finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move roles/matrix* to roles/custom/matrix*

Browse Source 
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.
This commit is contained in:
Slavi Pantaleev
2022-11-03 09:11:29 +02:00
parent 6c131138ad
commit 410a915a8a
722 changed files with 148 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
roles/custom/matrix-client-element/defaults/main.yml Normal file
View File

@ -0,0 +1,137 @@
---
# Project source code URL: https://github.com/vector-im/element-web
matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/element-web.git"
# Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM):
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.13
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
matrix_client_element_docker_src_files_path: "{{ matrix_client_element_data_path }}/docker-src"
# Controls whether the matrix-client-element container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
matrix_client_element_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_client_element_container_extra_arguments: []
# List of systemd services that matrix-client-element.service depends on
matrix_client_element_systemd_required_services_list: ['docker.service']
# Element config.json customizations
matrix_client_element_default_server_name: "{{ matrix_domain }}"
matrix_client_element_default_hs_url: ""
matrix_client_element_default_is_url: ~
matrix_client_element_disable_custom_urls: true
matrix_client_element_disable_guests: true
matrix_client_element_integrations_ui_url: "https://scalar.vector.im/"
matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
matrix_client_element_permalinkPrefix: "https://matrix.to" # noqa var-naming
matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit"
matrix_client_element_showLabsSettings: true # noqa var-naming
# Element public room directory server(s)
matrix_client_element_roomdir_servers: ['matrix.org']
matrix_client_element_welcome_user_id: ~
# Branding of Element
matrix_client_element_brand: "Element"
# URL to Logo on welcome page
matrix_client_element_welcome_logo: "welcome/images/logo.svg"
# URL of link on welcome image
matrix_client_element_welcome_logo_link: "https://element.io"
matrix_client_element_welcome_headline: "_t('Welcome to Element')"
matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat &amp; collaboration powered by [matrix]')"
# Links, shown in footer of welcome page:
# [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}]
matrix_client_element_branding_authFooterLinks: ~ # noqa var-naming
# URL to image, shown during Login
matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming
# URL to Wallpaper, shown in background of welcome page
matrix_client_element_branding_welcomeBackgroundUrl: ~ # noqa var-naming
matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2"
# By default, there's no Element homepage (when logged in). If you wish to have one,
# point this to a `home.html` template file on your local filesystem.
matrix_client_element_embedded_pages_home_path: ~
matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming
# Controls whether the self-check feature should validate SSL certificates.
matrix_client_element_self_check_validate_certificates: true
# don't show the registration button on welcome page
matrix_client_element_registration_enabled: false
# Controls whether presence will be enabled
matrix_client_element_enable_presence_by_hs_url: ~
# Controls whether custom Element themes will be installed.
# When enabled, all themes found in the `matrix_client_element_themes_repository_url` repository
# will be installed and enabled automatically.
matrix_client_element_themes_enabled: false
matrix_client_element_themes_repository_url: https://github.com/aaronraimist/element-themes
matrix_client_element_themes_repository_version: master
# Controls the default theme
matrix_client_element_default_theme: 'light'
# Controls the `settingsDefault.custom_themes` setting of the Element configuration.
# You can use this setting to define custom themes.
#
# Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically.
# If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well.
#
# Note that for a custom theme to work well, all Element instances that you use must have the same theme installed.
matrix_client_element_settingDefaults_custom_themes: [] # noqa var-naming
# Default Element configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_client_element_configuration_extension_json`)
# or completely replace this variable with your own template.
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_client_element_configuration_default: "{{ lookup('template', 'templates/config.json.j2') }}"
# Your custom JSON configuration for Element should go to `matrix_client_element_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_client_element_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_client_element_configuration_default`.
#
# Example configuration extension follows:
#
# matrix_client_element_configuration_extension_json: |
# {
# "disable_3pid_login": true,
# "disable_login_language_selector": true
# }
matrix_client_element_configuration_extension_json: '{}'
matrix_client_element_configuration_extension: "{{ matrix_client_element_configuration_extension_json | from_json if matrix_client_element_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final Element configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`.
matrix_client_element_configuration: "{{ matrix_client_element_configuration_default | combine(matrix_client_element_configuration_extension, recursive=True) }}"

12
roles/custom/matrix-client-element/tasks/init.yml Normal file
View File

@ -0,0 +1,12 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}"
when: matrix_client_element_enabled | bool
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build and matrix_client_element_enabled"

42
roles/custom/matrix-client-element/tasks/main.yml Normal file
View File

@ -0,0 +1,42 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_client_element_enabled | bool"
tags:
- setup-all
- setup-client-element
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/prepare_themes.yml"
when: run_setup | bool
tags:
- setup-all
- setup-client-element
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml"
when: run_setup | bool
tags:
- setup-all
- setup-client-element
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_client_element_enabled | bool"
tags:
- setup-all
- setup-client-element
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_client_element_enabled | bool"
tags:
- setup-all
- setup-client-element
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml"
delegate_to: 127.0.0.1
become: false
when: "run_self_check | bool and matrix_client_element_enabled | bool"
tags:
- self-check

37
roles/custom/matrix-client-element/tasks/migrate_riot_web.yml Normal file
View File

@ -0,0 +1,37 @@
---
- name: Check existence of matrix-riot-web.service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
register: matrix_client_riot_web_service_stat
when: "matrix_client_element_enabled | bool"
- name: Ensure matrix-riot-web is stopped
ansible.builtin.service:
name: matrix-riot-web
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists"
- name: Ensure matrix-riot-web.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-riot-web.service"
state: absent
when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-riot-web.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists"
- name: Check existence of /matrix/riot-web
ansible.builtin.stat:
path: "/matrix/riot-web"
register: matrix_client_riot_web_dir_stat
when: "matrix_client_element_enabled | bool"
- name: Relocate /matrix/riot-web to /matrix/client-element
ansible.builtin.command: "mv /matrix/riot-web /matrix/client-element"
when: "matrix_client_element_enabled | bool and matrix_client_riot_web_dir_stat.stat.exists"

47
roles/custom/matrix-client-element/tasks/prepare_themes.yml Normal file
View File

@ -0,0 +1,47 @@
---
#
# Tasks related to setting up Element themes
#
- when: matrix_client_element_themes_enabled | bool
run_once: true
delegate_to: 127.0.0.1
become: false
block:
- name: Ensure Element themes repository is pulled
ansible.builtin.git:
repo: "{{ matrix_client_element_themes_repository_url }}"
version: "{{ matrix_client_element_themes_repository_version }}"
dest: "{{ role_path }}/files/scratchpad/themes"
- name: Find all Element theme files
ansible.builtin.find:
paths: "{{ role_path }}/files/scratchpad/themes"
patterns: "*.json"
recurse: true
register: matrix_client_element_theme_file_list
- name: Read Element theme
ansible.builtin.slurp:
path: "{{ item.path }}"
register: "matrix_client_element_theme_file_contents"
with_items: "{{ matrix_client_element_theme_file_list.files }}"
- name: Load Element theme
ansible.builtin.set_fact:
matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming
with_items: "{{ matrix_client_element_theme_file_contents.results }}"
#
# Tasks related to getting rid of Element themes (if it was previously enabled)
#
- name: Ensure Element themes repository is removed
ansible.builtin.file:
path: "{{ role_path }}/files/scratchpad/themes"
state: absent
run_once: true
delegate_to: 127.0.0.1
become: false
when: "not matrix_client_element_themes_enabled | bool"

22
roles/custom/matrix-client-element/tasks/self_check.yml Normal file
View File

@ -0,0 +1,22 @@
---
- ansible.builtin.set_fact:
matrix_client_element_url_endpoint_public: "https://{{ matrix_server_fqn_element }}/config.json"
- name: Check Element
ansible.builtin.uri:
url: "{{ matrix_client_element_url_endpoint_public }}"
follow_redirects: none
validate_certs: "{{ matrix_client_element_self_check_validate_certificates }}"
register: matrix_client_element_self_check_result
check_mode: false
ignore_errors: true
- name: Fail if Element not working
ansible.builtin.fail:
msg: "Failed checking Element is up at `{{ matrix_server_fqn_element }}` (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`). Is Element running? Is port 443 open in your firewall? Full error: {{ matrix_client_element_self_check_result }}"
when: "matrix_client_element_self_check_result.failed or 'json' not in matrix_client_element_self_check_result"
- name: Report working Element
ansible.builtin.debug:
msg: "Element at `{{ matrix_server_fqn_element }}` is working (checked endpoint: `{{ matrix_client_element_url_endpoint_public }}`)"

103
roles/custom/matrix-client-element/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,103 @@
---
- name: Ensure Element paths exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_client_element_data_path }}", when: true}
- {path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}"}
when: "item.when | bool"
- name: Ensure Element Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_client_element_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}"
when: "not matrix_client_element_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure Element repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_client_element_container_image_self_build_repo }}"
dest: "{{ matrix_client_element_docker_src_files_path }}"
version: "{{ matrix_client_element_docker_image.split(':')[1] }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_client_element_git_pull_results
when: "matrix_client_element_container_image_self_build | bool"
# See:
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
# - https://github.com/vector-im/element-web/issues/19544
- name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices
ansible.builtin.lineinfile:
path: "{{ matrix_client_element_docker_src_files_path }}/webpack.config.js"
regexp: '(\s+)splitChunks: \{'
line: '\1splitChunks: { maxSize: 100000,'
backrefs: true
owner: root
group: root
mode: '0644'
when: "matrix_client_element_container_image_self_build | bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled | bool"
- name: Ensure Element Docker image is built
community.docker.docker_image:
name: "{{ matrix_client_element_docker_image }}"
source: build
force_source: "{{ matrix_client_element_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_client_element_docker_src_files_path }}"
pull: true
when: "matrix_client_element_container_image_self_build | bool"
- name: Ensure Element configuration installed
ansible.builtin.copy:
content: "{{ matrix_client_element_configuration | to_nice_json }}"
dest: "{{ matrix_client_element_data_path }}/config.json"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Element config files installed
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
- {src: "{{ matrix_client_element_page_template_welcome_path }}", name: "welcome.html"}
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "item.src is not none"
- name: Ensure Element config files removed
ansible.builtin.file:
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"
state: absent
with_items:
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "item.src is none"
- name: Ensure matrix-client-element.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-client-element.service"
mode: 0644
register: matrix_client_element_systemd_service_result
- name: Ensure systemd reloaded after matrix-client-element.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_client_element_systemd_service_result.changed | bool"

36
roles/custom/matrix-client-element/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Check existence of matrix-client-element.service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
register: matrix_client_element_service_stat
- name: Ensure matrix-client-element is stopped
ansible.builtin.service:
name: matrix-client-element
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_client_element_service_stat.stat.exists | bool"
- name: Ensure matrix-client-element.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
state: absent
when: "matrix_client_element_service_stat.stat.exists | bool"
- name: Ensure systemd reloaded after matrix-client-element.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_client_element_service_stat.stat.exists | bool"
- name: Ensure Element paths doesn't exist
ansible.builtin.file:
path: "{{ matrix_client_element_data_path }}"
state: absent
- name: Ensure Element Docker image doesn't exist
community.docker.docker_image:
name: "{{ matrix_client_element_docker_image }}"
state: absent

20
roles/custom/matrix-client-element/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Fail if required Element settings not defined
ansible.builtin.fail:
msg: >
You need to define a required configuration setting (`{{ item }}`) for using Element.
when: "vars[item] == ''"
with_items:
- "matrix_client_element_default_hs_url"
- name: (Deprecation) Catch and report riot-web variables
ansible.builtin.fail:
msg: >-
Riot has been renamed to Element (https://element.io/blog/welcome-to-element/).
The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names.
Please change your configuration (vars.yml) to rename all riot-web variables (`{{ item.old }}` -> `{{ item.new }}`).
Also note that DNS configuration changes may be necessary.
when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
with_items:
- {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'}

45
roles/custom/matrix-client-element/templates/config.json.j2 Normal file
View File

@ -0,0 +1,45 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": {{ matrix_client_element_default_hs_url | string|to_json }},
"server_name": {{ matrix_client_element_default_server_name | string|to_json }}
},
"m.identity_server": {
"base_url": {{ matrix_client_element_default_is_url | string|to_json }}
}
},
"settingDefaults": {
"custom_themes": {{ matrix_client_element_settingDefaults_custom_themes|to_json }}
},
"default_theme": {{ matrix_client_element_default_theme | string|to_json }},
"permalinkPrefix": {{ matrix_client_element_permalinkPrefix | string|to_json }},
"disable_custom_urls": {{ matrix_client_element_disable_custom_urls|to_json }},
"disable_guests": {{ matrix_client_element_disable_guests|to_json }},
"brand": {{ matrix_client_element_brand|to_json }},
"integrations_ui_url": {{ matrix_client_element_integrations_ui_url | string|to_json }},
"integrations_rest_url": {{ matrix_client_element_integrations_rest_url | string|to_json }},
"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url | string|to_json }},
"bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }},
"showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }},
"roomDirectory": {
"servers": {{ matrix_client_element_roomdir_servers|to_json }}
},
"welcomeUserId": {{ matrix_client_element_welcome_user_id|to_json }},
{% if matrix_client_element_enable_presence_by_hs_url is not none %}
"enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url|to_json }},
{% endif %}
"embeddedPages": {
"homeUrl": {{ matrix_client_element_embedded_pages_home_url | string|to_json }}
},
{% if matrix_client_element_jitsi_preferredDomain %}
"jitsi": {
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
},
{% endif %}
"branding": {
"authFooterLinks": {{ matrix_client_element_branding_authFooterLinks|to_json }},
"authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl|to_json }},
"welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl|to_json }}
}
}

66
roles/custom/matrix-client-element/templates/nginx.conf.j2 Normal file
View File

@ -0,0 +1,66 @@
#jinja2: lstrip_blocks: "True"
# This is a custom nginx configuration file that we use in the container (instead of the default one),
# because it allows us to run nginx with a non-root user.
#
# For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed.
# (mounting `/dev/null` over `/etc/nginx/conf.d/default.conf` works well)
#
# The following changes have been done compared to a default nginx configuration file:
# - default server port is changed (80 -> 8080), so that a non-root user can bind it
# - various temp paths are changed to `/tmp`, so that a non-root user can write to them
# - the `user` directive was removed, as we don't want nginx to switch users
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
proxy_temp_path /tmp/proxy_temp;
client_body_temp_path /tmp/client_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 8080;
server_name localhost;
root /usr/share/nginx/html;
location / {
index index.html index.htm;
}
location ~* ^/(config(.+)?\.json$|(.+)\.html$|i18n) {
expires -1;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}

45
roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 Normal file
View File

@ -0,0 +1,45 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Element server
{% for service in matrix_client_element_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
{% if matrix_client_element_container_http_host_bind_port %}
-p {{ matrix_client_element_container_http_host_bind_port }}:8080 \
{% endif %}
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
--mount type=bind,src={{ matrix_client_element_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \
{% if matrix_client_element_embedded_pages_home_path is not none %}
--mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \
{% endif %}
--mount type=bind,src={{ matrix_client_element_data_path }}/welcome.html,dst=/app/welcome.html,ro \
{% for arg in matrix_client_element_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_client_element_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-client-element
[Install]
WantedBy=multi-user.target

205
roles/custom/matrix-client-element/templates/welcome.html.j2 Normal file
View File

@ -0,0 +1,205 @@
#jinja2: lstrip_blocks: "True"
<style type="text/css">
/* we deliberately inline style here to avoid flash-of-CSS problems, and to avoid
* voodoo where we have to set display: none by default
*/
h1::after {
content: "!";
}
.mx_Parent {
display: -webkit-box;
display: -webkit-flex;
display: -ms-flexbox;
display: flex;
-webkit-box-orient: vertical;
-webkit-box-direction: normal;
-webkit-flex-direction: column;
-ms-flex-direction: column;
flex-direction: column;
-webkit-box-pack: center;
-webkit-justify-content: center;
-ms-flex-pack: center;
justify-content: center;
-webkit-box-align: center;
-webkit-align-items: center;
-ms-flex-align: center;
align-items: center;
text-align: center;
padding: 25px 35px;
color: #2e2f32;
}
.mx_Logo {
height: 54px;
margin-top: 2px;
}
.mx_ButtonGroup {
margin-top: 10px;
}
.mx_ButtonRow {
display: -webkit-box;
display: -webkit-flex;
display: -ms-flexbox;
display: flex;
-webkit-justify-content: space-around;
-ms-flex-pack: distribute;
justify-content: space-around;
-webkit-box-align: center;
-webkit-align-items: center;
-ms-flex-align: center;
align-items: center;
justify-content: space-between;
box-sizing: border-box;
margin: 12px 0 0;
}
.mx_ButtonRow > * {
margin: 0 10px;
}
.mx_ButtonRow > *:first-child {
margin-left: 0;
}
.mx_ButtonRow > *:last-child {
margin-right: 0;
}
.mx_ButtonParent {
display: -webkit-box;
display: -webkit-flex;
display: -ms-flexbox;
display: flex;
padding: 10px 20px;
-webkit-box-orient: horizontal;
-webkit-box-direction: normal;
-webkit-flex-direction: row;
-ms-flex-direction: row;
flex-direction: row;
-webkit-box-pack: center;
-webkit-justify-content: center;
-ms-flex-pack: center;
justify-content: center;
-webkit-box-align: center;
-webkit-align-items: center;
-ms-flex-align: center;
align-items: center;
border-radius: 4px;
width: 150px;
background-repeat: no-repeat;
background-position: 10px center;
text-decoration: none;
color: #2e2f32 !important;
}
.mx_ButtonLabel {
margin-left: 20px;
}
.mx_Header_title {
font-size: 24px;
font-weight: 600;
margin: 20px 0 0;
}
.mx_Header_subtitle {
font-size: 12px;
font-weight: normal;
margin: 8px 0 0;
}
.mx_ButtonSignIn {
background-color: #368BD6;
color: white !important;
}
.mx_ButtonCreateAccount {
background-color: #0DBD8B;
color: white !important;
}
.mx_SecondaryButton {
background-color: #FFFFFF;
color: #2E2F32;
}
.mx_Button_iconSignIn {
background-image: url('welcome/images/icon-sign-in.svg');
}
.mx_Button_iconCreateAccount {
background-image: url('welcome/images/icon-create-account.svg');
}
.mx_Button_iconHelp {
background-image: url('welcome/images/icon-help.svg');
}
.mx_Button_iconRoomDirectory {
background-image: url('welcome/images/icon-room-directory.svg');
}
/*
.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component
If it is set on the page, we should show the buttons. Otherwise, we have to assume
we don't have an account and should hide them. No account == no guest account either.
*/
.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions {
display: none;
}
.mx_ButtonRow.mx_WelcomePage_guestFunctions {
margin-top: 20px;
}
.mx_ButtonRow.mx_WelcomePage_guestFunctions > div {
margin: 0 auto;
}
@media only screen and (max-width: 480px) {
.mx_ButtonRow {
flex-direction: column;
}
.mx_ButtonRow > * {
margin: 0 0 10px 0;
}
}
</style>
<div class="mx_Parent">
<a href="{{ matrix_client_element_welcome_logo_link }}" target="_blank" rel="noopener">
<img src="{{ matrix_client_element_welcome_logo }}" alt="" class="mx_Logo"/>
</a>
<h1 class="mx_Header_title">{{ matrix_client_element_welcome_headline }}</h1>
<h4 class="mx_Header_subtitle">{{ matrix_client_element_welcome_text }}</h4>
<div class="mx_ButtonGroup">
<div class="mx_ButtonRow">
<a href="#/login" class="mx_ButtonParent mx_ButtonSignIn mx_Button_iconSignIn">
<div class="mx_ButtonLabel">_t("Sign In")</div>
</a>
{% if matrix_client_element_registration_enabled %}
<a href="#/register" class="mx_ButtonParent mx_ButtonCreateAccount mx_Button_iconCreateAccount">
<div class="mx_ButtonLabel">_t("Create Account")</div>
</a>
{% endif %}
</div>
{% if matrix_client_element_disable_guests != true %}
<!-- The comments below are meant to be used by Ansible as a quick way
to strip out the marked content when desired.
See https://github.com/vector-im/riot-web/issues/8622.
TODO: Convert to config option if possible. -->
<!-- BEGIN Ansible: Remove these lines when guest access is disabled -->
<div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
<div>
<a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
<div class="mx_ButtonLabel">_t("Explore rooms")</div>
</a>
</div>
</div>
<!-- END Ansible: Remove these lines when guest access is disabled -->
{% endif %}
</div>
</div>

3
roles/custom/matrix-client-element/vars/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
matrix_client_element_embedded_pages_home_url: "{{ ('' if matrix_client_element_embedded_pages_home_path is none else 'home.html') }}"