diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 525f4854..8c2dded4 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -33,6 +33,14 @@ matrix_dendrite_http_bind_address: "{{ (':' + matrix_dendrite_http_bind_port | s # This is passed as an `-https-bind-address` flag to the Dendrite server in the container matrix_dendrite_https_bind_address: "{{ (':' + matrix_dendrite_https_bind_port | string) if matrix_dendrite_https_bind_port else '' }}" +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_dendrite_container_network: "{{ matrix_docker_network }}" + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +# Use this to expose this container to another reverse proxy, which runs in a different container network. +matrix_dendrite_container_additional_networks: [] + # Controls whether the matrix-dendrite container exposes the HTTP port (tcp/{{ matrix_dendrite_http_bind_port }} in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8008"), or empty string to not expose. diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index c516c5b7..3b8cbd9b 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -76,6 +76,11 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Ensure Dendrite container network is created + community.general.docker_network: + name: "{{ matrix_dendrite_container_network }}" + driver: bridge + - name: Ensure matrix-dendrite.service installed ansible.builtin.template: src: "{{ role_path }}/templates/dendrite/systemd/matrix-dendrite.service.j2" diff --git a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 4649c3a3..378cf596 100644 --- a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -22,13 +22,15 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s ExecStartPre={{ matrix_host_command_sleep }} 5 {% endif %} -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dendrite \ +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-dendrite \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_dendrite_tmp_directory_size_mb }}m \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_dendrite_container_network }} \ {% if matrix_dendrite_container_http_host_bind_address and matrix_dendrite_http_bind_port %} -p {{ matrix_dendrite_container_http_host_bind_address }}:{{ matrix_dendrite_http_bind_port }} \ {% endif %} @@ -54,6 +56,12 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name -https-bind-address {{ matrix_dendrite_https_bind_address }} {% endif %} +{% for network in matrix_dendrite_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-dendrite +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-dendrite + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1'