pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2021-07-28 15:08:06 +02:00
parent a501786ce6 dfa7b6e4fd
commit 9af287513d
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
35 changed files with 305 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/configuring-dns.md
View file

@ -68,4 +68,4 @@ This is an optional feature. See [ma1sd's documentation](https://github.com/ma1u
Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
When you're done with the DNS configuration and ready to proceed, continue with [Configuring this Ansible playbook](configuring-playbook.md).
When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md).

2
docs/configuring-playbook-jitsi.md
View file

@ -129,7 +129,7 @@ Until this gets integrated into the playbook, we need to register new users / me
Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container:
```bash
docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> matrix-jitsi-web <PASSWORD>
docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> meet.jitsi <PASSWORD>
```
Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.

2
docs/configuring-well-known.md
View file

@ -69,7 +69,7 @@ It is, however, **a little fragile**, as future updates performed by this playbo
If you don't need the base domain (e.g. `example.com`) for anything else (hosting a website, etc.), you can point it to the Matrix server's IP address and tell the playbook to configure it.
This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 2 might be more suitable.
This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 3 might be more suitable.
See [Serving the base domain](configuring-playbook-base-domain-serving.md) to learn how the playbook can help you set it up.

2
docs/self-building.md
View file

@ -25,8 +25,10 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-bridge-mautrix-facebook`
- `matrix-bridge-mautrix-hangouts`
- `matrix-bridge-mautrix-telegram`
- `matrix-bridge-mautrix-signal`
- `matrix-bridge-mx-puppet-skype`
- `matrix-bot-mjolnir`
- `matrix-bot-matrix-reminder-bot`
Adding self-building support to other roles is welcome. Feel free to contribute!

10
examples/apache/matrix-synapse.conf
View file

@ -32,6 +32,7 @@
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
# Keep some URIs free for different proxy/location
ProxyPassMatch ^/.well-known/matrix/client !
@ -46,6 +47,14 @@
ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client retry=0 nocanon
ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client
# Proxy Admin API (necessary for Synapse-Admin)
# ProxyPass /_synapse/admin http://127.0.0.1:8008/_synapse/admin retry=0 nocanon
# ProxyPassReverse /_synapse/admin http://127.0.0.1:8008/_synapse/admin
# Proxy Synapse-Admin
# ProxyPass /synapse-admin http://127.0.0.1:8766 retry=0 nocanon
# ProxyPassReverse /synapse-admin http://127.0.0.1:8766
# Map /.well-known/matrix/client for client discovery
Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client
<Files "/matrix/static-files/.well-known/matrix/client">
@ -111,6 +120,7 @@ Listen 8448
ProxyPreserveHost On
ProxyRequests Off
ProxyVia On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
# Proxy all remaining traffic to the Synapse port
# Beware: In this example the local traffic goes to the local synapse server at 127.0.0.1

20
group_vars/matrix_servers
View file

@ -374,14 +374,15 @@ matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provi
matrix_mautrix_signal_database_engine: 'postgres'
matrix_mautrix_signal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.signal.db') | to_uuid }}"
matrix_mautrix_signal_container_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_signal_daemon_container_self_build: "{{ matrix_architecture != 'amd64' }}"
######################################################################
#
# /matrix-bridge-mautrix-signal
#
######################################################################
matrix_mautrix_signal_container_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
######################################################################
#
# matrix-bridge-mautrix-telegram
@ -393,6 +394,8 @@ matrix_mautrix_telegram_enabled: false
# Images are multi-arch (amd64 and arm64, but not arm32).
matrix_mautrix_telegram_container_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_telegram_lottieconverter_container_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_telegram_lottieconverter_container_self_build_mask_arch: "{{ matrix_architecture != 'amd64' }}"
matrix_mautrix_telegram_systemd_required_services_list: |
{{
@ -808,6 +811,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_matrix_reminder_bot_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'reminder.bot.db') | to_uuid }}"
matrix_bot_matrix_reminder_bot_container_self_build: "{{ matrix_architecture != 'amd64' }}"
######################################################################
#
@ -1118,17 +1122,7 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
matrix_ma1sd_enabled: true
# There's no prebuilt ma1sd image for the `arm32` architecture.
# We're relying on self-building there.
matrix_ma1sd_architecture: "{{
{
'amd64': 'amd64',
'arm32': 'arm32',
'arm64': 'arm64',
}[matrix_architecture]
}}"
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose

2
inventory/scripts/jitsi-generate-passwords.sh
View file

@ -11,7 +11,6 @@ echo "# Install it before using this script, or simply create your own passwords
echo ""
JICOFO_COMPONENT_SECRET=$(generatePassword)
JICOFO_AUTH_PASSWORD=$(generatePassword)
JVB_AUTH_PASSWORD=$(generatePassword)
JIBRI_RECORDER_PASSWORD=$(generatePassword)
@ -19,7 +18,6 @@ JIBRI_XMPP_PASSWORD=$(generatePassword)
echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:"
echo ""
echo "matrix_jitsi_jicofo_component_secret: "$JICOFO_COMPONENT_SECRET
echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD
echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD
echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD

25
roles/matrix-awx/tasks/set_variables_ma1sd.yml
View file

@ -29,12 +29,7 @@
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
'matrix_synapse_ext_password_provider_rest_auth_endpoint': 'http://matrix-ma1sd:8090'
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Strip header from ma1sd configuration extension if using internal auth
set_fact:
ext_matrix_ma1sd_configuration_extension_yaml_parsed: "{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | reject('search', '^matrix_client_element_configuration_extension_json:') | list }}"
'matrix_synapse_ext_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"'
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Remove entire ma1sd configuration extension
@ -52,22 +47,13 @@
regexp: '^# Start ma1sd Extension# End ma1sd Extension'
replace: '# Start ma1sd Extension\n# End ma1sd Extension'
- name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd
- name: Insert/Update ma1sd configuration extension variables
delegate_to: 127.0.0.1
lineinfile:
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
line: "matrix_ma1sd_configuration_extension_yaml: |"
marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK"
insertafter: '# Start ma1sd Extension'
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Set ma1sd configuration extension if using external LDAP/AD with ma1sd
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertbefore: '# End ma1sd Extension'
line: '{{ item }}'
with_items: "{{ ext_matrix_ma1sd_configuration_extension_yaml_parsed }}"
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
block: '{{ ext_matrix_ma1sd_configuration_extension_yaml }}'
- name: Record ma1sd Custom variables locally on AWX
delegate_to: 127.0.0.1
@ -79,6 +65,7 @@
with_dict:
'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}'
'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
no_log: True
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
delegate_to: 127.0.0.1

25
roles/matrix-awx/tasks/set_variables_synapse.yml
View file

@ -154,17 +154,6 @@
with_items: "{{ ext_federation_whitelist_raw.splitlines() }}"
when: ext_federation_whitelist_raw|length > 0
- name: Record Synapse Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
- name: Set ext_recaptcha_public_key to a 'public-key' if undefined
set_fact: ext_recaptcha_public_key="public-key"
when: (ext_recaptcha_public_key is not defined) or (ext_recaptcha_public_key|length == 0)
@ -185,6 +174,20 @@
' recaptcha_public_key': '{{ ext_recaptcha_public_key }}'
' recaptcha_private_key': '{{ ext_recaptcha_private_key }}'
- name: Record Synapse Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
'ext_enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
'ext_recaptcha_public_key': '"{{ ext_recaptcha_public_key }}"'
'ext_recaptcha_private_key': '"{{ ext_recaptcha_private_key }}"'
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:

3
roles/matrix-base/defaults/main.yml
View file

@ -11,6 +11,9 @@ matrix_domain: ~
# This and the Element FQN (see below) are expected to be on the same server.
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
# This is where you access federation API.
matrix_server_fqn_matrix_federation: '{{ matrix_server_fqn_matrix }}'
# This is where you access the Element web UI from (if enabled via matrix_client_element_enabled; enabled by default).
# This and the Matrix FQN (see above) are expected to be on the same server.
matrix_server_fqn_element: "element.{{ matrix_domain }}"

2
roles/matrix-base/templates/static-files/well-known/matrix-server.j2
View file

@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: "True"
{
"m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}"
"m.server": "{{ matrix_server_fqn_matrix_federation }}:{{ matrix_federation_public_port }}"
}

7
roles/matrix-bot-matrix-reminder-bot/defaults/main.yml
View file

@ -2,7 +2,12 @@
# See: https://github.com/anoadragon453/matrix-reminder-bot
matrix_bot_matrix_reminder_bot_enabled: true
matrix_bot_matrix_reminder_bot_version: release-v0.2.0
matrix_bot_matrix_reminder_bot_container_self_build: false
matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
matrix_bot_matrix_reminder_bot_version: release-v0.2.1
matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_container_global_registry_prefix }}anoa/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"

22
roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
View file

@ -37,6 +37,7 @@
- { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true }
- { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true }
- { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true }
- { path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true}
when: "item.when|bool"
- name: Ensure matrix-reminder-bot image is pulled
@ -45,6 +46,27 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
when: "not matrix_bot_matrix_reminder_bot_container_self_build|bool"
- name: Ensure matrix-reminder-bot repository is present on self-build
git:
repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}"
dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
force: "yes"
register: matrix_bot_matrix_reminder_bot_git_pull_results
when: "matrix_bot_matrix_reminder_bot_container_self_build|bool"
- name: Ensure matrix-reminder-bot image is built
docker_image:
name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
source: build
force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: docker/Dockerfile
path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
pull: yes
when: "matrix_bot_matrix_reminder_bot_container_self_build|bool"
- name: Ensure matrix-reminder-bot config installed
copy:

6
roles/matrix-bridge-mautrix-signal/defaults/main.yml
View file

@ -3,7 +3,7 @@
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_self_build: false
matrix_mautrix_signal_container_self_build: false
matrix_mautrix_signal_docker_repo: "https://mau.dev/tulir/mautrix-signal.git"
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
@ -13,6 +13,10 @@ matrix_mautrix_signal_daemon_version: latest
matrix_mautrix_signal_docker_image: "dock.mau.dev/tulir/mautrix-signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_daemon_container_self_build: false
matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"

40
roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
View file

@ -8,6 +8,15 @@
The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure Mautrix Signal image is pulled
docker_image:
name: "{{ matrix_mautrix_signal_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
when: "matrix_mautrix_signal_enabled|bool and not matrix_mautrix_signal_container_self_build|bool"
- name: Ensure Mautrix Signal repository is present on self-build
git:
repo: "{{ matrix_mautrix_signal_docker_repo }}"
@ -28,14 +37,6 @@
pull: yes
when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_container_self_build|bool"
- name: Ensure Mautrix Signal image is pulled
docker_image:
name: "{{ matrix_mautrix_signal_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
when: "matrix_mautrix_signal_enabled|bool and not matrix_mautrix_signal_container_self_build|bool"
- name: Ensure Mautrix Signal Daemon image is pulled
docker_image:
@ -43,7 +44,28 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}"
when: matrix_mautrix_signal_enabled|bool
when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_self_build|bool
register: matrix_mautrix_signal_daemon_pull_results
- name: Ensure Mautrix Signal Daemon repository is present on self-build
git:
repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}"
dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
force: "yes"
register: matrix_mautrix_signal_daemon_git_pull_results
when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_daemon_container_self_build|bool"
- name: Ensure Mautrix Signal Daemon image is built
docker_image:
name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_daemon_container_self_build|bool"
- name: Ensure Mautrix Signal paths exist
file:

6
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View file

@ -3,6 +3,12 @@
matrix_mautrix_telegram_enabled: true
matrix_telegram_lottieconverter_container_self_build: false
matrix_telegram_lottieconverter_container_self_build_mask_arch: false
matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
matrix_mautrix_telegram_container_self_build: false
matrix_mautrix_telegram_docker_repo: "https://mau.dev/tulir/mautrix-telegram.git"
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"

24
roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
View file

@ -56,6 +56,26 @@
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}"
when: "not matrix_mautrix_telegram_container_self_build|bool"
- name: Ensure lottieconverter is present when self-building
git:
repo: "{{ matrix_telegram_lottieconverter_docker_repo }}"
dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}"
force: "yes"
register: matrix_telegram_lottieconverter_git_pull_results
when: "matrix_telegram_lottieconverter_container_self_build|bool and matrix_mautrix_telegram_container_self_build|bool"
- name: Ensure lottieconverter Docker image is built
docker_image:
name: "{{ matrix_telegram_lottieconverter_docker_image }}"
source: build
force_source: "{{ matrix_telegram_lottieconverter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_telegram_lottieconverter_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}"
pull: yes
when: "matrix_telegram_lottieconverter_container_self_build|bool and matrix_telegram_lottieconverter_git_pull_results.changed and matrix_mautrix_telegram_container_self_build|bool"
- name: Ensure matrix-mautrix-telegram repository is present when self-building
git:
repo: "{{ matrix_mautrix_telegram_docker_repo }}"
@ -73,7 +93,9 @@
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_telegram_docker_src_files_path }}"
pull: yes
pull: "{{ not matrix_telegram_lottieconverter_container_self_build_mask_arch|bool }}"
args:
TARGETARCH: ""
when: "matrix_mautrix_telegram_container_self_build|bool and matrix_mautrix_telegram_git_pull_results.changed"
- name: Check if an old database file already exists

2
roles/matrix-client-element/defaults/main.yml
View file

@ -3,7 +3,7 @@ matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
matrix_client_element_version: v1.7.32
matrix_client_element_version: v1.7.33
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

2
roles/matrix-client-hydrogen/defaults/main.yml
View file

@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
matrix_client_hydrogen_container_image_self_build: true
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
matrix_client_hydrogen_version: v0.2.0
matrix_client_hydrogen_version: v0.2.3
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

6
roles/matrix-jitsi/defaults/main.yml
View file

@ -32,8 +32,8 @@ matrix_jitsi_ldap_start_tls: false
matrix_jitsi_timezone: UTC
matrix_jitsi_xmpp_domain: matrix-jitsi-web
matrix_jitsi_xmpp_server: matrix-jitsi-prosody
matrix_jitsi_xmpp_domain: meet.jitsi
matrix_jitsi_xmpp_server: xmpp.meet.jitsi
matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
@ -53,7 +53,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-5765-1
matrix_jitsi_version: stable-5963
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

1
roles/matrix-jitsi/tasks/validate_config.yml
View file

@ -16,7 +16,6 @@
with_items:
- "matrix_jitsi_jibri_xmpp_password"
- "matrix_jitsi_jibri_recorder_password"
- "matrix_jitsi_jicofo_component_secret"
- "matrix_jitsi_jicofo_auth_password"
- "matrix_jitsi_jvb_auth_password"

41
roles/matrix-jitsi/templates/jicofo/env.j2
View file

@ -1,17 +1,34 @@
AUTH_TYPE={{ matrix_jitsi_auth_type }}
BRIDGE_AVG_PARTICIPANT_STRESS
BRIDGE_STRESS_THRESHOLD
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_AUTO_OWNER
ENABLE_CODEC_VP8
ENABLE_CODEC_VP9
ENABLE_CODEC_H264
ENABLE_OCTO
ENABLE_RECORDING
ENABLE_SCTP
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
JICOFO_ENABLE_HEALTH_CHECKS
JICOFO_SHORT_ID
JICOFO_RESERVATION_ENABLED
JICOFO_RESERVATION_REST_BASE_URL
JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
JIBRI_REQUEST_RETRIES
JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
JIGASI_BREWERY_MUC
JIGASI_SIP_URI
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
MAX_BRIDGE_PARTICIPANTS
OCTO_BRIDGE_SELECTION_STRATEGY
TZ={{ matrix_jitsi_timezone }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
TZ={{ matrix_jitsi_timezone }}

31
roles/matrix-jitsi/templates/jvb/env.j2
View file

@ -1,20 +1,25 @@
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
ENABLE_COLIBRI_WEBSOCKET
ENABLE_OCTO
DOCKER_HOST_ADDRESS
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
HOSTNAME=matrix-jitsi-jvb
JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
JVB_TCP_MAPPED_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }}
{% endif %}
JVB_ENABLE_APIS
JVB_WS_DOMAIN
JVB_WS_SERVER_ID
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
{{ matrix_jitsi_jvb_environment_variables_extension }}
JVB_OCTO_BIND_ADDRESS
JVB_OCTO_PUBLIC_ADDRESS
JVB_OCTO_BIND_PORT
JVB_OCTO_REGION
TZ={{ matrix_jitsi_timezone }}

1
roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
View file

@ -16,6 +16,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
--log-driver=none \
--network={{ matrix_docker_network }} \
--network-alias=jvb.meet.jitsi \
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \

32
roles/matrix-jitsi/templates/prosody/env.j2
View file

@ -1,10 +1,10 @@
AUTH_TYPE={{ matrix_jitsi_auth_type }}
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
ENABLE_XMPP_WEBSOCKET
GLOBAL_MODULES
GLOBAL_CONFIG
LDAP_URL={{ matrix_jitsi_ldap_url }}
LDAP_BASE={{ matrix_jitsi_ldap_base }}
LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}
@ -18,32 +18,34 @@ LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }}
LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }}
LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }}
LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_MODULES={{ matrix_jitsi_xmpp_modules }}
XMPP_MUC_MODULES=
XMPP_INTERNAL_MUC_MODULES=
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
JICOFO_COMPONENT_SECRET={{ matrix_jitsi_jicofo_component_secret }}
XMPP_CROSS_DOMAIN=true
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JIGASI_XMPP_USER=
JIGASI_XMPP_PASSWORD=
JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
JWT_APP_ID
JWT_APP_SECRET
JWT_ACCEPTED_ISSUERS
JWT_ACCEPTED_AUDIENCES
JWT_ASAP_KEYSERVER
JWT_ALLOW_EMPTY
JWT_AUTH_TYPE
JWT_TOKEN_AUTH_MODULE
LOG_LEVEL
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
TZ={{ matrix_jitsi_timezone }}

1
roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
View file

@ -16,6 +16,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
--log-driver=none \
--network={{ matrix_docker_network }} \
--network-alias={{ matrix_jitsi_xmpp_server }} \
{% if matrix_jitsi_prosody_container_http_host_bind_port %}
-p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \
{% endif %}

118
roles/matrix-jitsi/templates/web/env.j2
View file

@ -1,42 +1,94 @@
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}
DISABLE_HTTPS=1
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
ENABLE_COLIBRI_WEBSOCKET
ENABLE_FLOC=0
ENABLE_LETSENCRYPT=0
ENABLE_HTTP_REDIRECT=0
ENABLE_HSTS=0
ENABLE_XMPP_WEBSOCKET
DISABLE_HTTPS=0
DISABLE_DEEP_LINKING
LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }}
LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }}
LETSENCRYPT_USE_STAGING=0
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
TZ={{ matrix_jitsi_timezone }}
JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
AMPLITUDE_ID
ANALYTICS_SCRIPT_URLS
ANALYTICS_WHITELISTED_EVENTS
CALLSTATS_CUSTOM_SCRIPT_URL
CALLSTATS_ID
CALLSTATS_SECRET
CHROME_EXTENSION_BANNER_JSON
CONFCODE_URL
CONFIG_EXTERNAL_CONNECT
DEFAULT_LANGUAGE
DEPLOYMENTINFO_ENVIRONMENT
DEPLOYMENTINFO_ENVIRONMENT_TYPE
DEPLOYMENTINFO_REGION
DEPLOYMENTINFO_SHARD
DEPLOYMENTINFO_USERREGION
DIALIN_NUMBERS_URL
DIALOUT_AUTH_URL
DIALOUT_CODES_URL
DROPBOX_APPKEY
DROPBOX_REDIRECT_URI
DYNAMIC_BRANDING_URL
ENABLE_AUDIO_PROCESSING
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_CALENDAR
ENABLE_FILE_RECORDING_SERVICE
ENABLE_FILE_RECORDING_SERVICE_SHARING
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_IPV6
ENABLE_LIPSYNC
ENABLE_NO_AUDIO_DETECTION
ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}
ENABLE_PREJOIN_PAGE
ENABLE_WELCOME_PAGE
ENABLE_CLOSE_PAGE
ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}
ENABLE_REMB
ENABLE_REQUIRE_DISPLAY_NAME
ENABLE_SIMULCAST
ENABLE_STATS_ID
ENABLE_STEREO
ENABLE_SUBDOMAINS
ENABLE_TALK_WHILE_MUTED
ENABLE_TCC
ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
ETHERPAD_PUBLIC_URL
ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
GOOGLE_ANALYTICS_ID
GOOGLE_API_APP_CLIENT_ID
INVITE_SERVICE_URL
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
MATOMO_ENDPOINT
MATOMO_SITE_ID
MICROSOFT_API_APP_CLIENT_ID
NGINX_RESOLVER
NGINX_WORKER_PROCESSES
NGINX_WORKER_CONNECTIONS
PEOPLE_SEARCH_URL
RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }}
RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }}
RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }}
RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }}
START_AUDIO_ONLY
START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
START_WITH_AUDIO_MUTED
START_SILENT
DISABLE_AUDIO_LEVELS
ENABLE_NOISY_MIC_DETECTION
START_BITRATE
DESKTOP_SHARING_FRAMERATE_MIN
DESKTOP_SHARING_FRAMERATE_MAX
START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }}
ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
{{ matrix_jitsi_web_environment_variables_extension }}
START_WITH_VIDEO_MUTED
TESTING_CAP_SCREENSHARE_BITRATE
TESTING_OCTO_PROBABILITY
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
TOKEN_AUTH_URL

1
roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2
View file

@ -16,6 +16,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }}
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
--log-driver=none \
--network={{ matrix_docker_network }} \
--network-alias={{ matrix_jitsi_xmpp_domain }} \
--env-file={{ matrix_jitsi_web_base_path }}/env \
{% if matrix_jitsi_web_container_http_host_bind_port %}
-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \

6
roles/matrix-ma1sd/defaults/main.yml
View file

@ -7,11 +7,9 @@ matrix_ma1sd_container_image_self_build: false
matrix_ma1sd_container_image_self_build_repo: "https://github.com/ma1uta/ma1sd.git"
matrix_ma1sd_container_image_self_build_branch: "{{ matrix_ma1sd_version }}"
matrix_ma1sd_architecture: "amd64"
matrix_ma1sd_version: "2.5.0"
matrix_ma1sd_version: "2.4.0"
matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:{{ matrix_ma1sd_version }}-{{ matrix_ma1sd_architecture }}"
matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:{{ matrix_ma1sd_version }}"
matrix_ma1sd_docker_image_name_prefix: "{{ 'localhost/' if matrix_ma1sd_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"

1
roles/matrix-ma1sd/tasks/validate_config.yml
View file

@ -28,6 +28,7 @@
- 'matrix_ma1sd_ldap_auth_filter'
- 'matrix_ma1sd_ldap_directory_filter'
- 'matrix_ma1sd_template_config'
- 'matrix_ma1sd_architecture'
- name: Ensure ma1sd configuration does not contain any dot-notation keys
fail:

1
roles/matrix-nginx-proxy/defaults/main.yml
View file

@ -120,6 +120,7 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}"
# Controls whether proxying the matrix domain should be done.
matrix_nginx_proxy_proxy_matrix_enabled: false
matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_nginx_proxy_proxy_matrix_federation_hostname: "{{ matrix_nginx_proxy_proxy_matrix_hostname }}"
# The port name used for federation in the nginx configuration.
# This is not necessarily the port that it's actually on,
# as port-mapping happens (`-p ..`) for the `matrix-nginx-proxy` container.

2
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2
View file

@ -1,7 +1,7 @@
#jinja2: lstrip_blocks: "True"
{% macro render_vhost_directives() %}
root /nginx-data/matrix-domain;
root {{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-domain;
gzip on;
gzip_types text/plain application/json;

2
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
View file

@ -239,7 +239,7 @@ server {
listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }};
{% endif %}
server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};
server_name {{ matrix_nginx_proxy_proxy_matrix_federation_hostname }};
server_tokens off;
root /dev/null;

2
roles/matrix-prometheus-node-exporter/defaults/main.yml
View file

@ -3,7 +3,7 @@
matrix_prometheus_node_exporter_enabled: false
matrix_prometheus_node_exporter_version: v1.1.2
matrix_prometheus_node_exporter_version: v1.2.0
matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"

4
roles/matrix-synapse/defaults/main.yml
View file

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.38.0
matrix_synapse_version_arm64: v1.38.0
matrix_synapse_version: v1.38.1
matrix_synapse_version_arm64: v1.38.1
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"