Commit graph

6404 commits

Author SHA1 Message Date
Slavi Pantaleev c289996cd9 Upgrade com.devture.ansible.role.traefik 2023-02-09 10:16:41 +02:00
Slavi Pantaleev a5683a6449 Upgrade com.devture.ansible.role.traefik and rename some variables 2023-02-09 10:12:09 +02:00
Catalan Lover ddcb1735e2
Add draupnir as valid prefix to resolve a bug
Current draupnir does not listen to its name. This config change fixes this bug. This bodge is able to be removed once this is fixed upstream.
2023-02-08 20:05:47 +01:00
Catalan Lover a717590aa5
Rename systemd service file from mjolnir to draupnir 2023-02-08 19:53:35 +01:00
Catalan Lover 79a4e57fbd
Add draupnir docs. 2023-02-08 18:55:27 +01:00
Catalan Lover 7b42ff4b75
Finalise moving draupnir to a fully testable state. 2023-02-08 18:55:08 +01:00
Slavi Pantaleev 88a26758e1 Merge branch 'master' into traefik 2023-02-08 18:48:10 +02:00
Slavi Pantaleev c71567477a Stop using deprecated matrix_bot_postmoogle_domain variable in group vars 2023-02-08 18:48:01 +02:00
Slavi Pantaleev 1338963b6c Add support for obtaining additional SSL certificates via Traefik 2023-02-08 18:47:19 +02:00
Catalan Lover 9092d4bb6b
Push draupnir version from develop to v1.80.0-beta.0 2023-02-08 17:02:59 +01:00
Catalan Lover 78b1ebd5af
commit main.yml for draupnir and set target ver to develop 2023-02-08 16:44:30 +01:00
Catalan Lover 563cf1a4ba
Initial commit for draupnir.
main.yml is not included due to that its changed separately.
2023-02-08 16:44:12 +01:00
Slavi Pantaleev 49a1985750 Fix Postmoogle systemd service description 2023-02-08 16:45:58 +02:00
Slavi Pantaleev 9a71a5696b Allow Postmoogle to work with SSL certificates extracted from Traefik 2023-02-08 16:45:03 +02:00
Slavi Pantaleev ddf6b2d4ee Handle matrix_playbook_reverse_proxy_type being "none" when deciding on Coturn certificate parameters 2023-02-08 16:24:43 +02:00
Slavi Pantaleev d44d4b637f Allow Coturn to work with SSL certificates extracted from Traefik 2023-02-08 16:06:46 +02:00
Slavi Pantaleev c07630ed51 Add com.devture.ansible.role.traefik_certs_dumper role
With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper
2023-02-08 16:05:38 +02:00
Slavi Pantaleev 65b8e0f4ef
Merge pull request #2446 from etkecc/patch-162
Update heisenbridge 1.14.1 -> 1.14.2
2023-02-07 11:15:19 +02:00
Aine 2eb2ad0ad7
Update heisenbridge 1.14.1 -> 1.14.2 2023-02-07 09:06:00 +00:00
Slavi Pantaleev 2b9061a5d3 Add support for reverse-proxying the base domain via Traefik 2023-02-07 11:02:02 +02:00
Slavi Pantaleev 6c17671abd Upgrade synapse-admin (0.8.6 -> 0.8.7) and drop reverse-proxy workaround
Related to 6a31fba346, 6a31fba346.

Related to https://github.com/Awesome-Technologies/synapse-admin/issues/322
2023-02-07 10:45:19 +02:00
Slavi Pantaleev 66baef5bf6 Fix matrix-synapse-reverse-proxy-companion.service stopping during uninstallation
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2444
2023-02-07 08:48:50 +02:00
jakicoll 6a205a83f6 Change renamed variables matrix_systemd_path -> devture_systemd_docker_base_systemd_path 2023-02-06 17:20:13 +01:00
jakicoll 6cffec14ea fixup! Remove the self-build stub, because self-build was not implemented 2023-02-06 16:36:49 +01:00
jakicoll be634168ac Make the linter happy. 2023-02-06 16:29:25 +01:00
jakicoll f3ca4a0632 Remove unnecessary comment. 2023-02-06 16:28:57 +01:00
jakicoll 7848d865a5 Also define the vars to be overwritten in group vars within the role vars. 2023-02-06 16:28:56 +01:00
Paul N 70bea81df7 Introduced flags to (1) enable/disable Auth (2) enable/disable openid_server_name pinning. Updated validate_config.yml and added new checks to verify. 2023-02-06 15:59:32 +01:00
Paul N 96dd86d33b Set default values where sensible and remove unnecessary conditionals in .env.j2.
Check for empty string instead of Null to verify if an openid_server_name is pinned.
2023-02-06 15:26:08 +01:00
Paul N d67d8c07f5 Remove remnant comment. 2023-02-06 15:26:08 +01:00
jakicoll 6b206b3763 Move checks into validate_config.yml. 2023-02-06 15:21:10 +01:00
jakicoll 6499b6536a Decoupling: Do not use variables user-verification-service role inside the jitsi role. 2023-02-06 15:18:25 +01:00
Paul N 1d99f17b4a Disable matrix-user-verification-service in group_vars and update docs accordingly. 2023-02-06 13:23:11 +01:00
Paul N 50c1e9d695 Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly. 2023-02-06 13:14:34 +01:00
Paul N 07d9ea5e87 Stick to port 3003 instead of changing the port based on the status of grafana. 2023-02-06 13:06:35 +01:00
jakicoll 0e0ae2f3e6 Assign default log level in role instead of matrix_servers file. 2023-02-06 13:04:06 +01:00
jakicoll bf5e633656 Remove the self-build stub, because self-build was not implemented 2023-02-06 12:57:20 +01:00
Paul N b89f5b7ff5
Clarify task name and add user and group to templated env file
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-02-06 12:47:50 +01:00
Jakob S 6913d368c8
Consolidate conditionals into a block, keep image
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-02-06 12:38:01 +01:00
jakicoll f53731756d Change comment
Applying the assumption, that synapse is always managed by this playbook.
2023-02-06 12:15:54 +01:00
Slavi Pantaleev 8155f780e5 Add support for reverse-proxying Matric (Client & Federation) via Traefik 2023-02-06 13:08:11 +02:00
jakicoll 94830b582b Wording: change collection -> playbook 2023-02-06 11:58:50 +01:00
Slavi Pantaleev f983604695 Initial work on Traefik support
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2023-02-06 10:34:51 +02:00
Slavi Pantaleev 946bbe9734 Upgrade prometheus_node_exporter (v1.5.0-1 -> v1.5.0-2) 2023-02-06 09:54:34 +02:00
Slavi Pantaleev 5de5b5c62c Upgrade prometheus_postgres_exporter (v0.11.1-1 -> v0.11.1-2) 2023-02-06 09:49:15 +02:00
Slavi Pantaleev 4d6a8d049d Add matrix_nginx_proxy_container_network variable 2023-02-06 08:48:11 +02:00
Slavi Pantaleev e018663ba4 Attach ma1sd/nginx-proxy/synapse-reverse-proxy-companion to additional networks in a better way
Switching from doing "post-start" loop hacks to running the container
in 3 steps: `create` + potentially connect to additional networks + `start`.
This way, the container would be connected to all its networks even at
the very beginning of its life.
2023-02-06 08:38:43 +02:00
Slavi Pantaleev 045ed94d43 Upgrade prometheus_postgres_exporter (v0.11.1-0 -> v0.11.1-1) 2023-02-05 10:54:51 +02:00
Slavi Pantaleev be78b74fbd Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role 2023-02-05 10:32:09 +02:00
Slavi Pantaleev 2d7d5d4bab Use new security-opt syntax (: -> =)
Related to https://docs.docker.com/engine/deprecated/#separator--of---security-opt-flag-on-docker-run
2023-02-03 20:36:24 +02:00