pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2023-03-08 18:19:12 +01:00
parent e025fa5269 0d93ee8c46
commit e604445738
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
167 changed files with 2567 additions and 1526 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
CHANGELOG.md
View file

@ -1,3 +1,43 @@
# 2023-03-07
## Sliding Sync Proxy (Element X) support
Thanks to [Benjamin Kampmann](https://github.com/gnunicorn) for [getting it started](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2515), [FSG-Cat](https://github.com/FSG-Cat) for fixing it up and me ([Slavi](https://github.com/spantaleev)) for polishing it up, the playbook can now install and configure the [sliding-sync proxy](https://github.com/matrix-org/sliding-sync).
The upcoming Element X clients ([Element X iOS](https://github.com/vector-im/element-x-ios) and [Element X Android](https://github.com/vector-im/element-x-android)) require the `sliding-sync` proxy to do their job. **These clients are still in beta** (especially Element X Android, which requires manual compilation to get it working with a non-`matrix.org` homeseserver). Playbook users can now easily give these clients a try and help test them thanks to us having `sliding-sync` support.
To get started, see our [Setting up Sliding Sync Proxy](docs/configuring-playbook-sliding-sync-proxy.md) documentation page.
# 2023-03-02
## The matrix-etherpad role lives independently now
**TLDR**: the `matrix-etherpad` role is now included from [another repository](https://gitlab.com/etke.cc/roles/etherpad). Some variables have been renamed. All functionality remains intact.
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're using Etherpad or not.
If you're making use of Etherpad via this playbook, you will need to update variable references in your `vars.yml` file:
- Rename `matrix_etherpad_public_endpoint` to `etherpad_path_prefix`
- Replace `matrix_etherpad_mode: dimension` with:
- for `matrix-nginx-proxy` users:
- `etherpad_nginx_proxy_dimension_integration_enabled: true`
- `etherpad_hostname: "{{ matrix_server_fqn_dimension }}"`
- for Traefik users:
- define your own `etherpad_hostname` and `etherpad_path_prefix` as you see fit
- Rename all other variables:
- `matrix_etherpad_docker_image_` -> `matrix_etherpad_container_image_`
- `matrix_etherpad_` -> `etherpad_`
Along with this relocation, the new role also:
- supports [self-building](docs/self-building.md), so it should work on `arm32` and `arm64` architectures
- has native Traefik reverse-proxy support (Etherpad requests no longer go through `matrix-nginx-proxy` when using Traefik)
# 2023-02-26
## Traefik is the default reverse-proxy now
@ -57,7 +97,7 @@ At some point in the **near** future (days, or even weeks at most), we hope to c
### How do I keep using my own other reverse-proxy?
We recommend that you follow the guide for [Fronting the integraed reverse-proxy webserver with another reverse-proxy](docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy).
We recommend that you follow the guide for [Fronting the integrated reverse-proxy webserver with another reverse-proxy](docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy).
# 2023-02-25
@ -194,9 +234,9 @@ devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed.
Switching to Traefik will obtain new SSL certificates from Let's Encrypt (stored in `/devture-traefik/ssl/acme.json`). **The switch is reversible**. You can always go back to `playbook-managed-nginx` if Traefik is causing you trouble.
Switching to Traefik will obtain new SSL certificates from Let's Encrypt (stored in `/matrix/traefik/ssl/acme.json`). **The switch is reversible**. You can always go back to `playbook-managed-nginx` if Traefik is causing you trouble.
**Note**: toggling `matrix_playbook_reverse_proxy_type` between Traefik and nginx will uninstall the Traefik role and all of its data (under `/devture-traefik`), so you may run into a Let's Encrypt rate limit if you do it often.
**Note**: toggling `matrix_playbook_reverse_proxy_type` between Traefik and nginx will uninstall the Traefik role and all of its data (under `/matrix/traefik`), so you may run into a Let's Encrypt rate limit if you do it often.
Treafik directly reverse-proxies to **some** services right now, but for most other services it goes through `matrix-nginx-proxy` (e.g. Traefik -> `matrix-nginx-proxy` -> [Ntfy](docs/configuring-playbook-ntfy.md)). So, even if you opt into Traefik, you'll still see `matrix-nginx-proxy` being installed in local-only mode. This will improve with time.
@ -483,11 +523,11 @@ Various services (like Dimension, etc.) still talk to Synapse via `matrix-nginx-
Until now, [Etherpad](https://etherpad.org/) (which [the playbook could install for you](docs/configuring-playbook-etherpad.md)) required the [Dimension integration manager](docs/configuring-playbook-dimension.md) to also be installed, because Etherpad was hosted on the Dimension domain (at `dimension.DOMAIN/etherpad`).
From now on, Etherpad can be installed in `standalone` mode on `etherpad.DOMAIN` and used even without Dimension. This is much more versatile, so the playbook now defaults to this new mode (`matrix_etherpad_mode: standalone`).
From now on, Etherpad can be installed in `standalone` mode on `etherpad.DOMAIN` and used even without Dimension. This is much more versatile, so the playbook now defaults to this new mode (`etherpad_mode: standalone`).
If you've already got both Etherpad and Dimension in use you could:
- **either** keep hosting Etherpad under the Dimension domain by adding `matrix_etherpad_mode: dimension` to your `vars.yml` file. All your existing room widgets will continue working at the same URLs and no other changes will be necessary.
- **either** keep hosting Etherpad under the Dimension domain by adding `etherpad_mode: dimension` to your `vars.yml` file. All your existing room widgets will continue working at the same URLs and no other changes will be necessary.
- **or**, you could change to hosting Etherpad separately on `etherpad.DOMAIN`. You will need to [configure a DNS record](docs/configuring-dns.md) for this new domain. You will also need to reconfigure Dimension to use the new pad URLs (`https://etherpad.DOMAIN/...`) going forward (refer to our [configuring Etherpad documentation](docs/configuring-playbook-etherpad.md)). All your existing room widgets (which still use `https://dimension.DOMAIN/etherpad/...`) will break as Etherpad is not hosted there anymore. You will need to re-add them or to consider not using `standalone` mode

1
README.md
View file

@ -162,6 +162,7 @@ Various services that don't fit any other category.
| Name | Default? | Description | Documentation |
| ---- | -------- | ----------- | ------------- |
| [sliding-sync](https://github.com/matrix-org/sliding-sync)| x | Sliding Sync support for clients which require it (e.g. Element X) | [Link](docs/configuring-playbook-sliding-sync-proxy.md) |
| [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) (advanced) | x | A spam checker module | [Link](docs/configuring-playbook-synapse-simple-antispam.md) |
| [Matrix Corporal](https://github.com/devture/matrix-corporal) (advanced) | x | Reconciliator and gateway for a managed Matrix server | [Link](docs/configuring-playbook-matrix-corporal.md) |
| [Etherpad](https://etherpad.org) | x | An open source collaborative text editor | [Link](docs/configuring-playbook-etherpad.md) |

2
docs/ansible.md
View file

@ -65,7 +65,7 @@ docker run -it --rm \
-w /work \
-v `pwd`:/work \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.13.6-r0-1
docker.io/devture/ansible:2.13.6-r0-2
```
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.

29
docs/configuring-playbook-bot-go-neb.md
View file

@ -24,6 +24,31 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb
Once the user is created you can [obtain an access token](obtaining-access-tokens.md).
## Decide on a domain and path
By default, Go-NEB is configured to use its own dedicated domain (`goneb.DOMAIN`) and requires you to [adjust your DNS records](#adjusting-dns-records).
You can override the domain and path like this:
```yaml
# Switch to the domain used for Matrix services (`matrix.DOMAIN`),
# so we won't need to add additional DNS records for Go-NEB.
matrix_bot_go_neb_hostname: "{{ matrix_server_fqn_matrix }}"
# Expose under the /go-neb subpath
matrix_bot_go_neb_path_prefix: /go-neb
```
**NOTE**: When using `matrix-nginx-proxy` instead of Traefik, you won't be able to override the path prefix. You can only override the domain, but that needs to happen using another variable: `matrix_server_fqn_go_neb` (e.g. `matrix_server_fqn_go_neb: "mybot.{{ matrix_domain }}"`).
## Adjusting DNS records
Once you've decided on the domain and path, **you may need to adjust your DNS** records to point the Go-NEB domain to the Matrix server.
If you've decided to reuse the `matrix.` domain, you won't need to do any extra DNS configuration.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
@ -193,9 +218,7 @@ matrix_bot_go_neb_services:
## Installing
Don't forget to add `goneb.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
After configuring the playbook, run the [installation](installing.md) command again:
After potentially [adjusting DNS records](#adjusting-dns-records) and configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start

23
docs/configuring-playbook-dimension.md
View file

@ -6,14 +6,29 @@ If you're just installing Matrix services for the first time, please continue wi
**Note**: This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_synapse_federation_enabled`. Enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible).
## Prerequisites
## Decide on a domain and path
The `dimension.<your-domain>` DNS record must be created. See [Configuring your DNS server](configuring-dns.md) on how to set up DNS record correctly.
By default, Dimension is configured to use its own dedicated domain (`dimension.DOMAIN`) and requires you to [adjust your DNS records](#adjusting-dns-records).
You can override the domain and path like this:
```yaml
# Switch to another hostname compared to the default (`dimension.{{ matrix_domain }}`)
matrix_dimension_hostname: "integrations.{{ matrix_domain }}"
```
While there is a `matrix_dimension_path_prefix` variable for changing the path where Dimension is served, overriding it is not possible right now due to [this Dimension issue](https://github.com/turt2live/matrix-dimension/issues/510). You must serve Dimension at a dedicated subdomain until this issue is solved.
## Adjusting DNS records
Once you've decided on the domain and path, **you may need to adjust your DNS** records to point the Dimension domain to the Matrix server.
## Enable
[Dimension integrations manager](https://dimension.t2bot.io) installation is disabled by default. You can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
To enable Dimension, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_dimension_enabled: true
@ -54,7 +69,7 @@ For more information on how to acquire an access token, visit [https://t2bot.io/
## Installation
After these variables have been set, please run the following command to re-run setup and to restart Dimension:
After these variables have been set and you have potentially [adjusted your DNS records](#adjusting-dns-records), please run the following command to re-run setup and to restart Dimension:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start

69
docs/configuring-playbook-etherpad.md
View file

@ -1,19 +1,41 @@
# Setting up Etherpad (optional)
[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io) or used as standalone web app.
[Etherpad](https://etherpad.org) is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io) or used as standalone web app.
When enabled together with the Jitsi audio/video conferencing system (see [our docs on Jitsi](configuring-playbook-jitsi.md)), it will be made available as an option during the conferences.
## Prerequisites
## Decide on a domain and path
Etherpad can be installed in 2 modes:
By default, Etherpad is configured to use its own dedicated domain (`etherpad.DOMAIN`) and requires you to [adjust your DNS records](#adjusting-dns-records).
- (default) `standalone` mode (`matrix_etherpad_mode: standalone`) - Etherpad will be hosted on `etherpad.<your-domain>` (`matrix_server_fqn_etherpad`), so the DNS record for this domian must be created. See [Configuring your DNS server](configuring-dns.md) on how to set up the `etherpad` DNS record correctly
You can override the domain and path like this:
- `dimension` mode (`matrix_etherpad_mode: dimension`) - Etherpad will be hosted on `dimension.<your-domain>/etherpad` (`matrix_server_fqn_dimension`). This requires that you **first** configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md)
```yaml
# Switch to the domain used for Matrix services (`matrix.DOMAIN`),
# so we won't need to add additional DNS records for Etherpad.
etherpad_hostname: "{{ matrix_server_fqn_matrix }}"
We recomend that you go with the default (`standalone`) mode, which makes Etherpad independent and allows it to be used with or without Dimension.
# Expose under the /etherpad subpath
etherpad_path_prefix: /etherpad
```
**NOTE**: When using the old `matrix-nginx-proxy` reverse-proxy instead of Traefik, you have only 2 choices:
- serving Etherpad at its own dedicated domain:
- you need to set the domain using the `matrix_server_fqn_etherpad` variable (not `etherpad_hostname`)
- you must use `etherpad_path_prefix: /`
- serving Etherpad at the [Dimension](configuring-playbook-dimension.md) integration manager's domain (`matrix_server_fqn_dimension`)
- you need to have Dimension enabled
- you need to add `etherpad_path_prefix: /etherpad` or another prefix (different than `/`)
- you need to add `etherpad_nginx_proxy_dimension_integration_enabled: true` to enable this integration
## Adjusting DNS records
Once you've decided on the domain and path, **you may need to adjust your DNS** records to point the Etherpad domain to the Matrix server.
If you've decided to reuse the `matrix.` domain, you won't need to do any extra DNS configuration.
## Installing
@ -21,48 +43,51 @@ We recomend that you go with the default (`standalone`) mode, which makes Etherp
[Etherpad](https://etherpad.org) installation is disabled by default. You can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_etherpad_enabled: true
# Uncomment below if you'd like to install Etherpad on the Dimension domain (not recommended)
# matrix_etherpad_mode: dimension
etherpad_enabled: true
# Uncomment below to enable the admin web UI
# matrix_etherpad_admin_username: admin
# matrix_etherpad_admin_password: some-password
# etherpad_admin_username: admin
# etherpad_admin_password: some-password
```
If enabled, the admin web-UI should then be available on `https://etherpad.<your-domain>/admin` (or `https://dimension.<your-domain>/etherpad/admin`, if `matrix_etherpad_mode: dimension`)
Then, [run the installation process](installing.md) again (e.g. `just install-all`).
## Managing / Deleting old pads
## Usage
The Etherpad UI should be available at `https://etherpad.<your-domain>`, while the admin UI (if enabled) should then be available at `https://etherpad.<your-domain>/admin`.
If you've [decided on another hostname or path-prefix](#decide-on-a-domain-and-path) (e.g. `https://matrix.DOMAIN/etherpad`), adjust these URLs accordingly before usage.
### Managing / Deleting old pads
If you want to manage and remove old unused pads from Etherpad, you will first need to able Admin access as described above.
Then from the plugin manager page (`https://etherpad.<your-domain>/admin/plugins` or `https://dimension.<your-domain>/etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
Then from the plugin manager page (`https://etherpad.<your-domain>/admin/plugins`, install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
## How to use Etherpad widgets without an Integration Manager (like Dimension)
### How to use Etherpad widgets without an Integration Manager (like Dimension)
This is how it works in Element, it might work quite similar with other clients:
To integrate a standalone etherpad in a room, create your pad by visiting `https://etherpad.DOMAIN`. When the pad opens, copy the URL and send a command like this to the room: `/addwidget URL`. You will then find your integrated Etherpad within the right sidebar in the `Widgets` section.
## Set Dimension default to the self-hosted Etherpad (optional)
### Set Dimension default to the self-hosted Etherpad (optional)
If you decided to install [Dimension integration manager](configuring-playbook-dimension.md) alongside Etherpad, the Dimension administrator users can configure the default URL template.
The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab.
### Removing the integrated Etherpad chat
#### Removing the integrated Etherpad chat
If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template. Examples:
- `https://etherpad.<your-domain>/p/$roomId_$padName?showChat=false` (for the default - `matrix_etherpad_mode: standalone`)
If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template.
- `https://dimension.<your-domain>/etherpad/p/$roomId_$padName?showChat=false` (for `matrix_etherpad_mode: dimension`)
Example: `https://etherpad.<your-domain>/p/$roomId_$padName?showChat=false`
### Known issues
## Known issues
If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.
`$roomId_$padName` can end up being longer than 50 characters. You can avoid having this problem by altering the template so it only contains the three word random identifier `$padName`.

53
docs/configuring-playbook-own-webserver.md
View file

@ -123,7 +123,7 @@ You can disable such behavior and make the integrated reverse-proxy webserver on
This is the recommended way for using another reverse-proxy, because the integrated one would act as a black box and wire all Matrix services correctly. You would only need to reverse-proxy a few individual domains and ports over to it.
**For Traefik** fronted by another reverse-proxy, you would need some configuration like this:
To front Traefik with another reverse-proxy, you would need some configuration like this:
```yaml
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
@ -134,42 +134,33 @@ matrix_playbook_ssl_enabled: true
# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval
devture_traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
devture_traefik_container_web_host_bind_port: '127.0.0.1:81'
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# Or, if you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interfaces:
# - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition above
# - uncomment and adjust the line below
# devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# Likewise (to `devture_traefik_container_web_host_bind_port` above),
# if your reverse-proxy runs on another machine, consider changing the `host_bind_port` setting below.
devture_traefik_additional_entrypoints_auto:
- name: matrix-federation
port: "{{ matrix_federation_public_port }}"
host_bind_port: "127.0.0.1:{{ matrix_federation_public_port }}"
port: 8449
host_bind_port: '127.0.0.1:8449'
config: {}
# If your reverse-proxy runs on another machine, remove the config above and use this config instead:
# config:
# forwardedHeaders:
# insecure: true
# # trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
```
(Deprecated) **For `matrix-nginx-proxy`** fronted by another reverse-proxy, you would need some configuration like this:
```yaml
matrix_playbook_reverse_proxy_type: playbook-managed-nginx
# Ensure that public urls use https
matrix_playbook_ssl_enabled: true
# Disable SSL certificate retrieval
matrix_ssl_retrieval_method: none
# Given that we won't be obtaining SSL certificates here, disable HTTPS
matrix_nginx_proxy_https_enabled: false
# Do not listen for HTTP on port 80 globally (default), listen on the loopback interface.
# If you'd like, you can make it use the local network as well and reverse-proxy from another local machine.
matrix_nginx_proxy_container_http_host_bind_port: '127.0.0.1:81'
# Likewise, expose the Matrix Federation port on the loopback interface.
# Since `matrix_nginx_proxy_https_enabled` is set to `false`, this federation port will serve HTTP traffic.
# If you'd like, you can make it use the local network as well and reverse-proxy from another local machine.
#
# You'd most likely need to expose it publicly on port 8448 (8449 was chosen for the local port to prevent overlap).
matrix_nginx_proxy_container_federation_host_bind_port: '127.0.0.1:8449'
```
If you'll be fronting with a reverse-proxy that lives on another machine (not on the same one as Matrix), you need to replace `127.0.0.1` in the above configurations with `0.0.0.0` or another network interface.
For an example where the playbook's Traefik reverse-proxy is fronted by [Nginx](https://nginx.org/) running on the same server, see [Nginx reverse-proxy fronting the playbook's Traefik](../examples/nginx/README.md).
### Using no reverse-proxy on the Matrix side at all
@ -232,4 +223,4 @@ Some of these services are configured with certain default expecations with rega
For each new playbook service that you enable, you'll need special handling.
The [`examples/`](../examples/) directory contains examples for various servers: Caddy, Apache, HAproxy, etc.
The [`examples/`](../examples/) directory contains examples for various servers: Caddy, Apache, HAproxy, Nginx, etc.

4
docs/configuring-playbook-postgres-backup.md
View file

@ -23,8 +23,8 @@ Refer to the table below for additional configuration variables and their defaul
|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|`devture_postgres_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_data_path` |
|`devture_postgres_data_path` | `"{{ devture_postgres_base_path }}/data"` | Storage path for postgres-backup database backups |
|`devture_postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_backup_data_path` |
|`devture_postgres_backup_data_path` | `"{{ devture_postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |
## Installing

51
docs/configuring-playbook-sliding-sync-proxy.md Normal file
View file

@ -0,0 +1,51 @@
# Setting up Sliding Sync Proxy (optional)
The playbook can install and configure [sliding-sync](https://github.com/matrix-org/sliding-sync) proxy for you.
Sliding Sync is an implementation of [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md) and a prerequisite for running the new (**still beta**) Element X clients ([Element X iOS](https://github.com/vector-im/element-x-ios) and [Element X Android](https://github.com/vector-im/element-x-android)).
See the project's [documentation](https://github.com/matrix-org/sliding-sync) to learn more.
Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi).
Element X Android requires manual compilation to get it working with a non-`matrix.org` homeseserver. It's also less feature-complete than the iOS version.
**NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync.
## Decide on a domain and path
By default, the Sliding Sync proxy is configured to be served on the Matrix domain (`matrix.DOMAIN`, controlled by `matrix_server_fqn_matrix`), under the `/sliding-sync` path.
This makes it easy to set it up, **without** having to [adjust your DNS records](#adjusting-dns-records).
If you'd like to run the Sliding Sync proxy on another hostname or path, use the `matrix_sliding_sync_hostname` and `matrix_sliding_sync_path_prefix` variables.
## Adjusting DNS records
If you've changed the default hostame, **you may need to adjust your DNS** records.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
```yaml
matrix_sliding_sync_enabled: true
```
## Installing
After potentially [adjusting DNS records](#adjusting-dns-records) and configuring the playbook, run the [installation](installing.md) command again: `just install-all`.
## Usage
You **don't need to do anything special** to make use of the Sliding Sync Proxy.
Simply open your client which supports Sliding Sync (like Element X) and log in.
When the Sliding Sync proxy is [installed](#installing), your `/.well-known/matrix/client` file is also updated. A new `org.matrix.msc3575.proxy` section and `url` property are added there and made to point to your Sliding Sync proxy's base URL (e.g. `https://matrix.DOMAIN/sliding-sync`).
This allows clients which support Sliding Sync to detect the Sliding Sync Proxy's URL and make use of it.

70
docs/configuring-playbook-ssl-certificates.md
View file

@ -29,6 +29,72 @@ devture_traefik_config_entrypoint_web_secure_enabled: false
## Using self-signed SSL certificates
Using self-signed certificates with Traefik is a somewhat involved processes, where you need to manually mount the files into the container and adjust the "static" configuration to refer to them.
If you'd like to use your own SSL certificates, instead of the default (SSL certificates obtained automatically via [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) from [Let's Encrypt](https://letsencrypt.org/)):
Feel free to research this approach on your own and improve this guide!
- generate your self-signed certificate files
- follow the [Using your own SSL certificates](#using-your-own-ssl-certificates) documentation below
## Using your own SSL certificates
To use your own SSL certificates with Traefik, you need to:
- disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support
- put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually
- register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)
- put the SSL files on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually
```yaml
# Disable ACME / Let's Encrypt support.
devture_traefik_config_certificatesResolvers_acme_enabled: false
# Disabling ACME support (above) automatically disables the creation of the SSL directory.
# Force-enable it here, because we'll add our certificate files there.
devture_traefik_ssl_dir_enabled: true
# Tell Traefik to load our custom configuration file (certificates.yml).
# The file is created below, in `matrix_aux_file_definitions`.
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
devture_traefik_configuration_extension_yaml: |
providers:
file:
filename: /config/certificates.yml
watch: true
# Use the matrix-aux role to create our custom files on the server.
# If you'd like to do this manually, you remove this `matrix_aux_file_definitions` variable.
matrix_aux_file_definitions:
# Create the privkey.pem file on the server by
# uploading a file from the computer where Ansible is running.
- dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
src: /path/on/your/Ansible/computer/to/privkey.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level.
# content: |
# FILE CONTENT
# HERE
# Create the cert.pem file on the server
# uploading a file from the computer where Ansible is running.
- dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem"
src: /path/on/your/Ansible/computer/to/cert.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level.
# content: |
# FILE CONTENT
# HERE
# Create the custom Traefik configuration.
# The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
- dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
content: |
tls:
certificates:
- certFile: /ssl/cert.pem
keyFile: /ssl/privkey.pem
stores:
default:
defaultCertificate:
certFile: /ssl/cert.pem
keyFile: /ssl/privkey.pem
```

2
docs/configuring-playbook-traefik.md
View file

@ -35,6 +35,8 @@ devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
```
**WARNING**: enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts.
## Additional configuration
Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.

2
docs/configuring-playbook.md
View file

@ -195,6 +195,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
### Other specialized services
- [Setting up the Sliding Sync Proxy](configuring-playbook-sliding-sync-proxy.md) for clients which require Sliding Sync support (like Element X) (optional)
- [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional)
- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional)

25
docs/faq.md
View file

@ -125,7 +125,7 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM
- this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place
- this one **doesn't necessarily take over** ports 80 and 443. By default, it sets up nginx for you there, but you can also [use your own webserver](configuring-playbook-own-webserver.md)
- this one **doesn't necessarily take over** ports 80 and 443. By default, it sets up [Traefik](https://doc.traefik.io/traefik/) for you there, but you can also [use your own webserver](configuring-playbook-own-webserver.md)
- this one **runs everything in Docker containers**, so it's likely more predictable and less fragile (see [Docker images used by this playbook](container-images.md))
@ -322,7 +322,7 @@ matrix_playbook_docker_installation_enabled: false
### I run another webserver on the same server where I wish to install Matrix. What now?
By default, we install a webserver for you (nginx), but you can also use [your own webserver](configuring-playbook-own-webserver.md).
By default, we install a webserver for you ([Traefik](https://doc.traefik.io/traefik/)), but you can also use [your own webserver](configuring-playbook-own-webserver.md).
### How is the effective configuration determined?
@ -336,12 +336,14 @@ Configuration variables are defined in multiple places in this playbook and are
### What configuration variables are available?
You can discover the variables you can override in each role (`role/matrix*/defaults/main.yml`).
You can discover the variables you can override in each role (`roles/*/*/defaults/main.yml`).
As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overriden by values defined in `group_vars/matrix_servers`.
Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.DOMAIN/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features).
**Note**: some of the roles (`roles/galaxy/*`) live in separate repositories and are only installed after your run `just roles` (or `make roles`).
### I'd like to adjust some configuration which doesn't have a corresponding variable. How do I do it?
The playbook doesn't aim to expose all configuration settings for all services using variables.
@ -352,7 +354,9 @@ See [What configuration variables are available?](#what-configuration-variables-
Besides that, each role (component) aims to provide a `matrix_SOME_COMPONENT_configuration_extension_yaml` (or `matrix_SOME_COMPONENT_configuration_extension_json`) variable, which can be used to override the configuration.
Check each role's `role/matrix*/defaults/main.yml` for the corresponding variable and an example for how use it.
Check each role's `roles/*/*/defaults/main.yml` for the corresponding variable and an example for how use it.
**Note**: some of the roles (`roles/galaxy/*`) live in separate repositories and are only installed after your run `just roles` (or `make roles`).
## Installation
@ -461,15 +465,8 @@ After verifying that everything still works after the Postgres upgrade, you can
### How do I debug or force SSL certificate renewal?
SSL certificate renewal normally happens automatically via [systemd timers](https://wiki.archlinux.org/index.php/Systemd/Timers).
SSL certificates are managed automatically by the [Traefik](https://doc.traefik.io/traefik/) reverse-proxy server.
If you're having trouble with SSL certificate renewal, you can inspect the renewal logs using:
If you're having trouble with SSL certificate renewal, check the Traefik logs (`journalctl -fu matrix-traefik`).
- `journalctl -fu matrix-ssl-lets-encrypt-certificates-renew.service`
- *or* by looking at the log files in `/matrix/ssl/log/`
To trigger renewal, run: `systemctl start matrix-ssl-lets-encrypt-certificates-renew.service`. You can then take a look at the logs again.
If you're using the integrated webserver (`matrix-nginx-proxy`), you can reload it manually like this: `systemctl reload matrix-nginx-proxy`. Reloading also happens periodically via a systemd timer.
If you're [using your own webserver](configuring-playbook-own-webserver.md) instead of the integrated one (`matrix-nginx-proxy`) you may also need to reload/restart it, to make it pick up the renewed SSL certificate files.
If you're [using your own webserver](configuring-playbook-own-webserver.md) instead of the integrated one (Traefik), you should investigate in another way.

17
examples/nginx/README.md Normal file
View file

@ -0,0 +1,17 @@
# Nginx reverse-proxy fronting the playbook's integrated Traefik reverse-proxy
This directory contains a sample config that shows you how use the [nginx](https://nginx.org/) webserver to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with another reverse-proxy.
## Prerequisite configuration
To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
## Using the nginx configuration
Copy the [matrix.conf](matrix.conf) file to your nginx server's filesystem, modify it to your needs and include it your nginx configuration (e.g. `include /path/to/matrix.conf;`).
This configuration **disables SSL certificate retrieval**, so you will **need to obtain SSL certificates manually** (e.g. by using [certbot](https://certbot.eff.org/)) and set the appropriate path in `matrix.conf`. In the example nginx configuration, a single certificate is used for all subdomains (`matrix.DOMAIN`, `element.DOMAIN`, etc.). For your setup, may wish to change this and use separate `server` blocks and separate certificate files for each host.
Also note that your copy of the `matrix.conf` file has to be adapted to whatever services you are using. For example, remove `element.domain.com` from the `server_name` list if you don't use [Element](../../docs/configuring-playbook-client-element.md) web client or add `dimension.domain.com` to it if you do use the [Dimension](../../docs/configuring-playbook-dimension.md) integration manager.

96
examples/nginx/matrix.conf Normal file
View file

@ -0,0 +1,96 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# TODO: add/remove services and their subdomains if you use/don't use them
# this example is using hosting something on the base domain and an element web client, so example.com and element.example.com are listed in addition to matrix.example.com
# if you don't use those, you can remove them
# if you use e.g. dimension on dimension.example.com, add dimension.example.com to the server_name list
server_name example.com matrix.example.com element.example.com;
location / {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise, nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://localhost:81;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
access_log /var/log/nginx/matrix.access.log;
error_log /var/log/nginx/matrix.error.log;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# settings for matrix federation
server {
# For the federation port
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
server_name matrix.example.com;
location / {
proxy_pass http://localhost:8449;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
access_log /var/log/nginx/matrix.access.log;
error_log /var/log/nginx/matrix.error.log;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# ensure using https
# TODO: remove server blocks that you don't use / add server blocks for domains you do use
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = matrix.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name matrix.example.com;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = element.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name element.example.com;
listen 80;
return 404; # managed by Certbot
}

301
group_vars/matrix_servers
View file

@ -19,31 +19,15 @@
# Also see `devture_docker_sdk_for_python_installation_enabled`.
matrix_playbook_docker_installation_enabled: true
# Controls whether to run the Traefik role or not
# See the `com.devture.ansible.role.traefik` section below for role configuration.
#
# There's a difference between `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`.
# `devture_traefik_enabled` controls what the Traefik role would do - when not enabled, it will run uninstall tasks, etc.
# `matrix_playbook_traefik_role_enabled` controls if the Traefik role would even run at all.
#
# Sometimes, you're installing Traefik via a different (related playbook) which uses the same role.
# In such cases, you'd like to disable the role in this playbook from bothering with Traefik at all (`matrix_playbook_traefik_role_enabled: false`).
# If you used `devture_traefik_enabled: false` + `matrix_playbook_traefik_role_enabled: true` instead, you'd see the Treafik role here
# try to delete Traefik data (`/devture-traefik`) installed by the other playbook.
matrix_playbook_traefik_role_enabled: "{{ matrix_playbook_reverse_proxy_type != 'other-traefik-container' }}"
# Controls whether to attach Traefik labels to services.
# This is separate from `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`,
# because you may wish to disable Traefik installation by the playbook, yet still use Traefik
# installed in another way.
# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
# yet still use Traefik installed in another way.
matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_playbook_traefik_certs_dumper_role_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}"
# Controls the additional network that reverse-proxyable services will be connected to.
matrix_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}"
matrix_playbook_ssl_retrieval_method: "{{ 'lets-encrypt' if matrix_playbook_traefik_certs_dumper_role_enabled else matrix_ssl_retrieval_method }}"
matrix_playbook_ssl_retrieval_method: "{{ 'lets-encrypt' if devture_traefik_certs_dumper_enabled else matrix_ssl_retrieval_method }}"
matrix_playbook_ssl_enabled: "{{ matrix_playbook_ssl_retrieval_method in ['lets-encrypt', 'self-signed', 'manually-managed'] }}"
@ -306,7 +290,7 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-email2matrix.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'email2matrix']}] if matrix_email2matrix_enabled else [])
+
([{'name': 'matrix-etherpad.service', 'priority': 4000, 'groups': ['matrix', 'etherpad']}] if matrix_etherpad_enabled else [])
([{'name': (etherpad_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'etherpad']}] if etherpad_enabled else [])
+
([{'name': (grafana_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if grafana_enabled else [])
+
@ -346,6 +330,8 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration']}] if matrix_registration_enabled else [])
+
([{'name': 'matrix-sliding-sync.service', 'priority': 4000, 'groups': ['matrix', 'sliding-sync']}] if matrix_sliding_sync_enabled else [])
+
([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else [])
+
([{'name': 'matrix-goofys.service', 'priority': 800, 'groups': ['matrix', 'goofys']}] if matrix_s3_media_store_enabled else [])
@ -358,9 +344,11 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-user-verification-service.service', 'priority': 800, 'groups': ['matrix', 'matrix-user-verification-service']}] if matrix_user_verification_service_enabled else [])
+
([{'name': 'devture-traefik.service', 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 2900, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else [])
+
([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 3500, 'groups': ['matrix', 'traefik-certs-dumper']}] if matrix_playbook_traefik_certs_dumper_role_enabled else [])
([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
+
([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 3500, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else [])
}}
########################################################################
@ -435,6 +423,15 @@ matrix_homeserver_container_federation_url: |-
}[matrix_homeserver_implementation]
}}
matrix_homeserver_container_network: |-
{{
matrix_nginx_proxy_container_network if matrix_nginx_proxy_enabled else {
'synapse': matrix_synapse_container_network,
'dendrite': matrix_dendrite_container_network,
'conduit': matrix_conduit_container_network,
}[matrix_homeserver_implementation]
}}
matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"
@ -1698,12 +1695,15 @@ matrix_bot_buscarron_container_additional_networks: |
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_bot_buscarron_container_network != matrix_nginx_proxy_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_bot_buscarron_container_network else [])
) | unique
}}
matrix_bot_buscarron_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_buscarron_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
@ -1777,7 +1777,7 @@ matrix_bot_postmoogle_systemd_required_services_list: |
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and matrix_playbook_traefik_certs_dumper_role_enabled else [])
(matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled else [])
}}
# Postgres is the default, except if not using internal Postgres server
@ -1819,17 +1819,41 @@ matrix_bot_chatgpt_container_image_self_build: "{{ matrix_architecture not in ['
# We don't enable bots by default.
matrix_bot_go_neb_enabled: false
matrix_bot_go_neb_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}"
matrix_bot_go_neb_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-bot-go-neb' }}"
matrix_bot_go_neb_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_bot_go_neb_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_bot_go_neb_container_network else [])
) | unique
}}
matrix_bot_go_neb_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '4050') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_bot_go_neb_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_bot_go_neb_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier + '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_bot_go_neb_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '4050') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
######################################################################
#
# /matrix-bot-go-neb
@ -2040,6 +2064,7 @@ matrix_rageshake_container_http_host_bind_port: "{{ (matrix_playbook_service_hos
matrix_rageshake_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_rageshake_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_rageshake_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
@ -2118,7 +2143,7 @@ matrix_coturn_container_additional_volumes: |
'dst': '/privatekey.key',
'options': 'ro',
},
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and matrix_playbook_traefik_certs_dumper_role_enabled and matrix_coturn_tls_enabled else []
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
)
}}
@ -2126,7 +2151,7 @@ matrix_coturn_systemd_required_services_list: |
{{
['docker.service']
+
([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and matrix_playbook_traefik_certs_dumper_role_enabled and matrix_coturn_tls_enabled else [])
([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [])
}}
######################################################################
@ -2145,12 +2170,33 @@ matrix_dimension_enabled: false
matrix_dimension_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the Dimension HTTP port to the local host.
matrix_dimension_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
matrix_dimension_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-dimension' }}"
matrix_dimension_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_dimension_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_dimension_container_network else [])
) | unique
}}
matrix_dimension_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8184') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_dimension_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_dimension_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_dimension_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_dimension_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_dimension_homeserver_clientServerUrl: "{{ matrix_homeserver_container_url }}"
matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}"
matrix_dimension_homeserver_mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
matrix_dimension_systemd_required_services_list: |
{{
@ -2176,29 +2222,57 @@ matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_
######################################################################
#
# matrix-etherpad
# etke/etherpad
#
######################################################################
matrix_etherpad_enabled: false
etherpad_enabled: false
matrix_etherpad_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9001') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
etherpad_identifier: matrix-etherpad
matrix_etherpad_base_url: "{{ 'https://' + matrix_server_fqn_dimension + matrix_etherpad_public_endpoint if matrix_etherpad_mode == 'dimension' else 'https://' + matrix_server_fqn_etherpad + '/' }}"
etherpad_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_etherpad_systemd_required_services_list: |
etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
etherpad_framing_enabled: "{{ matrix_dimension_enabled or matrix_jitsi_enabled }}"
etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
etherpad_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
etherpad_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9001') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
etherpad_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else etherpad_identifier }}"
etherpad_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != etherpad_container_network else [])
) | unique
}}
etherpad_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
etherpad_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
etherpad_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
etherpad_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
etherpad_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
}}
matrix_etherpad_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
etherpad_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
etherpad_database_name: matrix_etherpad
etherpad_database_username: matrix_etherpad
etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-etherpad
# /etke/etherpad
#
######################################################################
@ -2266,9 +2340,9 @@ matrix_jitsi_web_stun_servers: |
# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
# unless explicitly disabled by setting `matrix_jitsi_etherpad_enabled` to false.
# Falls back to the scalar.vector.im etherpad in case someone sets `matrix_jitsi_etherpad_enabled` to true,
# while also setting `matrix_etherpad_enabled` to false.
matrix_jitsi_etherpad_enabled: "{{ matrix_etherpad_enabled }}"
matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
# while also setting `etherpad_enabled` to false.
matrix_jitsi_etherpad_enabled: "{{ etherpad_enabled }}"
matrix_jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
# Allow verification using JWT and matrix-UVS
matrix_jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}"
@ -2434,10 +2508,10 @@ matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled and
matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}"
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
matrix_nginx_proxy_proxy_etherpad_enabled: "{{ etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_jitsi_manage_wellknown: "{{ matrix_jitsi_require_well_known }}"
@ -2449,11 +2523,9 @@ matrix_nginx_proxy_proxy_ntfy_enabled: "{{ ntfy_enabled and matrix_playbook_reve
matrix_nginx_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true
matrix_nginx_proxy_container_labels_traefik_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}"
matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
@ -2542,9 +2614,11 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
+
(['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
+
(['matrix-sliding-sync-proxy.service'] if matrix_sliding_sync_enabled else [])
+
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
+
(['matrix-etherpad.service'] if matrix_etherpad_enabled else [])
([etherpad_identifier + '.service'] if etherpad_enabled else [])
+
(['matrix-hookshot.service'] if matrix_hookshot_enabled else [])
}}
@ -2565,7 +2639,7 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
+
([matrix_server_fqn_etherpad] if (matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone') else [])
([matrix_server_fqn_etherpad] if (etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled) else [])
+
([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else [])
+
@ -2675,6 +2749,12 @@ devture_postgres_managed_databases_auto: |
'password': matrix_dendrite_database_password,
}] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_sliding_sync_database_name,
'username': matrix_sliding_sync_database_username,
'password': matrix_sliding_sync_database_password,
}] if (matrix_sliding_sync_enabled) else [])
+
([{
'name': matrix_ma1sd_database_name,
'username': matrix_ma1sd_database_username,
@ -2856,10 +2936,10 @@ devture_postgres_managed_databases_auto: |
}] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_etherpad_database_name,
'username': matrix_etherpad_database_username,
'password': matrix_etherpad_database_password,
}] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == devture_postgres_connection_hostname) else [])
'name': etherpad_database_name,
'username': etherpad_database_username,
'password': etherpad_database_password,
}] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': prometheus_postgres_exporter_database_name,
@ -2941,6 +3021,7 @@ matrix_sygnal_container_http_host_bind_port: "{{ (matrix_playbook_service_host_b
matrix_sygnal_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_sygnal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_sygnal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_sygnal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
@ -2974,6 +3055,7 @@ ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_inter
ntfy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
ntfy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
ntfy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
ntfy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: |
{{
@ -3031,6 +3113,7 @@ matrix_client_element_container_additional_networks: "{{ [matrix_playbook_revers
matrix_client_element_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_element_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_element_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_client_element_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}"
matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}"
@ -3084,6 +3167,7 @@ matrix_client_hydrogen_container_additional_networks: "{{ [matrix_playbook_rever
matrix_client_hydrogen_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_client_hydrogen_default_hs_url: "{{ matrix_homeserver_url }}"
@ -3117,6 +3201,7 @@ matrix_client_cinny_container_additional_networks: "{{ [matrix_playbook_reverse_
matrix_client_cinny_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_client_cinny_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_client_cinny_default_hs_url: "{{ matrix_homeserver_url }}"
@ -3296,6 +3381,7 @@ matrix_synapse_admin_container_additional_networks: "{{ [matrix_playbook_reverse
matrix_synapse_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
@ -3327,6 +3413,7 @@ prometheus_node_exporter_container_additional_networks: "{{ [matrix_playbook_rev
prometheus_node_exporter_container_labels_traefik_enabled: false
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
######################################################################
#
@ -3358,6 +3445,7 @@ prometheus_postgres_exporter_container_additional_networks: "{{ [matrix_playbook
prometheus_postgres_exporter_container_labels_traefik_enabled: false
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
prometheus_postgres_exporter_database_username: matrix_prometheus_postgres_exporter
@ -3461,6 +3549,7 @@ grafana_container_additional_networks: |
grafana_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
grafana_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Grafana over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -3560,6 +3649,63 @@ matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_gener
######################################################################
######################################################################
#
# matrix-sliding-sync
#
######################################################################
# We don't enable the sliding sync proxy by default.
matrix_sliding_sync_enabled: false
matrix_sliding_sync_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
matrix_sliding_sync_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_sliding_sync_path_prefix: /sliding-sync
matrix_sliding_sync_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_sliding_sync_container_additional_networks: |
{{
(
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
+
([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_nginx_proxy_container_network != matrix_sliding_sync_container_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_sliding_sync_container_network else [])
) | unique
}}
matrix_sliding_sync_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_sliding_sync_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.secret', rounds=655555) | to_uuid }}"
matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-sliding-sync
#
######################################################################
######################################################################
#
# matrix-dendrite
@ -3730,16 +3876,43 @@ matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homese
######################################################################
########################################################################
# #
# com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
devture_container_socket_proxy_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
devture_container_socket_proxy_identifier: matrix-container-socket-proxy
devture_container_socket_proxy_base_path: "{{ matrix_base_data_path }}/container-socket-proxy"
devture_container_socket_proxy_uid: "{{ matrix_user_uid }}"
devture_container_socket_proxy_gid: "{{ matrix_user_gid }}"
# Traefik requires read access to the containers APIs to do its job
devture_container_socket_proxy_api_containers_enabled: true
########################################################################
# #
# /com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.traefik #
# #
########################################################################
# To completely disable the Traefik role from running, use `matrix_playbook_traefik_role_enabled: false`.
# See the comment there for more details about why we have both `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`.
devture_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
devture_traefik_identifier: matrix-traefik
devture_traefik_base_path: "{{ matrix_base_data_path }}/traefik"
devture_traefik_uid: "{{ matrix_user_uid }}"
devture_traefik_gid: "{{ matrix_user_gid }}"
@ -3751,6 +3924,20 @@ devture_traefik_additional_entrypoints_auto:
devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains_to_obtain_certificates_for }}"
devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
devture_traefik_container_additional_networks: |
{{
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
}}
devture_traefik_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
}}
########################################################################
# #
# /com.devture.ansible.role.traefik #
@ -3764,9 +3951,7 @@ devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_ad
# #
########################################################################
# To completely disable the Traefik certs dumper role from running, use `matrix_playbook_traefik_certs_dumper_role_enabled: false`.
# See the comment there for more details about why we have both `devture_traefik_certs_dumper_enabled` and `matrix_playbook_traefik_certs_dumper_role_enabled`.
devture_traefik_certs_dumper_enabled: "{{ matrix_playbook_traefik_certs_dumper_role_enabled }}"
devture_traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled and devture_traefik_config_certificatesResolvers_acme_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}"
devture_traefik_certs_dumper_identifier: matrix-traefik-certs-dumper

12
playbooks/matrix.yml
View file

@ -103,7 +103,9 @@
- custom/matrix-ldap-registration-proxy
- custom/matrix-ma1sd
- custom/matrix-dimension
- custom/matrix-etherpad
- galaxy/etherpad
- custom/etherpad-proxy-connect
- custom/matrix-sliding-sync
- custom/matrix-email2matrix
- custom/matrix-sygnal
- galaxy/ntfy
@ -118,11 +120,11 @@
- custom/matrix-user-creator
- custom/matrix-common-after
- when: matrix_playbook_traefik_role_enabled | bool
role: galaxy/com.devture.ansible.role.traefik
- role: galaxy/com.devture.ansible.role.container_socket_proxy
- when: matrix_playbook_traefik_certs_dumper_role_enabled | bool
role: galaxy/com.devture.ansible.role.traefik_certs_dumper
- role: galaxy/com.devture.ansible.role.traefik
- role: galaxy/com.devture.ansible.role.traefik_certs_dumper
- when: devture_systemd_service_manager_enabled | bool
role: galaxy/com.devture.ansible.role.systemd_service_manager

22
requirements.yml
View file

@ -4,7 +4,7 @@
version: 6.1.0
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
version: 54d6d1831f063e4a99b66c722f49053d59f8ee60
version: 129c8590e106b83e6f4c259649a613c6279e937a
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
@ -22,7 +22,7 @@
version: a1bb78d194434b38005f3a9e623bfa4b2c06c7bc
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b
version: 8e9ec48a09284c84704d7a2dce17da35f181574d
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
@ -37,19 +37,25 @@
version: v0.11.1-2
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
version: v1.2.3-1.7.7-1
version: v1.2.3-1.7.8-0
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
version: v9.3.6-2
version: v9.4.3-0
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
version: v2.1.0-0
version: v2.1.2-0
- src: git+https://gitlab.com/etke.cc/roles/redis.git
version: v7.0.7-0
version: v7.0.9-0
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
version: v1.8.18-2
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
version: v0.1.1-1
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: 5e3248cd4d17db9ff3ba90904e7330150dab599e
version: v2.9.8-1
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: e7563caa814e634d2f8deec4a41e970caa1c0ae4
version: v2.8.1-0

11
roles/custom/etherpad-proxy-connect/defaults/main.yml Normal file
View file

@ -0,0 +1,11 @@
---
# etherpad-proxy-connect is a compatibility role connecting the new Etherpad role with matrix-nginx-proxy.
# It adds back support for serving Etherpad under the Dimension domain (`matrix_server_fqn_dimension`).
# Controls whether Etherpad will be hosted under the Dimension domain when matrix-nginx-proxy is used (depending on matrix_playbook_reverse_proxy_type).
# If you're not using matrix-nginx-proxy, then this value has no effect.
etherpad_nginx_proxy_dimension_integration_enabled: false
# Controls the path at which Etherpad will be exposed on the Dimension domain.
etherpad_nginx_proxy_dimension_integration_path_prefix: "{{ etherpad_path_prefix }}"

10
roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml → roles/custom/etherpad-proxy-connect/tasks/inject_into_nginx_proxy.yml
View file

@ -11,14 +11,14 @@
- name: Generate Etherpad proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_etherpad_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;
etherpad_matrix_nginx_proxy_configuration: |
rewrite ^{{ etherpad_nginx_proxy_dimension_integration_path_prefix }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ etherpad_nginx_proxy_dimension_integration_path_prefix }}/ permanent;
location {{ matrix_etherpad_public_endpoint }}/ {
location {{ etherpad_nginx_proxy_dimension_integration_path_prefix }}/ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
proxy_pass http://matrix-etherpad:9001/;
proxy_pass http://{{ etherpad_identifier }}:9001/;
{# These are proxy directives needed specifically by Etherpad #}
proxy_buffering off;
proxy_http_version 1.1; # recommended with keepalive connections
@ -42,5 +42,5 @@
{{
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([])
+
[matrix_etherpad_matrix_nginx_proxy_configuration]
[etherpad_matrix_nginx_proxy_configuration]
}}

12
roles/custom/etherpad-proxy-connect/tasks/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
- when: etherpad_enabled | bool and etherpad_nginx_proxy_dimension_integration_enabled | bool
tags:
- install-all
- setup-all
- install-nginx-proxy
- setup-nginx-proxy
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"

32
roles/custom/etherpad-proxy-connect/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,32 @@
---
- name: Fail if reverse-proxy is not nginx
when: matrix_playbook_reverse_proxy_type not in ['playbook-managed-nginx', 'other-nginx-non-container']
ansible.builtin.fail:
msg: >
Etherpad's integration into matrix-nginx-proxy's Dimension server only makes sense if you're using matrix-nginx-proxy.
`matrix_playbook_reverse_proxy_type` ({{ matrix_playbook_reverse_proxy_type }}) indicates that you're using another reverse-proxy.
If you're using Traefik, you should configure `etherpad_hostname` and `etherpad_path_prefix` instead.
- name: Fail if Dimension not enabled
when: not matrix_dimension_enabled
ansible.builtin.fail:
msg: >
Etherpad's integration into matrix-nginx-proxy's Dimension server only makes sense if you're using Dimension.
Looks like Dimension is not enabled in your configuration (judging by `matrix_dimension_enabled`).
Consider configuring `etherpad_hostname` and `etherpad_path_prefix` instead.
- name: Fail if Etherpad hostname does not match Dimension hostname
when: etherpad_hostname != matrix_server_fqn_dimension
ansible.builtin.fail:
msg: >
Etherpad's integration into matrix-nginx-proxy's Dimension server requires that you set `etherpad_hostname` to `matrix_server_fqn_dimension`.
Consider adding this to your configuration: `{% raw %}etherpad_hostname: "{{ matrix_server_fqn_dimension }}"{% endraw %}`
- name: Fail if / path prefix used for Etherpad
when: etherpad_nginx_proxy_dimension_integration_path_prefix == '/'
ansible.builtin.fail:
msg: >
Etherpad's integration into matrix-nginx-proxy's Dimension server only makes sense if you're using a non-`/` path for Etherpad.
You've chosen a path prefix of `/` in `etherpad_nginx_proxy_dimension_integration_path_prefix`.
The `/` path must go to Dimension itself, so you need to pick a different prefix (e.g. `/etherpad`).

6
roles/custom/matrix-aux/tasks/main.yml
View file

@ -1,9 +1,9 @@
---
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"
tags:
- tags:
- setup-all
- setup-aux-files
- install-all
- install-aux-files
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"

4
roles/custom/matrix-base/defaults/main.yml
View file

@ -72,7 +72,7 @@ matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
# This is where you access the Dimension.
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
# This is where you access the etherpad (if enabled via matrix_etherpad_enabled; disabled by default).
# This is where you access the etherpad (if enabled via etherpad_enabled; disabled by default).
matrix_server_fqn_etherpad: "etherpad.{{ matrix_domain }}"
# For use with Go-NEB! (github callback url for example)
@ -284,7 +284,7 @@ matrix_homeserver_app_service_config_files_auto: []
# Valid options and a description of their behavior:
#
# - `playbook-managed-traefik`
# - the playbook will install devture-traefik
# - the playbook will run a managed Traefik instance (matrix-traefik)
# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`)
# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email`
# - it will also install matrix-nginx-proxy in local-only mode, while we migrate the rest of the services to a Traefik-native mode of working

24
roles/custom/matrix-base/tasks/main.yml
View file

@ -1,30 +1,28 @@
---
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
tags:
- tags:
- setup-all
- install-all
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
# This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
# which are required by many other roles.
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
tags:
- tags:
- always
- setup-system-user
- common
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
tags:
- tags:
- setup-all
- install-all
- common
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
tags:
- tags:
- setup-all
- setup-ma1sd
- setup-synapse
@ -37,3 +35,5 @@
- install-dendrite
- install-conduit
- install-nginx-proxy
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_well_known.yml"

4
roles/custom/matrix-base/templates/bin/remove-all.j2
View file

@ -25,8 +25,12 @@ else
echo "Remove unused Docker images and resources"
docker system prune -af
echo "Remove Docker matrix network (should be gone already, but ..)"
docker network rm {{ matrix_docker_network }}
echo "This playbook creates a lot of matrix-* networks. Consider removing them manually ('docker network ls', followed by 'docker network rm NETWORK_NAME')"
echo "Remove {{ matrix_base_data_path }} directory"
rm -fr "{{ matrix_base_data_path }}"
exit 0

5
roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2
View file

@ -26,6 +26,11 @@
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
}
{% endif %}
{% if matrix_sliding_sync_enabled %},
"org.matrix.msc3575.proxy": {
"url": "{{ matrix_sliding_sync_base_url }}"
}
{% endif %}
{% if matrix_client_element_location_sharing_enabled %},
"m.tile_server": {
"map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json"

18
roles/custom/matrix-bot-buscarron/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-bot-buscarron
- install-all
- install-bot-buscarron
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
tags:
- tags:
- setup-all
- setup-bot-buscarron
- install-all
- install-bot-buscarron
- block:
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
tags:
- setup-all
- setup-bot-buscarron

21
roles/custom/matrix-bot-chatgpt/tasks/main.yml
View file

@ -1,20 +1,21 @@
---
- block:
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
-
tags:
- setup-all
- setup-bot-chatgpt
- install-all
- install-bot-chatgpt
block:
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- block:
- when: not matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
- tags:
- setup-all
- setup-bot-chatgpt
block:
- when: not matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

18
roles/custom/matrix-bot-draupnir/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-bot-draupnir
- install-all
- install-bot-draupnir
block:
- when: matrix_bot_draupnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_draupnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-bot-draupnir
- install-all
- install-bot-draupnir
- block:
block:
- when: not matrix_bot_draupnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-draupnir

9
roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
View file

@ -36,7 +36,7 @@ autojoinOnlyIfManager: true
# If `autojoinOnlyIfManager` is false, only the members in this space can invite
# the bot to new rooms.
acceptInvitesFromSpace: "!example:example.org"
#acceptInvitesFromSpace: "!example:example.org"
# Whether Draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true).
recordIgnoredInvites: false
@ -49,11 +49,11 @@ recordIgnoredInvites: false
#
# Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
# (see verboseLogging to adjust this a bit.)
managementRoom: "#moderators:example.org"
managementRoom: "{{ matrix_bot_draupnir_management_room }}"
# Whether Draupnir should log a lot more messages in the room,
# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.
verboseLogging: true
verboseLogging: false
# The log level of terminal (or container) output,
# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
@ -130,7 +130,7 @@ admin:
# (with enough permissions) to "make" a user an admin.
#
# This only works if a local user with enough admin permissions is present in the room.
enableMakeRoomAdminCommand: true
enableMakeRoomAdminCommand: false
# Misc options for command handling and commands
commands:
@ -146,6 +146,7 @@ commands:
# Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`.
additionalPrefixes:
- "draupnir-bot"
- "draupnir_bot"
- "draupnir"
# Whether or not commands with a wildcard (*) will require an additional `--force` argument

118
roles/custom/matrix-bot-go-neb/defaults/main.yml
View file

@ -1,11 +1,22 @@
---
# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
# Project source code URL: https://github.com/matrix-org/go-neb
matrix_bot_go_neb_enabled: true
matrix_bot_go_neb_version: latest
matrix_bot_go_neb_docker_image: "matrixdotorg/go-neb:{{ matrix_bot_go_neb_version }}"
matrix_bot_go_neb_docker_image_force_pull: "{{ matrix_bot_go_neb_docker_image.endswith(':latest') }}"
matrix_bot_go_neb_scheme: https
# The hostname at which Go-NEB is served.
matrix_bot_go_neb_hostname: ''
# The path at which Go-NEB is exposed.
# This value must either be `/` or not end with a slash (e.g. `/go-neb`).
matrix_bot_go_neb_path_prefix: /
matrix_bot_go_neb_base_url: "{{ matrix_bot_go_neb_scheme }}://{{ matrix_bot_go_neb_hostname }}{{ matrix_bot_go_neb_path_prefix }}{{ '' if matrix_bot_go_neb_path_prefix == '/' else '/' }}"
matrix_bot_go_neb_base_path: "{{ matrix_base_data_path }}/go-neb"
matrix_bot_go_neb_config_path: "{{ matrix_bot_go_neb_base_path }}/config"
@ -13,11 +24,63 @@ matrix_bot_go_neb_config_path_in_container: "/config/config.yaml"
matrix_bot_go_neb_data_path: "{{ matrix_bot_go_neb_base_path }}/data"
matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store"
matrix_bot_go_neb_container_image: "{{ matrix_bot_go_neb_container_image_registry_prefix }}matrixdotorg/go-neb:{{ matrix_bot_go_neb_container_image_tag }}"
matrix_bot_go_neb_container_image_tag: "{{ matrix_bot_go_neb_version }}"
matrix_bot_go_neb_container_image_force_pull: "{{ matrix_bot_go_neb_container_image.endswith(':latest') }}"
matrix_bot_go_neb_container_image_registry_prefix: docker.io/
# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_bot_go_neb_container_network: matrix-bot-go-neb
# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_bot_go_neb_container_additional_networks: []
# Controls whether the matrix-bot-go-neb container exposes its HTTP port (tcp/4050 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4050"), or empty string to not expose.
matrix_bot_go_neb_container_http_host_bind_port: ''
# matrix_bot_go_neb_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_bot_go_neb_container_labels_additional_labels`.
matrix_bot_go_neb_container_labels_traefik_enabled: true
matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_bot_go_neb_container_network }}"
matrix_bot_go_neb_container_labels_traefik_hostname: "{{ matrix_bot_go_neb_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/go-neb`).
matrix_bot_go_neb_container_labels_traefik_path_prefix: "{{ matrix_bot_go_neb_path_prefix }}"
matrix_bot_go_neb_container_labels_traefik_rule: "Host(`{{ matrix_bot_go_neb_container_labels_traefik_hostname }}`){% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_go_neb_container_labels_traefik_path_prefix }}`){% endif %}"
matrix_bot_go_neb_container_labels_traefik_priority: 0
matrix_bot_go_neb_container_labels_traefik_entrypoints: web-secure
matrix_bot_go_neb_container_labels_traefik_tls: "{{ matrix_bot_go_neb_container_labels_traefik_entrypoints != 'web' }}"
matrix_bot_go_neb_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_bot_go_neb_container_labels_traefik_additional_response_headers_custom`
matrix_bot_go_neb_container_labels_traefik_additional_response_headers: "{{ matrix_bot_go_neb_container_labels_traefik_additional_response_headers_auto | combine(matrix_bot_go_neb_container_labels_traefik_additional_response_headers_custom) }}"
matrix_bot_go_neb_container_labels_traefik_additional_response_headers_auto: |
{{
{}
| combine ({'X-XSS-Protection': matrix_bot_go_neb_http_header_xss_protection} if matrix_bot_go_neb_http_header_xss_protection else {})
| combine ({'X-Frame-Options': matrix_bot_go_neb_http_header_frame_options} if matrix_bot_go_neb_http_header_frame_options else {})
| combine ({'X-Content-Type-Options': matrix_bot_go_neb_http_header_content_type_options} if matrix_bot_go_neb_http_header_content_type_options else {})
| combine ({'Content-Security-Policy': matrix_bot_go_neb_http_header_content_security_policy} if matrix_bot_go_neb_http_header_content_security_policy else {})
| combine ({'Permission-Policy': matrix_bot_go_neb_http_header_content_permission_policy} if matrix_bot_go_neb_http_header_content_permission_policy else {})
| combine ({'Strict-Transport-Security': matrix_bot_go_neb_http_header_strict_transport_security} if matrix_bot_go_neb_http_header_strict_transport_security and matrix_bot_go_neb_container_labels_traefik_tls else {})
}}
matrix_bot_go_neb_container_labels_traefik_additional_response_headers_custom: {}
# matrix_bot_go_neb_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_bot_go_neb_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_bot_go_neb_container_labels_additional_labels: ''
# A list of extra arguments to pass to the container
matrix_bot_go_neb_container_extra_arguments: []
@ -27,6 +90,57 @@ matrix_bot_go_neb_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-bot-go-neb.service wants
matrix_bot_go_neb_systemd_wanted_services_list: []
# Specifies the value of the `X-XSS-Protection` header
# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
#
# Learn more about it is here:
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# - https://portswigger.net/web-security/cross-site-scripting/reflected
matrix_bot_go_neb_http_header_xss_protection: "1; mode=block"
# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
matrix_bot_go_neb_http_header_frame_options: SAMEORIGIN
# Specifies the value of the `X-Content-Type-Options` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
matrix_bot_go_neb_http_header_content_type_options: nosniff
# Specifies the value of the `Content-Security-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
matrix_bot_go_neb_http_header_content_security_policy: frame-ancestors 'self'
# Specifies the value of the `Permission-Policy` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
matrix_bot_go_neb_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_bot_go_neb_floc_optout_enabled else '' }}"
# Specifies the value of the `Strict-Transport-Security` header.
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
matrix_bot_go_neb_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_bot_go_neb_hsts_preload_enabled else '' }}"
# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
#
# Learn more about what it is here:
# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
# - https://amifloced.org/
#
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
# See: `matrix_bot_go_neb_content_permission_policy`
matrix_bot_go_neb_floc_optout_enabled: true
# Controls if HSTS preloading is enabled
#
# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
# indicates a willingness to be "preloaded" into browsers:
# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
# For more information visit:
# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# - https://hstspreload.org/#opt-in
# See: `matrix_bot_go_neb_http_header_strict_transport_security`
matrix_bot_go_neb_hsts_preload_enabled: false
# Database-related configuration fields.
#
# MUST be "sqlite3". No other type is supported.

49
roles/custom/matrix-bot-go-neb/tasks/setup_install.yml → roles/custom/matrix-bot-go-neb/tasks/install.yml
View file

@ -1,8 +1,5 @@
---
- ansible.builtin.set_fact:
matrix_bot_go_neb_requires_restart: false
- name: Ensure go-neb paths exist
ansible.builtin.file:
path: "{{ item.path }}"
@ -16,17 +13,6 @@
- {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true}
when: "item.when | bool"
- name: Ensure go-neb image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_go_neb_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure go-neb config installed
ansible.builtin.copy:
content: "{{ matrix_bot_go_neb_configuration | to_nice_yaml(indent=2, width=999999) }}"
@ -35,16 +21,35 @@
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure go-neb support files installed
ansible.builtin.template:
src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_bot_go_neb_base_path }}/{{ item }}"
mode: 0640
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- env
- labels
- name: Ensure go-neb container network is created
community.general.docker_network:
name: "{{ matrix_bot_go_neb_container_network }}"
driver: bridge
- name: Ensure go-neb container image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_go_neb_container_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_go_neb_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_container_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure matrix-bot-go-neb.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
mode: 0644
register: matrix_bot_go_neb_systemd_service_result
- name: Ensure matrix-bot-go-neb.service restarted, if necessary
ansible.builtin.service:
name: "matrix-bot-go-neb.service"
state: restarted
daemon_reload: true
when: "matrix_bot_go_neb_requires_restart | bool"

22
roles/custom/matrix-bot-go-neb/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
tags:
- tags:
- setup-all
- setup-bot-go-neb
- install-all
- install-bot-go-neb
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
tags:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
- tags:
- setup-all
- setup-bot-go-neb
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"

0
roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml → roles/custom/matrix-bot-go-neb/tasks/uninstall.yml
View file

8
roles/custom/matrix-bot-go-neb/templates/env.j2 Normal file
View file

@ -0,0 +1,8 @@
BIND_ADDRESS=:4050
DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}
DATABASE_URL={{ matrix_bot_go_neb_storage_database }}
BASE_URL={{ matrix_bot_go_neb_base_url }}
CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}

45
roles/custom/matrix-bot-go-neb/templates/labels.j2 Normal file
View file

@ -0,0 +1,45 @@
{% if matrix_bot_go_neb_container_labels_traefik_enabled %}
traefik.enable=true
{% if matrix_bot_go_neb_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_bot_go_neb_container_labels_traefik_docker_network }}
{% endif %}
{% set middlewares = [] %}
{% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %}
traefik.http.middlewares.matrix-bot-go-neb-slashless-redirect.redirectregex.regex=({{ matrix_bot_go_neb_container_labels_traefik_path_prefix | quote }})$
traefik.http.middlewares.matrix-bot-go-neb-slashless-redirect.redirectregex.replacement=${1}/
{% set middlewares = middlewares + ['matrix-bot-go-neb-slashless-redirect'] %}
{% endif %}
{% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %}
traefik.http.middlewares.matrix-bot-go-neb-strip-prefix.stripprefix.prefixes={{ matrix_bot_go_neb_container_labels_traefik_path_prefix }}
{% set middlewares = middlewares + ['matrix-bot-go-neb-strip-prefix'] %}
{% endif %}
{% if matrix_bot_go_neb_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
{% for name, value in matrix_bot_go_neb_container_labels_traefik_additional_response_headers.items() %}
traefik.http.middlewares.matrix-bot-go-neb-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
{% endfor %}
{% set middlewares = middlewares + ['matrix-bot-go-neb-add-headers'] %}
{% endif %}
traefik.http.routers.matrix-bot-go-neb.rule={{ matrix_bot_go_neb_container_labels_traefik_rule }}
{% if matrix_bot_go_neb_container_labels_traefik_priority | int > 0 %}
traefik.http.routers.matrix-bot-go-neb.priority={{ matrix_bot_go_neb_container_labels_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-bot-go-neb.service=matrix-bot-go-neb
{% if middlewares | length > 0 %}
traefik.http.routers.matrix-bot-go-neb.middlewares={{ middlewares | join(',') }}
{% endif %}
traefik.http.routers.matrix-bot-go-neb.entrypoints={{ matrix_bot_go_neb_container_labels_traefik_entrypoints }}
traefik.http.routers.matrix-bot-go-neb.tls={{ matrix_bot_go_neb_container_labels_traefik_tls | to_json }}
{% if matrix_bot_go_neb_container_labels_traefik_tls %}
traefik.http.routers.matrix-bot-go-neb.tls.certResolver={{ matrix_bot_go_neb_container_labels_traefik_tls_certResolver }}
{% endif %}
traefik.http.services.matrix-bot-go-neb.loadbalancer.server.port=4050
{% endif %}
{{ matrix_bot_go_neb_container_labels_additional_labels }}

22
roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
View file

@ -16,31 +16,37 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-go-neb \
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-bot-go-neb \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
--network={{ matrix_bot_go_neb_container_network }} \
{% if matrix_bot_go_neb_container_http_host_bind_port %}
-p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \
{% endif %}
-e 'BIND_ADDRESS=:4050' \
-e 'DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}' \
-e 'BASE_URL=https://{{ matrix_server_fqn_bot_go_neb }}' \
-e 'CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}' \
-e 'DATABASE_URL={{ matrix_bot_go_neb_storage_database }}' \
--env-file={{ matrix_bot_go_neb_base_path }}/env \
--label-file={{ matrix_bot_go_neb_base_path }}/labels \
--mount type=bind,src={{ matrix_bot_go_neb_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_bot_go_neb_data_path }},dst=/data \
--entrypoint=/bin/sh \
{% for arg in matrix_bot_go_neb_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_go_neb_docker_image }} \
{{ matrix_bot_go_neb_container_image }} \
-c "go-neb /config/config.yaml"
{% for network in matrix_bot_go_neb_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-go-neb
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-go-neb
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-go-neb

2
roles/custom/matrix-bot-honoroit/defaults/main.yml
View file

@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.16
matrix_bot_honoroit_version: v0.9.17
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

18
roles/custom/matrix-bot-honoroit/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-bot-honoroit
- install-all
- install-bot-honoroit
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
tags:
- tags:
- setup-all
- setup-bot-honoroit
- install-all
- install-bot-honoroit
- block:
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
tags:
- setup-all
- setup-bot-honoroit

18
roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-bot-matrix-registration-bot
- install-all
- install-bot-matrix-registration-bot
block:
- when: matrix_bot_matrix_registration_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_matrix_registration_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-bot-matrix-registration-bot
- install-all
- install-bot-matrix-registration-bot
- block:
block:
- when: not matrix_bot_matrix_registration_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-matrix-registration-bot

18
roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-bot-matrix-reminder-bot
- install-all
- install-bot-matrix-reminder-bot
block:
- when: matrix_bot_matrix_reminder_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_matrix_reminder_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-bot-matrix-reminder-bot
- install-all
- install-bot-matrix-reminder-bot
- block:
block:
- when: not matrix_bot_matrix_reminder_bot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-matrix-reminder-bot

26
roles/custom/matrix-bot-maubot/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-bot-maubot
- install-all
- install-bot-maubot
block:
- when: matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-bot-maubot
- install-all
- install-bot-maubot
- block:
block:
- when: not matrix_bot_maubot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-maubot

2
roles/custom/matrix-bot-maubot/tasks/setup_install.yml
View file

@ -53,7 +53,7 @@
name: "{{ matrix_bot_maubot_docker_image }}"
source: build
force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_maubot_docker_src_files_path }}"

18
roles/custom/matrix-bot-mjolnir/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-bot-mjolnir
- install-all
- install-bot-mjolnir
block:
- when: matrix_bot_mjolnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_mjolnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-bot-mjolnir
- install-all
- install-bot-mjolnir
- block:
block:
- when: not matrix_bot_mjolnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-mjolnir

18
roles/custom/matrix-bot-postmoogle/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-bot-postmoogle
- install-all
- install-bot-postmoogle
block:
- when: matrix_bot_postmoogle_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_postmoogle_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-bot-postmoogle
- install-all
- install-bot-postmoogle
- block:
block:
- when: not matrix_bot_postmoogle_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-postmoogle

18
roles/custom/matrix-bridge-appservice-discord/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-appservice-discord
- install-all
- install-appservice-discord
block:
- when: matrix_appservice_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_appservice_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-appservice-discord
- install-all
- install-appservice-discord
- block:
block:
- when: not matrix_appservice_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-discord

5
roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
View file

@ -65,7 +65,10 @@
when: "matrix_appservice_discord_stat_db.stat.exists"
- name: (Data relocation) Move AppService Discord discord.db file to ./data directory
ansible.builtin.command: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}"
ansible.builtin.command:
cmd: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}"
creates: "{{ matrix_appservice_discord_data_path }}/{{ item }}"
removes: "{{ matrix_appservice_discord_base_path }}/{{ item }}"
with_items:
- discord.db
- user-store.db

2
roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
View file

@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser
# matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
# It's a bare version number now. We try to somewhat retain compatibility below.
matrix_appservice_irc_version: 0.36.0
matrix_appservice_irc_version: 0.37.0
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

18
roles/custom/matrix-bridge-appservice-irc/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-appservice-irc
- install-all
- install-appservice-irc
block:
- when: matrix_appservice_irc_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_appservice_irc_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-appservice-irc
- install-all
- install-appservice-irc
- block:
block:
- when: not matrix_appservice_irc_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-irc

10
roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
View file

@ -108,16 +108,12 @@
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Check if Appservice IRC passkey exists
ansible.builtin.stat:
path: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
register: irc_passkey_file
- name: Generate Appservice IRC passkey if it doesn't exist
ansible.builtin.shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"
ansible.builtin.shell:
cmd: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"
creates: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
become: true
become_user: "{{ matrix_user_username }}"
when: "not irc_passkey_file.stat.exists"
# In the past, we used to generate the passkey.pem file with root, so permissions may not be okay.
# Fix it.

18
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-appservice-kakaotalk
- install-all
- install-appservice-kakaotalk
block:
- when: matrix_appservice_kakaotalk_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_appservice_kakaotalk_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-appservice-kakaotalk
- install-all
- install-appservice-kakaotalk
- block:
block:
- when: not matrix_appservice_kakaotalk_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-kakaotalk

26
roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-appservice-slack
- install-all
- install-appservice-slack
block:
- when: matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-appservice-slack
- install-all
- install-appservice-slack
- block:
block:
- when: not matrix_appservice_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-slack

26
roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-appservice-webhooks
- install-all
- install-appservice-webhooks
block:
- when: matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-appservice-webhooks
- install-all
- install-appservice-webhooks
- block:
block:
- when: not matrix_appservice_webhooks_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-appservice-webhooks

18
roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-beeper-linkedin
- install-all
- install-beeper-linkedin
block:
- when: matrix_beeper_linkedin_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_beeper_linkedin_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-beeper-linkedin
- install-all
- install-beeper-linkedin
- block:
block:
- when: not matrix_beeper_linkedin_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-beeper-linkedin

18
roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-go-skype-bridge
- install-all
- install-go-skype-bridge
block:
- when: matrix_go_skype_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_go_skype_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-go-skype-bridge
- install-all
- install-go-skype-bridge
- block:
block:
- when: not matrix_go_skype_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-go-skype-bridge

10
roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
View file

@ -97,11 +97,17 @@
when: "matrix_go_skype_bridge_stat_database.stat.exists"
- name: (Data relocation) Move go-skype-bridge database file to ./data directory
ansible.builtin.command: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
ansible.builtin.command:
cmd: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
creates: "{{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
removes: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db"
when: "matrix_go_skype_bridge_stat_database.stat.exists"
- name: (Data relocation) Move go-skype-bridge mx-state file to ./data directory
ansible.builtin.command: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json"
ansible.builtin.command:
cmd: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json"
creates: "{{ matrix_go_skype_bridge_data_path }}/mx-state.json"
removes: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json"
when: "matrix_go_skype_bridge_stat_mx_state.stat.exists"
- name: Ensure go-skype-bridge config.yaml installed

16
roles/custom/matrix-bridge-heisenbridge/tasks/main.yml
View file

@ -1,17 +1,17 @@
---
- block:
- when: matrix_heisenbridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-heisenbridge
- install-all
- install-heisenbridge
block:
- when: matrix_heisenbridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
- block:
- when: not matrix_heisenbridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- tags:
- setup-all
- setup-heisenbridge
block:
- when: not matrix_heisenbridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

10
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View file

@ -122,15 +122,15 @@ matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matr
# No need to change these
matrix_hookshot_generic_enabled: true
matrix_hookshot_generic_enableHttpGet: false
matrix_hookshot_generic_enableHttpGet: false # noqa var-naming
# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}"
# urlprefix gets updated with protocol & port in group_vars/matrix_servers
matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}"
matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}" # noqa var-naming
# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap
matrix_hookshot_generic_userIdPrefix: '_webhooks_'
matrix_hookshot_generic_allowJsTransformationFunctions: false
matrix_hookshot_generic_waitForComplete: false
matrix_hookshot_generic_userIdPrefix: '_webhooks_' # noqa var-naming
matrix_hookshot_generic_allowJsTransformationFunctions: false # noqa var-naming
matrix_hookshot_generic_waitForComplete: false # noqa var-naming
matrix_hookshot_feeds_enabled: true

26
roles/custom/matrix-bridge-hookshot/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-hookshot
- install-all
- install-hookshot
block:
- when: matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-hookshot
- install-all
- install-hookshot
- block:
block:
- when: not matrix_hookshot_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-hookshot

4
roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
View file

@ -57,7 +57,9 @@
register: hookshot_passkey_file
- name: Generate hookshot passkey if it doesn't exist
ansible.builtin.shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096"
ansible.builtin.shell:
cmd: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096"
creates: "{{ matrix_hookshot_base_path }}/passkey.pem"
become: true
become_user: "{{ matrix_user_username }}"
when: "not hookshot_passkey_file.stat.exists"

18
roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-mautrix-discord
- install-all
- install-mautrix-discord
block:
- when: matrix_mautrix_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-discord
- install-all
- install-mautrix-discord
- block:
block:
- when: not matrix_mautrix_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-discord

26
roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mautrix-facebook
- install-all
- install-mautrix-facebook
block:
- when: matrix_mautrix_facebook_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_facebook_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-facebook
- install-all
- install-mautrix-facebook
- block:
block:
- when: not matrix_mautrix_facebook_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-facebook

5
roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
View file

@ -91,7 +91,10 @@
when: "matrix_mautrix_facebook_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-facebook database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mautrix_facebook_base_path }}/mautrix-facebook.db {{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_facebook_base_path }}/mautrix-facebook.db {{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"
creates: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"
removes: "{{ matrix_mautrix_facebook_base_path }}/mautrix-facebook.db"
when: "matrix_mautrix_facebook_stat_database.stat.exists"
- name: Ensure mautrix-facebook config.yaml installed

26
roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mautrix-googlechat
- install-all
- install-mautrix-googlechat
block:
- when: matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-googlechat
- install-all
- install-mautrix-googlechat
- block:
block:
- when: not matrix_mautrix_googlechat_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-googlechat

5
roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
View file

@ -91,7 +91,10 @@
when: "matrix_mautrix_googlechat_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-googlechat database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db {{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db {{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"
creates: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"
removes: "{{ matrix_mautrix_googlechat_base_path }}/mautrix-googlechat.db"
when: "matrix_mautrix_googlechat_stat_database.stat.exists"
- name: Ensure mautrix-googlechat config.yaml installed

26
roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mautrix-hangouts
- install-all
- install-mautrix-hangouts
block:
- when: matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-hangouts
- install-all
- install-mautrix-hangouts
- block:
block:
- when: not matrix_mautrix_hangouts_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-hangouts

5
roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
View file

@ -91,7 +91,10 @@
when: "matrix_mautrix_hangouts_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-hangouts database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db {{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db {{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"
creates: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"
removes: "{{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db"
when: "matrix_mautrix_hangouts_stat_database.stat.exists"
- name: Ensure mautrix-hangouts config.yaml installed

26
roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mautrix_instagram_enabled | bool and matrix_mautrix_instagram_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_instagram_enabled | bool and matrix_mautrix_instagram_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mautrix-instagram
- install-all
- install-mautrix-instagram
block:
- when: matrix_mautrix_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-instagram
- install-all
- install-mautrix-instagram
- block:
block:
- when: not matrix_mautrix_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-instagram

26
roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mautrix_signal_enabled | bool and matrix_mautrix_signal_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_signal_enabled | bool and matrix_mautrix_signal_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mautrix-signal
- install-all
- install-mautrix-signal
block:
- when: matrix_mautrix_signal_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_signal_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-signal
- install-all
- install-mautrix-signal
- block:
block:
- when: not matrix_mautrix_signal_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-signal

18
roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-mautrix-slack
- install-all
- install-mautrix-slack
block:
- when: matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-slack
- install-all
- install-mautrix-slack
- block:
block:
- when: not matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-slack

2
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
View file

@ -17,7 +17,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
matrix_mautrix_telegram_version: v0.12.2
matrix_mautrix_telegram_version: v0.13.0
# See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}"

26
roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mautrix-telegram
- install-all
- install-mautrix-telegram
block:
- when: matrix_mautrix_telegram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_telegram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-telegram
- install-all
- install-mautrix-telegram
- block:
block:
- when: not matrix_mautrix_telegram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-telegram

5
roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
View file

@ -116,7 +116,10 @@
when: "matrix_mautrix_telegram_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-telegram database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db {{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
creates: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
removes: "{{ matrix_mautrix_telegram_base_path }}/mautrix-telegram.db"
when: "matrix_mautrix_telegram_stat_database.stat.exists"
- name: Ensure mautrix-telegram config.yaml installed

26
roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mautrix-twitter
- install-all
- install-mautrix-twitter
block:
- when: matrix_mautrix_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-twitter
- install-all
- install-mautrix-twitter
- block:
block:
- when: not matrix_mautrix_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-twitter

26
roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mautrix_whatsapp_enabled | bool and matrix_mautrix_whatsapp_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_whatsapp_enabled | bool and matrix_mautrix_whatsapp_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mautrix-whatsapp
- install-all
- install-mautrix-whatsapp
block:
- when: matrix_mautrix_whatsapp_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_whatsapp_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mautrix-whatsapp
- install-all
- install-mautrix-whatsapp
- block:
block:
- when: not matrix_mautrix_whatsapp_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-whatsapp

10
roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
View file

@ -97,11 +97,17 @@
when: "matrix_mautrix_whatsapp_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-whatsapp database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db {{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db {{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db"
creates: "{{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db"
removes: "{{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db"
when: "matrix_mautrix_whatsapp_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-whatsapp mx-state file to ./data directory
ansible.builtin.command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mx-state.json {{ matrix_mautrix_whatsapp_data_path }}/mx-state.json"
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_whatsapp_base_path }}/mx-state.json {{ matrix_mautrix_whatsapp_data_path }}/mx-state.json"
creates: "{{ matrix_mautrix_whatsapp_data_path }}/mx-state.json"
removes: "{{ matrix_mautrix_whatsapp_base_path }}/mx-state.json"
when: "matrix_mautrix_whatsapp_stat_mx_state.stat.exists"
- name: Ensure mautrix-whatsapp config.yaml installed

18
roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-mx-puppet-discord
- install-all
- install-mx-puppet-discord
block:
- when: matrix_mx_puppet_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mx_puppet_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mx-puppet-discord
- install-all
- install-mx-puppet-discord
- block:
block:
- when: not matrix_mx_puppet_discord_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mx-puppet-discord

18
roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-mx-puppet-groupme
- install-all
- install-mx-puppet-groupme
block:
- when: matrix_mx_puppet_groupme_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mx_puppet_groupme_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mx-puppet-groupme
- install-all
- install-mx-puppet-groupme
- block:
block:
- when: not matrix_mx_puppet_groupme_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mx-puppet-groupme

5
roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
View file

@ -29,7 +29,10 @@
when: "matrix_mx_puppet_groupme_stat_database.stat.exists"
- name: (Data relocation) Move mx-puppet-groupme database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mx_puppet_groupme_base_path }}/database.db {{ matrix_mx_puppet_groupme_data_path }}/database.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mx_puppet_groupme_base_path }}/database.db {{ matrix_mx_puppet_groupme_data_path }}/database.db"
creates: "{{ matrix_mx_puppet_groupme_data_path }}/database.db"
removes: "{{ matrix_mx_puppet_groupme_base_path }}/database.db"
when: "matrix_mx_puppet_groupme_stat_database.stat.exists"
- ansible.builtin.set_fact:

18
roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-mx-puppet-instagram
- install-all
- install-mx-puppet-instagram
block:
- when: matrix_mx_puppet_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mx_puppet_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mx-puppet-instagram
- install-all
- install-mx-puppet-instagram
- block:
block:
- when: not matrix_mx_puppet_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mx-puppet-instagram

26
roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mx_puppet_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mx_puppet_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mx-puppet-slack
- install-all
- install-mx-puppet-slack
block:
- when: matrix_mx_puppet_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mx_puppet_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mx-puppet-slack
- install-all
- install-mx-puppet-slack
- block:
block:
- when: not matrix_mx_puppet_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mx-puppet-slack

5
roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
View file

@ -91,7 +91,10 @@
when: "matrix_mx_puppet_slack_enabled | bool and matrix_mx_puppet_slack_container_image_self_build"
- name: (Data relocation) Move mx-puppet-slack database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db"
creates: "{{ matrix_mx_puppet_slack_data_path }}/database.db"
removes: "{{ matrix_mx_puppet_slack_base_path }}/database.db"
when: "matrix_mx_puppet_slack_stat_database.stat.exists"
- name: Ensure mx-puppet-slack config.yaml installed

18
roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-mx-puppet-steam
- install-all
- install-mx-puppet-steam
block:
- when: matrix_mx_puppet_steam_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mx_puppet_steam_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mx-puppet-steam
- install-all
- install-mx-puppet-steam
- block:
block:
- when: not matrix_mx_puppet_steam_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mx-puppet-steam

5
roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
View file

@ -29,7 +29,10 @@
when: "matrix_mx_puppet_steam_stat_database.stat.exists"
- name: (Data relocation) Move mx-puppet-steam database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db"
creates: "{{ matrix_mx_puppet_steam_data_path }}/database.db"
removes: "{{ matrix_mx_puppet_steam_base_path }}/database.db"
when: "matrix_mx_puppet_steam_stat_database.stat.exists"
- ansible.builtin.set_fact:

26
roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_mx_puppet_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mx_puppet_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-mx-puppet-twitter
- install-all
- install-mx-puppet-twitter
block:
- when: matrix_mx_puppet_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mx_puppet_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-mx-puppet-twitter
- install-all
- install-mx-puppet-twitter
- block:
block:
- when: not matrix_mx_puppet_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mx-puppet-twitter

5
roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
View file

@ -29,7 +29,10 @@
when: "matrix_mx_puppet_twitter_stat_database.stat.exists"
- name: (Data relocation) Move mx-puppet-twitter database file to ./data directory
ansible.builtin.command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db"
ansible.builtin.command:
cmd: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db"
creates: "{{ matrix_mx_puppet_twitter_data_path }}/database.db"
removes: "{{ matrix_mx_puppet_twitter_base_path }}/database.db"
when: "matrix_mx_puppet_twitter_stat_database.stat.exists"
- ansible.builtin.set_fact:

18
roles/custom/matrix-bridge-sms/tasks/main.yml
View file

@ -1,20 +1,20 @@
---
- block:
- tags:
- setup-all
- setup-matrix-sms-bridge
- install-all
- install-matrix-sms-bridge
block:
- when: matrix_sms_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_sms_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-matrix-sms-bridge
- install-all
- install-matrix-sms-bridge
- block:
block:
- when: not matrix_sms_bridge_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-matrix-sms-bridge

26
roles/custom/matrix-cactus-comments/tasks/main.yml
View file

@ -1,29 +1,29 @@
---
- block:
- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- block:
- tags:
- setup-all
- setup-cactus-comments
- install-all
- install-cactus-comments
block:
- when: matrix_cactus_comments_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_cactus_comments_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-cactus-comments
- install-all
- install-cactus-comments
- block:
block:
- when: not matrix_cactus_comments_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-cactus-comments

24
roles/custom/matrix-client-cinny/tasks/main.yml
View file

@ -1,26 +1,26 @@
---
- block:
- tags:
- setup-all
- setup-client-cinny
- install-all
- install-client-cinny
block:
- when: matrix_client_cinny_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_client_cinny_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-client-cinny
- install-all
- install-client-cinny
- block:
block:
- when: not matrix_client_cinny_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-client-cinny
- block:
- tags:
- self-check
block:
- when: matrix_client_cinny_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
tags:
- self-check

2
roles/custom/matrix-client-element/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.23
matrix_client_element_version: v1.11.24
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

24
roles/custom/matrix-client-element/tasks/main.yml
View file

@ -1,6 +1,11 @@
---
- block:
- tags:
- setup-all
- setup-client-element
- install-all
- install-client-element
block:
- when: matrix_client_element_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
@ -9,21 +14,16 @@
- when: matrix_client_element_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-client-element
- install-all
- install-client-element
- block:
block:
- when: not matrix_client_element_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-client-element
- block:
- tags:
- self-check
block:
- when: matrix_client_element_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
tags:
- self-check

1
roles/custom/matrix-client-element/tasks/setup_install.yml
View file

@ -56,6 +56,7 @@
--tag={{ matrix_client_element_docker_image }}
--file={{ matrix_client_element_docker_src_files_path }}/Dockerfile
{{ matrix_client_element_docker_src_files_path }}
changed_when: true
when: matrix_client_element_container_image_self_build | bool
- name: Ensure Element configuration installed

24
roles/custom/matrix-client-hydrogen/tasks/main.yml
View file

@ -1,26 +1,26 @@
---
- block:
- tags:
- setup-all
- setup-client-hydrogen
- install-all
- install-client-hydrogen
block:
- when: matrix_client_hydrogen_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_client_hydrogen_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-client-hydrogen
- install-all
- install-client-hydrogen
- block:
block:
- when: not matrix_client_hydrogen_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-client-hydrogen
- block:
- tags:
- self-check
block:
- when: matrix_client_hydrogen_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
tags:
- self-check

6
roles/custom/matrix-common-after/tasks/main.yml
View file

@ -1,6 +1,6 @@
---
- block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
tags:
- tags:
- run-docker-prune
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"

8
roles/custom/matrix-conduit/defaults/main.yml
View file

@ -23,6 +23,14 @@ matrix_conduit_systemd_required_services_list: ["docker.service"]
# List of systemd services that matrix-conduit.service wants
matrix_conduit_systemd_wanted_services_list: []
# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_conduit_container_network: "{{ matrix_docker_network }}"
# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_conduit_container_additional_networks: []
# Extra arguments for the Docker container
matrix_conduit_container_extra_arguments: []

16
roles/custom/matrix-conduit/tasks/main.yml
View file

@ -1,17 +1,17 @@
---
- block:
- when: matrix_conduit_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-conduit
- install-all
- install-conduit
block:
- when: matrix_conduit_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
- block:
- when: not matrix_conduit_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- tags:
- setup-all
- setup-conduit
block:
- when: not matrix_conduit_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

26
roles/custom/matrix-conduit/tasks/setup_install.yml
View file

@ -1,14 +1,4 @@
---
- name: Ensure Conduit Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_conduit_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_conduit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduit_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure Conduit config path exists
ansible.builtin.file:
@ -34,6 +24,22 @@
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Conduit container network is created
community.general.docker_network:
name: "{{ matrix_conduit_container_network }}"
driver: bridge
- name: Ensure Conduit container image is pulled
community.docker.docker_image:
name: "{{ matrix_conduit_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_conduit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduit_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure matrix-conduit.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/conduit/systemd/matrix-conduit.service.j2"

12
roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2
View file

@ -12,13 +12,15 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-conduit \
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-conduit \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_conduit_tmp_directory_size_mb }}m \
--network={{ matrix_docker_network }} \
--network={{ matrix_conduit_container_network }} \
--env CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml \
--mount type=bind,src={{ matrix_conduit_data_path }},dst=/var/lib/matrix-conduit \
--mount type=bind,src={{ matrix_conduit_config_path }},dst=/etc/matrix-conduit,ro \
@ -27,6 +29,12 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
{% endfor %}
{{ matrix_conduit_docker_image }}
{% for network in matrix_conduit_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-conduit
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-conduit
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true'
ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-conduit /bin/sh -c 'kill -HUP 1'

24
roles/custom/matrix-corporal/tasks/main.yml
View file

@ -1,26 +1,26 @@
---
- block:
- tags:
- setup-all
- setup-corporal
- install-all
- install-corporal
block:
- when: matrix_corporal_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_corporal_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- tags:
- setup-all
- setup-corporal
- install-all
- install-corporal
- block:
block:
- when: not matrix_corporal_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-corporal
- block:
- tags:
- self-check
block:
- when: matrix_corporal_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"
tags:
- self-check

Some files were not shown because too many files have changed in this diff Show more