pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
5758 commits 2 branches 0 tags 16 MiB
Commit graph

514 commits

Author SHA1 Message Date
Slavi Pantaleev e80b98c3ad Do not mount SSL certificates into Coturn if TLS is disabled for it 2023-02-16 09:22:29 +02:00
Slavi Pantaleev bb7895678c Fix typo 2023-02-15 11:48:27 +02:00
Slavi Pantaleev 7c5826f1c3 Break dependency between matrix-prometheus-nginxlog-exporter and the Grafana role 
Wiring happens via `group_vars/matrix_servers` now.
 2023-02-15 10:52:25 +02:00
Slavi Pantaleev 1006b8d899 Replace matrix-grafana with an external role 2023-02-15 10:32:24 +02:00
Slavi Pantaleev 94124263a7 Add matrix_prometheus_container_network/matrix_prometheus_container_additional_networks 2023-02-15 08:56:11 +02:00
Slavi Pantaleev c85d48c45c Remove Traefik labels for Hydrogen & Cinny from matrix-nginx-proxy 
Related to 6a52be7987 and 28e7ef9c71f02
 2023-02-14 22:46:34 +02:00
Slavi Pantaleev f28e7ef9c7 Add (native) Traefik support to matrix-client-cinny 
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
 2023-02-14 11:29:53 +02:00
Slavi Pantaleev 6a52be7987 Add (native) Traefik support to matrix-client-hydrogen 
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Serving at a path other than `/` doesn't work well yet.
 2023-02-14 09:58:35 +02:00
Slavi Pantaleev e51e4eec09 Add (native) Traefik support to matrix-client-element 
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
 2023-02-13 19:03:20 +02:00
Slavi Pantaleev b2d8718233 Fix synapse-admin reverse-proxying regression for "playbook-managed-nginx" 
Regression since 3d9aa8387e
 2023-02-13 16:08:59 +02:00
Slavi Pantaleev 6cda711c0b Fix incorrect host_bind_port syntax (extra :) affecting certain deployments 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2474

Seems like this affected all "own webserver" deployments, which required
port exposure.

`playbook-managed-traefik` and `playbook-managed-nginx` were not affected.
 2023-02-13 15:38:24 +02:00
Slavi Pantaleev 3d9aa8387e Add (native) Traefik support to synapse-admin 
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now.
 2023-02-13 15:08:42 +02:00
Aine 33b4f7031b
restore borg prefixes 2023-02-13 10:44:42 +00:00
Slavi Pantaleev 266195ab45 Upgrade backup_borg (v1.2.3-1.7.5-1 -> v1.2.3-1.7.6-0) 
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2472
 2023-02-13 12:26:49 +02:00
Slavi Pantaleev 23f7720247 Add missing backup_borg_base_path override 2023-02-13 11:44:19 +02:00
Slavi Pantaleev 38904c08b0 Wire backup_borg_username 
It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.
 2023-02-13 11:01:54 +02:00
Slavi Pantaleev 78c35136b2 Replace matrix-backup-borg with an external role 2023-02-13 10:53:11 +02:00
Slavi Pantaleev 972043cfaf Fix trying to start devture-traefik when not necessarily enabled 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2465
 2023-02-12 17:14:25 +02:00
Slavi Pantaleev f1a1ce8a91
Merge pull request #2464 from spantaleev/traefik 
Reverse-proxy configuration changes and initial Traefik support
 2023-02-12 16:05:56 +02:00
Slavi Pantaleev b3f6436a0d Do not enable the Traefik role when reverse-proxy = other-traefik-container 2023-02-12 15:50:18 +02:00
Catalan Lover be471250dd
Move services that crash without hs connectivity to after proxy. 2023-02-11 17:58:19 +01:00
Slavi Pantaleev 94be74e633 Improve traefik-certs-dumper defaults for other-traefik-container setups 
We'd like to auto-enable traefik-certs-dumper for these setups.

`devture_traefik_certs_dumper_ssl_dir_path` will be empty though,
so the role's validation will point people in the right direction.
 2023-02-11 08:54:07 +02:00
Slavi Pantaleev f37a7a21f1 Delay Postmoogle startup to help Traefik-based setups 2023-02-11 08:53:32 +02:00
Slavi Pantaleev 8309a21303 Rename reverse proxy types and fix Hookshot http/https urlPrefix issue 2023-02-11 08:44:11 +02:00
Slavi Pantaleev 97f65e8dff Minor fixes to allow for Traefik without SSL 2023-02-10 19:36:06 +02:00
Slavi Pantaleev 28d2eb593c Add matrix_playbook_reverse_proxy_type variable which influences all other services 2023-02-10 16:04:34 +02:00
Slavi Pantaleev 06ccd71edc Merge branch 'master' into traefik 2023-02-10 14:37:59 +02:00
Slavi Pantaleev 01ccec2dbe Merge branch 'master' into pr-jitsi-matrix-authentication 2023-02-10 14:12:47 +02:00
Slavi Pantaleev 7cdf59d79b
Merge pull request #2451 from FSG-Cat/draupnir 
Add Draupnir support to the project.
 2023-02-10 11:43:30 +02:00
Slavi Pantaleev a5683a6449 Upgrade com.devture.ansible.role.traefik and rename some variables 2023-02-09 10:12:09 +02:00
Catalan Lover 7b42ff4b75
Finalise moving draupnir to a fully testable state. 2023-02-08 18:55:08 +01:00
Slavi Pantaleev 88a26758e1 Merge branch 'master' into traefik 2023-02-08 18:48:10 +02:00
Slavi Pantaleev c71567477a Stop using deprecated matrix_bot_postmoogle_domain variable in group vars 2023-02-08 18:48:01 +02:00
Slavi Pantaleev 1338963b6c Add support for obtaining additional SSL certificates via Traefik 2023-02-08 18:47:19 +02:00
Slavi Pantaleev 9a71a5696b Allow Postmoogle to work with SSL certificates extracted from Traefik 2023-02-08 16:45:03 +02:00
Slavi Pantaleev ddf6b2d4ee Handle matrix_playbook_reverse_proxy_type being "none" when deciding on Coturn certificate parameters 2023-02-08 16:24:43 +02:00
Slavi Pantaleev d44d4b637f Allow Coturn to work with SSL certificates extracted from Traefik 2023-02-08 16:06:46 +02:00
Slavi Pantaleev c07630ed51 Add com.devture.ansible.role.traefik_certs_dumper role 
With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper
 2023-02-08 16:05:38 +02:00
Paul N 96dd86d33b Set default values where sensible and remove unnecessary conditionals in .env.j2. 
Check for empty string instead of Null to verify if an openid_server_name is pinned.
 2023-02-06 15:26:08 +01:00
Paul N d67d8c07f5 Remove remnant comment. 2023-02-06 15:26:08 +01:00
jakicoll 6499b6536a Decoupling: Do not use variables user-verification-service role inside the jitsi role. 2023-02-06 15:18:25 +01:00
Paul N 1d99f17b4a Disable matrix-user-verification-service in group_vars and update docs accordingly. 2023-02-06 13:23:11 +01:00
Paul N 50c1e9d695 Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly. 2023-02-06 13:14:34 +01:00
Paul N 07d9ea5e87 Stick to port 3003 instead of changing the port based on the status of grafana. 2023-02-06 13:06:35 +01:00
jakicoll 0e0ae2f3e6 Assign default log level in role instead of matrix_servers file. 2023-02-06 13:04:06 +01:00
jakicoll f53731756d Change comment 
Applying the assumption, that synapse is always managed by this playbook.
 2023-02-06 12:15:54 +01:00
Slavi Pantaleev 8155f780e5 Add support for reverse-proxying Matric (Client & Federation) via Traefik 2023-02-06 13:08:11 +02:00
jakicoll 94830b582b Wording: change collection -> playbook 2023-02-06 11:58:50 +01:00
Slavi Pantaleev f983604695 Initial work on Traefik support 
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
 2023-02-06 10:34:51 +02:00
Slavi Pantaleev be78b74fbd Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role 2023-02-05 10:32:09 +02:00