Allow additional volumes to be mounted into matrix-nginx-proxy

Certain use-cases may require that people mount additional files
into the matrix-nginx-proxy container. Similarly to how we do it
for Synapse, we are introducing a new variable that makes this
possible (`matrix_nginx_proxy_container_additional_volumes`).

This makes the htpasswd file for Synapse Metrics (introduced in #86,
Github Pull Request) to also perform mounting using this new mechanism.
Hopefully, for such an "extension", keeping htpasswd file-creation and
volume definition in the same place (the tasks file) is better.

All other major volumes' mounting mechanism remains the same (explicit
mounting).
This commit is contained in:
Slavi Pantaleev 2019-02-05 11:46:16 +02:00
parent 9a251e4e46
commit 96afbbb5af
3 changed files with 17 additions and 3 deletions

View file

@ -14,6 +14,12 @@ matrix_nginx_proxy_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-nginx-proxy.service wants # List of systemd services that matrix-nginx-proxy.service wants
matrix_nginx_proxy_systemd_wanted_services_list: [] matrix_nginx_proxy_systemd_wanted_services_list: []
# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically at runtime. You can provide a different default value,
# if you wish to mount your own files into the container.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
matrix_nginx_proxy_container_additional_volumes: []
# Controls whether proxying the riot domain should be done. # Controls whether proxying the riot domain should be done.
matrix_nginx_proxy_proxy_riot_enabled: false matrix_nginx_proxy_proxy_riot_enabled: false
matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}" matrix_nginx_proxy_proxy_riot_hostname: "{{ hostname_riot }}"

View file

@ -37,6 +37,14 @@
mode: 0400 mode: 0400
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics" when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
- name: Ensure matrix-synapse-metrics-htpasswd is mounted into the matrix-nginx-proxy container
- set_fact:
matrix_nginx_proxy_container_additional_volumes: >
{{ matrix_nginx_proxy_container_additional_volumes }}
+
{{ [{'src': '{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd', 'dst': '/etc/nginx/.matrix-synapse-metrics-htpasswd', 'options': 'ro'}] }}
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
- name: Ensure Matrix nginx-proxy configured (generic) - name: Ensure Matrix nginx-proxy configured (generic)
template: template:
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2" src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"

View file

@ -26,9 +26,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \ -v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
-v {{ matrix_ssl_config_dir_path }}:{{ matrix_ssl_config_dir_path }}:ro \ -v {{ matrix_ssl_config_dir_path }}:{{ matrix_ssl_config_dir_path }}:ro \
-v {{ matrix_static_files_base_path }}:{{ matrix_static_files_base_path }}:ro \ -v {{ matrix_static_files_base_path }}:{{ matrix_static_files_base_path }}:ro \
{% if (matrix_nginx_proxy_proxy_synapse_metrics and matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled) %} {% for volume in matrix_nginx_proxy_container_additional_volumes %}
-v {{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd:/etc/nginx/.matrix-synapse-metrics-htpasswd:ro \ -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endif %} {% endfor %}
{{ matrix_nginx_proxy_docker_image }} {{ matrix_nginx_proxy_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy ExecStop=-/usr/bin/docker kill matrix-nginx-proxy