Merge branch 'master' into pub.solar
This commit is contained in:
commit
adf69df131
29
CHANGELOG.md
29
CHANGELOG.md
|
@ -1,3 +1,32 @@
|
||||||
|
# 2023-01-26
|
||||||
|
|
||||||
|
## Coturn can now use host-networking
|
||||||
|
|
||||||
|
Large Coturn deployments (with a huge range of ports specified via `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`) experience a huge slowdown with how Docker publishes all these ports (setting up firewall forwarding rules), which leads to a very slow Coturn service startup and shutdown.
|
||||||
|
|
||||||
|
Such deployments don't need to run Coturn within a private container network anymore. Coturn can now run with host-networking by using configuration like this:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_coturn_docker_network: host
|
||||||
|
```
|
||||||
|
|
||||||
|
With such a configuration, **Docker no longer needs to configure thousands of firewall forwarding rules** each time Coturn starts and stops.
|
||||||
|
This, however, means that **you will need to ensure these ports are open** in your firewall yourself.
|
||||||
|
|
||||||
|
Thanks to us [tightening Coturn security](#backward-compatibility-tightening-coturn-security-can-lead-to-connectivity-issues), running Coturn with host-networking should be safe and not expose neither other services running on the host, nor other services running on the local network.
|
||||||
|
|
||||||
|
|
||||||
|
## (Backward Compatibility) Tightening Coturn security can lead to connectivity issues
|
||||||
|
|
||||||
|
**TLDR**: users who run and access their Matrix server on a private network (likely a small minority of users) may experience connectivity issues with our new default Coturn blocklists. They may need to override `matrix_coturn_denied_peer_ips` and remove some IP ranges from it.
|
||||||
|
|
||||||
|
Inspired by [this security article](https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/), we've decided to make use of Coturn's `denied-peer-ip` functionality to prevent relaying network traffic to certain private IP subnets. This ensures that your Coturn server won't accidentally try to forward traffic to certain services running on your local networks. We run Coturn in a container and in a private container network by default, which should prevent such access anyway, but having additional block layers in place is better.
|
||||||
|
|
||||||
|
If you access your Matrix server from a local network and need Coturn to relay to private IP addresses, you may observe that relaying is now blocked due to our new default `denied-peer-ip` lists (specified in `matrix_coturn_denied_peer_ips`). If you experience such connectivity problems, consider overriding this setting in your `vars.yml` file and removing certain networks from it.
|
||||||
|
|
||||||
|
We've also added `no-multicast-peers` to the default Coturn configuration, but we don't expect this to cause trouble for most people.
|
||||||
|
|
||||||
|
|
||||||
# 2023-01-21
|
# 2023-01-21
|
||||||
|
|
||||||
## The matrix-prometheus-node-exporter role lives independently now
|
## The matrix-prometheus-node-exporter role lives independently now
|
||||||
|
|
|
@ -807,6 +807,12 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro
|
||||||
|
|
||||||
matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
|
matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
|
||||||
|
|
||||||
|
# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
|
||||||
|
# - `matrix_mautrix_facebook_metrics_enabled`
|
||||||
|
# - `matrix_mautrix_facebook_proxying_metrics_enabled`
|
||||||
|
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
|
||||||
|
matrix_mautrix_facebook_metrics_enabled: "{{ matrix_prometheus_enabled }}"
|
||||||
|
|
||||||
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
|
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
|
||||||
# and point them to a migration path.
|
# and point them to a migration path.
|
||||||
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
|
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
|
||||||
|
@ -934,6 +940,12 @@ matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_pr
|
||||||
|
|
||||||
matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
|
matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}"
|
||||||
|
|
||||||
|
# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
|
||||||
|
# - `matrix_mautrix_instagram_metrics_enabled`
|
||||||
|
# - `matrix_mautrix_instagram_proxying_metrics_enabled`
|
||||||
|
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
|
||||||
|
matrix_mautrix_instagram_metrics_enabled: "{{ matrix_prometheus_enabled }}"
|
||||||
|
|
||||||
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
|
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
|
||||||
# and point them to a migration path.
|
# and point them to a migration path.
|
||||||
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
|
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
|
||||||
|
@ -979,6 +991,12 @@ matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_gene
|
||||||
|
|
||||||
matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||||
|
|
||||||
|
# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
|
||||||
|
# - `matrix_mautrix_signal_metrics_enabled`
|
||||||
|
# - `matrix_mautrix_signal_proxying_metrics_enabled`
|
||||||
|
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
|
||||||
|
matrix_mautrix_signal_metrics_enabled: "{{ matrix_prometheus_enabled }}"
|
||||||
|
|
||||||
matrix_mautrix_signal_database_engine: 'postgres'
|
matrix_mautrix_signal_database_engine: 'postgres'
|
||||||
matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
||||||
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
|
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
|
||||||
|
@ -1103,6 +1121,12 @@ matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge
|
||||||
|
|
||||||
matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||||
|
|
||||||
|
# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
|
||||||
|
# - `matrix_mautrix_twitter_metrics_enabled`
|
||||||
|
# - `matrix_mautrix_twitter_proxying_metrics_enabled`
|
||||||
|
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
|
||||||
|
matrix_mautrix_twitter_metrics_enabled: "{{ matrix_prometheus_enabled }}"
|
||||||
|
|
||||||
# Postgres is the default, except if not using internal Postgres server
|
# Postgres is the default, except if not using internal Postgres server
|
||||||
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
|
matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
|
||||||
matrix_mautrix_whatsapp_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
matrix_mautrix_whatsapp_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
||||||
|
|
|
@ -31,4 +31,4 @@
|
||||||
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
|
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
|
||||||
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
|
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
|
||||||
version: v1.5.0-0
|
version: v1.5.0-1
|
||||||
|
|
|
@ -15,7 +15,7 @@ matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/do
|
||||||
matrix_backup_borg_version: ""
|
matrix_backup_borg_version: ""
|
||||||
matrix_backup_borg_postgres_version: ""
|
matrix_backup_borg_postgres_version: ""
|
||||||
matrix_backup_borg_borg_version: 1.2.3
|
matrix_backup_borg_borg_version: 1.2.3
|
||||||
matrix_backup_borg_borgmatic_version: 1.7.5
|
matrix_backup_borg_borgmatic_version: 1.7.6
|
||||||
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
|
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
|
||||||
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
|
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
|
||||||
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}"
|
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}"
|
||||||
|
|
|
@ -9,7 +9,7 @@ matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot
|
||||||
matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}"
|
matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}"
|
||||||
matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src"
|
matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src"
|
||||||
|
|
||||||
matrix_bot_chatgpt_version: 1.2.3
|
matrix_bot_chatgpt_version: 1.4.1
|
||||||
matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}"
|
matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}"
|
||||||
matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}"
|
matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}"
|
||||||
matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}"
|
matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}"
|
||||||
|
@ -31,6 +31,9 @@ matrix_bot_chatgpt_systemd_wanted_services_list: []
|
||||||
matrix_bot_chatgpt_openai_email: '' # OPENAI_EMAIL=
|
matrix_bot_chatgpt_openai_email: '' # OPENAI_EMAIL=
|
||||||
matrix_bot_chatgpt_openai_password: '' # OPENAI_PASSWORD=
|
matrix_bot_chatgpt_openai_password: '' # OPENAI_PASSWORD=
|
||||||
matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google"
|
matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google"
|
||||||
|
matrix_bot_chatgpt_openai_pro: false # OPENAI_PRO
|
||||||
|
|
||||||
|
matrix_bot_chatgpt_context: 'thread' # CHATGPT_CONTEXT="thread"
|
||||||
|
|
||||||
# Matrix Static Settings (required, see notes)
|
# Matrix Static Settings (required, see notes)
|
||||||
# Defaults to "https://matrix.org"
|
# Defaults to "https://matrix.org"
|
||||||
|
|
|
@ -4,6 +4,9 @@ MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }}
|
||||||
OPENAI_EMAIL={{ matrix_bot_chatgpt_openai_email }}
|
OPENAI_EMAIL={{ matrix_bot_chatgpt_openai_email }}
|
||||||
OPENAI_PASSWORD={{ matrix_bot_chatgpt_openai_password }}
|
OPENAI_PASSWORD={{ matrix_bot_chatgpt_openai_password }}
|
||||||
OPENAI_LOGIN_TYPE={{ matrix_bot_chatgpt_openai_login_type }}
|
OPENAI_LOGIN_TYPE={{ matrix_bot_chatgpt_openai_login_type }}
|
||||||
|
OPENAI_PRO={{ matrix_bot_chatgpt_openai_pro | to_json }}
|
||||||
|
|
||||||
|
CHATGPT_CONTEXT={{ matrix_bot_chatgpt_context }}
|
||||||
|
|
||||||
# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN
|
# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN
|
||||||
MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }}
|
MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }}
|
||||||
|
|
|
@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock
|
||||||
matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
|
matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
|
||||||
|
|
||||||
|
|
||||||
matrix_bot_maubot_version: v0.3.1
|
matrix_bot_maubot_version: v0.4.0
|
||||||
matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
|
matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
|
||||||
matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
|
matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false
|
||||||
matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
|
matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
|
||||||
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
|
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
|
||||||
|
|
||||||
matrix_mautrix_discord_version: latest
|
matrix_mautrix_discord_version: v0.1.0
|
||||||
# See: https://mau.dev/mautrix/discord/container_registry
|
# See: https://mau.dev/mautrix/discord/container_registry
|
||||||
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
|
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
|
||||||
matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
|
|
|
@ -46,6 +46,16 @@ matrix_mautrix_facebook_homeserver_token: ''
|
||||||
# If false, created portal rooms will never be federated.
|
# If false, created portal rooms will never be federated.
|
||||||
matrix_mautrix_facebook_federate_rooms: true
|
matrix_mautrix_facebook_federate_rooms: true
|
||||||
|
|
||||||
|
# Whether or not metrics endpoint should be enabled.
|
||||||
|
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
|
||||||
|
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_facebook_metrics_proxying_enabled`.
|
||||||
|
matrix_mautrix_facebook_metrics_enabled: false
|
||||||
|
|
||||||
|
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-facebook`.
|
||||||
|
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
|
||||||
|
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
|
||||||
|
matrix_mautrix_facebook_metrics_proxying_enabled: false
|
||||||
|
|
||||||
matrix_mautrix_facebook_bridge_permissions: |
|
matrix_mautrix_facebook_bridge_permissions: |
|
||||||
{{
|
{{
|
||||||
{matrix_mautrix_facebook_homeserver_domain: 'user'}
|
{matrix_mautrix_facebook_homeserver_domain: 'user'}
|
||||||
|
|
|
@ -42,3 +42,28 @@
|
||||||
URL endpoint to the matrix-mautrix-facebook container.
|
URL endpoint to the matrix-mautrix-facebook container.
|
||||||
You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
|
You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
|
||||||
when: "not matrix_nginx_proxy_enabled | default(False) | bool"
|
when: "not matrix_nginx_proxy_enabled | default(False) | bool"
|
||||||
|
|
||||||
|
- when: matrix_mautrix_facebook_metrics_proxying_enabled | bool
|
||||||
|
block:
|
||||||
|
- name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_mautrix_facebook_nginx_metrics_configuration_block: |
|
||||||
|
location /metrics/mautrix-facebook {
|
||||||
|
{% if matrix_nginx_proxy_enabled | default(False) %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "matrix-mautrix-facebook:8000";
|
||||||
|
proxy_pass http://$backend/metrics;
|
||||||
|
{% else %}
|
||||||
|
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
|
||||||
|
{{
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
|
||||||
|
+
|
||||||
|
[matrix_mautrix_facebook_nginx_metrics_configuration_block]
|
||||||
|
}}
|
||||||
|
|
|
@ -62,7 +62,7 @@ appservice:
|
||||||
|
|
||||||
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: {{ matrix_mautrix_facebook_metrics_enabled | to_json }}
|
||||||
listen_port: 8000
|
listen_port: 8000
|
||||||
|
|
||||||
# Bridge config
|
# Bridge config
|
||||||
|
|
|
@ -47,6 +47,16 @@ matrix_mautrix_instagram_homeserver_token: ''
|
||||||
# If false, created portal rooms will never be federated.
|
# If false, created portal rooms will never be federated.
|
||||||
matrix_mautrix_instagram_federate_rooms: true
|
matrix_mautrix_instagram_federate_rooms: true
|
||||||
|
|
||||||
|
# Whether or not metrics endpoint should be enabled.
|
||||||
|
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
|
||||||
|
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_instagram_metrics_proxying_enabled`.
|
||||||
|
matrix_mautrix_instagram_metrics_enabled: false
|
||||||
|
|
||||||
|
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-instagram`.
|
||||||
|
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
|
||||||
|
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
|
||||||
|
matrix_mautrix_instagram_metrics_proxying_enabled: false
|
||||||
|
|
||||||
# Database-related configuration fields.
|
# Database-related configuration fields.
|
||||||
#
|
#
|
||||||
# To use Postgres:
|
# To use Postgres:
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if matrix-nginx-proxy role already executed
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
|
||||||
|
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||||
|
To fix this, please change the order of roles in your playbook,
|
||||||
|
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-instagram role.
|
||||||
|
when: matrix_nginx_proxy_role_executed | default(False) | bool
|
||||||
|
|
||||||
|
- when: matrix_mautrix_instagram_metrics_proxying_enabled | bool
|
||||||
|
block:
|
||||||
|
- name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_mautrix_instagram_nginx_metrics_configuration_block: |
|
||||||
|
location /metrics/mautrix-instagram {
|
||||||
|
{% if matrix_nginx_proxy_enabled | default(False) %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "matrix-mautrix-instagram:8000";
|
||||||
|
proxy_pass http://$backend/metrics;
|
||||||
|
{% else %}
|
||||||
|
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
|
||||||
|
{{
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
|
||||||
|
+
|
||||||
|
[matrix_mautrix_instagram_nginx_metrics_configuration_block]
|
||||||
|
}}
|
|
@ -1,5 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- when: matrix_mautrix_instagram_enabled | bool and matrix_mautrix_instagram_metrics_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-nginx-proxy
|
||||||
|
- install-all
|
||||||
|
- install-nginx-proxy
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- when: matrix_mautrix_instagram_enabled | bool
|
- when: matrix_mautrix_instagram_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
|
|
@ -57,7 +57,7 @@ appservice:
|
||||||
|
|
||||||
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: {{ matrix_mautrix_instagram_metrics_enabled | to_json }}
|
||||||
listen_port: 8000
|
listen_port: 8000
|
||||||
|
|
||||||
instagram:
|
instagram:
|
||||||
|
|
|
@ -70,6 +70,16 @@ matrix_mautrix_signal_logging_level: WARNING
|
||||||
# If false, created portal rooms will never be federated.
|
# If false, created portal rooms will never be federated.
|
||||||
matrix_mautrix_signal_federate_rooms: true
|
matrix_mautrix_signal_federate_rooms: true
|
||||||
|
|
||||||
|
# Whether or not metrics endpoint should be enabled.
|
||||||
|
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
|
||||||
|
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`.
|
||||||
|
matrix_mautrix_signal_metrics_enabled: false
|
||||||
|
|
||||||
|
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-signal`.
|
||||||
|
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
|
||||||
|
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
|
||||||
|
matrix_mautrix_signal_metrics_proxying_enabled: false
|
||||||
|
|
||||||
# Database-related configuration fields
|
# Database-related configuration fields
|
||||||
#
|
#
|
||||||
# This bridge only supports postgres.
|
# This bridge only supports postgres.
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if matrix-nginx-proxy role already executed
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
|
||||||
|
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||||
|
To fix this, please change the order of roles in your playbook,
|
||||||
|
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role.
|
||||||
|
when: matrix_nginx_proxy_role_executed | default(False) | bool
|
||||||
|
|
||||||
|
- when: matrix_mautrix_signal_metrics_proxying_enabled | bool
|
||||||
|
block:
|
||||||
|
- name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_mautrix_signal_nginx_metrics_configuration_block: |
|
||||||
|
location /metrics/mautrix-signal {
|
||||||
|
{% if matrix_nginx_proxy_enabled | default(False) %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "matrix-mautrix-signal:8000";
|
||||||
|
proxy_pass http://$backend/metrics;
|
||||||
|
{% else %}
|
||||||
|
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
|
||||||
|
{{
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
|
||||||
|
+
|
||||||
|
[matrix_mautrix_signal_nginx_metrics_configuration_block]
|
||||||
|
}}
|
|
@ -1,5 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- when: matrix_mautrix_signal_enabled | bool and matrix_mautrix_signal_metrics_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-nginx-proxy
|
||||||
|
- install-all
|
||||||
|
- install-nginx-proxy
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- when: matrix_mautrix_signal_enabled | bool
|
- when: matrix_mautrix_signal_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
|
|
@ -67,7 +67,7 @@ appservice:
|
||||||
|
|
||||||
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: {{ matrix_mautrix_signal_metrics_enabled | to_json }}
|
||||||
listen_port: 8000
|
listen_port: 8000
|
||||||
|
|
||||||
# Manhole config.
|
# Manhole config.
|
||||||
|
|
|
@ -79,7 +79,7 @@ bridge:
|
||||||
# TODO: document variables
|
# TODO: document variables
|
||||||
displayname_template: "{{ '{{.RealName}} (S)' }}"
|
displayname_template: "{{ '{{.RealName}} (S)' }}"
|
||||||
bot_displayname_template: "{{ '{{.Name}} (bot)' }}"
|
bot_displayname_template: "{{ '{{.Name}} (bot)' }}"
|
||||||
channel_name_template: "{{ '#{{.Name}}' }}"
|
channel_name_template: "{{ '#{{.Name}} ({{.TeamName}})' }}"
|
||||||
|
|
||||||
portal_message_buffer: 128
|
portal_message_buffer: 128
|
||||||
|
|
||||||
|
|
|
@ -78,6 +78,16 @@ matrix_mautrix_twitter_appservice_bot_username: twitterbot
|
||||||
# Specifies the default log level for all bridge loggers.
|
# Specifies the default log level for all bridge loggers.
|
||||||
matrix_mautrix_twitter_logging_level: WARNING
|
matrix_mautrix_twitter_logging_level: WARNING
|
||||||
|
|
||||||
|
# Whether or not metrics endpoint should be enabled.
|
||||||
|
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
|
||||||
|
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_twitter_metrics_proxying_enabled`.
|
||||||
|
matrix_mautrix_twitter_metrics_enabled: false
|
||||||
|
|
||||||
|
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-twitter`.
|
||||||
|
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
|
||||||
|
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
|
||||||
|
matrix_mautrix_twitter_metrics_proxying_enabled: false
|
||||||
|
|
||||||
# Default configuration template which covers the generic use case.
|
# Default configuration template which covers the generic use case.
|
||||||
# You can customize it by controlling the various variables inside it.
|
# You can customize it by controlling the various variables inside it.
|
||||||
#
|
#
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if matrix-nginx-proxy role already executed
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
|
||||||
|
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||||
|
To fix this, please change the order of roles in your playbook,
|
||||||
|
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-twitter role.
|
||||||
|
when: matrix_nginx_proxy_role_executed | default(False) | bool
|
||||||
|
|
||||||
|
- when: matrix_mautrix_twitter_metrics_proxying_enabled | bool
|
||||||
|
block:
|
||||||
|
- name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_mautrix_twitter_nginx_metrics_configuration_block: |
|
||||||
|
location /metrics/mautrix-twitter {
|
||||||
|
{% if matrix_nginx_proxy_enabled | default(False) %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "matrix-mautrix-twitter:8000";
|
||||||
|
proxy_pass http://$backend/metrics;
|
||||||
|
{% else %}
|
||||||
|
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
|
||||||
|
{{
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
|
||||||
|
+
|
||||||
|
[matrix_mautrix_twitter_nginx_metrics_configuration_block]
|
||||||
|
}}
|
|
@ -1,5 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- when: matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_metrics_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-nginx-proxy
|
||||||
|
- install-all
|
||||||
|
- install-nginx-proxy
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- when: matrix_mautrix_twitter_enabled | bool
|
- when: matrix_mautrix_twitter_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
|
|
@ -65,7 +65,7 @@ appservice:
|
||||||
|
|
||||||
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: {{ matrix_mautrix_twitter_metrics_enabled | to_json }}
|
||||||
listen_port: 8000
|
listen_port: 8000
|
||||||
|
|
||||||
# Bridge config
|
# Bridge config
|
||||||
|
|
|
@ -47,6 +47,16 @@ matrix_mautrix_whatsapp_logging_level: 'warn'
|
||||||
# If false, created portal rooms will never be federated.
|
# If false, created portal rooms will never be federated.
|
||||||
matrix_mautrix_whatsapp_federate_rooms: true
|
matrix_mautrix_whatsapp_federate_rooms: true
|
||||||
|
|
||||||
|
# Whether or not metrics endpoint should be enabled.
|
||||||
|
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
|
||||||
|
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_whatsapp_metrics_proxying_enabled`.
|
||||||
|
matrix_mautrix_whatsapp_metrics_enabled: false
|
||||||
|
|
||||||
|
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-whatsapp`.
|
||||||
|
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
|
||||||
|
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
|
||||||
|
matrix_mautrix_whatsapp_metrics_proxying_enabled: false
|
||||||
|
|
||||||
# Database-related configuration fields.
|
# Database-related configuration fields.
|
||||||
#
|
#
|
||||||
# To use SQLite, stick to these defaults.
|
# To use SQLite, stick to these defaults.
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if matrix-nginx-proxy role already executed
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
|
||||||
|
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||||
|
To fix this, please change the order of roles in your playbook,
|
||||||
|
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-whatsapp role.
|
||||||
|
when: matrix_nginx_proxy_role_executed | default(False) | bool
|
||||||
|
|
||||||
|
- when: matrix_mautrix_whatsapp_metrics_proxying_enabled | bool
|
||||||
|
block:
|
||||||
|
- name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_mautrix_whatsapp_nginx_metrics_configuration_block: |
|
||||||
|
location /metrics/mautrix-whatsapp {
|
||||||
|
{% if matrix_nginx_proxy_enabled | default(False) %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "matrix-mautrix-whatsapp:8001";
|
||||||
|
proxy_pass http://$backend/metrics;
|
||||||
|
{% else %}
|
||||||
|
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp)
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
|
||||||
|
{{
|
||||||
|
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
|
||||||
|
+
|
||||||
|
[matrix_mautrix_whatsapp_nginx_metrics_configuration_block]
|
||||||
|
}}
|
|
@ -1,5 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- when: matrix_mautrix_whatsapp_enabled | bool and matrix_mautrix_whatsapp_metrics_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-nginx-proxy
|
||||||
|
- install-all
|
||||||
|
- install-nginx-proxy
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- when: matrix_mautrix_whatsapp_enabled | bool
|
- when: matrix_mautrix_whatsapp_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
|
|
@ -67,9 +67,9 @@ segment_key: null
|
||||||
# Prometheus config.
|
# Prometheus config.
|
||||||
metrics:
|
metrics:
|
||||||
# Enable prometheus metrics?
|
# Enable prometheus metrics?
|
||||||
enabled: false
|
enabled: {{ matrix_mautrix_whatsapp_metrics_enabled | to_json }}
|
||||||
# IP and port where the metrics listener should be. The path is always /metrics
|
# IP and port where the metrics listener should be. The path is always /metrics
|
||||||
listen: 127.0.0.1:8001
|
listen: 0.0.0.0:8001
|
||||||
|
|
||||||
# Config for things that are directly sent to WhatsApp.
|
# Config for things that are directly sent to WhatsApp.
|
||||||
whatsapp:
|
whatsapp:
|
||||||
|
|
|
@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true
|
||||||
matrix_client_cinny_container_image_self_build: false
|
matrix_client_cinny_container_image_self_build: false
|
||||||
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
|
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
|
||||||
|
|
||||||
matrix_client_cinny_version: v2.2.3
|
matrix_client_cinny_version: v2.2.4
|
||||||
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
|
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
|
||||||
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
|
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
|
||||||
# - https://github.com/vector-im/element-web/issues/19544
|
# - https://github.com/vector-im/element-web/issues/19544
|
||||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||||
|
|
||||||
matrix_client_element_version: v1.11.20
|
matrix_client_element_version: v1.11.21
|
||||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
|
||||||
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
|
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
|
||||||
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
|
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
|
||||||
|
|
||||||
matrix_coturn_version: 4.6.1-r0
|
matrix_coturn_version: 4.6.1-r1
|
||||||
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
|
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
|
||||||
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
||||||
|
@ -20,6 +20,13 @@ matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith('
|
||||||
#
|
#
|
||||||
# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
|
# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
|
||||||
# possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.
|
# possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.
|
||||||
|
#
|
||||||
|
# Setting `matrix_coturn_docker_network` to 'host' will run the container with host networking,
|
||||||
|
# which will drastically improve performance when thousands of ports are opened due to Docker not having to set up forwarding rules for each port.
|
||||||
|
# Running with host networking can be dangerous, as it potentially exposes your local network and its services to Coturn peers.
|
||||||
|
# Regardless of the networking mode, we apply a deny list which via `matrix_coturn_denied_peer_ips`,
|
||||||
|
# which hopefully prevents access to such private network ranges.
|
||||||
|
# When running in host-networking mode, you need to adjust the firewall yourself, so that ports are opened.
|
||||||
matrix_coturn_docker_network: "matrix-coturn"
|
matrix_coturn_docker_network: "matrix-coturn"
|
||||||
|
|
||||||
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
|
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
|
||||||
|
@ -41,20 +48,20 @@ matrix_coturn_container_extra_arguments: []
|
||||||
# Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container).
|
# Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container).
|
||||||
#
|
#
|
||||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3478"), or empty string to not expose.
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3478"), or empty string to not expose.
|
||||||
matrix_coturn_container_stun_plain_host_bind_port: '3478'
|
matrix_coturn_container_stun_plain_host_bind_port: "{{ '3478' if matrix_coturn_docker_network != 'host' else '' }}"
|
||||||
|
|
||||||
# Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container).
|
# Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container).
|
||||||
#
|
#
|
||||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5349"), or empty string to not expose.
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5349"), or empty string to not expose.
|
||||||
matrix_coturn_container_stun_tls_host_bind_port: '5349'
|
matrix_coturn_container_stun_tls_host_bind_port: "{{ '5349' if matrix_coturn_docker_network != 'host' else '' }}"
|
||||||
|
|
||||||
# Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on.
|
# Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on.
|
||||||
#
|
#
|
||||||
# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
|
# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
|
||||||
# Takes a null/none value (`~`) to prevent listening.
|
# Takes a null/none value (`~`) or 'none' (as a string) to prevent listening.
|
||||||
#
|
#
|
||||||
# The UDP port-range itself is specified using `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`.
|
# The UDP port-range itself is specified using `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`.
|
||||||
matrix_coturn_container_turn_range_listen_interface: ''
|
matrix_coturn_container_turn_range_listen_interface: "{{ '' if matrix_coturn_docker_network != 'host' else 'none' }}"
|
||||||
|
|
||||||
# UDP port-range to use for TURN
|
# UDP port-range to use for TURN
|
||||||
matrix_coturn_turn_udp_min_port: 49152
|
matrix_coturn_turn_udp_min_port: 49152
|
||||||
|
@ -69,10 +76,54 @@ matrix_coturn_turn_external_ip_address: ''
|
||||||
matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"]
|
matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"]
|
||||||
|
|
||||||
matrix_coturn_allowed_peer_ips: []
|
matrix_coturn_allowed_peer_ips: []
|
||||||
matrix_coturn_denied_peer_ips: []
|
|
||||||
|
# We block loopback interfaces and private networks by default to prevent private resources from being accessible.
|
||||||
|
# This is especially important when Coturn does not run within a container network (e.g. `matrix_coturn_docker_network: host`).
|
||||||
|
#
|
||||||
|
# Learn more: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
|
||||||
|
#
|
||||||
|
# If you're running Coturn for local network peers, you may wish to override these rules.
|
||||||
|
matrix_coturn_denied_peer_ips:
|
||||||
|
- 0.0.0.0-0.255.255.255
|
||||||
|
- 10.0.0.0-10.255.255.255
|
||||||
|
- 100.64.0.0-100.127.255.255
|
||||||
|
- 127.0.0.0-127.255.255.255
|
||||||
|
- 169.254.0.0-169.254.255.255
|
||||||
|
- 172.16.0.0-172.31.255.255
|
||||||
|
- 192.0.0.0-192.0.0.255
|
||||||
|
- 192.0.2.0-192.0.2.255
|
||||||
|
- 192.88.99.0-192.88.99.255
|
||||||
|
- 192.168.0.0-192.168.255.255
|
||||||
|
- 198.18.0.0-198.19.255.255
|
||||||
|
- 198.51.100.0-198.51.100.255
|
||||||
|
- 203.0.113.0-203.0.113.255
|
||||||
|
- 240.0.0.0-255.255.255.255
|
||||||
|
- ::1
|
||||||
|
- 64:ff9b::-64:ff9b::ffff:ffff
|
||||||
|
- ::ffff:0.0.0.0-::ffff:255.255.255.255
|
||||||
|
- 100::-100::ffff:ffff:ffff:ffff
|
||||||
|
- 2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||||
|
- 2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||||
|
- fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||||
|
- fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||||
|
|
||||||
matrix_coturn_user_quota: null
|
matrix_coturn_user_quota: null
|
||||||
matrix_coturn_total_quota: null
|
matrix_coturn_total_quota: null
|
||||||
|
|
||||||
|
# Controls whether `no-tcp-relay` is added to the configuration
|
||||||
|
matrix_coturn_no_tcp_relay_enabled: true
|
||||||
|
|
||||||
|
# Controls whether `no-multicast-peers` is added to the configuration
|
||||||
|
matrix_coturn_no_multicast_peers_enabled: true
|
||||||
|
|
||||||
|
# Additional configuration to be passed to turnserver.conf
|
||||||
|
# Example:
|
||||||
|
# matrix_coturn_additional_configuration: |
|
||||||
|
# simple-log
|
||||||
|
# aux-server=1.2.3.4
|
||||||
|
# relay-ip=4.3.2.1
|
||||||
|
matrix_coturn_additional_configuration: ''
|
||||||
|
|
||||||
# To enable TLS, you need to provide paths to certificates.
|
# To enable TLS, you need to provide paths to certificates.
|
||||||
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
|
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
|
||||||
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.
|
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.
|
||||||
|
|
|
@ -62,7 +62,8 @@
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
- name: Ensure Coturn network is created in Docker
|
- when: matrix_coturn_docker_network not in ['', 'host']
|
||||||
|
name: Ensure Coturn network is created in Docker
|
||||||
community.docker.docker_network:
|
community.docker.docker_network:
|
||||||
name: "{{ matrix_coturn_docker_network }}"
|
name: "{{ matrix_coturn_docker_network }}"
|
||||||
driver: bridge
|
driver: bridge
|
||||||
|
|
|
@ -30,7 +30,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
|
||||||
-p {{ matrix_coturn_container_stun_tls_host_bind_port }}:5349 \
|
-p {{ matrix_coturn_container_stun_tls_host_bind_port }}:5349 \
|
||||||
-p {{ matrix_coturn_container_stun_tls_host_bind_port }}:5349/udp \
|
-p {{ matrix_coturn_container_stun_tls_host_bind_port }}:5349/udp \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if matrix_coturn_container_turn_range_listen_interface is not none %}
|
{% if matrix_coturn_container_turn_range_listen_interface is not in [none, 'none'] %}
|
||||||
-p {{ matrix_coturn_container_turn_range_listen_interface }}{{ ':' if matrix_coturn_container_turn_range_listen_interface else '' }}{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
|
-p {{ matrix_coturn_container_turn_range_listen_interface }}{{ ':' if matrix_coturn_container_turn_range_listen_interface else '' }}{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
--mount type=bind,src={{ matrix_coturn_config_path }},dst=/turnserver.conf,ro \
|
--mount type=bind,src={{ matrix_coturn_config_path }},dst=/turnserver.conf,ro \
|
||||||
|
|
|
@ -30,7 +30,10 @@ no-dtls
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
prod
|
prod
|
||||||
|
|
||||||
|
{% if matrix_coturn_no_tcp_relay_enabled %}
|
||||||
no-tcp-relay
|
no-tcp-relay
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_coturn_user_quota != None %}
|
{% if matrix_coturn_user_quota != None %}
|
||||||
user-quota={{ matrix_coturn_user_quota }}
|
user-quota={{ matrix_coturn_user_quota }}
|
||||||
|
@ -39,9 +42,15 @@ user-quota={{ matrix_coturn_user_quota }}
|
||||||
total-quota={{ matrix_coturn_total_quota }}
|
total-quota={{ matrix_coturn_total_quota }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if matrix_coturn_no_multicast_peers_enabled %}
|
||||||
|
no-multicast-peers
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% for ip_range in matrix_coturn_denied_peer_ips %}
|
{% for ip_range in matrix_coturn_denied_peer_ips %}
|
||||||
denied-peer-ip={{ ip_range }}
|
denied-peer-ip={{ ip_range }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for ip_range in matrix_coturn_allowed_peer_ips %}
|
{% for ip_range in matrix_coturn_allowed_peer_ips %}
|
||||||
allowed-peer-ip={{ ip_range }}
|
allowed-peer-ip={{ ip_range }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
{{ matrix_coturn_additional_configuration }}
|
||||||
|
|
|
@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
|
||||||
|
|
||||||
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
|
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
|
||||||
matrix_dendrite_docker_image_name_prefix: "docker.io/"
|
matrix_dendrite_docker_image_name_prefix: "docker.io/"
|
||||||
matrix_dendrite_docker_image_tag: "v0.10.8"
|
matrix_dendrite_docker_image_tag: "v0.11.0"
|
||||||
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
|
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
matrix_grafana_enabled: true
|
matrix_grafana_enabled: true
|
||||||
|
|
||||||
matrix_grafana_version: 9.3.2
|
matrix_grafana_version: 9.3.6
|
||||||
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
||||||
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
|
|
@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: ''
|
||||||
|
|
||||||
matrix_jitsi_enable_lobby: false
|
matrix_jitsi_enable_lobby: false
|
||||||
|
|
||||||
matrix_jitsi_version: stable-8218
|
matrix_jitsi_version: stable-8252
|
||||||
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
|
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
|
||||||
|
|
||||||
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
|
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
|
||||||
|
@ -283,3 +283,8 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''
|
||||||
#
|
#
|
||||||
# The setting requires an integer to be set for usage and allows a user to specify the max number of particpants on a conference.
|
# The setting requires an integer to be set for usage and allows a user to specify the max number of particpants on a conference.
|
||||||
matrix_prosody_jitsi_max_participants: ''
|
matrix_prosody_jitsi_max_participants: ''
|
||||||
|
|
||||||
|
# Allows abailty to set XMPP AUTH user if using JIGASI
|
||||||
|
matrix_jitsi_jigasi_xmpp_user: ''
|
||||||
|
# Allows abailty to set XMPP AUTH pasword if using JIGASI
|
||||||
|
matrix_jitsi_jigasi_xmpp_password: ''
|
||||||
|
|
|
@ -15,8 +15,8 @@ JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
|
||||||
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
|
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
|
||||||
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
|
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
|
||||||
JICOFO_COMPONENT_SECRET
|
JICOFO_COMPONENT_SECRET
|
||||||
JIGASI_XMPP_USER=
|
JIGASI_XMPP_USER={{ matrix_jitsi_jigasi_xmpp_user }}
|
||||||
JIGASI_XMPP_PASSWORD=
|
JIGASI_XMPP_PASSWORD={{ matrix_jitsi_jigasi_xmpp_password }}
|
||||||
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
|
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
|
||||||
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
|
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
|
||||||
JWT_APP_ID
|
JWT_APP_ID
|
||||||
|
|
|
@ -9,7 +9,7 @@ matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesom
|
||||||
|
|
||||||
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
|
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
|
||||||
|
|
||||||
matrix_synapse_admin_version: 0.8.5
|
matrix_synapse_admin_version: 0.8.6
|
||||||
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
|
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
|
||||||
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
|
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -24,6 +24,15 @@
|
||||||
{# Generic configuration for use outside of our container setup #}
|
{# Generic configuration for use outside of our container setup #}
|
||||||
proxy_pass http://127.0.0.1:8766/$1;
|
proxy_pass http://127.0.0.1:8766/$1;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{#
|
||||||
|
Workaround synapse-admin serving all assets at /static.
|
||||||
|
See: https://github.com/Awesome-Technologies/synapse-admin/issues/322
|
||||||
|
#}
|
||||||
|
sub_filter_once off;
|
||||||
|
sub_filter "/static/" "{{ matrix_synapse_admin_public_endpoint }}/static/";
|
||||||
|
sub_filter "/favicon.ico" "{{ matrix_synapse_admin_public_endpoint }}/favicon.ico";
|
||||||
|
sub_filter "/manifest.json" "{{ matrix_synapse_admin_public_endpoint }}/manifest.json";
|
||||||
}
|
}
|
||||||
|
|
||||||
- name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
|
- name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
|
||||||
|
|
Loading…
Reference in a new issue