||
- "{{ matrix_server_fqn_element }}"
|
||||
when: "item != item | lower"
|
||||
|
||||
- name: Fail if using python2 on Archlinux
|
||||
ansible.builtin.fail:
|
||||
msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
|
||||
when:
|
||||
- ansible_distribution == 'Archlinux'
|
||||
- ansible_python.version.major != 3
|
||||
|
||||
- name: Fail if architecture is set incorrectly
|
||||
ansible.builtin.fail:
|
||||
msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
|
||||
when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
|
||||
(ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
|
||||
(ansible_architecture.startswith("armv") and matrix_architecture != "arm32")
|
||||
|
||||
- name: Fail if encountering usage of removed role (mx-puppet-skype)
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
---
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml"
|
||||
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 8
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
|
||||
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7 and ansible_distribution_major_version | int < 30
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
|
||||
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30
|
||||
|
||||
- when: ansible_os_family == 'Debian'
|
||||
block:
|
||||
# ansible_lsb is only available if lsb-release is installed.
|
||||
- name: Ensure lsb-release installed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- lsb-release
|
||||
state: present
|
||||
update_cache: true
|
||||
register: lsb_release_installation_result
|
||||
|
||||
- name: Reread ansible_lsb facts if lsb-release got installed
|
||||
ansible.builtin.setup:
|
||||
filter: ansible_lsb*
|
||||
when: lsb_release_installation_result.changed
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml"
|
||||
when: (ansible_os_family == 'Debian') and (ansible_lsb.id != 'Raspbian')
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
|
||||
when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian')
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
|
||||
when: ansible_distribution == 'Archlinux'
|
||||
|
||||
- name: Ensure Docker is started and autoruns
|
||||
ansible.builtin.service:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: true
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install host dependencies
|
||||
community.general.pacman:
|
||||
name:
|
||||
- python-docker
|
||||
- python-dnspython
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure Docker is installed
|
||||
community.general.pacman:
|
||||
name:
|
||||
- docker
|
||||
state: present
|
||||
when: matrix_docker_installation_enabled | bool
|
|
@ -1,34 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure APT usage dependencies are installed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- gnupg
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure Docker's APT key is trusted
|
||||
ansible.builtin.apt_key:
|
||||
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
|
||||
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
|
||||
state: present
|
||||
register: add_repository_key
|
||||
ignore_errors: true
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker repository is enabled
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
||||
state: present
|
||||
update_cache: true
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker is installed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "{{ matrix_docker_package_name }}"
|
||||
- "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker"
|
||||
state: present
|
||||
when: matrix_docker_installation_enabled | bool
|
|
@ -1,32 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure Docker repository is enabled
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
|
||||
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: 0644
|
||||
with_items:
|
||||
- docker-ce-fedora.repo
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker's RPM key is trusted
|
||||
ansible.builtin.rpm_key:
|
||||
state: present
|
||||
key: https://download.docker.com/linux/fedora/gpg
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker is installed
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "{{ matrix_docker_package_name }}"
|
||||
- python3-pip
|
||||
state: present
|
||||
when: matrix_docker_installation_enabled | bool
|
||||
|
||||
- name: Ensure Docker-Py is installed
|
||||
ansible.builtin.pip:
|
||||
name: docker-py
|
||||
state: present
|
||||
when: matrix_docker_installation_enabled | bool
|
|
@ -1,34 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure APT usage dependencies are installed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- gnupg
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure Docker's APT key is trusted
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/raspbian/gpg
|
||||
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
|
||||
state: present
|
||||
register: add_repository_key
|
||||
ignore_errors: true
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker repository is enabled
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
|
||||
state: present
|
||||
update_cache: true
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker is installed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "{{ matrix_docker_package_name }}"
|
||||
- "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker"
|
||||
state: present
|
||||
when: matrix_docker_installation_enabled | bool
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure Docker repository is enabled
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
|
||||
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: 0644
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker's RPM key is trusted
|
||||
ansible.builtin.rpm_key:
|
||||
state: present
|
||||
key: https://download.docker.com/linux/centos/gpg
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker is installed
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "{{ matrix_docker_package_name }}"
|
||||
- docker-python
|
||||
state: present
|
||||
when: matrix_docker_installation_enabled | bool
|
|
@ -1,37 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure Docker repository is enabled
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
|
||||
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: 0644
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure Docker's RPM key is trusted
|
||||
ansible.builtin.rpm_key:
|
||||
state: present
|
||||
key: https://download.docker.com/linux/centos/gpg
|
||||
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
|
||||
|
||||
- name: Ensure EPEL is installed
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- epel-release
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure Docker is installed
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "{{ matrix_docker_package_name }}"
|
||||
- python3-pip
|
||||
state: present
|
||||
when: matrix_docker_installation_enabled | bool
|
||||
|
||||
- name: Ensure Docker-Py is installed
|
||||
ansible.builtin.pip:
|
||||
name: docker-py
|
||||
state: present
|
||||
when: matrix_docker_installation_enabled | bool
|
23
roles/custom/matrix-base/tasks/system_check.yml
Normal file
23
roles/custom/matrix-base/tasks/system_check.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
|
||||
# We generally support Ansible 2.7.1 and above.
|
||||
- name: Fail if running on Ansible < 2.7.1
|
||||
ansible.builtin.fail:
|
||||
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
|
||||
when:
|
||||
- "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
|
||||
|
||||
# Though we do not support Ansible 2.9.6 which is buggy
|
||||
- name: Fail if running on Ansible 2.9.6 on Ubuntu
|
||||
ansible.builtin.fail:
|
||||
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
|
||||
when:
|
||||
- ansible_distribution == 'Ubuntu'
|
||||
- "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
|
||||
|
||||
- name: Fail if using python2 on Archlinux
|
||||
ansible.builtin.fail:
|
||||
msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
|
||||
when:
|
||||
- ansible_distribution == 'Archlinux'
|
||||
- ansible_python.version.major != 3
|
|
@ -25,6 +25,11 @@
|
|||
"im.vector.riot.jitsi": {
|
||||
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
|
||||
}
|
||||
{% endif %}
|
||||
{% if matrix_client_element_location_sharing_enabled %},
|
||||
"m.tile_server": {
|
||||
"map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json"
|
||||
}
|
||||
{% endif %}
|
||||
,
|
||||
"io.element.e2ee": {
|
||||
|
|
|
@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
|
|||
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
|
||||
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
|
||||
|
||||
matrix_bot_postmoogle_version: v0.9.8
|
||||
matrix_bot_postmoogle_version: v0.9.9
|
||||
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
|
||||
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
|
||||
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
|
||||
|
@ -108,8 +108,12 @@ matrix_bot_postmoogle_loglevel: 'INFO'
|
|||
# Disable encryption
|
||||
matrix_bot_postmoogle_noencryption: false
|
||||
|
||||
# deprecated, use matrix_bot_postmoogle_domains
|
||||
matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
matrix_bot_postmoogle_domains:
|
||||
- "{{ matrix_bot_postmoogle_domain }}" # backward compatibility
|
||||
|
||||
# Password (passphrase) to encrypt account data
|
||||
matrix_bot_postmoogle_data_secret: ""
|
||||
|
||||
|
@ -126,15 +130,15 @@ matrix_bot_postmoogle_submission_host_bind_port: '587'
|
|||
matrix_bot_postmoogle_ssl_path: ""
|
||||
|
||||
## in-container SSL paths
|
||||
# matrix_bot_postmoogle_tls_cert is the SSL certificate's certificate.
|
||||
# This is likely set via group_vars/matrix_servers, so you don't need to set it.
|
||||
# matrix_bot_postmoogle_tls_cert is the SSL certificates' certificates.
|
||||
# This var is likely set via group_vars/matrix_servers, so you don't need to set certs manually.
|
||||
# If you do need to set it manually, note that this is an in-container path.
|
||||
# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path
|
||||
# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem
|
||||
matrix_bot_postmoogle_tls_cert: ""
|
||||
|
||||
# matrix_bot_postmoogle_tls_key is the SSL certificate's key.
|
||||
# This is likely set via group_vars/matrix_servers, so you don't need to set it.
|
||||
# matrix_bot_postmoogle_tls_key is the SSL certificates' keys.
|
||||
# This var is likely set via group_vars/matrix_servers, so you don't need to set keys manually.
|
||||
# If you do need to set it manually, note that this is an in-container path.
|
||||
# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path
|
||||
# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
POSTMOOGLE_LOGIN={{ matrix_bot_postmoogle_login }}
|
||||
POSTMOOGLE_PASSWORD={{ matrix_bot_postmoogle_password }}
|
||||
POSTMOOGLE_HOMESERVER={{ matrix_bot_postmoogle_homeserver }}
|
||||
POSTMOOGLE_DOMAIN={{ matrix_bot_postmoogle_domain }}
|
||||
POSTMOOGLE_DOMAINS={{ matrix_bot_postmoogle_domains | join(' ') }}
|
||||
POSTMOOGLE_PORT={{ matrix_bot_postmoogle_port }}
|
||||
POSTMOOGLE_DB_DSN={{ matrix_bot_postmoogle_database_connection_string }}
|
||||
POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }}
|
||||
|
|
|
@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true
|
|||
matrix_mautrix_facebook_container_image_self_build: false
|
||||
matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
|
||||
|
||||
matrix_mautrix_facebook_version: v0.4.0
|
||||
matrix_mautrix_facebook_version: v0.4.1
|
||||
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
|
||||
matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -8,7 +8,7 @@ matrix_mautrix_googlechat_container_image_self_build: false
|
|||
matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
|
||||
matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}"
|
||||
|
||||
matrix_mautrix_googlechat_version: v0.3.3
|
||||
matrix_mautrix_googlechat_version: v0.4.0
|
||||
# See: https://mau.dev/mautrix/googlechat/container_registry
|
||||
matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
|
||||
matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
|
|
|
@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
|
|||
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
|
||||
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
|
||||
|
||||
matrix_mautrix_whatsapp_version: v0.7.1
|
||||
matrix_mautrix_whatsapp_version: v0.7.2
|
||||
# See: https://mau.dev/mautrix/whatsapp/container_registry
|
||||
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
|
||||
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
|
|
|
@ -135,3 +135,70 @@ matrix_client_element_configuration_extension: "{{ matrix_client_element_configu
|
|||
# Holds the final Element configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`.
|
||||
matrix_client_element_configuration: "{{ matrix_client_element_configuration_default | combine(matrix_client_element_configuration_extension, recursive=True) }}"
|
||||
|
||||
# Element Location sharing functionality
|
||||
# More info: https://element.io/blog/element-launches-e2ee-location-sharing/
|
||||
# How to host your own map tile server: https://matrix.org/docs/guides/map-tile-server
|
||||
matrix_client_element_location_sharing_enabled: false
|
||||
|
||||
# Default Element location sharing map style configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_client_element_location_sharing_map_style_extension_json`)
|
||||
# or completely replace this variable with your own template.
|
||||
#
|
||||
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
|
||||
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
|
||||
matrix_client_element_location_sharing_map_style_default: "{{ lookup('template', 'templates/map_style.json.j2') }}"
|
||||
|
||||
# Your custom JSON configuration for Element location sharing map style should go to `matrix_client_element_location_sharing_map_style_extension_json`.
|
||||
# This configuration extends the default starting configuration (`matrix_client_element_location_sharing_map_style_default`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_client_element_location_sharing_map_style_default`.
|
||||
#
|
||||
# Example configuration override follows:
|
||||
#
|
||||
# matrix_client_element_location_sharing_map_style_extension_json: |
|
||||
# {
|
||||
# "sources": {
|
||||
# "localsource": {
|
||||
# "tileSize": 512
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
#
|
||||
# matrix_client_element_location_sharing_map_style_extension_json: |
|
||||
# {
|
||||
# "sources": {
|
||||
# "anothersource": {
|
||||
# "attribution": "",
|
||||
# "tileSize": 256,
|
||||
# "tiles": ["https://anothertile.example.com/{z}/{x}/{y}.png"],
|
||||
# "type": "raster"
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
matrix_client_element_location_sharing_map_style_extension_json: '{}'
|
||||
|
||||
matrix_client_element_location_sharing_map_style_extension: "{{ matrix_client_element_location_sharing_map_style_extension_json | from_json if matrix_client_element_location_sharing_map_style_extension_json | from_json is mapping else {} }}"
|
||||
|
||||
# Holds the final Element location sharing map style configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_client_element_location_sharing_map_style_default`.
|
||||
matrix_client_element_location_sharing_map_style: "{{ matrix_client_element_location_sharing_map_style_default | combine(matrix_client_element_location_sharing_map_style_extension, recursive=True) }}"
|
||||
|
||||
# Example tile servers configuration
|
||||
# matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: ["https://tile.example.com/{z}/{x}/{y}.png"]
|
||||
# or
|
||||
# matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: ["https://s1.example.com/{z}/{x}/{y}.png", "https://s2.example.com/{z}/{x}/{y}.png", "https://s3.example.com/{z}/{x}/{y}.png"]
|
||||
matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: []
|
||||
|
||||
# Map attribution (optional):
|
||||
# Attribution for OpenStreetMap would be like this:
|
||||
# matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution: "© <a href=\"https://www.openstreetmap.org/copyright\" target=\"_blank\">OpenStreetMap</a> contributors"
|
||||
# Leave blank, if map does not require attribution.
|
||||
matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution: ""
|
||||
|
|
|
@ -69,6 +69,15 @@
|
|||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure Element location sharing map style installed
|
||||
when: matrix_client_element_location_sharing_enabled | bool
|
||||
ansible.builtin.copy:
|
||||
content: "{{ matrix_client_element_location_sharing_map_style | to_nice_json }}"
|
||||
dest: "{{ matrix_client_element_data_path }}/map_style.json"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure Element config files installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
|
|
|
@ -8,6 +8,14 @@
|
|||
with_items:
|
||||
- "matrix_client_element_default_hs_url"
|
||||
|
||||
- name: Fail if Element location sharing enabled, but no tile server defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define at least one map tile server in matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles list
|
||||
when:
|
||||
- matrix_client_element_location_sharing_enabled | bool
|
||||
- matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles | length == 0
|
||||
|
||||
- name: (Deprecation) Catch and report riot-web variables
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
|
|
|
@ -36,6 +36,9 @@
|
|||
"jitsi": {
|
||||
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
|
||||
},
|
||||
{% endif %}
|
||||
{% if matrix_client_element_location_sharing_enabled %}
|
||||
"map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json",
|
||||
{% endif %}
|
||||
"branding": {
|
||||
"authFooterLinks": {{ matrix_client_element_branding_authFooterLinks|to_json }},
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"layers": [
|
||||
{
|
||||
"id": "locallayer",
|
||||
"source": "localsource",
|
||||
"type": "raster"
|
||||
}
|
||||
],
|
||||
"sources": {
|
||||
"localsource": {
|
||||
"attribution": {{ matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution|to_json }},
|
||||
"tileSize": 256,
|
||||
"tiles": {{ matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles|to_json }},
|
||||
"type": "raster"
|
||||
}
|
||||
},
|
||||
"version": 8
|
||||
}
|
|
@ -26,6 +26,9 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
|
|||
--mount type=bind,src={{ matrix_client_element_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \
|
||||
{% if matrix_client_element_location_sharing_enabled %}
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/map_style.json,dst=/app/map_style.json,ro \
|
||||
{% endif %}
|
||||
{% if matrix_client_element_embedded_pages_home_path is not none %}
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \
|
||||
{% endif %}
|
||||
|
|
|
@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true
|
|||
matrix_client_hydrogen_container_image_self_build: true
|
||||
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
|
||||
|
||||
matrix_client_hydrogen_version: v0.3.3
|
||||
matrix_client_hydrogen_version: v0.3.4
|
||||
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
|
||||
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -37,7 +37,7 @@ matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var"
|
|||
|
||||
matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}"
|
||||
|
||||
# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}").
|
||||
# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse-reverse-proxy-companion:{{ matrix_synapse_container_client_api_port }}").
|
||||
# If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`.
|
||||
matrix_corporal_matrix_homeserver_api_endpoint: ""
|
||||
|
||||
|
|
|
@ -194,3 +194,5 @@ matrix_dendrite_configuration_extension: "{{ matrix_dendrite_configuration_exten
|
|||
# Holds the final Dendrite configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_dendrite_configuration_yaml`.
|
||||
matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml | from_yaml | combine(matrix_dendrite_configuration_extension, recursive=True) }}"
|
||||
|
||||
matrix_dendrite_userapi_auto_join_rooms: []
|
||||
|
|
|
@ -382,6 +382,7 @@ user_api:
|
|||
# is considered to be valid in milliseconds.
|
||||
# The default lifetime is 3600000ms (60 minutes).
|
||||
# openid_token_lifetime_ms: 3600000
|
||||
auto_join_rooms: {{ matrix_dendrite_userapi_auto_join_rooms | to_json }}
|
||||
|
||||
# Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml
|
||||
# Configuration for the Push Server API.
|
||||
|
@ -414,3 +415,4 @@ tracing:
|
|||
# Logging configuration, in addition to the standard logging that is sent to
|
||||
# stdout by Dendrite.
|
||||
logging: []
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
|
|||
# The dynamic dns daemon interval
|
||||
matrix_dynamic_dns_daemon_interval: '300'
|
||||
|
||||
matrix_dynamic_dns_version: v3.10.0-ls103
|
||||
matrix_dynamic_dns_version: v3.10.0-ls105
|
||||
|
||||
# The docker container to use when in mode
|
||||
matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
matrix_grafana_enabled: true
|
||||
|
||||
matrix_grafana_version: 9.2.4
|
||||
matrix_grafana_version: 9.2.5
|
||||
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
||||
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: ''
|
|||
|
||||
matrix_jitsi_enable_lobby: false
|
||||
|
||||
matrix_jitsi_version: stable-7882
|
||||
matrix_jitsi_version: stable-8044
|
||||
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
|
||||
|
||||
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
|
||||
|
@ -189,6 +189,8 @@ matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
|
|||
# Neccessary Port binding for those disabling the integrated nginx proxy
|
||||
matrix_jitsi_prosody_container_http_host_bind_port: ''
|
||||
|
||||
matrix_jitsi_prosody_container_jvb_host_bind_port: 5222
|
||||
|
||||
matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
|
||||
matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
@ -205,6 +207,9 @@ matrix_jitsi_jicofo_component_secret: ''
|
|||
matrix_jitsi_jicofo_auth_user: focus
|
||||
matrix_jitsi_jicofo_auth_password: ''
|
||||
|
||||
# To enable Sentry integration for Jicofo, specify a valid DSN connection string
|
||||
matrix_jitsi_jicofo_sentry_dsn: ''
|
||||
|
||||
matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
|
||||
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
@ -215,11 +220,14 @@ matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
|
|||
matrix_jitsi_jvb_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-jitsi-jvb.service depends on
|
||||
matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
|
||||
matrix_jitsi_jvb_systemd_required_services_list: ['docker.service']
|
||||
|
||||
matrix_jitsi_jvb_auth_user: jvb
|
||||
matrix_jitsi_jvb_auth_password: ''
|
||||
|
||||
# To enable Sentry integration for JVB, specify a valid DSN connection string
|
||||
matrix_jitsi_jvb_sentry_dsn: ''
|
||||
|
||||
# STUN servers used by JVB on the server-side, so it can discover its own external IP address.
|
||||
# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
|
||||
matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']
|
||||
|
@ -227,6 +235,8 @@ matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']
|
|||
matrix_jitsi_jvb_brewery_muc: jvbbrewery
|
||||
matrix_jitsi_jvb_rtp_udp_port: 10000
|
||||
matrix_jitsi_jvb_rtp_tcp_port: 4443
|
||||
matrix_jitsi_jvb_server_id: 'jvb-1'
|
||||
|
||||
|
||||
# Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
|
||||
# This configuration gets appended to the final configuration that Jitsi JVB uses.
|
||||
|
|
5
roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
Normal file
5
roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_systemd_services_list: "{{ ['matrix-jitsi-jvb.service'] }}"
|
||||
when: matrix_jitsi_enabled | bool
|
|
@ -4,17 +4,23 @@
|
|||
tags:
|
||||
- always
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
|
||||
tags:
|
||||
- setup-additional-jitsi-jvb
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: "run_setup | bool and matrix_jitsi_enabled | bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-jitsi
|
||||
- setup-additional-jitsi-jvb
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
|
||||
when: run_setup | bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-jitsi
|
||||
- setup-additional-jitsi-jvb
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml"
|
||||
when: run_setup | bool
|
||||
|
@ -39,3 +45,4 @@
|
|||
tags:
|
||||
- setup-all
|
||||
- setup-jitsi
|
||||
- setup-additional-jitsi-jvb
|
||||
|
|
|
@ -27,7 +27,7 @@ JIGASI_SIP_URI
|
|||
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
|
||||
MAX_BRIDGE_PARTICIPANTS
|
||||
OCTO_BRIDGE_SELECTION_STRATEGY
|
||||
SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
|
||||
SENTRY_DSN={{ matrix_jitsi_jicofo_sentry_dsn }}
|
||||
SENTRY_ENVIRONMENT
|
||||
SENTRY_RELEASE
|
||||
TZ={{ matrix_jitsi_timezone }}
|
||||
|
|
|
@ -16,9 +16,9 @@ JVB_OCTO_PUBLIC_ADDRESS
|
|||
JVB_OCTO_BIND_PORT
|
||||
JVB_OCTO_REGION
|
||||
JVB_WS_DOMAIN
|
||||
JVB_WS_SERVER_ID
|
||||
JVB_WS_SERVER_ID={{ matrix_jitsi_jvb_server_id }}
|
||||
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
|
||||
SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
|
||||
SENTRY_DSN={{ matrix_jitsi_jvb_sentry_dsn }}
|
||||
SENTRY_ENVIRONMENT
|
||||
SENTRY_RELEASE
|
||||
COLIBRI_REST_ENABLED
|
||||
|
|
|
@ -20,6 +20,9 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
|
|||
{% if matrix_jitsi_prosody_container_http_host_bind_port %}
|
||||
-p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \
|
||||
{% endif %}
|
||||
{% if matrix_jitsi_prosody_container_jvb_host_bind_port %}
|
||||
-p {{ matrix_jitsi_prosody_container_jvb_host_bind_port }}:5222 \
|
||||
{% endif %}
|
||||
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
|
||||
--mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \
|
||||
--mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \
|
||||
|
|
|
@ -35,6 +35,13 @@ matrix_ma1sd_systemd_required_services_list: ['docker.service']
|
|||
# List of systemd services that matrix-ma1sd.service wants
|
||||
matrix_ma1sd_systemd_wanted_services_list: []
|
||||
|
||||
# A list of additional container networks that matrix-ma1sd would be connected to.
|
||||
# The playbook does not create these networks, so make sure they already exist.
|
||||
#
|
||||
# Use this to expose matrix-ma1sd to another docker network, that matrix-ma1sd might have to reach for authentication (e.g. an ldap instance)
|
||||
#
|
||||
matrix_ma1sd_container_additional_networks: []
|
||||
|
||||
# Your identity server is private by default.
|
||||
# To ensure maximum discovery, you can make your identity server
|
||||
# also forward lookups to the central matrix.org Identity server
|
||||
|
|
|
@ -38,6 +38,10 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
|
|||
{% endfor %}
|
||||
{{ matrix_ma1sd_docker_image }}
|
||||
|
||||
{% for network in matrix_ma1sd_container_additional_networks %}
|
||||
ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-ma1sd 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-ma1sd'
|
||||
{% endfor %}
|
||||
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true'
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true'
|
||||
Restart=always
|
||||
|
|
|
@ -639,31 +639,17 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false
|
|||
matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']
|
||||
|
||||
|
||||
# synapse worker activation and endpoint mappings
|
||||
matrix_nginx_proxy_synapse_workers_enabled: false
|
||||
matrix_nginx_proxy_synapse_workers_list: []
|
||||
matrix_nginx_proxy_synapse_generic_worker_client_server_locations: []
|
||||
matrix_nginx_proxy_synapse_generic_worker_federation_locations: []
|
||||
matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: []
|
||||
matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: []
|
||||
matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: []
|
||||
matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: []
|
||||
matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: []
|
||||
matrix_nginx_proxy_synapse_media_repository_locations: []
|
||||
matrix_nginx_proxy_synapse_user_dir_locations: []
|
||||
|
||||
# synapse content caching
|
||||
matrix_nginx_proxy_synapse_cache_enabled: false
|
||||
matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path + '/synapse-cache' }}"
|
||||
matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC"
|
||||
matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m"
|
||||
matrix_nginx_proxy_synapse_cache_inactive_time: "48h"
|
||||
matrix_nginx_proxy_synapse_cache_max_size_mb: 1024
|
||||
matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h"
|
||||
|
||||
|
||||
# The amount of worker processes and connections
|
||||
# Consider increasing these when you are expecting high amounts of traffic
|
||||
# http://nginx.org/en/docs/ngx_core_module.html#worker_connections
|
||||
matrix_nginx_proxy_worker_processes: auto
|
||||
matrix_nginx_proxy_worker_connections: 1024
|
||||
|
||||
# A mapping of JVB server ids to hostname/ipa addresses used to add additional jvb blocks
|
||||
# to the Jitsi's server configuration (matrix-jitsi.conf)
|
||||
# Note: avoid using the JVB server id "jvb-1" as this is reserved for the main host.
|
||||
# Example:
|
||||
# matrix_nginx_proxy_proxy_jitsi_additional_jvbs:
|
||||
# jvb-2: 192.168.0.1
|
||||
# jvb-3: 192.168.0.2
|
||||
matrix_nginx_proxy_proxy_jitsi_additional_jvbs: {}
|
||||
|
|
|
@ -12,17 +12,15 @@
|
|||
#
|
||||
- name: Ensure Matrix nginx-proxy paths exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- {path: "{{ matrix_nginx_proxy_base_path }}", when: true}
|
||||
- {path: "{{ matrix_nginx_proxy_data_path }}", when: true}
|
||||
- {path: "{{ matrix_nginx_proxy_confd_path }}", when: true}
|
||||
- {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"}
|
||||
when: item.when | bool
|
||||
- "{{ matrix_nginx_proxy_base_path }}"
|
||||
- "{{ matrix_nginx_proxy_data_path }}"
|
||||
- "{{ matrix_nginx_proxy_confd_path }}"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configured (main config override)
|
||||
ansible.builtin.template:
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
}
|
||||
|
||||
# colibri (JVB) websockets
|
||||
location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
|
||||
location ~ ^/colibri-ws/jvb-1/(.*) {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
|
||||
set $backend "matrix-jitsi-jvb:9090";
|
||||
|
@ -53,6 +53,22 @@
|
|||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
{% for id, ip_address in matrix_nginx_proxy_proxy_jitsi_additional_jvbs.items() %}
|
||||
# colibri (JVB) websockets for additional JVBs
|
||||
location ~ ^/colibri-ws/{{ id | regex_escape }}/(.*) {
|
||||
proxy_pass http://{{ ip_address }}:9090/colibri-ws/{{ id }}/$1$is_args$args;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_http_version 1.1;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
# XMPP websocket
|
||||
location = /xmpp-websocket {
|
||||
|
|
|
@ -1,70 +1,5 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
|
||||
{% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %}
|
||||
{% set stream_writer_typing_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %}
|
||||
{% set stream_writer_to_device_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %}
|
||||
{% set stream_writer_account_data_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %}
|
||||
{% set stream_writer_receipts_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %}
|
||||
{% set stream_writer_presence_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %}
|
||||
{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %}
|
||||
{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %}
|
||||
|
||||
{% macro render_worker_upstream(name, workers, matrix_nginx_proxy_enabled) %}
|
||||
{% if workers | length > 0 %}
|
||||
upstream {{ name }} {
|
||||
{% for worker in workers %}
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
server "{{ worker.name }}:{{ worker.port }}";
|
||||
{% else %}
|
||||
server "127.0.0.1:{{ worker.port }}";
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
|
||||
{% macro render_locations_to_upstream(locations, upstream_name) %}
|
||||
{% for location in locations %}
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://{{ upstream_name }}$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
{% endfor %}
|
||||
{% endmacro %}
|
||||
|
||||
{% if matrix_nginx_proxy_synapse_workers_enabled %}
|
||||
{% if matrix_nginx_proxy_synapse_cache_enabled %}
|
||||
proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m;
|
||||
{% endif %}
|
||||
# Round Robin "upstream" pools for workers
|
||||
|
||||
{% if generic_workers |length > 0 %}
|
||||
upstream generic_workers_upstream {
|
||||
# ensures that requests from the same client will always be passed
|
||||
# to the same server (except when this server is unavailable)
|
||||
hash $http_x_forwarded_for;
|
||||
|
||||
{% for worker in generic_workers %}
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
server "{{ worker.name }}:{{ worker.port }}";
|
||||
{% else %}
|
||||
server "127.0.0.1:{{ worker.port }}";
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers, matrix_nginx_proxy_enabled) }}
|
||||
{{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers, matrix_nginx_proxy_enabled) }}
|
||||
{{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers, matrix_nginx_proxy_enabled) }}
|
||||
{{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers, matrix_nginx_proxy_enabled) }}
|
||||
{{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers, matrix_nginx_proxy_enabled) }}
|
||||
|
||||
{{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers, matrix_nginx_proxy_enabled) }}
|
||||
|
||||
{{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers, matrix_nginx_proxy_enabled) }}
|
||||
{% endif %}
|
||||
|
||||
server {
|
||||
listen 12080;
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
|
@ -77,71 +12,6 @@ server {
|
|||
gzip on;
|
||||
gzip_types text/plain application/json;
|
||||
|
||||
{% if matrix_nginx_proxy_synapse_workers_enabled %}
|
||||
{# Workers redirects BEGIN #}
|
||||
|
||||
{% if generic_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
|
||||
{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_typing_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
|
||||
{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_to_device_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
|
||||
{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_account_data_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
|
||||
{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_receipts_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
|
||||
{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_presence_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
|
||||
{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if media_repository_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
|
||||
{% for location in matrix_nginx_proxy_synapse_media_repository_locations %}
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://media_repository_workers_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
|
||||
proxy_max_temp_file_size 0;
|
||||
|
||||
{% if matrix_nginx_proxy_synapse_cache_enabled %}
|
||||
proxy_buffering on;
|
||||
proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }};
|
||||
proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }};
|
||||
proxy_force_ranges on;
|
||||
add_header X-Cache-Status $upstream_cache_status;
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if user_dir_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
|
||||
# If matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set, requests may not reach here,
|
||||
# but could be captured early on (see `matrix-domain.conf.j2`) and forwarded elsewhere (to an identity server, etc.).
|
||||
{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_user_dir_locations, 'user_dir_workers_upstream') }}
|
||||
{% endif %}
|
||||
{# Workers redirects END #}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
@ -180,34 +50,6 @@ server {
|
|||
gzip on;
|
||||
gzip_types text/plain application/json;
|
||||
|
||||
{% if matrix_nginx_proxy_synapse_workers_enabled %}
|
||||
{% if generic_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
|
||||
{{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }}
|
||||
{% endif %}
|
||||
{% if media_repository_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
|
||||
{% for location in matrix_nginx_proxy_synapse_media_repository_locations %}
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://media_repository_workers_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
|
||||
proxy_max_temp_file_size 0;
|
||||
|
||||
{% if matrix_nginx_proxy_synapse_cache_enabled %}
|
||||
proxy_buffering on;
|
||||
proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }};
|
||||
proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }};
|
||||
proxy_force_ranges on;
|
||||
add_header X-Cache-Status $upstream_cache_status;
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
location / {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
|
|
|
@ -44,7 +44,7 @@ http {
|
|||
{% endif %}
|
||||
|
||||
proxy_connect_timeout {{ matrix_nginx_proxy_connect_timeout }};
|
||||
proxy_send_timeout {{ matrix_nginx_proxy_send_timeout }};
|
||||
proxy_send_timeout {{ matrix_nginx_proxy_send_timeout }};
|
||||
proxy_read_timeout {{ matrix_nginx_proxy_read_timeout }};
|
||||
send_timeout {{ matrix_nginx_send_timeout }};
|
||||
|
||||
|
|
|
@ -22,9 +22,6 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
|
|||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
|
||||
{% if matrix_nginx_proxy_synapse_cache_enabled %}
|
||||
--tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_cache_directory_size_mb }}m\
|
||||
{% endif %}
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_nginx_proxy_container_http_host_bind_port %}
|
||||
-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \
|
||||
|
|
|
@ -7,7 +7,7 @@ matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
|
|||
matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config"
|
||||
matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data"
|
||||
|
||||
matrix_ntfy_version: v1.28.0
|
||||
matrix_ntfy_version: v1.29.1
|
||||
matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}"
|
||||
matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
matrix_prometheus_enabled: false
|
||||
|
||||
matrix_prometheus_version: v2.40.1
|
||||
matrix_prometheus_version: v2.40.2
|
||||
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
|
||||
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -0,0 +1,164 @@
|
|||
---
|
||||
|
||||
# matrix-synapse-reverse-proxy companion is a role which brings up a containerized nginx webserver which helps with reverse-proxying to Synapse.
|
||||
#
|
||||
# When Synapse is NOT running in worker-mode, reverse-proxying is relatively simple (everything goes to `matrix-synapse:XXXX`).
|
||||
#
|
||||
# When Synapse workers are enabled, however, the reverse-proxying configuration is much more complicated.
|
||||
# Certain requests need to go to certain workers, etc.
|
||||
# In the past, the main reverse proxy (`matrix-synapse-reverse-proxy-companion`) was handling request routing to the appropriate workers,
|
||||
# but that only worked well for external requests (from outside of the Matrix server itself).
|
||||
#
|
||||
# Without the help of `matrix-synapse-reverse-proxy-companion`, internal services (like Dimension) that would like to talk to Synapse over the container network
|
||||
# did not have an endpoint for Synapse that they could be pointed to and have it just work.
|
||||
# If `matrix-synapse-reverse-proxy-companion` was enabled, Dimension could be pointed to its vhost handling Synapse and routing to the appropriate workers,
|
||||
# but when `matrix-synapse-reverse-proxy-companion` was disabled, this helpful functionality was not available and the best we could do
|
||||
# is point Dimension to the main Synapse process at `matrix-synapse:XXXX` itself.
|
||||
# Doing that breaks requests that need to go to specific workers.
|
||||
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090
|
||||
#
|
||||
# What this role does is, it extracts all the Synapse request routing out of the `matrix-synapse-reverse-proxy-companion` role here,
|
||||
# and makes the `matrix-synapse-reverse-proxy-companion` container service represent Synapse and route appropriately,
|
||||
# regardless of whether workers are enabled or disabled.
|
||||
# All other playbook services can then forget about `matrix-synapse` or `matrix-synapse-whatever-worker`, etc.,
|
||||
# and just use `matrix-synapse-reverse-proxy-companion` as their request destination.
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_enabled: true
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_version: 1.23.2-alpine
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
|
||||
matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"
|
||||
|
||||
# List of systemd services that matrix-synapse-reverse-proxy-companion.service depends on
|
||||
matrix_synapse_reverse_proxy_companion_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-synapse-reverse-proxy-companion.service wants
|
||||
matrix_synapse_reverse_proxy_companion_systemd_wanted_services_list: ['matrix-synapse.service']
|
||||
|
||||
# We use an official nginx image, which we fix-up to run unprivileged.
|
||||
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
||||
# that is frequently out of date.
|
||||
matrix_synapse_reverse_proxy_companion_container_image: "{{ matrix_container_global_registry_prefix }}nginx:{{ matrix_synapse_reverse_proxy_companion_version }}"
|
||||
matrix_synapse_reverse_proxy_companion_container_image_force_pull: "{{ matrix_synapse_reverse_proxy_companion_container_image.endswith(':latest') }}"
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_container_network: "{{ matrix_docker_network }}"
|
||||
|
||||
# A list of additional container networks that matrix-synapse-reverse-proxy-companion would be connected to.
|
||||
# The playbook does not create these networks, so make sure they already exist.
|
||||
#
|
||||
# Use this to expose matrix-synapse-reverse-proxy-companion to another reverse proxy, which runs in a different container network,
|
||||
# without exposing all other Matrix services to that other reverse-proxy.
|
||||
#
|
||||
# For background, see: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1498
|
||||
matrix_synapse_reverse_proxy_companion_container_additional_networks: []
|
||||
|
||||
# Controls whether the matrix-synapse-reverse-proxy-companion container exposes its HTTP Client-Server API port (tcp/8008 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.
|
||||
matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: ''
|
||||
|
||||
# Controls whether the matrix-synapse-reverse-proxy-companion container exposes its HTTP Federation (Server-Server) API port (tcp/8048 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose.
|
||||
matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: ''
|
||||
|
||||
# The amount of worker processes and connections
|
||||
# Consider increasing these when you are expecting high amounts of traffic
|
||||
# http://nginx.org/en/docs/ngx_core_module.html#worker_connections
|
||||
matrix_synapse_reverse_proxy_companion_worker_processes: auto
|
||||
matrix_synapse_reverse_proxy_companion_worker_connections: 1024
|
||||
|
||||
# Option to disable the access log
|
||||
matrix_synapse_reverse_proxy_companion_access_log_enabled: true
|
||||
|
||||
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
||||
matrix_synapse_reverse_proxy_companion_tmp_directory_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb | int) * 50 }}"
|
||||
matrix_synapse_reverse_proxy_companion_tmp_cache_directory_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb | int) * 2 }}"
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf).
|
||||
# for big matrixservers to enlarge the number of open files to prevent timeouts
|
||||
# matrix_synapse_reverse_proxy_companion_additional_configuration_blocks:
|
||||
# - 'worker_rlimit_nofile 30000;'
|
||||
matrix_synapse_reverse_proxy_companion_additional_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the nginx event server configuration (nginx.conf).
|
||||
matrix_synapse_reverse_proxy_companion_event_additional_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf).
|
||||
matrix_synapse_reverse_proxy_companion_http_additional_server_configuration_blocks: []
|
||||
|
||||
# To increase request timeout in NGINX using proxy_read_timeout, proxy_connect_timeout, proxy_send_timeout, send_timeout directives
|
||||
# Nginx Default: proxy_connect_timeout 60s; #Defines a timeout for establishing a connection with a proxied server
|
||||
# Nginx Default: proxy_send_timeout 60s; #Sets a timeout for transmitting a request to the proxied server.
|
||||
# Nginx Default: proxy_read_timeout 60s; #Defines a timeout for reading a response from the proxied server.
|
||||
# Nginx Default: send_timeout 60s; #Sets a timeout for transmitting a response to the client.
|
||||
#
|
||||
# For more information visit:
|
||||
# http://nginx.org/en/docs/http/ngx_http_proxy_module.html
|
||||
# http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout
|
||||
# https://www.nginx.com/resources/wiki/start/topics/examples/fullexample2/
|
||||
#
|
||||
# Here we are sticking with nginx default values change this value carefully.
|
||||
matrix_synapse_reverse_proxy_companion_proxy_connect_timeout: 60
|
||||
matrix_synapse_reverse_proxy_companion_proxy_send_timeout: 60
|
||||
matrix_synapse_reverse_proxy_companion_proxy_read_timeout: 60
|
||||
matrix_synapse_reverse_proxy_companion_send_timeout: 60
|
||||
|
||||
# For OCSP purposes, we need to define a resolver at the `server{}` level or `http{}` level (we do the latter).
|
||||
#
|
||||
# Otherwise, we get warnings like this:
|
||||
# > [warn] 22#22: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/matrix/ssl/config/live/.../fullchain.pem"
|
||||
#
|
||||
# We point it to the internal Docker resolver, which likely delegates to nameservers defined in `/etc/resolv.conf`.
|
||||
matrix_synapse_reverse_proxy_companion_http_level_resolver: 127.0.0.11
|
||||
|
||||
matrix_synapse_reverse_proxy_companion_hostname: "matrix-synapse-reverse-proxy-companion"
|
||||
|
||||
# matrix_synapse_reverse_proxy_companion_client_api_addr specifies the address where the Client-Server API is
|
||||
matrix_synapse_reverse_proxy_companion_client_api_addr: 'matrix-synapse:{{ matrix_synapse_container_client_api_port }}'
|
||||
# This needs to be equal or higher than the maximum upload size accepted by Synapse.
|
||||
matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: 50
|
||||
|
||||
# matrix_synapse_reverse_proxy_companion_federation_api_enabled specifies whether reverse proxying for the Federation (Server-Server) API should be done
|
||||
matrix_synapse_reverse_proxy_companion_federation_api_enabled: true
|
||||
# matrix_synapse_reverse_proxy_companion_federation_api_addr specifies the address where the Federation (Server-Server) API is
|
||||
matrix_synapse_reverse_proxy_companion_federation_api_addr: 'matrix-synapse:{{ matrix_synapse_container_federation_api_plain_port }}'
|
||||
matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb | int) * 3 }}"
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the nginx vhost handling the Synapse Client-Server API
|
||||
matrix_synapse_reverse_proxy_companion_synapse_client_api_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the nginx vhost handling the Synapse Federation (Server-Server) API
|
||||
matrix_synapse_reverse_proxy_companion_synapse_federation_api_additional_server_configuration_blocks: []
|
||||
|
||||
|
||||
# synapse worker activation and endpoint mappings
|
||||
matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: false
|
||||
matrix_synapse_reverse_proxy_companion_synapse_workers_list: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: []
|
||||
matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: []
|
||||
|
||||
|
||||
# synapse content caching
|
||||
matrix_synapse_reverse_proxy_companion_synapse_cache_enabled: false
|
||||
matrix_synapse_reverse_proxy_companion_synapse_cache_path: /tmp/synapse-cache
|
||||
matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name: "STATIC"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_size: "10m"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_cache_inactive_time: "48h"
|
||||
matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb: 1024
|
||||
matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time: "24h"
|
||||
|
||||
|
||||
# Controls whether matrix-synapse-reverse-proxy-companion trusts an upstream server's X-Forwarded-Proto header.
|
||||
# The `matrix-synapse-reverse-proxy-companion` does not terminate SSL and always expects to be fronted by another reverse-proxy server (`matrix-nginx-proxy`, etc.).
|
||||
# As such, it trusts the protocol scheme forwarded by the upstream proxy.
|
||||
matrix_synapse_reverse_proxy_companion_trust_forwarded_proto: true
|
||||
matrix_synapse_reverse_proxy_companion_x_forwarded_proto_value: "{{ '$http_x_forwarded_proto' if matrix_synapse_reverse_proxy_companion_trust_forwarded_proto else '$scheme' }}"
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-reverse-proxy-companion.service'] }}"
|
||||
when: matrix_synapse_reverse_proxy_companion_enabled | bool
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: run_setup | bool and matrix_synapse_reverse_proxy_companion_enabled | bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse-reverse-proxy-companion
|
||||
- setup-synapse
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: run_setup | bool and not matrix_synapse_reverse_proxy_companion_enabled | bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse-reverse-proxy-companion
|
||||
- setup-synapse
|
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
|
||||
- name: Ensure mtrix-synapse-reverse-proxy-companion paths exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_synapse_reverse_proxy_companion_base_path }}"
|
||||
- "{{ matrix_synapse_reverse_proxy_companion_confd_path }}"
|
||||
|
||||
- name: Ensure matrix-synapse-reverse-proxy-companion configured
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
mode: 0644
|
||||
with_items:
|
||||
- src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
||||
dest: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/nginx.conf"
|
||||
- src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
||||
dest: "{{ matrix_synapse_reverse_proxy_companion_confd_path }}/nginx-http.conf"
|
||||
- src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2"
|
||||
dest: "{{ matrix_synapse_reverse_proxy_companion_confd_path }}/matrix-synapse-reverse-proxy-companion.conf"
|
||||
|
||||
- name: Ensure matrix-synapse-reverse-proxy-companion nginx container image is pulled
|
||||
community.docker.docker_image:
|
||||
name: "{{ matrix_synapse_reverse_proxy_companion_container_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_synapse_reverse_proxy_companion_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_reverse_proxy_companion_container_image_force_pull }}"
|
||||
register: result
|
||||
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||
until: result is not failed
|
||||
|
||||
- name: Ensure matrix-synapse-reverse-proxy-companion.service installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2"
|
||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service"
|
||||
mode: 0644
|
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
|
||||
- name: Check existence of matrix-synapse-reverse-proxy-companion service
|
||||
ansible.builtin.stat:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service"
|
||||
register: matrix_synapse_reverse_proxy_companion_service_stat
|
||||
|
||||
- when: matrix_synapse_reverse_proxy_companion_service_stat.stat.exists | bool
|
||||
block:
|
||||
- name: Ensure matrix-synapse-reverse-proxy-companion.service is stopped
|
||||
ansible.builtin.service:
|
||||
name: matrix_synapse_reverse_proxy_companion_service_stat
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
register: stopping_result
|
||||
|
||||
- name: Ensure matrix-synapse-reverse-proxy-companion.service doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service"
|
||||
state: absent
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-synapse-reverse-proxy-companion.service removal
|
||||
ansible.builtin.service:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Ensure matrix-synapse-reverse-proxy-companion data deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}"
|
||||
state: absent
|
|
@ -0,0 +1,208 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
|
||||
{% set generic_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %}
|
||||
{% set stream_writer_typing_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %}
|
||||
{% set stream_writer_to_device_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %}
|
||||
{% set stream_writer_account_data_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %}
|
||||
{% set stream_writer_receipts_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %}
|
||||
{% set stream_writer_presence_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %}
|
||||
{% set media_repository_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %}
|
||||
{% set user_dir_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %}
|
||||
|
||||
{% macro render_worker_upstream(name, workers) %}
|
||||
{% if workers | length > 0 %}
|
||||
upstream {{ name }} {
|
||||
{% for worker in workers %}
|
||||
server "{{ worker.name }}:{{ worker.port }}";
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
|
||||
{% macro render_locations_to_upstream(locations, upstream_name) %}
|
||||
{% for location in locations %}
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://{{ upstream_name }}$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
{% endfor %}
|
||||
{% endmacro %}
|
||||
|
||||
{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
|
||||
{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
|
||||
proxy_cache_path {{ matrix_synapse_reverse_proxy_companion_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }}:{{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_size }} inactive={{ matrix_synapse_reverse_proxy_companion_synapse_cache_inactive_time }} max_size={{ matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb }}m;
|
||||
{% endif %}
|
||||
# Round Robin "upstream" pools for workers
|
||||
|
||||
{% if generic_workers |length > 0 %}
|
||||
upstream generic_workers_upstream {
|
||||
# ensures that requests from the same client will always be passed
|
||||
# to the same server (except when this server is unavailable)
|
||||
hash $http_x_forwarded_for;
|
||||
|
||||
{% for worker in generic_workers %}
|
||||
server "{{ worker.name }}:{{ worker.port }}";
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers) }}
|
||||
{{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers) }}
|
||||
{{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers) }}
|
||||
{{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers) }}
|
||||
{{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers) }}
|
||||
|
||||
{{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers) }}
|
||||
|
||||
{{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers) }}
|
||||
{% endif %}
|
||||
|
||||
server {
|
||||
listen 8008;
|
||||
server_name {{ matrix_synapse_reverse_proxy_companion_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/plain application/json;
|
||||
|
||||
{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
|
||||
{# Workers redirects BEGIN #}
|
||||
|
||||
{% if generic_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
|
||||
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_typing_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
|
||||
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_to_device_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
|
||||
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_account_data_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
|
||||
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_receipts_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
|
||||
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if stream_writer_presence_stream_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
|
||||
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }}
|
||||
{% endif %}
|
||||
|
||||
{% if media_repository_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
|
||||
{% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %}
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://media_repository_workers_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
|
||||
proxy_max_temp_file_size 0;
|
||||
|
||||
{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
|
||||
proxy_buffering on;
|
||||
proxy_cache {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }};
|
||||
proxy_cache_valid any {{ matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time }};
|
||||
proxy_force_ranges on;
|
||||
add_header X-Cache-Status $upstream_cache_status;
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if user_dir_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
|
||||
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations, 'user_dir_workers_upstream') }}
|
||||
{% endif %}
|
||||
{# Workers redirects END #}
|
||||
{% endif %}
|
||||
|
||||
{% for configuration_block in matrix_synapse_reverse_proxy_companion_synapse_client_api_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
{# Everything else just goes to the API server ##}
|
||||
location / {
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }} valid=5s;
|
||||
set $backend "{{ matrix_synapse_reverse_proxy_companion_client_api_addr }}";
|
||||
proxy_pass http://$backend;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M;
|
||||
proxy_max_temp_file_size 0;
|
||||
}
|
||||
}
|
||||
|
||||
{% if matrix_synapse_reverse_proxy_companion_federation_api_enabled %}
|
||||
server {
|
||||
listen 8048;
|
||||
server_name {{ matrix_synapse_reverse_proxy_companion_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
|
||||
root /dev/null;
|
||||
|
||||
gzip on;
|
||||
gzip_types text/plain application/json;
|
||||
|
||||
{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
|
||||
{% if generic_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
|
||||
{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }}
|
||||
{% endif %}
|
||||
{% if media_repository_workers | length > 0 %}
|
||||
# https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
|
||||
{% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %}
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://media_repository_workers_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M;
|
||||
proxy_max_temp_file_size 0;
|
||||
|
||||
{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
|
||||
proxy_buffering on;
|
||||
proxy_cache {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }};
|
||||
proxy_cache_valid any {{ matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time }};
|
||||
proxy_force_ranges on;
|
||||
add_header X-Cache-Status $upstream_cache_status;
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% for configuration_block in matrix_synapse_reverse_proxy_companion_synapse_federation_api_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location / {
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }} valid=5s;
|
||||
set $backend "{{ matrix_synapse_reverse_proxy_companion_federation_api_addr }}";
|
||||
proxy_pass http://$backend;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M;
|
||||
proxy_max_temp_file_size 0;
|
||||
}
|
||||
}
|
||||
{% endif %}
|
|
@ -0,0 +1,13 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
# The default is aligned to the CPU's cache size,
|
||||
# which can sometimes be too low.
|
||||
# Thus, we ensure a larger bucket size value is used.
|
||||
server_names_hash_bucket_size 64;
|
||||
|
||||
{% if matrix_synapse_reverse_proxy_companion_http_level_resolver %}
|
||||
resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }};
|
||||
{% endif %}
|
||||
|
||||
{% for configuration_block in matrix_synapse_reverse_proxy_companion_http_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
|
@ -0,0 +1,66 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
# This is a custom nginx configuration file that we use in the container (instead of the default one),
|
||||
# because it allows us to run nginx with a non-root user.
|
||||
#
|
||||
# For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed.
|
||||
#
|
||||
# The following changes have been done compared to a default nginx configuration file:
|
||||
# - various temp paths are changed to `/tmp`, so that a non-root user can write to them
|
||||
# - the `user` directive was removed, as we don't want nginx to switch users
|
||||
|
||||
worker_processes {{ matrix_synapse_reverse_proxy_companion_worker_processes }};
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /tmp/nginx.pid;
|
||||
{% for configuration_block in matrix_synapse_reverse_proxy_companion_additional_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
events {
|
||||
worker_connections {{ matrix_synapse_reverse_proxy_companion_worker_connections }};
|
||||
{% for configuration_block in matrix_synapse_reverse_proxy_companion_event_additional_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
proxy_temp_path /tmp/proxy_temp;
|
||||
client_body_temp_path /tmp/client_temp;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
{% if matrix_synapse_reverse_proxy_companion_access_log_enabled %}
|
||||
access_log /var/log/nginx/access.log main;
|
||||
{% else %}
|
||||
access_log off;
|
||||
{% endif %}
|
||||
|
||||
proxy_connect_timeout {{ matrix_synapse_reverse_proxy_companion_proxy_connect_timeout }};
|
||||
proxy_send_timeout {{ matrix_synapse_reverse_proxy_companion_proxy_send_timeout }};
|
||||
proxy_read_timeout {{ matrix_synapse_reverse_proxy_companion_proxy_read_timeout }};
|
||||
send_timeout {{ matrix_synapse_reverse_proxy_companion_send_timeout }};
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
server_tokens off;
|
||||
|
||||
#gzip on;
|
||||
{# Map directive needed for proxied WebSocket upgrades #}
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
|
@ -0,0 +1,53 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Synapse reverse-proxy companion
|
||||
{% for service in matrix_synapse_reverse_proxy_companion_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_synapse_reverse_proxy_companion_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
|
||||
|
||||
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
|
||||
--rm \
|
||||
--name=matrix-synapse-reverse-proxy-companion \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_reverse_proxy_companion_tmp_directory_size_mb }}m \
|
||||
{% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %}
|
||||
--tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_synapse_reverse_proxy_companion_tmp_cache_directory_size_mb }}m\
|
||||
{% endif %}
|
||||
--network={{ matrix_synapse_reverse_proxy_companion_container_network }} \
|
||||
{% if matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port %}
|
||||
-p {{ matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port }}:8008 \
|
||||
{% endif %}
|
||||
{% if matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port %}
|
||||
-p {{ matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port }}:8048 \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_synapse_reverse_proxy_companion_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
|
||||
--mount type=bind,src={{ matrix_synapse_reverse_proxy_companion_confd_path }},dst=/etc/nginx/conf.d,ro \
|
||||
{{ matrix_synapse_reverse_proxy_companion_container_image }}
|
||||
|
||||
{% for network in matrix_synapse_reverse_proxy_companion_container_additional_networks %}
|
||||
ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-synapse-reverse-proxy-companion 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-synapse-reverse-proxy-companion'
|
||||
{% endfor %}
|
||||
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
|
||||
ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse-reverse-proxy-companion /usr/sbin/nginx -s reload
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-synapse-reverse-proxy-companion
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
|
|||
|
||||
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
|
||||
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_synapse_version: v1.71.0
|
||||
matrix_synapse_version: v1.72.0
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -24,3 +24,9 @@
|
|||
- {'old': 'matrix_container_retries_delay', 'new': 'devture_playbook_help_container_retries_delay'}
|
||||
- {'old': 'matrix_geturl_retries_count', 'new': 'devture_playbook_help_geturl_retries_count'}
|
||||
- {'old': 'matrix_geturl_retries_delay', 'new': 'devture_playbook_help_geturl_retries_delay'}
|
||||
|
||||
- {'old': 'matrix_nginx_proxy_synapse_cache_path', 'new': 'matrix_synapse_reverse_proxy_companion_synapse_cache_path'}
|
||||
- {'old': 'matrix_nginx_proxy_synapse_cache_enabled', 'new': 'matrix_synapse_reverse_proxy_companion_synapse_cache_enabled'}
|
||||
|
||||
- {'old': 'matrix_docker_installation_enabled', 'new': 'matrix_playbook_docker_installation_enabled'}
|
||||
- {'old': 'matrix_docker_package_name', 'new': '<Not applicable. Docker is installed using https://github.com/geerlingguy/ansible-role-docker now>'}
|
||||
|
|
95
setup.yml
95
setup.yml
|
@ -1,95 +0,0 @@
|
|||
---
|
||||
- name: "Set up a Matrix server"
|
||||
hosts: "{{ target if target is defined else 'matrix_servers' }}"
|
||||
become: true
|
||||
|
||||
roles:
|
||||
# Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`).
|
||||
- role: galaxy/com.devture.ansible.role.playbook_help
|
||||
|
||||
- role: galaxy/com.devture.ansible.role.systemd_docker_base
|
||||
|
||||
- role: custom/matrix_playbook_migration
|
||||
|
||||
- when: devture_timesync_installation_enabled | bool
|
||||
role: galaxy/com.devture.ansible.role.timesync
|
||||
tags:
|
||||
- setup-timesync
|
||||
- setup-all
|
||||
|
||||
- custom/matrix-base
|
||||
- custom/matrix-dynamic-dns
|
||||
- custom/matrix-mailer
|
||||
- custom/matrix-postgres
|
||||
- custom/matrix-redis
|
||||
- custom/matrix-corporal
|
||||
- custom/matrix-bridge-appservice-discord
|
||||
- custom/matrix-bridge-appservice-slack
|
||||
- custom/matrix-bridge-appservice-webhooks
|
||||
- custom/matrix-bridge-appservice-irc
|
||||
- custom/matrix-bridge-appservice-kakaotalk
|
||||
- custom/matrix-bridge-beeper-linkedin
|
||||
- custom/matrix-bridge-go-skype-bridge
|
||||
- custom/matrix-bridge-mautrix-facebook
|
||||
- custom/matrix-bridge-mautrix-twitter
|
||||
- custom/matrix-bridge-mautrix-hangouts
|
||||
- custom/matrix-bridge-mautrix-googlechat
|
||||
- custom/matrix-bridge-mautrix-instagram
|
||||
- custom/matrix-bridge-mautrix-signal
|
||||
- custom/matrix-bridge-mautrix-telegram
|
||||
- custom/matrix-bridge-mautrix-whatsapp
|
||||
- custom/matrix-bridge-mautrix-discord
|
||||
- custom/matrix-bridge-mx-puppet-discord
|
||||
- custom/matrix-bridge-mx-puppet-groupme
|
||||
- custom/matrix-bridge-mx-puppet-steam
|
||||
- custom/matrix-bridge-mx-puppet-slack
|
||||
- custom/matrix-bridge-mx-puppet-twitter
|
||||
- custom/matrix-bridge-mx-puppet-instagram
|
||||
- custom/matrix-bridge-sms
|
||||
- custom/matrix-bridge-heisenbridge
|
||||
- custom/matrix-bridge-hookshot
|
||||
- custom/matrix-bot-matrix-reminder-bot
|
||||
- custom/matrix-bot-matrix-registration-bot
|
||||
- custom/matrix-bot-maubot
|
||||
- custom/matrix-bot-buscarron
|
||||
- custom/matrix-bot-honoroit
|
||||
- custom/matrix-bot-postmoogle
|
||||
- custom/matrix-bot-go-neb
|
||||
- custom/matrix-bot-mjolnir
|
||||
- custom/matrix-cactus-comments
|
||||
- custom/matrix-synapse
|
||||
- custom/matrix-dendrite
|
||||
- custom/matrix-conduit
|
||||
- custom/matrix-synapse-admin
|
||||
- custom/matrix-prometheus-node-exporter
|
||||
- custom/matrix-prometheus-postgres-exporter
|
||||
- custom/matrix-prometheus
|
||||
- custom/matrix-grafana
|
||||
- custom/matrix-registration
|
||||
- custom/matrix-client-element
|
||||
- custom/matrix-client-hydrogen
|
||||
- custom/matrix-client-cinny
|
||||
- custom/matrix-jitsi
|
||||
- custom/matrix-ldap-registration-proxy
|
||||
- custom/matrix-ma1sd
|
||||
- custom/matrix-dimension
|
||||
- custom/matrix-etherpad
|
||||
- custom/matrix-email2matrix
|
||||
- custom/matrix-sygnal
|
||||
- custom/matrix-ntfy
|
||||
- custom/matrix-nginx-proxy
|
||||
- custom/matrix-coturn
|
||||
- custom/matrix-aux
|
||||
- custom/matrix-postgres-backup
|
||||
- custom/matrix-backup-borg
|
||||
- custom/matrix-user-creator
|
||||
- custom/matrix-common-after
|
||||
|
||||
# This is pretty much last, because we want it to better serve as a "last known good configuration".
|
||||
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
|
||||
- when: devture_playbook_state_preserver_enabled | bool
|
||||
role: galaxy/com.devture.ansible.role.playbook_state_preserver
|
||||
tags:
|
||||
- setup-all
|
||||
|
||||
- role: galaxy/com.devture.ansible.role.playbook_runtime_messages
|
Loading…
Reference in a new issue