diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f148e0425..1307679d2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -296,6 +296,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-coturn.service', 'priority': 4000, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else []) + + ([{'name': 'matrix-rageshake.service', 'priority': 4000, 'groups': ['matrix', 'rageshake']}] if matrix_rageshake_enabled else []) + + ([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else []) + ([{'name': 'matrix-dimension.service', 'priority': 4000, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else []) @@ -1995,6 +1997,18 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati # ###################################################################### + +###################################################################### +# +# /matrix-rageshake +# +###################################################################### + +# We don't enable rageshake by default. +matrix_rageshake_enabled: false + +matrix_rageshake_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + ###################################################################### # # matrix-coturn @@ -2383,6 +2397,7 @@ matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled an matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" +matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled }}" matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" @@ -2400,6 +2415,7 @@ matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_ent matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true matrix_nginx_proxy_container_labels_traefik_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_container_labels_traefik_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" +matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled }}" matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}" matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" @@ -2483,6 +2499,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-dimension.service'] if matrix_dimension_enabled else []) + + (['matrix-rageshake.service'] if matrix_rageshake_enabled else []) + + (['matrix-sygnal.service'] if matrix_sygnal_enabled else []) + ([(ntfy_identifier + '.service')] if ntfy_enabled else []) @@ -2524,6 +2542,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([ntfy_hostname] if ntfy_enabled else []) + + ([matrix_server_fqn_rageshake] if matrix_rageshake_enabled else []) + + (matrix_bot_postmoogle_domains if matrix_bot_postmoogle_enabled else []) + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 6980a6f9b..a425cd883 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -82,6 +82,7 @@ - custom/matrix-bot-draupnir - custom/matrix-bot-chatgpt - custom/matrix-cactus-comments + - custom/matrix-rageshake - custom/matrix-synapse - custom/matrix-synapse-reverse-proxy-companion - custom/matrix-dendrite diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index da5459f80..0f2e3b488 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -90,6 +90,9 @@ matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}" # This is where you access the ntfy push notification service. matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" +# This is where you access rageshake. +matrix_server_fqn_rageshake: "rageshake.{{ matrix_domain }}" + matrix_federation_public_port: 8448 # The name of the Traefik entrypoint for handling Matrix Federation diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index b656f074a..b5915dc40 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -71,6 +71,11 @@ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_hostname: "{{ matrix matrix_nginx_proxy_container_labels_traefik_proxy_dimension_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}" matrix_nginx_proxy_container_labels_traefik_proxy_dimension_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_dimension_hostname }}`)" +matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_enabled: false +matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_hostname: "{{ matrix_server_fqn_rageshake }}" +matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}" +matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_hostname }}`)" + matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: false matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}" matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}" @@ -257,6 +262,10 @@ matrix_nginx_proxy_proxy_matrix_federation_port: 8448 matrix_nginx_proxy_proxy_dimension_enabled: false matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}" +# Controls whether proxying the rageshake domain should be done. +matrix_nginx_proxy_proxy_rageshake_enabled: false +matrix_nginx_proxy_proxy_rageshake_hostname: "{{ matrix_server_fqn_rageshake }}" + # Controls whether proxying the etherpad domain should be done. matrix_nginx_proxy_proxy_etherpad_enabled: false matrix_nginx_proxy_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}" @@ -444,6 +453,9 @@ matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to Rageshake's server configuration (matrix-rageshake.conf). +matrix_nginx_proxy_proxy_rageshake_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to etherpad's server configuration (matrix-etherpad.conf). matrix_nginx_proxy_proxy_etherpad_additional_server_configuration_blocks: [] diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 5aa635979..1a55e28f7 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -129,6 +129,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_dimension_enabled | bool +- name: Ensure Matrix nginx-proxy configuration for rageshake domain exists + ansible.builtin.template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-rageshake.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-rageshake.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_rageshake_enabled | bool + - name: Ensure Matrix nginx-proxy configuration for etherpad domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-etherpad.conf.j2" @@ -291,6 +298,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_dimension_enabled | bool" +- name: Ensure Matrix nginx-proxy configuration for rageshake domain deleted + ansible.builtin.file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-rageshake.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_rageshake_enabled | bool" + - name: Ensure Matrix nginx-proxy configuration for goneb domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf" diff --git a/roles/custom/matrix-nginx-proxy/templates/labels.j2 b/roles/custom/matrix-nginx-proxy/templates/labels.j2 index 1e60ba6d9..00c9c40a9 100644 --- a/roles/custom/matrix-nginx-proxy/templates/labels.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/labels.j2 @@ -62,6 +62,17 @@ traefik.http.routers.matrix-nginx-proxy-dimension.entrypoints={{ matrix_nginx_pr {% endif %} +{% if matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_enabled %} +# Rageshake +traefik.http.routers.matrix-nginx-proxy-rageshake.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_rule }} +traefik.http.routers.matrix-nginx-proxy-rageshake.service=matrix-nginx-proxy-web +traefik.http.routers.matrix-nginx-proxy-rageshake.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_tls | to_json }} +{% if matrix_nginx_proxy_container_labels_traefik_proxy_rageshake_tls %} +traefik.http.routers.matrix-nginx-proxy-rageshake.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }} +{% endif %} +traefik.http.routers.matrix-nginx-proxy-rageshake.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }} +{% endif %} + {% if matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled %} # Etherpad traefik.http.routers.matrix-nginx-proxy-etherpad.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_rule }} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-rageshake.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-rageshake.conf.j2 new file mode 100644 index 000000000..5da96684a --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-rageshake.conf.j2 @@ -0,0 +1,100 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + +{% for configuration_block in matrix_nginx_proxy_proxy_rageshake_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-rageshake:9110"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9110; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_rageshake_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_rageshake_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_rageshake_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_rageshake_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != '' %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_rageshake_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/custom/matrix-rageshake/defaults/main.yml b/roles/custom/matrix-rageshake/defaults/main.yml new file mode 100644 index 000000000..743b30004 --- /dev/null +++ b/roles/custom/matrix-rageshake/defaults/main.yml @@ -0,0 +1,38 @@ +--- +# rageshake is a issue submission service from matrix.org +# Project source code URL: https://github.com/matrix-org/rageshake/ + +matrix_rageshake_enabled: false + +matrix_rageshake_container_image_self_build: false +matrix_rageshake_docker_repo: "https://github.com/matrix-org/rageshake/" +matrix_rageshake_docker_repo_version: "{{ 'master' if matrix_rageshake_version == 'master' else matrix_rageshake_version }}" +matrix_rageshake_docker_src_files_path: "{{ matrix_base_data_path }}/Dockerfile" + +matrix_rageshake_version: "master" +matrix_rageshake_docker_image: "{{ matrix_rageshake_docker_image_name_prefix }}matrix-org/rageshake:{{ matrix_rageshake_version }}" +matrix_rageshake_docker_image_name_prefix: "{{ 'localhost/' if matrix_rageshake_container_image_self_build else 'ghcr.io/' }}" +matrix_rageshake_docker_image_force_pull: "{{ matrix_rageshake_docker_image.endswith(':master') }}" + +matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake" +matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config" +matrix_rageshake_data_path: "{{ matrix_rageshake_base_path }}/data" + +# A list of extra arguments to pass to the container +matrix_rageshake_container_extra_arguments: [] + +# List of systemd services that matrix-rageshake.service depends on +matrix_rageshake_systemd_required_services_list: ["docker.service"] + +# List of systemd services that matrix-rageshake.service wants +matrix_rageshake_systemd_wanted_services_list: [] + +# Rageshake Settings + +# Additional config to pass to the rageshake. +# See https://github.com/matrix-org/rageshake/blob/master/rageshake.sample.yaml +# +# Example: +# matrix_rageshake_config: | +# github_token: secrettoken +matrix_rageshake_config: "" diff --git a/roles/custom/matrix-rageshake/tasks/main.yml b/roles/custom/matrix-rageshake/tasks/main.yml new file mode 100644 index 000000000..f0e03e66a --- /dev/null +++ b/roles/custom/matrix-rageshake/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- block: + - when: matrix_rageshake_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_rageshake_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-rageshake + - install-all + - install-rageshake + +- block: + - when: not matrix_rageshake_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + tags: + - setup-all + - setup-rageshake diff --git a/roles/custom/matrix-rageshake/tasks/setup_install.yml b/roles/custom/matrix-rageshake/tasks/setup_install.yml new file mode 100644 index 000000000..b081960e5 --- /dev/null +++ b/roles/custom/matrix-rageshake/tasks/setup_install.yml @@ -0,0 +1,66 @@ +--- +- name: Ensure rageshake paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_rageshake_config_path }}", when: true } + - { path: "{{ matrix_rageshake_data_path }}", when: true } + - { + path: "{{ matrix_rageshake_docker_src_files_path }}", + when: matrix_rageshake_container_image_self_build, + } + when: "item.when | bool" + +- name: Ensure rageshake config file created + ansible.builtin.template: + src: "{{ role_path }}/templates/config.j2" + dest: "{{ matrix_rageshake_config_path }}/config.yml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure rageshake image is pulled + community.docker.docker_image: + name: "{{ matrix_rageshake_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_rageshake_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_rageshake_docker_image_force_pull }}" + when: "not matrix_rageshake_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure rageshake repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_rageshake_docker_repo }}" + version: "{{ matrix_rageshake_docker_repo_version }}" + dest: "{{ matrix_rageshake_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_rageshake_git_pull_results + when: "matrix_rageshake_container_image_self_build | bool" + +- name: Ensure rageshake image is built + community.docker.docker_image: + name: "{{ matrix_rageshake_docker_image }}" + source: build + force_source: "{{ matrix_rageshake_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_rageshake_docker_src_files_path }}" + pull: true + when: "matrix_rageshake_container_image_self_build | bool" + +- name: Ensure matrix-rageshake.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-rageshake.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rageshake.service" + mode: 0644 + register: matrix_rageshake_systemd_service_result diff --git a/roles/custom/matrix-rageshake/tasks/setup_uninstall.yml b/roles/custom/matrix-rageshake/tasks/setup_uninstall.yml new file mode 100644 index 000000000..133ac76d3 --- /dev/null +++ b/roles/custom/matrix-rageshake/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- +- name: Check existence of matrix-rageshake service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rageshake.service" + register: matrix_rageshake_service_stat + +- when: matrix_rageshake_service_stat.stat.exists | bool + block: + - name: Ensure matrix-rageshake is stopped + ansible.builtin.service: + name: matrix-rageshake + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-rageshake.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rageshake.service" + state: absent + + - name: Ensure Matrix rageshake paths don't exist + ansible.builtin.file: + path: "{{ matrix_rageshake_base_path }}" + state: absent diff --git a/roles/custom/matrix-rageshake/tasks/validate_config.yml b/roles/custom/matrix-rageshake/tasks/validate_config.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/custom/matrix-rageshake/tasks/validate_config.yml @@ -0,0 +1 @@ +--- diff --git a/roles/custom/matrix-rageshake/templates/config.j2 b/roles/custom/matrix-rageshake/templates/config.j2 new file mode 100644 index 000000000..2b0d64b7a --- /dev/null +++ b/roles/custom/matrix-rageshake/templates/config.j2 @@ -0,0 +1,2 @@ +api_prefix: "https://{{ matrix_server_fqn_rageshake }}/api/" +{{ matrix_rageshake_config | to_nice_yaml(indent=2, width=999999) }} diff --git a/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2 b/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2 new file mode 100644 index 000000000..6e818e0f3 --- /dev/null +++ b/roles/custom/matrix-rageshake/templates/systemd/matrix-rageshake.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Rageshake Service +{% for service in matrix_rageshake_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_rageshake_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-rageshake 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rageshake 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rageshake \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --tmpfs /tmp \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_rageshake_config_path }},dst=/config \ + --mount type=bind,src={{ matrix_rageshake_data_path }},dst=/bugs \ + {% for arg in matrix_rageshake_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_rageshake_docker_image }} \ + --config /config/config.yml + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-rageshake 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rageshake 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-rageshake + +[Install] +WantedBy=multi-user.target