Merge branch 'master' into pub.solar
This commit is contained in:
commit
eba1ac8bd8
|
@ -30,30 +30,12 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t
|
||||||
|
|
||||||
## 3. Make sure the account is free from rate limiting
|
## 3. Make sure the account is free from rate limiting
|
||||||
|
|
||||||
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps.
|
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues.
|
||||||
|
|
||||||
1. Copy the statement below into a text editor.
|
If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands.
|
||||||
|
|
||||||
```
|
The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token.
|
||||||
INSERT INTO ratelimit_override VALUES ('@bot.draupnir:DOMAIN', 0, 0);
|
|
||||||
```
|
|
||||||
|
|
||||||
1. Change the username (`@bot.draupnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain.
|
|
||||||
|
|
||||||
1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal)
|
|
||||||
|
|
||||||
1. Connect to Synapse's database by typing `\connect synapse` into the database terminal
|
|
||||||
|
|
||||||
1. Paste in the `INSERT INTO` command that you edited and press enter.
|
|
||||||
|
|
||||||
You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this:
|
|
||||||
|
|
||||||
```
|
|
||||||
user_id | messages_per_second | burst_count
|
|
||||||
-----------------------+---------------------+-------------
|
|
||||||
@bot.draupnir:raim.ist | 0 | 0`
|
|
||||||
```
|
|
||||||
then you did it correctly.
|
|
||||||
|
|
||||||
|
|
||||||
## 4. Create a management room
|
## 4. Create a management room
|
||||||
|
|
|
@ -29,31 +29,11 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t
|
||||||
|
|
||||||
## 3. Make sure the account is free from rate limiting
|
## 3. Make sure the account is free from rate limiting
|
||||||
|
|
||||||
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps.
|
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues.
|
||||||
|
|
||||||
1. Copy the statement below into a text editor.
|
If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands.
|
||||||
|
|
||||||
```
|
|
||||||
INSERT INTO ratelimit_override VALUES ('@bot.mjolnir:DOMAIN', 0, 0);
|
|
||||||
```
|
|
||||||
|
|
||||||
1. Change the username (`@bot.mjolnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain.
|
|
||||||
|
|
||||||
1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal)
|
|
||||||
|
|
||||||
1. Connect to Synapse's database by typing `\connect synapse` into the database terminal
|
|
||||||
|
|
||||||
1. Paste in the `INSERT INTO` command that you edited and press enter.
|
|
||||||
|
|
||||||
You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this:
|
|
||||||
|
|
||||||
```
|
|
||||||
user_id | messages_per_second | burst_count
|
|
||||||
-----------------------+---------------------+-------------
|
|
||||||
@bot.mjolnir:raim.ist | 0 | 0`
|
|
||||||
```
|
|
||||||
then you did it correctly.
|
|
||||||
|
|
||||||
|
The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token.
|
||||||
|
|
||||||
## 4. Create a management room
|
## 4. Create a management room
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho
|
||||||
1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file
|
1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file
|
||||||
2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required.
|
2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required.
|
||||||
3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
|
3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
|
||||||
4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
|
4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-aux-role) explained below.
|
||||||
5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
|
5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
|
||||||
|
|
||||||
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
|
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
|
||||||
|
@ -58,23 +58,23 @@ See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles
|
||||||
|
|
||||||
The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.
|
The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.
|
||||||
|
|
||||||
### Manage GitHub Private Key with matrix-aux role
|
### Manage GitHub Private Key with aux role
|
||||||
|
|
||||||
The GitHub bridge requires you to install a private key file. This can be done in multiple ways:
|
The GitHub bridge requires you to install a private key file. This can be done in multiple ways:
|
||||||
- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)).
|
- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)).
|
||||||
- somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually.
|
- somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually.
|
||||||
- use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server.
|
- use the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux) to copy the file from an arbitrary path on your ansible client to the correct path on the server.
|
||||||
|
|
||||||
To use `matrix-aux`, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add to `matrix-aux` configuration like this:
|
To use the `aux` role, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add the following additional configuration:
|
||||||
```yaml
|
```yaml
|
||||||
matrix_aux_file_definitions:
|
aux_file_definitions:
|
||||||
- dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}"
|
- dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}"
|
||||||
content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}"
|
content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}"
|
||||||
mode: '0400'
|
mode: '0400'
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
```
|
```
|
||||||
For more info see the documentation in the [matrix-aux base configuration file](/roles/custom/matrix-aux/defaults/main.yml).
|
For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml).
|
||||||
|
|
||||||
### Provisioning API
|
### Provisioning API
|
||||||
|
|
||||||
|
|
|
@ -91,7 +91,7 @@ matrix_corporal_policy_provider_config: |
|
||||||
}
|
}
|
||||||
|
|
||||||
# Modify the policy below as you see fit
|
# Modify the policy below as you see fit
|
||||||
matrix_aux_file_definitions:
|
aux_file_definitions:
|
||||||
- dest: "{{ matrix_corporal_config_dir_path }}/policy.json"
|
- dest: "{{ matrix_corporal_config_dir_path }}/policy.json"
|
||||||
content: |
|
content: |
|
||||||
{
|
{
|
||||||
|
|
|
@ -40,9 +40,9 @@ If you'd like to use your own SSL certificates, instead of the default (SSL cert
|
||||||
To use your own SSL certificates with Traefik, you need to:
|
To use your own SSL certificates with Traefik, you need to:
|
||||||
|
|
||||||
- disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support
|
- disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support
|
||||||
- put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually
|
- put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually
|
||||||
- register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)
|
- register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)
|
||||||
- put the SSL files on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually
|
- put the SSL files on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Disable ACME / Let's Encrypt support.
|
# Disable ACME / Let's Encrypt support.
|
||||||
|
@ -53,7 +53,7 @@ devture_traefik_config_certificatesResolvers_acme_enabled: false
|
||||||
devture_traefik_ssl_dir_enabled: true
|
devture_traefik_ssl_dir_enabled: true
|
||||||
|
|
||||||
# Tell Traefik to load our custom configuration file (certificates.yml).
|
# Tell Traefik to load our custom configuration file (certificates.yml).
|
||||||
# The file is created below, in `matrix_aux_file_definitions`.
|
# The file is created below, in `aux_file_definitions`.
|
||||||
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
|
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
|
||||||
devture_traefik_configuration_extension_yaml: |
|
devture_traefik_configuration_extension_yaml: |
|
||||||
providers:
|
providers:
|
||||||
|
@ -61,9 +61,9 @@ devture_traefik_configuration_extension_yaml: |
|
||||||
filename: /config/certificates.yml
|
filename: /config/certificates.yml
|
||||||
watch: true
|
watch: true
|
||||||
|
|
||||||
# Use the matrix-aux role to create our custom files on the server.
|
# Use the aux role to create our custom files on the server.
|
||||||
# If you'd like to do this manually, you remove this `matrix_aux_file_definitions` variable.
|
# If you'd like to do this manually, you remove this `aux_file_definitions` variable.
|
||||||
matrix_aux_file_definitions:
|
aux_file_definitions:
|
||||||
# Create the privkey.pem file on the server by
|
# Create the privkey.pem file on the server by
|
||||||
# uploading a file from the computer where Ansible is running.
|
# uploading a file from the computer where Ansible is running.
|
||||||
- dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
|
- dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
|
||||||
|
|
|
@ -55,7 +55,7 @@ matrix_sygnal_apps:
|
||||||
api_key: your_api_key_for_gcm
|
api_key: your_api_key_for_gcm
|
||||||
# .. more configuration ..
|
# .. more configuration ..
|
||||||
|
|
||||||
matrix_aux_file_definitions:
|
aux_file_definitions:
|
||||||
- dest: "{{ matrix_sygnal_data_path }}/my_key.p8"
|
- dest: "{{ matrix_sygnal_data_path }}/my_key.p8"
|
||||||
content: |
|
content: |
|
||||||
some
|
some
|
||||||
|
@ -73,7 +73,7 @@ Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easi
|
||||||
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
|
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
|
||||||
To do that, the above example configuration:
|
To do that, the above example configuration:
|
||||||
|
|
||||||
- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/custom/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
|
- makes use of the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux) (and its `aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See [`defaults/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml) of the `aux` role for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `aux`.
|
||||||
|
|
||||||
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)
|
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)
|
||||||
|
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1683082554,
|
"lastModified": 1683777345,
|
||||||
"narHash": "sha256-emO6mChgdBi4RwchtCCtAkvFf/OSkMyOQMqk6EZEPJA=",
|
"narHash": "sha256-V2p/A4RpEGqEZussOnHYMU6XglxBJGCODdzoyvcwig8=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0d373d5af960504dd60c3d06c65e553b36ef29d8",
|
"rev": "635a306fc8ede2e34cb3dd0d6d0a5d49362150ed",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
version: v1.0.0-0
|
version: v1.0.0-0
|
||||||
name: aux
|
name: aux
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
|
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
|
||||||
version: v1.2.4-1.7.12-1
|
version: v1.2.4-1.7.12-2
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
||||||
version: v0.1.1-2
|
version: v0.1.1-2
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
version: 6.1.0
|
version: 6.1.0
|
||||||
name: geerlingguy.docker
|
name: geerlingguy.docker
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
|
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
|
||||||
version: v9.5.1-0
|
version: v9.5.2-0
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
|
||||||
version: v8615-0
|
version: v8615-0
|
||||||
name: jitsi
|
name: jitsi
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
matrix_bot_chatgpt_enabled: true
|
matrix_bot_chatgpt_enabled: true
|
||||||
|
|
||||||
matrix_bot_chatgpt_version: 3.0.0
|
matrix_bot_chatgpt_version: 3.1.0
|
||||||
|
|
||||||
matrix_bot_chatgpt_container_image_self_build: false
|
matrix_bot_chatgpt_container_image_self_build: false
|
||||||
matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
|
matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
|
||||||
|
|
|
@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
|
||||||
# - https://github.com/vector-im/element-web/issues/19544
|
# - https://github.com/vector-im/element-web/issues/19544
|
||||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||||
|
|
||||||
matrix_client_element_version: v1.11.30
|
matrix_client_element_version: v1.11.31
|
||||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -4,8 +4,12 @@
|
||||||
|
|
||||||
matrix_dendrite_enabled: true
|
matrix_dendrite_enabled: true
|
||||||
|
|
||||||
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
|
matrix_dendrite_container_image_self_build: false
|
||||||
matrix_dendrite_docker_image_name_prefix: "docker.io/"
|
matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/dendrite.git"
|
||||||
|
|
||||||
|
matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith"
|
||||||
|
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}"
|
||||||
|
matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_dendrite_docker_image_tag: "v0.12.0"
|
matrix_dendrite_docker_image_tag: "v0.12.0"
|
||||||
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -17,6 +21,8 @@ matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats"
|
||||||
matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin"
|
matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin"
|
||||||
matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"
|
matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"
|
||||||
|
|
||||||
|
matrix_dendrite_docker_src_files_path: "{{ matrix_dendrite_base_path }}/docker-src"
|
||||||
|
|
||||||
# By default, we make Dendrite only serve HTTP (not HTTPS).
|
# By default, we make Dendrite only serve HTTP (not HTTPS).
|
||||||
# HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`).
|
# HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`).
|
||||||
#
|
#
|
||||||
|
@ -85,14 +91,14 @@ matrix_dendrite_systemd_wanted_services_list: []
|
||||||
# matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars/<host>/dendrite.yaml.j2"
|
# matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars/<host>/dendrite.yaml.j2"
|
||||||
matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2"
|
matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2"
|
||||||
|
|
||||||
matrix_dendrite_client_api_registration_shared_secret: ''
|
matrix_dendrite_client_api_registration_shared_secret: ""
|
||||||
matrix_dendrite_allow_guest_access: false
|
matrix_dendrite_allow_guest_access: false
|
||||||
|
|
||||||
matrix_dendrite_max_file_size_bytes: 10485760
|
matrix_dendrite_max_file_size_bytes: 10485760
|
||||||
|
|
||||||
# Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client.
|
# Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client.
|
||||||
# This is likely required if Dendrite is running behind a reverse proxy server.
|
# This is likely required if Dendrite is running behind a reverse proxy server.
|
||||||
matrix_dendrite_sync_api_real_ip_header: 'X-Forwarded-For'
|
matrix_dendrite_sync_api_real_ip_header: "X-Forwarded-For"
|
||||||
|
|
||||||
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
||||||
matrix_dendrite_tmp_directory_size_mb: 500
|
matrix_dendrite_tmp_directory_size_mb: 500
|
||||||
|
@ -147,7 +153,7 @@ matrix_dendrite_metrics_password: "metrics"
|
||||||
|
|
||||||
# Postgres database information
|
# Postgres database information
|
||||||
matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}"
|
matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}"
|
||||||
matrix_dendrite_database_hostname: ''
|
matrix_dendrite_database_hostname: ""
|
||||||
matrix_dendrite_database_user: "dendrite"
|
matrix_dendrite_database_user: "dendrite"
|
||||||
matrix_dendrite_database_password: "itsasecret"
|
matrix_dendrite_database_password: "itsasecret"
|
||||||
matrix_dendrite_federation_api_database: "dendrite_federationapi"
|
matrix_dendrite_federation_api_database: "dendrite_federationapi"
|
||||||
|
|
|
@ -1,17 +1,23 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure Dendrite paths exist
|
- name: Ensure Dendrite paths exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: "{{ item.path }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0750
|
mode: 0750
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ matrix_dendrite_config_dir_path }}"
|
- path: "{{ matrix_dendrite_config_dir_path }}"
|
||||||
- "{{ matrix_dendrite_bin_path }}"
|
when: true
|
||||||
- "{{ matrix_dendrite_ext_path }}"
|
- path: "{{ matrix_dendrite_bin_path }}"
|
||||||
- "{{ matrix_dendrite_nats_storage_path }}"
|
when: true
|
||||||
|
- path: "{{ matrix_dendrite_ext_path }}"
|
||||||
|
when: true
|
||||||
|
- path: "{{ matrix_dendrite_nats_storage_path }}"
|
||||||
|
when: true
|
||||||
|
- path: "{{ matrix_dendrite_docker_src_files_path }}"
|
||||||
|
when: "{{ matrix_dendrite_container_image_self_build }}"
|
||||||
|
when: "item.when | bool"
|
||||||
|
|
||||||
# This will throw a Permission Denied error if already mounted using fuse
|
# This will throw a Permission Denied error if already mounted using fuse
|
||||||
- name: Check Dendrite media store path
|
- name: Check Dendrite media store path
|
||||||
|
@ -37,6 +43,7 @@
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}"
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}"
|
||||||
|
when: "not matrix_dendrite_container_image_self_build | bool"
|
||||||
register: result
|
register: result
|
||||||
retries: "{{ devture_playbook_help_container_retries_count }}"
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||||
|
@ -72,6 +79,34 @@
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
|
- when: "matrix_dendrite_container_image_self_build | bool"
|
||||||
|
block:
|
||||||
|
- name: Ensure Dendrite repository is present on self-build
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: "{{ matrix_dendrite_container_image_self_build_repo }}"
|
||||||
|
dest: "{{ matrix_dendrite_docker_src_files_path }}"
|
||||||
|
version: "{{ matrix_dendrite_docker_image.split(':')[1] }}"
|
||||||
|
force: "yes"
|
||||||
|
become: true
|
||||||
|
become_user: "{{ matrix_user_username }}"
|
||||||
|
register: matrix_dendrite_git_pull_results
|
||||||
|
|
||||||
|
- name: Check if Dendrite Docker image exists
|
||||||
|
ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_dendrite_docker_image }}'"
|
||||||
|
register: matrix_dendrite_docker_image_check_result
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
# Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,
|
||||||
|
# because the latter does not support BuildKit.
|
||||||
|
# See: https://github.com/ansible-collections/community.general/issues/514
|
||||||
|
- name: Ensure Dendrite Docker image is built
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}"
|
||||||
|
environment:
|
||||||
|
DOCKER_BUILDKIT: 1
|
||||||
|
changed_when: true
|
||||||
|
when: "matrix_dendrite_git_pull_results.changed | bool or matrix_dendrite_docker_image_check_result.stdout == ''"
|
||||||
|
|
||||||
- name: Ensure Dendrite container network is created
|
- name: Ensure Dendrite container network is created
|
||||||
community.general.docker_network:
|
community.general.docker_network:
|
||||||
name: "{{ matrix_dendrite_container_network }}"
|
name: "{{ matrix_dendrite_container_network }}"
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
matrix_synapse_enabled: true
|
matrix_synapse_enabled: true
|
||||||
|
|
||||||
matrix_synapse_version: v1.82.0
|
matrix_synapse_version: v1.83.0
|
||||||
|
|
||||||
matrix_synapse_username: ''
|
matrix_synapse_username: ''
|
||||||
matrix_synapse_uid: ''
|
matrix_synapse_uid: ''
|
||||||
|
|
Loading…
Reference in a new issue