From 17d80cb9e84f70c7bf34b7bc7151a3215e7f7e84 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 13 Jan 2024 18:13:06 +0200 Subject: [PATCH] Move wsproxy to the matrix-addons network and adjust its Postgres connectivity This is a bit of a compatibility break. The role was defaulting the Postgres password to `some-password` and we auto-generate it now. However, rebuilding both Postgres and this service should unify the database credentials and the service configs to the new value. --- group_vars/matrix_servers | 25 +++++++++++-------- .../defaults/main.yml | 11 +++++--- .../tasks/validate_config.yml | 3 +++ .../templates/syncproxy-env.j2 | 4 +-- 4 files changed, 27 insertions(+), 16 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ca00258fe..0754a0438 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1489,30 +1489,30 @@ matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mautrix_wsproxy_enabled: false -matrix_mautrix_wsproxy_systemd_required_services_list: | +matrix_mautrix_wsproxy_systemd_required_services_list_default: | {{ - ['docker.service'] + matrix_addons_homeserver_systemd_services_list + - ['matrix-' + matrix_homeserver_implementation + '.service'] - + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) - + - (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == devture_postgres_connection_hostname) else []) }} matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}" - matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_addons_homeserver_client_api_url }}" + matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_domain }}" +matrix_mautrix_wsproxy_syncproxy_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" + +matrix_mautrix_wsproxy_container_network: "{{ matrix_addons_container_network }}" + matrix_mautrix_wsproxy_container_additional_networks: | {{ ( + ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + - ([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_nginx_proxy_container_network != matrix_mautrix_wsproxy_container_network else []) - + - ([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_mautrix_wsproxy_container_network else []) + ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_mautrix_wsproxy_container_network) else []) ) | unique }} @@ -1521,6 +1521,9 @@ matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_playb matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_wsproxy_syncproxy_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_wsproxy_syncproxy_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wsproxy.db', rounds=655555) | to_uuid }}" + ###################################################################### # # /matrix-bridge-mautrix-wsproxy diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml index 52a6159bc..d4aee5f71 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml @@ -58,7 +58,10 @@ matrix_mautrix_wsproxy_container_labels_additional_labels: '' matrix_mautrix_wsproxy_container_extra_arguments: [] # List of systemd services that matrix-mautrix-wsproxy.service depends on. -matrix_mautrix_wsproxy_systemd_required_services_list: ['docker.service'] +matrix_mautrix_wsproxy_systemd_required_services_list: "{{ matrix_mautrix_wsproxy_systemd_required_services_list_default + matrix_mautrix_wsproxy_systemd_required_services_list_auto + matrix_mautrix_wsproxy_systemd_required_services_list_custom }}" +matrix_mautrix_wsproxy_systemd_required_services_list_default: ['docker.service'] +matrix_mautrix_wsproxy_systemd_required_services_list_auto: [] +matrix_mautrix_wsproxy_systemd_required_services_list_custom: [] # List of systemd services that matrix-mautrix-wsproxy.service wants matrix_mautrix_wsproxy_systemd_wanted_services_list: [] @@ -137,6 +140,8 @@ matrix_mautrix_wsproxy_syncproxy_container_extra_arguments: [] matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list: ['docker.service', 'matrix-mautrix-wsproxy.service'] matrix_mautrix_wsproxy_syncproxy_systemd_wanted_services_list: [] +matrix_mautrix_wsproxy_syncproxy_homeserver_url: '' + matrix_mautrix_wsproxy_syncproxy_shared_secret: '' matrix_mautrix_wsproxy_syncproxy_port: 29332 matrix_mautrix_wsproxy_syncproxy_appservice_address: "http://matrix-mautrix-wsproxy-syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_port }}" @@ -148,8 +153,8 @@ matrix_mautrix_wsproxy_syncproxy_appservice_address: "http://matrix-mautrix-wspr matrix_mautrix_wsproxy_syncproxy_database_engine: 'postgres' matrix_mautrix_wsproxy_syncproxy_database_username: 'matrix_mautrix_wsproxy_syncproxy' -matrix_mautrix_wsproxy_syncproxy_database_password: 'some-password' -matrix_mautrix_wsproxy_syncproxy_database_hostname: 'matrix-postgres' +matrix_mautrix_wsproxy_syncproxy_database_password: '' +matrix_mautrix_wsproxy_syncproxy_database_hostname: '' matrix_mautrix_wsproxy_syncproxy_database_port: 5432 matrix_mautrix_wsproxy_syncproxy_database_name: 'matrix_mautrix_wsproxy_syncproxy' diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml index 16244b14d..6a7012385 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml @@ -12,3 +12,6 @@ - "matrix_mautrix_imessage_homeserver_token" - "matrix_mautrix_wsproxy_homeserver_address" - "matrix_mautrix_wsproxy_syncproxy_shared_secret" + - "matrix_mautrix_wsproxy_syncproxy_homeserver_url" + - "matrix_mautrix_wsproxy_syncproxy_database_hostname" + - "matrix_mautrix_wsproxy_syncproxy_database_password" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 index bc23e54bd..0ce02496d 100644 --- a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 @@ -1,3 +1,3 @@ DATABASE_URL={{ matrix_mautrix_signal_wsproxy_syncproxy_connection_string }} -HOMESERVER_URL={{ matrix_homeserver_container_url }} -SHARED_SECRET={{ matrix_mautrix_wsproxy_syncproxy_shared_secret }} \ No newline at end of file +HOMESERVER_URL={{ matrix_mautrix_wsproxy_syncproxy_homeserver_url }} +SHARED_SECRET={{ matrix_mautrix_wsproxy_syncproxy_shared_secret }}