diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml index 22ba92532..00d62f207 100644 --- a/.config/ansible-lint.yml +++ b/.config/ansible-lint.yml @@ -13,4 +13,4 @@ skip_list: # before finally dumping it to a file. - template-instead-of-copy -offline: false +offline: true diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 8da5b9690..281b1496e 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -21,4 +21,6 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run ansible-lint - uses: ansible-community/ansible-lint-action@main + uses: ansible-community/ansible-lint-action@v6.10.2 + with: + path: roles/custom diff --git a/CHANGELOG.md b/CHANGELOG.md index 209e99459..3be19f005 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,135 @@ +# 2022-11-30 + +## matrix-postgres-backup has been replaced by the com.devture.ansible.role.postgres_backup external role + +Just like we've [replaced Postgres with an external role](#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role) on 2022-11-28, we're now replacing `matrix-postgres-backup` with an external role - [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup). + +You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `devture_postgres_backup` prefix. + + +# 2022-11-28 + +## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role + +**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `devture_postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`). + +The `matrix-postgres` role that has been part of the playbook for a long time has been replaced with the [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres) role. This was done as part of our work to [use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) for better code re-use and maintainability. + +The new role is an upgraded version of the old `matrix-postgres` role with these notable differences: + +- it uses different names for its variables (`matrix_postgres` -> `devture_postgres`) +- when [Vacuuming PostgreSQL](docs/maintenance-postgres.md#vacuuming-postgresql), it will vacuum all your databases, not just the Synapse one + +You'll need to run `make roles` to install the new role. You would also need to rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix. + +Note: the systemd service still remains the same - `matrix-postgres.service`. Your data will still be in `/matrix/postgres`, etc. +Postgres-related scripts will be moved to `/matrix/postgres/bin` (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`, etc). Also see [The playbook no longer installs scripts in /usr/local/bin](#the-playbook-no-longer-installs-scripts-in-usrlocalbin). + +## The playbook no longer installs scripts to /usr/local/bin + +The locations of various scripts installed by the playbook have changed. + +The playbook no longer contaminates your `/usr/local/bin` directory. +All scripts installed by the playbook now live in `bin/` directories under `/matrix`. Some examples are below: + +- `/usr/local/bin/matrix-remove-all` -> `/matrix/bin/remove-all` +- `/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli` +- `/usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew` -> `/matrix/ssl/bin/lets-encrypt-certificates-renew` +- `/usr/local/bin/matrix-synapse-register-user` -> `/matrix/synapse/bin/register-user` + + +# 2022-11-25 + +## 2x-5x performance improvements in playbook runtime + +**TLDR**: the playbook is 2x faster for running `--tags=setup-all` (and various other tags). It also has new `--tags=install-*` tags (like `--tags=install-all`), which skip uninstallation tasks and bring an additional 2.5x speedup. In total, the playbook can maintain your server 5 times faster. + +Our [etke.cc managed Matrix hosting service](https://etke.cc) runs maintenance against hundreds of servers, so the playbook being fast means a lot. +The [etke.cc Ansible playbook](https://gitlab.com/etke.cc/ansible) (which is an extension of this one) is growing to support more and more services (besides just Matrix), so the Matrix playbook being leaner prevents runtimes from becoming too slow and improves the customer experience. + +Even when running `ansible-playbook` manually (as most of us here do), it's beneficial not to waste time and CPU resources. + +Recently, a few large optimizations have been done to this playbook and its external roles (see [The playbook now uses external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) and don't forget to run `make roles`): + +1. Replacing Ansible `import_tasks` calls with `include_tasks`, which decreased runtime in half. Using `import_tasks` is slower and causes Ansible to go through and skip way too many tasks (tasks which could have been skipped altogether by not having Ansible include them in the first place). On an experimental VM, **deployment time was decreased from ~530 seconds to ~250 seconds**. + +2. Introducing new `install-*` tags (`install-all` and `install-COMPONENT`, e.g. `install-synapse`, `install-bot-postmoogle`), which only run Ansible tasks pertaining to installation, while skipping uninstallation tasks. In most cases, people are maintaining the same setup or they're *adding* new components. Removing components is rare. Running thousands of uninstallation tasks each time is wasteful. On an experimental VM, **deployment time was decreased from ~250 seconds (`--tags=setup-all`) to ~100 seconds (`--tags=install-all`)**. + +You can still use `--tags=setup-all`. In fact, that's the best way to ensure your server is reconciled with the `vars.yml` configuration. + +If you know you haven't uninstalled any services since the last time you ran the playbook, you could run `--tags=install-all` instead and benefit from quicker runtimes. +It should be noted that a service may become "eligible for uninstallation" even if your `vars.yml` file remains the same. In rare cases, we toggle services from being auto-installed to being optional, like we did on the 17th of March 2022 when we made [ma1sd not get installed by default](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#compatibility-break-ma1sd-identity-server-no-longer-installed-by-default). In such rare cases, you'd also need to run `--tags=setup-all`. + + +# 2022-11-22 + +# Automatic `matrix_architecture` determination + +From now on, the playbook automatically determines your server's architecture and sets the `matrix_architecture` variable accordingly. +You no longer need to set this variable manually in your `vars.yml` file. + +# Docker and the Docker SDK for Python are now installed via external roles + +We're continuing our effort to make [the playbook use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things), so as to avoid doing everything ourselves and to facilitate code re-use. + +Docker will now be installed on the server via the [geerlingguy.docker](https://github.com/geerlingguy/ansible-role-docker) Ansible role. +If you'd like to manage the Docker installation yourself, you can disable the playbook's installation of Docker by setting `matrix_playbook_docker_installation_enabled: false`. + +The Docker SDK for Python (named `docker-python`, `python-docker`, etc. on the different platforms) is now also installed by another role ([com.devture.ansible.role.docker_sdk_for_python](https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python)). To disable this role and install the necessary tools yourself, use `devture_docker_sdk_for_python_installation_enabled: false`. + +If you're hitting issues with Docker installation or Docker SDK for Python installation, consider reporting bugs or contributing to these other projects. + +These additional roles are downloaded into the playbook directory (to `roles/galaxy`) via an `ansible-galaxy ..` command. `make roles` is an easy shortcut for invoking the `ansible-galaxy` command to download these roles. + + +# 2022-11-20 + +## (Backward Compatibility Break) Changing how reverse-proxying to Synapse works - now via a `matrix-synapse-reverse-proxy-companion` service + +**TLDR**: There's now a `matrix-synapse-reverse-proxy-companion` nginx service, which helps with reverse-proxying to Synapse and its various worker processes (if workers are enabled), so that `matrix-nginx-proxy` can be relieved of this role. `matrix-nginx-proxy` still remains as the public SSL-terminating reverse-proxy in the playbook. `matrix-synapse-reverse-proxy-companion` is just one more reverse-proxy thrown into the mix for convenience. People with a more custom reverse-proxying configuration may be affected - see [Webserver configuration](#webserver-configuration) below. + +### Background + +Previously, `matrix-nginx-proxy` forwarded requests to Synapse directly. When Synapse is running in worker mode, the reverse-proxying configuration is more complicated (different requests need to go to different Synapse worker processes). `matrix-nginx-proxy` had configuration for sending each URL endpoint to the correct Synapse worker responsible for handling it. However, sometimes people like to disable `matrix-nginx-proxy` (for whatever reason) as detailed in [Using your own webserver, instead of this playbook's nginx proxy](docs/configuring-playbook-own-webserver.md). + +Because `matrix-nginx-proxy` was so central to request forwarding, when it was disabled and Synapse was running with workers enabled, there was nothing which could forward requests to the correct place anymore.. which caused [problems such as this one affecting Dimension](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090). + +### Solution + +From now on, `matrix-nginx-proxy` is relieved of its function of reverse-proxying to Synapse and its various worker processes. +This role is now handled by the new `matrix-synapse-reverse-proxy-companion` nginx service and works even if `matrix-nginx-proxy` is disabled. +The purpose of the new `matrix-synapse-reverse-proxy-companion` service is to: + +- serve as a companion to Synapse and know how to reverse-proxy to Synapse correctly (no matter if workers are enabled or not) + +- provide a unified container address for reaching Synapse (no matter if workers are enabled or not) + - `matrix-synapse-reverse-proxy-companion:8008` for Synapse Client-Server API traffic + - `matrix-synapse-reverse-proxy-companion:8048` for Synapse Server-Server (Federation) API traffic + +- simplify `matrix-nginx-proxy` configuration - it now only needs to send requests to `matrix-synapse-reverse-proxy-companion` or `matrix-dendrite`, etc., without having to worry about workers + +- allow reverse-proxying to Synapse, even if `matrix-nginx-proxy` is disabled + +`matrix-nginx-proxy` still remains as the public SSL-terminating reverse-proxy in the playbook. All traffic goes through it before reaching any of the services. +It's just that now the Synapse traffic is routed through `matrix-synapse-reverse-proxy-companion` like this: + +(`matrix-nginx-proxy` -> `matrix-synapse-reverse-proxy-companion` -> (`matrix-synapse` or some Synapse worker)). + +Various services (like Dimension, etc.) still talk to Synapse via `matrix-nginx-proxy` (e.g. `http://matrix-nginx-proxy:12080`) preferentially. They only talk to Synapse via the reverse-proxy companion (e.g. `http://matrix-synapse-reverse-proxy-companion:8008`) if `matrix-nginx-proxy` is disabled. Services should not be talking to Synapse (e.g. `https://matrix-synapse:8008` directly anymore), because when workers are enabled, that's the Synapse `master` process and may not be serving all URL endpoints needed by the service. + +### Webserver configuration + +- if you're using `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: true`, which is the default for the playbook), you don't need to do anything + +- if you're using your own `nginx` webserver running on the server, you shouldn't be affected. The `/matrix/nginx/conf.d` configuration and exposed ports that you're relying on will automatically be updated in a way that should work + +- if you're using another local webserver (e.g. Apache, etc.) and haven't changed any ports (`matrix_*_host_bind_port` definitions), you shouldn't be affected. You're likely sending Matrix traffic to `127.0.0.1:8008` and `127.0.0.1:8048`. These ports (`8008` and `8048`) will still be exposed on `127.0.0.1` by default - just not by the `matrix-synapse` container from now on, but by the `matrix-synapse-reverse-proxy-companion` container instead + +- if you've been exposing `matrix-synapse` ports (`matrix_synapse_container_client_api_host_bind_port`, etc.) manually, you should consider exposing `matrix-synapse-reverse-proxy-companion` ports instead + +- if you're running Traefik and reverse-proxying directly to the `matrix-synapse` container, you should start reverse-proxying to the `matrix-synapse-reverse-proxy-companion` container instead. See [our updated Traefik example configuration](docs/configuring-playbook-own-webserver.md#sample-configuration-for-running-behind-traefik-20). Note: we now recommend calling the federation entry point `federation` (instead of `synapse`) and reverse-proxying the federation traffic via `matrix-nginx-proxy`, instead of sending it directly to Synapse (or `matrix-synapse-reverse-proxy-companion`). This makes the configuration simpler. + + # 2022-11-05 ## (Backward Compatibility Break) A new default standalone mode for Etherpad diff --git a/Makefile b/Makefile index b7fc41bd7..3379b8fff 100644 --- a/Makefile +++ b/Makefile @@ -8,4 +8,4 @@ roles: ## Pull roles ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force lint: ## Runs ansible-lint against all roles in the playbook - ansible-lint + ansible-lint roles/custom diff --git a/README.md b/README.md index 569dbb3f8..177c2a0d8 100644 --- a/README.md +++ b/README.md @@ -15,139 +15,146 @@ We run all services in [Docker](https://www.docker.com/) containers (see [the co ## Supported services -Using this playbook, you can get the following services configured on your server: +Using this playbook, you can get the following list of services configured on your server. Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. -- (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network - -- (optional) a [Conduit](https://conduit.rs) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements - -- (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. - -- (optional) [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys) or [`synapse-s3-storage-provider`](https://github.com/matrix-org/synapse-s3-storage-provider) - -- (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. - -- (optional, default) a [coturn](https://github.com/coturn/coturn) STUN/TURN server for WebRTC audio/video calls - -- (optional, default) free [Let's Encrypt](https://letsencrypt.org/) SSL certificate, which secures the connection to the Synapse server and the Element web UI - -- (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default - -- (optional) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server - -- (optional, default) an [Exim](https://www.exim.org/) mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) - -- (optional, default) an [nginx](http://nginx.org/) web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md) - -- (optional, advanced) the [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) REST authentication password provider module - -- (optional, advanced) the [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) password provider module - -- (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module - -- (optional, advanced) the [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) a proxy that handles Matrix registration requests and forwards them to LDAP. - -- (optional, advanced) the [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) spam checker module - -- (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server - -- (optional) the [mautrix-discord](https://github.com/mautrix/discord) bridge for bridging your Matrix server to [Discord](https://discord.com/) - see [docs/configuring-playbook-bridge-mautrix-discord.md](docs/configuring-playbook-bridge-mautrix-discord.md) for setup documentation - -- (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/) - -- (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) - -- (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/) - -- (optional) the [mautrix-twitter](https://github.com/mautrix/twitter) bridge for bridging your Matrix server to [Twitter](https://twitter.com/) - -- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) - -- (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) - -- (optional) the [mautrix-instagram](https://github.com/mautrix/instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/) - -- (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/) - -- (optional) the [beeper-linkedin](https://github.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) - -- (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) - -- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/) - -- (optional) the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge for bridging your Matrix server to [Slack](https://slack.com/) - -- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) - -- (optional) the [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular - -- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation - -- (optional) the [Heisenbridge](https://github.com/hifi/heisenbridge) for bridging your Matrix server to IRC bouncer-style - see [docs/configuring-playbook-bridge-heisenbridge.md](docs/configuring-playbook-bridge-heisenbridge.md) for setup documentation - -- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation - -- (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation - -- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation - -- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation - -- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation - -- (optional) the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation - -- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation - -- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms - see [docs/configuring-playbook-email2matrix.md](docs/configuring-playbook-email2matrix.md) for setup documentation - -- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients - see [docs/configuring-playbook-dimension.md](docs/configuring-playbook-dimension.md) for setup documentation - -- (optional) [Etherpad](https://etherpad.org), an open source collaborative text editor - see [docs/configuring-playbook-etherpad.md](docs/configuring-playbook-etherpad.md) for setup documentation - -- (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform - see [docs/configuring-playbook-jitsi.md](docs/configuring-playbook-jitsi.md) for setup documentation - -- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation - -- (optional) [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for invitations by creating and managing registration tokens - see [docs/configuring-playbook-bot-matrix-registration-bot.md](docs/configuring-playbook-bot-matrix-registration-bot.md) for setup documentation - -- (optional) [maubot](https://github.com/maubot/maubot) a plugin-based Matrix bot system - see [docs/configuring-playbook-bot-maubot.md](docs/configuring-playbook-bot-maubot.md) for setup documentation - -- (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation - -- (optional) [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email to matrix bot - see [docs/configuring-playbook-bot-postmoogle.md](docs/configuring-playbook-bot-postmoogle.md) for setup documentation - -- (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation - -- (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation - -- (optional) [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), a web UI tool for administrating users and rooms on your Matrix server - see [docs/configuring-playbook-synapse-admin.md](docs/configuring-playbook-synapse-admin.md) for setup documentation - -- (optional) [matrix-registration](https://github.com/ZerataX/matrix-registration), a simple python application to have a token based matrix registration - see [docs/configuring-playbook-matrix-registration.md](docs/configuring-playbook-matrix-registration.md) for setup documentation - -- (optional) the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI - see [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](docs/configuring-playbook-prometheus-grafana.md) for setup documentation - -- (optional) the [Sygnal](https://github.com/matrix-org/sygnal) push gateway - see [Setting up the Sygnal push gateway](docs/configuring-playbook-sygnal.md) for setup documentation - -- (optional) the [ntfy](https://ntfy.sh) push notifications server - see [docs/configuring-playbook-ntfy.md](docs/configuring-playbook-ntfy.md) for setup documentation - -- (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation - -- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation - -- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation - -- (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation - -- (optional) [Cactus Comments](https://cactus.chat), a federated comment system built on matrix - see [docs/configuring-playbook-cactus-comments.md](docs/configuring-playbook-cactus-comments.md) for setup documentation - -Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. - -**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. +**Note**: the list below is exhaustive. It includes optional or even some advanced components that you will most likely not need. Sticking with the defaults (which install a subset of the above components) is the best choice, especially for a new installation. You can always re-run the playbook later to add or remove components. +### Homeserver + +The homeserver is the backbone of your matrix system. Choose one from the following list. + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +| [Synapse](https://github.com/matrix-org/synapse) | ✓ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) | +| [Conduit](https://conduit.rs) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) | +| [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) | + +### Clients + +Web clients for matrix that you can host on your own domains. + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +[Element](https://app.element.io/) | ✓ | Web UI, which is configured to connect to your own Synapse server by default | [Link](docs/configuring-playbook-client-element.md) | +| [Hydrogen](https://github.com/vector-im/hydrogen-web) | x | Web client | [Link](docs/configuring-playbook-client-hydrogen.md) | +| [Cinny](https://github.com/ajbura/cinny) | x | Web client | [Link](docs/configuring-playbook-client-cinny.md) | + + + +### Server Components + +Services that run on the server to make the various parts of your installation work. + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +| [PostgreSQL](https://www.postgresql.org/)| ✓ | Database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. | [Link](docs/configuring-playbook-external-postgres.md) | +| [Coturn](https://github.com/coturn/coturn) | ✓ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) | +| [nginx](http://nginx.org/) | ✓ | Web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md) | [Link](docs/configuring-playbook-nginx.md) | +| [Let's Encrypt](https://letsencrypt.org/) | ✓ | Free SSL certificate, which secures the connection to the Synapse server and the Element web UI | [Link](docs/configuring-playbook-ssl-certificates.md) | +| [ma1sd](https://github.com/ma1uta/ma1sd) | x | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md) +| [Exim](https://www.exim.org/) | ✓ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | - | +| [Dimension](https://github.com/turt2live/matrix-dimension) | x | An open source integrations manager for matrix clients | [Link](docs/configuring-playbook-dimension.md) | +| [Sygnal](https://github.com/matrix-org/sygnal) | x | Push gateway | [Link](docs/configuring-playbook-sygnal.md) | +| [ntfy](https://ntfy.sh) | x | Push notifications server | [Link](docs/configuring-playbook-ntfy.md) | + + +### Authentication + +Extend and modify how users are authenticated on your homeserver. + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +| [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) (advanced) | x | REST authentication password provider module | [Link](docs/configuring-playbook-rest-auth.md) | +|[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | x | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) | +| [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | x | LDAP Auth password provider module | [Link](configuring-playbook-ldap-auth.md) | +| [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) (advanced) | x | A proxy that handles Matrix registration requests and forwards them to LDAP. | [Link](docs/configuring-playbook-matrix-ldap-registration-proxy.md) | +| [matrix-registration](https://github.com/ZerataX/matrix-registration) | x | A simple python application to have a token based matrix registration | [Link](docs/configuring-playbook-matrix-registration.md) | + + +### File Storage + +Use alternative file storage to the default `media_store` folder. + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +| [Goofys](https://github.com/kahing/goofys) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3-goofys.md) | +| [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) | x | [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files | [Link](docs/configuring-playbook-s3.md) | + +### Bridges + +Bridges can be used to connect your matrix installation with third-party communication networks. + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +[mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) | +| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) | +| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) | +| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) | +| [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) | +| [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) | +| [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) | +| [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge for bridging your Matrix server to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) | +| [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge for bridging your Matrix server to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) | +| [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) | +| [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) | +| [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge for bridging your Matrix server to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) | +| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) | +| [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) | x | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) | [Link](docs/configuring-playbook-bridge-appservice-webhooks.md) | +| [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) | x | Bridge for bridging Matrix to generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) | +| [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | x | Bridge for bridging your Matrix server to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) | +| [Heisenbridge](https://github.com/hifi/heisenbridge) | x | Bridge for bridging your Matrix server to IRC bouncer-style | [Link](docs/configuring-playbook-bridge-heisenbridge.md) | +| [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) | x | Bridge for bridging your Matrix server to [Skype](https://www.skype.com) | [Link](docs/configuring-playbook-bridge-go-skype-bridge.md) | +| [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com) | [Link](docs/configuring-playbook-bridge-mx-puppet-slack.md) | +| [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) | x | Bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-instagram.md) | +| [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) | x | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) | [Link](docs/configuring-playbook-bridge-mx-puppet-twitter.md) | +| [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) | x | Bridge for [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-discord.md) | +| [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) | x | Bridge for [GroupMe](https://groupme.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-groupme.md) | +| [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) | x | Bridge for [Steam](https://steamapp.com/) | [Link](docs/configuring-playbook-bridge-mx-puppet-steam.md) | +| [Email2Matrix](https://github.com/devture/email2matrix) | x | Bridge for relaying email messages to Matrix rooms | [Link](docs/configuring-playbook-email2matrix.md) | + + +### Bots + +Bots provide various additional functionality to your installation. + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +| [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) | x | Bot for scheduling one-off & recurring reminders and alarms | [Link](docs/configuring-playbook-bot-matrix-reminder-bot.md) | +| [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) | x | Bot for invitations by creating and managing registration tokens | [Link](docs/configuring-playbook-bot-matrix-registration-bot.md) | +| [maubot](https://github.com/maubot/maubot) | x | A plugin-based Matrix bot system | [Link](docs/configuring-playbook-bot-maubot.md) | +| [honoroit](https://gitlab.com/etke.cc/honoroit) | x | A helpdesk bot | [Link](docs/configuring-playbook-bot-honoroit.md) | +| [Postmoogle](https://gitlab.com/etke.cc/postmoogle) | x | Email to matrix bot | [Link](docs/configuring-playbook-bot-postmoogle.md) | +| [Go-NEB](https://github.com/matrix-org/go-neb) | x | A multi functional bot written in Go | [Link](docs/configuring-playbook-bot-go-neb.md) | +| [Mjolnir](https://github.com/matrix-org/mjolnir) | x | A moderation tool for Matrix | [Link](docs/configuring-playbook-bot-mjolnir.md) | +| [Buscarron](https://gitlab.com/etke.cc/buscarron) | x | Web forms (HTTP POST) to matrix | [Link](docs/configuring-playbook-bot-buscarron.md) | + +### Administration + +Services that help you in administrating and monitoring your matrix installation. + + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +| [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) | x | A web UI tool for administrating users and rooms on your Matrix server | [Link](docs/configuring-playbook-synapse-admin.md) | +| Metrics and Graphs | x | Consists of the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI | [Link](docs/configuring-playbook-prometheus-grafana.md) | +| [Borg](https://borgbackup.org) | x | Backups | [Link](docs/configuring-playbook-backup-borg.md) | + +### Misc + +Various services that don't fit any other category. + +| Name | Default? | Description | Documentation | +| ---- | -------- | ----------- | ------------- | +| [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) (advanced) | x | A spam checker module | [Link](docs/configuring-playbook-synapse-simple-antispam.md) | +| [Matrix Corporal](https://github.com/devture/matrix-corporal) (advanced) | x | Reconciliator and gateway for a managed Matrix server | [Link](docs/configuring-playbook-matrix-corporal.md) | +| [Etherpad](https://etherpad.org) | x | An open source collaborative text editor | [Link](docs/configuring-playbook-etherpad.md) | +| [Jitsi](https://jitsi.org/) | x | An open source video-conferencing platform | [Link](docs/configuring-playbook-jitsi.md) | +| [Cactus Comments](https://cactus.chat) | x | A federated comment system built on matrix | [Link](docs/configuring-playbook-cactus-comments.md) | + + ## Installation To configure and install Matrix on your own server, follow the [README in the docs/ directory](docs/README.md). diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index c8097b60b..0865de1f0 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -1,26 +1,18 @@ # Alternative architectures -As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. +As stated in the [Prerequisites](prerequisites.md), currently only `amd64` (`x86_64`) is fully supported. -To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)): +The playbook automatically determines the target server's architecture (the `matrix_architecture` variable) to be one of the following: -```yaml -matrix_architecture: -``` - -Currently supported architectures are the following: -- `amd64` (the default) -- `arm64` +- `amd64` (`x86_64`) - `arm32` +- `arm64` -so for the Raspberry Pi, the following should be in your `vars.yml` file: +Some tools and container images can be built on the host or other measures can be used to install on that architecture. -```yaml -matrix_architecture: "arm32" -``` ## Implementation details For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used for all components (except [Hydrogen](configuring-playbook-client-hydrogen.md), which goes through self-building). -For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary. +For other architecture (`arm64`, `arm32`), components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary. diff --git a/docs/ansible.md b/docs/ansible.md index e8a0ddb21..60be6164c 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -9,19 +9,14 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv ## Supported Ansible versions -Ansible 2.7.1 or newer is required ([last discussion about Ansible versions](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/743)). - -Note: Ubuntu 20.04 ships with Ansible 2.9.6 which is a buggy version (see this [bug](https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1880359)), which can't be used in combination with a host running new systemd (more details in [#517](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/517), [#669](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/669)). If this problem affects you, you can: avoid running Ubuntu 20.04 on your host; run Ansible from another machine targeting your host; or try to upgrade to a newer Ansible version (see below). - - -## Checking your Ansible version - -In most cases, you won't need to worry about the Ansible version. -The playbook will try to detect it and tell you if you're on an unsupported version. - To manually check which version of Ansible you're on, run: `ansible --version`. -If you're on an old version of Ansible, you should [upgrade Ansible to a newer version](#upgrading-ansible) or [use Ansible via Docker](#using-ansible-via-docker). +For the **best experience**, we recommend getting the **latest version of Ansible available**. + +We're not sure what's the minimum version of Ansible that can run this playbook successfully. +The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`). + +If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker). ## Upgrading Ansible @@ -53,7 +48,7 @@ You can either [run Ansible in a container on the Matrix server itself](#running To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation. Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it: -- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker +- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_playbook_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker - **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md). @@ -70,7 +65,7 @@ docker run -it --rm \ -w /work \ -v `pwd`:/work \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.13.6-r0 +docker.io/devture/ansible:2.13.6-r0-1 ``` Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. diff --git a/docs/configuring-captcha.md b/docs/configuring-captcha.md index d137cf99e..173b34fe7 100644 --- a/docs/configuring-captcha.md +++ b/docs/configuring-captcha.md @@ -2,9 +2,11 @@ # Overview Captcha can be enabled for this home server. This file explains how to do that. -The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. +The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. If your homeserver is Dendrite then [hCapcha](https://www.hcaptcha.com) can be used instead. -## Getting keys +## ReCaptcha + +### Getting keys Requires a site/secret key pair from: @@ -12,12 +14,39 @@ Requires a site/secret key pair from: Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option -## Setting ReCaptcha Keys +### Setting ReCaptcha keys Once registered as above, set the following values: ```yaml +# for Synapse matrix_synapse_enable_registration_captcha: true matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY' matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY' + +# for Dendrite +matrix_dendrite_client_api_enable_registration_captcha: true +matrix_dendrite_client_api_recaptcha_public_key: 'YOUR_SITE_KEY' +matrix_dendrite_client_api_recaptcha_private_key: 'YOUR_SECRET_KEY' +``` + +## hCaptcha + +### Getting keys + +Requires a site/secret key pair from: + + + +### Setting hCaptcha keys + +```yaml +matrix_dendrite_client_api_enable_registration_captcha: true +matrix_dendrite_client_api_recaptcha_public_key: 'YOUR_SITE_KEY' +matrix_dendrite_client_api_recaptcha_private_key: 'YOUR_SECRET_KEY' + +matrix_dendrite_client_api_recaptcha_siteverify_api: 'https://hcaptcha.com/siteverify' +matrix_dendrite_client_api_recaptcha_api_js_url: 'https://js.hcaptcha.com/1/api.js' +matrix_dendrite_client_api_recaptcha_form_field: 'h-captcha-response' +matrix_dendrite_client_api_recaptcha_sitekey_class: 'h-captcha' ``` diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index f3cfc6def..b6b5cb096 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -40,7 +40,7 @@ Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to ```yaml matrix_backup_borg_enabled: true matrix_backup_borg_location_repositories: - - USER@HOST:REPO + - ssh://USER@HOST/./REPO matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" matrix_backup_borg_ssh_key_private: | -----BEGIN OPENSSH PRIVATE KEY----- diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 5cd4dd4c0..54f6636b9 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -54,7 +54,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | | metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | -See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml). +See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml). The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. @@ -93,4 +93,4 @@ To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This ### Collision with matrix-appservice-webhooks -If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_user_id_prefix: '_webhooks_'`). +If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`). diff --git a/docs/configuring-playbook-dendrite.md b/docs/configuring-playbook-dendrite.md new file mode 100644 index 000000000..fcd5693de --- /dev/null +++ b/docs/configuring-playbook-dendrite.md @@ -0,0 +1,32 @@ +# Configuring Dendrite (optional) + +By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Dendrite](https://github.com/matrix-org/dendrite). + +**NOTES**: + +- **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Dendrite). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet. + +- **homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding + +The playbook provided settings for Dendrite are defined in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml) and they ultimately end up in the generated `/matrix/dendrite/config/dendrite.yaml` file (on the server). This file is generated from the [`roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2`](../roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2) template. + +**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix./vars.yml`) and [re-run the playbook](installing.md) to apply the changes. + +Alternatively, **if there is no pre-defined variable** for a Dendrite setting you wish to change: + +- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Dendrite's various settings that rarely get used. + +- or, you can **extend and override the default configuration** ([`dendrite.yaml.j2`](../roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2)) by making use of the `matrix_dendrite_configuration_extension_yaml` variable. You can find information about this in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml). + +- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_dendrite_configuration` (or `matrix_dendrite_configuration_yaml`). You can find information about this in [`roles/custom/matrix-dendrite/defaults/main.yml`](../roles/custom/matrix-dendrite/defaults/main.yml). + + + +## Installation + +To use Dendrite, you **generally** need the following additional `vars.yml` configuration: + +```yaml +matrix_homeserver_implementation: dendrite +``` + diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md index 56e181f1d..d65d2ccdb 100644 --- a/docs/configuring-playbook-email2matrix.md +++ b/docs/configuring-playbook-email2matrix.md @@ -70,7 +70,7 @@ matrix_email2matrix_matrix_mappings: SkipMarkdown: true ``` -You can also set `MatrixHomeserverUrl` to `http://matrix-synapse:8008`, instead of the public `https://matrix.DOMAIN`. +You can also set `MatrixHomeserverUrl` to `http://matrix-synapse-reverse-proxy-companion:8008`, instead of the public `https://matrix.DOMAIN`. However, that's more likely to break in the future if you switch to another server implementation than Synapse. Re-run the playbook (`--tags=setup-email2matrix,start`) and try sending an email to `my-mailbox@matrix.DOMAIN`. diff --git a/docs/configuring-playbook-etherpad.md b/docs/configuring-playbook-etherpad.md index 2ea423ef7..22c782f43 100644 --- a/docs/configuring-playbook-etherpad.md +++ b/docs/configuring-playbook-etherpad.md @@ -41,6 +41,13 @@ If you want to manage and remove old unused pads from Etherpad, you will first n Then from the plugin manager page (`https://etherpad./admin/plugins` or `https://dimension./etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI. +## How to use Etherpad widgets without an Integration Manager (like Dimension) + +This is how it works in Element, it might work quite similar with other clients: + +To integrate a standalone etherpad in a room, create your pad by visiting `https://etherpad.DOMAIN`. When the pad opens, copy the URL and send a command like this to the room: `/addwidget URL`. You will then find your integrated Etherpad within the right sidebar in the `Widgets` section. + + ## Set Dimension default to the self-hosted Etherpad (optional) If you decided to install [Dimension integration manager](configuring-playbook-dimension.md) alongside Etherpad, the Dimension administrator users can configure the default URL template. diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md index 1f1a30e49..d3c16cd97 100644 --- a/docs/configuring-playbook-external-postgres.md +++ b/docs/configuring-playbook-external-postgres.md @@ -10,7 +10,7 @@ If you'd like to use an external PostgreSQL server that you manage, you can edit If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this: ```yaml -matrix_postgres_enabled: false +devture_postgres_enabled: false # Rewire Synapse to use your external Postgres server matrix_synapse_database_host: "your-postgres-server-hostname" diff --git a/docs/configuring-playbook-federation.md b/docs/configuring-playbook-federation.md index 4650b5e2c..5a1e76e5d 100644 --- a/docs/configuring-playbook-federation.md +++ b/docs/configuring-playbook-federation.md @@ -46,6 +46,9 @@ matrix_synapse_federation_port_enabled: false # This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false + +# This stops the federation port on the synapse-reverse-proxy-companion side (normally `matrix-synapse-reverse-proxy-companion:8048` on the container network). +matrix_synapse_reverse_proxy_companion_federation_api_enabled: false ``` ## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index f278e54ec..a9d3c2de4 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -127,6 +127,80 @@ Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/ You may want to **limit the maximum video resolution**, to save up resources on both server and clients. +## (Optional) Specify a Max number of participants on a Jitsi conference + +The playbook allows a user to set a max number of participants allowed to join a Jitsi conference. By default there is no limit. + +In order to set the max number of participants add the following variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration: + +``` +matrix_prosody_jitsi_max_participants: +``` + +## (Optional) Additional JVBs + +By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)) is deployed on the same host as the Matrix server. To allow more video-conferences to happen at the same time, you may need to provision additional JVB services on other hosts. + +There is an ansible playbook that can be run with the following tag: +` ansible-playbook -i inventory/hosts --limit jitsi_jvb_servers jitsi_jvb.yml --tags=common,setup-additional-jitsi-jvb,start` + +For this role to work you will need an additional section in the ansible hosts file with the details of the JVB hosts, for example: +``` +[jitsi_jvb_servers] + ansible_host= +``` + +Each JVB will require a server id to be set so that it can be uniquely identified and this allows Jitsi to keep track of which conferences are on which JVB. +The server id is set with the variable `matrix_jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container. +This variable can be set via the host file, a parameter to the ansible command or in the `vars.yaml` for the host which will have the additional JVB. For example: + +``` yaml +matrix_jitsi_jvb_server_id: 'jvb-2' +``` + +``` INI +[jitsi_jvb_servers] +jvb-2.example.com ansible_host=192.168.0.2 matrix_jitsi_jvb_server_id=jvb-2 +jvb-3.example.com ansible_host=192.168.0.3 matrix_jitsi_jvb_server_id=jvb-2 +``` + +Note that the server id `jvb-1` is reserved for the JVB instance running on the Matrix host and therefore should not be used as the id of an additional jvb host. + +The additional JVB will also need to expose the colibri web socket port and this can be done with the following variable: + +```yaml +matrix_jitsi_jvb_container_colibri_ws_host_bind_port: 9090 +``` + +The JVB will also need to know where the prosody xmpp server is located, similar to the server id this can be set in the vars for the JVB by using the variable +`matrix_jitsi_xmpp_server`. The Jitsi prosody container is deployed on the matrix server by default so the value can be set to the matrix domain. For example: + +```yaml +matrix_jitsi_xmpp_server: "{{ matrix_domain }}" +``` + +However, it can also be set the ip address of the matrix server. This can be useful if you wish to use a private ip. For example: + +```yaml +matrix_jitsi_xmpp_server: "192.168.0.1" +``` + +The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable +`matrix_nginx_proxy_proxy_jitsi_additional_jvbs`, which contains a dictionary of server ids to ip addresses. + +For example, + +``` yaml +matrix_nginx_proxy_proxy_jitsi_additional_jvbs: + jvb-2: 192.168.0.2 + jvb-3: 192.168.0.3 +``` + + +Applied together this will allow you to provision extra JVB instances which will register themselves with the prosody service and be available for jicofo +to route conferences too. + + ## Apply changes diff --git a/docs/configuring-playbook-matrix-registration.md b/docs/configuring-playbook-matrix-registration.md index 2b4b07ff2..491d94e23 100644 --- a/docs/configuring-playbook-matrix-registration.md +++ b/docs/configuring-playbook-matrix-registration.md @@ -4,6 +4,8 @@ The playbook can install and configure [matrix-registration](https://github.com/ **WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it. +**WARNING**: this is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) + > matrix-registration is a simple python application to have a token based matrix registration. Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account. diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 9fd51086b..06f21b326 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -6,9 +6,6 @@ If that's alright, you can skip this. If you don't want this playbook's nginx webserver to take over your server's 80/443 ports like that, and you'd like to use your own webserver (be it nginx, Apache, Varnish Cache, etc.), you can. -You should note, however, that the playbook's services work best when you keep using the integrated `matrix-nginx-proxy` webserver. -For example, disabling `matrix-nginx-proxy` when running a [Synapse worker setup for load-balancing](configuring-playbook-synapse.md#load-balancing-with-workers) (a more advanced, non-default configuration) is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). If you need a such more scalable setup, disabling `matrix-nginx-proxy` will be a bad idea. If yours will be a simple (default, non-worker-load-balancing) deployment, disabling `matrix-nginx-proxy` may be fine. - There are **2 ways you can go about it**, if you'd like to use your own webserver: - [Method 1: Disabling the integrated nginx reverse-proxy webserver](#method-1-disabling-the-integrated-nginx-reverse-proxy-webserver) @@ -19,7 +16,12 @@ There are **2 ways you can go about it**, if you'd like to use your own webserve ## Method 1: Disabling the integrated nginx reverse-proxy webserver This method is about completely disabling the integrated nginx reverse-proxy webserver and replicating its behavior using another webserver. -For an alternative, make sure to check Method #2 as well. + +If that other webserver is `nginx`, you'd be able to include configuration files generated by the playbook into your `nginx` webserver. + +If you'd like to use another webserver (not `nginx`), you'd need to do things manually. We have examples for other webservers below. + +For an alternative (which keeps `matrix-nginx-proxy` around and connects your other reverse-proxy with it), make sure to check Method #2. ### Preparation @@ -40,8 +42,8 @@ No matter which external webserver you decide to go with, you'll need to: Here are the variables required for the default configuration (Synapse and Element) ``` - matrix_synapse_container_client_api_host_bind_port: '0.0.0.0:8008' - matrix_synapse_container_federation_api_plain_host_bind_port: '0.0.0.0:8048' + matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: '0.0.0.0:8008' + matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: '0.0.0.0:8048' matrix_client_element_container_http_host_bind_port: "0.0.0.0:8765" ``` @@ -172,31 +174,26 @@ matrix_nginx_proxy_container_extra_arguments: # The Nginx proxy container will receive traffic from these subdomains - '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_element }}`,`{{ matrix_server_fqn_dimension }}`,`{{ matrix_server_fqn_jitsi }}`)"' - # (The 'web-secure' entrypoint must bind to port 443 in Traefik config) - '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"' - # (The 'default' certificate resolver must be defined in Traefik config) - '--label "traefik.http.routers.matrix-nginx-proxy.tls.certResolver=default"' - + # Traefik requires that we declare which service this router is using + - '--label "traefik.http.routers.matrix-nginx-proxy.service=matrix-nginx-proxy"' # The Nginx proxy container uses port 8080 internally - '--label "traefik.http.services.matrix-nginx-proxy.loadbalancer.server.port=8080"' -matrix_synapse_container_extra_arguments: - # May be unnecessary depending on Traefik config, but can't hurt - - '--label "traefik.enable=true"' - - # The Synapse container will receive traffic from this subdomain - - '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"' - - # (The 'synapse' entrypoint must bind to port 8448 in Traefik config) - - '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"' - + # Federation + - '--label "traefik.http.routers.matrix-nginx-proxy-federation.rule=Host(`{{ matrix_server_fqn_matrix }}`)"' + # (The 'federation' entrypoint must bind to port 8448 in Traefik config) + - '--label "traefik.http.routers.matrix-nginx-proxy-federation.entrypoints=federation"' # (The 'default' certificate resolver must be defined in Traefik config) - - '--label "traefik.http.routers.matrix-synapse.tls.certResolver=default"' - - # The Synapse container uses port 8048 internally - - '--label "traefik.http.services.matrix-synapse.loadbalancer.server.port=8048"' + - '--label "traefik.http.routers.matrix-nginx-proxy-federation.tls.certResolver=default"' + # Traefik requires that we declare which service this router is using + - '--label "traefik.http.routers.matrix-nginx-proxy-federation.service=matrix-nginx-proxy-federation"' + # The Nginx proxy container uses port `matrix_nginx_proxy_proxy_matrix_federation_port (8448) internally + - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.port={{ matrix_nginx_proxy_proxy_matrix_federation_port }}"' + - '--label "traefik.http.services.matrix-nginx-proxy-federation.loadbalancer.server.scheme={{ "https" if matrix_nginx_proxy_https_enabled else "http" }}"' ``` This method uses labels attached to the Nginx and Synapse containers to provide the Traefik Docker provider with the information it needs to proxy `matrix.DOMAIN`, `element.DOMAIN`, `dimension.DOMAIN` and `jitsi.DOMAIN`. Some [static configuration](https://docs.traefik.io/v2.0/reference/static-configuration/file/) is required in Traefik; namely, having endpoints on ports 443 and 8448 and having a certificate resolver. @@ -240,7 +237,7 @@ services: - "--providers.docker.network=traefik" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web-secure.address=:443" - - "--entrypoints.synapse.address=:8448" + - "--entrypoints.federation.address=:8448" - "--certificatesresolvers.default.acme.tlschallenge=true" - "--certificatesresolvers.default.acme.email=YOUR EMAIL" - "--certificatesresolvers.default.acme.storage=/letsencrypt/acme.json" diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 75b599c88..2510ecc11 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -1,6 +1,6 @@ # Setting up postgres backup (optional) -The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you. +The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you via the [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup) Ansible role. For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead. @@ -10,7 +10,7 @@ For a more complete backup solution (one that includes not only Postgres, but al Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup: ```yaml -matrix_postgres_backup_enabled: true +devture_postgres_backup_enabled: true ``` Refer to the table below for additional configuration variables and their default values. @@ -18,12 +18,13 @@ Refer to the table below for additional configuration variables and their defaul | Name | Default value | Description | | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | -|`matrix_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| -|`matrix_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| -|`matrix_postgres_backup_keep_days`|`7`|Number of daily backups to keep| -|`matrix_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| -|`matrix_postgres_backup_keep_months`|`12`|Number of monthly backups to keep| -|`matrix_postgres_backup_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Storagepath for the database backups| +|`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| +|`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| +|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep| +|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| +|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep| +|`devture_postgres_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_data_path` | +|`devture_postgres_data_path` | `"{{ devture_postgres_base_path }}/data"` | Storage path for postgres-backup database backups | ## Installing diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index f86566a94..0b785c359 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -15,6 +15,9 @@ matrix_prometheus_node_exporter_enabled: true # You can remove this, if unnecessary. matrix_prometheus_postgres_exporter_enabled: true +# You can remove this, if unnecessary. +matrix_prometheus_nginxlog_exporter_enabled: true + matrix_grafana_enabled: true matrix_grafana_anonymous_access: false @@ -39,6 +42,7 @@ Name | Description `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures `matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. +`matrix_prometheus_nginxlog_exporter_enabled`|[NGINX Log Exporter](configuring-playbook-prometheus-nginxlog.md) is an addon of sorts to expose NGINX logs to Prometheus. `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.` subdomain) the dashboards with the graphs that we're interested in `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option. `matrix_grafana_default_admin_user`
`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here @@ -73,6 +77,7 @@ Name | Description `matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) `matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) +`matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network) `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) diff --git a/docs/configuring-playbook-prometheus-nginxlog.md b/docs/configuring-playbook-prometheus-nginxlog.md new file mode 100644 index 000000000..832efbd8d --- /dev/null +++ b/docs/configuring-playbook-prometheus-nginxlog.md @@ -0,0 +1,59 @@ +# Enabling metrics and graphs for NginX logs (optional) + +It can be useful to have some (visual) insight into NignX logs. + +This adds [prometheus-nginxlog-exporter](https://github.com/martin-helmich/prometheus-nginxlog-exporter/) to your matrix deployment. +It will provide a prometheus 'metrics' endpoint exposing data from both the `matrix-nginx-proxy` and `matrix-synapse-reverse-proxy-companion` logs and automatically aggregates the data with prometheus. +Optionally it visualizes the data, if [`matrix-grafana`](configuring-playbook-prometheus-grafana.md) is enabled, by means of a dedicated Grafana dashboard named `NGINX PROXY` + +You can enable this role by adding the following settings in your configuration file (`inventory/host_vars/matrix./vars.yml`): + +```yaml +matrix_prometheus_nginxlog_exporter_enabled: true + +# required depency +matrix_prometheus_enabled: true + +# optional for visualization +matrix_grafana_enabled: true +``` + +x | Prerequisites | Variable | Description +|:--:|:--:|:--:|:--| +**REQUIRED** | `matrix-prometheus`| `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. +_Optional_ | [`matrix-grafana`](configuring-playbook-prometheus-grafana.md) | [`matrix_grafana_enabled`](configuring-playbook-prometheus-grafana.md)|[Grafana](https://grafana.com) is the visual component. It shows (on the `stats.` subdomain) graphs that we're interested in. When enabled the `NGINX PROXY` dashboard is automatically added. + +## Docker Image Compatibility + +At the moment of writing only images for `amd64` and `arm64` architectures are available + +The playbook currently does not support building an image. +You can however use a custom-build image by setting +```yaml +matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false +matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag +``` + +## Security and privacy + +Metrics and resulting graphs can contain a lot of information. NginX logs contain information like IP address, URLs, UserAgents and more. This information can reveal usage patterns and could be considered Personally Identifiable Information (PII). Think about this before enabling (anonymous) access. +Please make sure you change the default Grafana password. + +## Save metrics on an external Prometheus server + +The playbook will automatically integrate the metrics into the Prometheus server provided with this playbook. You can choose to save data on an external Prometheus instance. + +The metrics of this role will be exposed on `https://matrix.DOMAIN/metrics/nginxlog` when setting +```yaml +matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled: true + +# required dependency +matrix_nginx_proxy_proxy_matrix_metrics_enabled: true +``` +The playbook can provide a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/nginxlog`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`. + +The following variables may be of interest: + +Name | Description +-----|---------- +`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service. \ No newline at end of file diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index 2dba264be..6022eaad0 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -28,13 +28,13 @@ While you will need some local disk space around, it's only to accommodate usage ## Installing -After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure Goofys in your configuration file (`inventory/host_vars/matrix./vars.yml`): +After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure `s3-storage-provider` in your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml matrix_synapse_ext_synapse_s3_storage_provider_enabled: true matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: your-bucket-name matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: some-region-name # e.g. eu-central-1 -matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://.. # delete this whole line for Amazon S3 +matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://s3.REGION_NAME.amazonaws.com # adjust this matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-goes-here matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc. @@ -62,7 +62,7 @@ Migrating your existing data can happen in multiple ways: Instead of using `s3_media_upload` directly, which is very slow and painful for an initial data migration, we recommend [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload). -To copy your existing files, SSH into the server and run `/usr/local/bin/matrix-synapse-s3-storage-provider-shell`. +To copy your existing files, SSH into the server and run `/matrix/synapse/ext/s3-storage-provider/bin/shell`. This launches a Synapse container, which has access to the local media store, Postgres database, S3 store and has some convenient environment variables configured for you to use (`MEDIA_PATH`, `BUCKET`, `ENDPOINT`, `UPDATE_DB_DAYS`, etc). @@ -76,12 +76,12 @@ Then use the following commands (`$` values come from environment variables - th The `s3_media_upload upload` command may take a lot of time to complete. -Instead of running the above commands manually in the shell, you can also run the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because: +Instead of running the above commands manually in the shell, you can also run the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because: - it's what the upstream project demonstrates and it teaches you how to use the `s3_media_upload` tool - allows you to check and verify the output of each command, to catch mistakes - includes progress bars and detailed output for each command -- allows you to easily interrupt slow-running commands, etc. (the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`) +- allows you to easily interrupt slow-running commands, etc. (the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`) ### Using another tool in combination with `s3_media_upload` @@ -119,7 +119,7 @@ As described in [How it works?](#how-it-works) above, when new media is uploaded By default, we periodically ensure that all local files are uploaded to S3 and are then removed from the local filesystem. This is done automatically using: -- the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script +- the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` script - .. invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service - .. triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00 diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index 2e14f1ad4..4dc8f5195 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -37,7 +37,7 @@ If you'd like more customization power, you can start with one of the presets an If you increase worker counts too much, you may need to increase the maximum number of Postgres connections too (example): ```yaml -matrix_postgres_process_extra_arguments: [ +devture_postgres_process_extra_arguments: [ "-c 'max_connections=200'" ] ``` @@ -56,21 +56,27 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)). +This example configuration is for [keycloak](https://www.keycloak.org/), an opensource Identity Provider maintained by Red Hat. + +For more detailed documentation on available options and how to setup keycloak, see the [Synapse documentation on OpenID Connect with keycloak](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md#keycloak). + In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ; ``` - - idp_id: keycloak - idp_name: "Keycloak" - issuer: "https://url.ix/auth/realms/x" - client_id: "matrix" - client_secret: "{{ vault_synapse_keycloak }}" - scopes: ["openid", "profile"] - authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth" - token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token" - userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo" - user_mapping_provider: - config: - display_name_template: "{% raw %}{{ user.given_name }}{% endraw %} {% raw %}{{ user.family_name }}{% endraw %}" - email_template: "{% raw %}{{ user.email }}{% endraw %}" +matrix_synapse_configuration_extension_yaml: | + oidc_providers: + - idp_id: keycloak + idp_name: "My KeyCloak server" + issuer: "https://url.ix/auth/realms/{realm_name}" + client_id: "matrix" + client_secret: "{{ vault_synapse_keycloak }}" + scopes: ["openid", "profile"] + user_mapping_provider: + config: + localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}" + display_name_template: "{% raw %}{{ user.name }}{% endraw %}" + email_template: "{% raw %}{{ user.email }}{% endraw %}" + allow_existing_users: true # Optional + backchannel_logout_enabled: true # Optional ``` diff --git a/docs/configuring-playbook-telemetry.md b/docs/configuring-playbook-telemetry.md index a97fa59c8..74f59dfc8 100644 --- a/docs/configuring-playbook-telemetry.md +++ b/docs/configuring-playbook-telemetry.md @@ -12,15 +12,17 @@ growth of the Matrix community, and helps to make Matrix a success. If you'd like to **help by enabling submission of general usage statistics** for your homeserver, add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml -matrix_synapse_report_stats: true +matrix_synapse_report_stats: true # for synapse + +matrix_dendrite_report_stats: true # for dendrite ``` ## Usage statistics being submitted -When enabled, Synapse will regularly upload a few dozen statistics about your server. +When enabled, your homeserver will regularly upload a few dozen statistics about your server. This data includes your homeserver's domain, the total number of users, the number of active users, the total number of rooms, and the number of messages sent per day on your homeserver. -See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) +See [Synapse's documentation](https://github.com/matrix-org/synapse/blob/develop/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md#available-statistics) or [Dendrite's documentation](https://github.com/matrix-org/dendrite/blob/main/docs/FAQ.md#what-is-being-reported-when-enabling-phone-home-statistics) for the full list of statistics that are reported. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 127ab47da..fa00c858d 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -47,6 +47,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation (optional) + - [Configuring Dendrite](configuring-playbook-dendrite.md), if you've switched to the [Dendrite](https://matrix-org.github.io/dendrite) homeserver implementation (optional) + - [Configuring Element](configuring-playbook-client-element.md) (optional) - [Storing Matrix media files on Amazon S3](configuring-playbook-s3.md) (optional) diff --git a/docs/faq.md b/docs/faq.md index f2df8698b..25d02e7ce 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -317,7 +317,7 @@ If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by def Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file: ```yaml -matrix_docker_installation_enabled: true +matrix_playbook_docker_installation_enabled: false ``` ### I run another webserver on the same server where I wish to install Matrix. What now? diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index fe3817f53..a44afdcfb 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -97,9 +97,9 @@ Once the database is clear and the ownership of the tables has been fixed in the Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal) ``` -/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:14.1-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse" +/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:15.0-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse" ``` ### Hints -To open psql terminal run `/usr/local/bin/matrix-postgres-cli` +To open psql terminal run `/matrix/postgres/bin/cli` diff --git a/docs/installing.md b/docs/installing.md index 53a86585c..3bbc9a44c 100644 --- a/docs/installing.md +++ b/docs/installing.md @@ -13,17 +13,21 @@ The general command syntax is: `ansible-playbook -i inventory/hosts setup.yml -- Here are some playbook tags that you should be familiar with: -- `setup-all` - runs all setup tasks for all components, but does not start/restart services +- `setup-all` - runs all setup tasks (installation and uninstallation) for all components, but does not start/restart services + +- `install-all` - like `setup-all`, but skips uninstallation tasks. Useful for maintaining your setup quickly when its components remain unchanged. If you adjust your `vars.yml` to remove components, you'd need to run `setup-all` though, or these components will still remain installed - `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag). +- `install-SERVICE` (e.g. `install-bot-postmoogle`) - like `setup-SERVICE`, but skips uninstallation tasks. See `install-all` above for additional information. + - `start` - starts all systemd services and makes them start automatically in the future - `stop` - stops all systemd services - `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created -`setup-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc. +`setup-*` tags and `install-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc. ## 1. Installing Matrix @@ -40,7 +44,7 @@ There 2 ways to start the installation process - depending on whether you're [In If this is **a brand new** Matrix server and you **won't be importing old data into it**, run all these tags: ```sh -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start +ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start ``` This will do a full installation and start all Matrix services. @@ -56,7 +60,7 @@ Starting its services or messing with its database now will affect your data imp To do the installation **without** starting services, run only the `setup-all` tag: ```sh -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all +ansible-playbook -i inventory/hosts setup.yml --tags=install-all ``` When this command completes, services won't be running yet. @@ -82,6 +86,8 @@ Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-t Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match. +Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [Playbook tags introduction](#playbook-tags-introduction) + ## 3. Finalize the installation diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index 52d2d9eed..f2ca907da 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -16,7 +16,7 @@ Table of contents: ## Getting a database terminal -You can use the `/usr/local/bin/matrix-postgres-cli` tool to get interactive terminal access ([psql](https://www.postgresql.org/docs/11/app-psql.html)) to the PostgreSQL server. +You can use the `/matrix/postgres/bin/cli` tool to get interactive terminal access ([psql](https://www.postgresql.org/docs/11/app-psql.html)) to the PostgreSQL server. If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above tool will not be available. @@ -80,6 +80,8 @@ This playbook can upgrade your existing Postgres setup with the following comman ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres +**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.** + **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`. To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"` @@ -97,7 +99,7 @@ Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"` ## Tuning PostgreSQL -PostgreSQL can be tuned to make it run faster. This is done by passing extra arguments to Postgres with the `matrix_postgres_process_extra_arguments` variable. You should use a website like https://pgtune.leopard.in.ua/ or information from https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server to determine what Postgres settings you should change. +PostgreSQL can be tuned to make it run faster. This is done by passing extra arguments to Postgres with the `devture_postgres_process_extra_arguments` variable. You should use a website like https://pgtune.leopard.in.ua/ or information from https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server to determine what Postgres settings you should change. **Note**: the configuration generator at https://pgtune.leopard.in.ua/ adds spaces around the `=` sign, which is invalid. You'll need to remove it manually (`max_connections = 300` -> `max_connections=300`) @@ -107,7 +109,7 @@ These are not recommended values and they may not work well for you. This is jus Here is an example config for a small 2 core server with 4GB of RAM and SSD storage: ``` -matrix_postgres_process_extra_arguments: [ +devture_postgres_process_extra_arguments: [ "-c shared_buffers=128MB", "-c effective_cache_size=2304MB", "-c effective_io_concurrency=100", @@ -118,7 +120,7 @@ matrix_postgres_process_extra_arguments: [ Here is an example config for a 4 core server with 8GB of RAM on a Virtual Private Server (VPS); the paramters have been configured using https://pgtune.leopard.in.ua with the following setup: PostgreSQL version 12, OS Type: Linux, DB Type: Mixed type of application, Data Storage: SSD storage: ``` -matrix_postgres_process_extra_arguments: [ +devture_postgres_process_extra_arguments: [ "-c max_connections=100", "-c shared_buffers=2GB", "-c effective_cache_size=6GB", @@ -140,7 +142,7 @@ matrix_postgres_process_extra_arguments: [ Here is an example config for a large 6 core server with 24GB of RAM: ``` -matrix_postgres_process_extra_arguments: [ +devture_postgres_process_extra_arguments: [ "-c max_connections=40", "-c shared_buffers=1536MB", "-c checkpoint_completion_target=0.7", diff --git a/docs/registering-users.md b/docs/registering-users.md index 90c065bfe..321346b65 100644 --- a/docs/registering-users.md +++ b/docs/registering-users.md @@ -9,7 +9,7 @@ Table of contents: - [Managing users via a Web UI](#managing-users-via-a-web-ui) - [Letting certain users register on your private server](#letting-certain-users-register-on-your-private-server) - [Enabling public user registration](#enabling-public-user-registration) - - [Adding/Removing Administrator privileges to an existing user](#addingremoving-administrator-privileges-to-an-existing-user) + - [Adding/Removing Administrator privileges to an existing Synapse user](#addingremoving-administrator-privileges-to-an-existing-synapse-user) ## Registering users manually @@ -23,7 +23,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= +/matrix/synapse/bin/register-user ``` **Note**: `` is just a plain username (like `john`), not your full `@:` identifier. @@ -58,13 +58,24 @@ and running the [installation](installing.md) procedure once again. If you're opening up registrations publicly like this, you might also wish to [configure CAPTCHA protection](configuring-captcha.md). -## Adding/Removing Administrator privileges to an existing user +## Adding/Removing Administrator privileges to an existing Synapse user -The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges. - -* log on to your server with ssh -* execute with the username and 0/1 (0 = non-admin | 1 = admin) +To change the admin privileges for a user, you need to run an SQL query like this against the `synapse` database: +```sql +UPDATE users SET admin=ADMIN_VALUE WHERE name = '@USER:DOMAIN' ``` -/usr/local/bin/matrix-change-user-admin-status <0/1> -``` + +where: + +- `ADMIN_VALUE` being either `0` (regular user) or `1` (admin) +- `USER` and `DOMAIN` pointing to a valid user on your server + +If you're using the integrated Postgres server and not an [external Postgres server](configuring-playbook-external-postgres.md), you can launch a Postgres into the `synapse` database by: + +- running `/matrix/postgres/bin/cli` - to launch [`psql`](https://www.postgresql.org/docs/current/app-psql.html) +- running `\c synapse` - to change to the `synapse` database + +You can then proceed to run the query above. + +**Note**: directly modifying the raw data of Synapse (or any other software) could cause the software to break. You've been warned! diff --git a/docs/self-building.md b/docs/self-building.md index 3351a1f8f..ad29fc2da 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -6,11 +6,11 @@ The playbook supports self-building of various components, which don't have a co For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building). -To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it directly. If not, it will build the image on the server itself. +To make use of self-building, you don't need to do anything. If a component has an image for the specified architecture, the playbook will use it directly. If not, it will build the image on the server itself. Note that **not all components support self-building yet**. -List of roles where self-building the Docker image is currently possible: +Possibly outdated list of roles where self-building the Docker image is currently possible: - `matrix-synapse` - `matrix-synapse-admin` - `matrix-client-element` diff --git a/docs/uninstalling.md b/docs/uninstalling.md index 73af01d91..73a414ede 100644 --- a/docs/uninstalling.md +++ b/docs/uninstalling.md @@ -12,7 +12,7 @@ ## Uninstalling using a script -Installing places a `/usr/local/bin/matrix-remove-all` script on the server. +Installing places a `/matrix/bin/remove-all` script on the server. You can run it to to have it uninstall things for you automatically (see below). **Use with caution!** @@ -25,8 +25,6 @@ If you prefer to uninstall manually, run these commands (most are meant to be ex - delete the Matrix-related systemd `.service` and `.timer` files (`rm -f /etc/systemd/system/matrix*.{service,timer}`) and reload systemd (`systemctl daemon-reload`) -- delete some helper scripts (`rm -f /usr/local/bin/matrix*`) - - delete some cached Docker images (`docker system prune -a`) or just delete them all (`docker rmi $(docker images -aq)`) - delete the Docker networks: `docker network rm matrix matrix-coturn` (might have been deleted already if you ran the `docker system prune` command) diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 2ea20d2f6..98663c601 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -1,6 +1,6 @@ # Updating users passwords -## Option 1 (if you are using the default matrix-postgres container): +## Option 1 (if you are using the integrated Postgres database): You can reset a user's password via the Ansible playbook (make sure to edit the `` and `` part below): @@ -36,7 +36,7 @@ Use the Synapse User Admin API as described here: https://github.com/matrix-org/ This requires an [access token](obtaining-access-tokens.md) from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* -If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). +If you didn't make your account a server admin when you created it, you can learn how to switch it now by reading about it in [Adding/Removing Administrator privileges to an existing Synapse user](registering-users.md#addingremoving-administrator-privileges-to-an-existing-synapse-user). ### Example: To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command: diff --git a/examples/caddy/matrix-synapse b/examples/caddy/matrix-synapse index c1893ebbf..46c48ab65 100644 --- a/examples/caddy/matrix-synapse +++ b/examples/caddy/matrix-synapse @@ -21,11 +21,11 @@ https://matrix.DOMAIN { } # Synapse Client<>Server API - proxy /_matrix matrix-synapse:8008 { + proxy /_matrix matrix-synapse-reverse-proxy-companion:8008 { transparent except /_matrix/identity/ /_matrix/client/r0/user_directory/search } - proxy /_synapse/client matrix-synapse:8008 { + proxy /_synapse/client matrix-synapse-reverse-proxy-companion:8008 { transparent } } diff --git a/examples/vars.yml b/examples/vars.yml index e1b6cf054..732d7eedd 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -35,4 +35,4 @@ matrix_ssl_lets_encrypt_support_email: '' # # The playbook creates additional Postgres users and databases (one for each enabled service) # using this superuser account. -matrix_postgres_connection_password: '' +devture_postgres_connection_password: '' diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7df712479..2a9e0414a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -9,6 +9,317 @@ # You can also override ANY variable (seen here or in any given role), # by re-defining it in your own configuration file (`inventory/host_vars/matrix.`). +######################################################################## +# # +# Playbook # +# # +######################################################################## + +# Controls whether to install Docker or not +# Also see `devture_docker_sdk_for_python_installation_enabled`. +matrix_playbook_docker_installation_enabled: true + +######################################################################## +# # +# /Playbook # +# # +######################################################################## + +######################################################################## +# # +# base # +# # +######################################################################## + +matrix_homeserver_container_extra_arguments_auto: | + {{ + (['--mount type=bind,src=' + matrix_appservice_discord_config_path + '/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro'] if matrix_appservice_discord_enabled else []) + + + (['--mount type=bind,src=' + matrix_appservice_irc_config_path + '/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro'] if matrix_appservice_irc_enabled else []) + + + (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else []) + + + (['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else []) + + + (['--mount type=bind,src=' + matrix_appservice_webhooks_config_path + '/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro'] if matrix_appservice_webhooks_enabled else []) + + + (['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else []) + + + (['--mount type=bind,src=' + matrix_go_skype_bridge_config_path + '/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro'] if matrix_go_skype_bridge_enabled else []) + + + (['--mount type=bind,src=' + matrix_heisenbridge_base_path + '/registration.yaml,dst=/heisenbridge-registration.yaml,ro'] if matrix_heisenbridge_enabled else []) + + + (['--mount type=bind,src=' + matrix_hookshot_base_path + '/registration.yml,dst=/hookshot-registration.yml,ro'] if matrix_hookshot_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_hangouts_config_path + '/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro'] if matrix_mautrix_hangouts_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_instagram_config_path + '/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro'] if matrix_mautrix_instagram_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else []) + + + (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else []) + + + (['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else []) + + + (['--mount type=bind,src=' + matrix_mx_puppet_instagram_config_path + '/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro'] if matrix_mx_puppet_instagram_enabled else []) + + + (['--mount type=bind,src=' + matrix_mx_puppet_slack_config_path + '/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro'] if matrix_mx_puppet_slack_enabled else []) + + + (['--mount type=bind,src=' + matrix_mx_puppet_steam_config_path + '/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro'] if matrix_mx_puppet_steam_enabled else []) + + + (['--mount type=bind,src=' + matrix_mx_puppet_twitter_config_path + '/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro'] if matrix_mx_puppet_twitter_enabled else []) + + + (['--mount type=bind,src=' + matrix_sms_bridge_config_path + '/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro'] if matrix_sms_bridge_enabled else []) + + + (['--mount type=bind,src=' + matrix_cactus_comments_app_service_config_file + ',dst=/matrix-cactus-comments.yaml,ro'] if matrix_cactus_comments_enabled else []) + }} + +matrix_homeserver_app_service_config_files_auto: | + {{ + (['/matrix-appservice-discord-registration.yaml'] if matrix_appservice_discord_enabled else []) + + + (['/matrix-appservice-irc-registration.yaml'] if matrix_appservice_irc_enabled else []) + + + (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else []) + + + (['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else []) + + + (['/matrix-appservice-webhooks-registration.yaml'] if matrix_appservice_webhooks_enabled else []) + + + (['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else []) + + + (['/matrix-go-skype-bridge-registration.yaml'] if matrix_go_skype_bridge_enabled else []) + + + (['/heisenbridge-registration.yaml'] if matrix_heisenbridge_enabled else []) + + + (['/hookshot-registration.yml'] if matrix_hookshot_enabled else []) + + + (['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else []) + + + (['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else []) + + + (['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else []) + + + (['/matrix-mautrix-hangouts-registration.yaml'] if matrix_mautrix_hangouts_enabled else []) + + + (['/matrix-mautrix-instagram-registration.yaml'] if matrix_mautrix_instagram_enabled else []) + + + (['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else []) + + + (['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else []) + + + (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else []) + + + (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else []) + + + (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else []) + + + (['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else []) + + + (['/matrix-mx-puppet-instagram-registration.yaml'] if matrix_mx_puppet_instagram_enabled else []) + + + (['/matrix-mx-puppet-slack-registration.yaml'] if matrix_mx_puppet_slack_enabled else []) + + + (['/matrix-mx-puppet-steam-registration.yaml'] if matrix_mx_puppet_steam_enabled else []) + + + (['/matrix-mx-puppet-twitter-registration.yaml'] if matrix_mx_puppet_twitter_enabled else []) + + + (['/matrix-sms-bridge-registration.yaml'] if matrix_sms_bridge_enabled else []) + + + (['/matrix-cactus-comments.yaml'] if matrix_cactus_comments_enabled else []) + }} + +######################################################################## +# # +# /base # +# # +######################################################################## + + +######################################################################## +# # +# com.devture.ansible.role.systemd_service_manager # +# # +######################################################################## + +# This list is not exhaustive and final. +# Synapse workers are still injected into the list at runtime. +# Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well. +# +# Priority levels are like this: +# - core services (the homeserver) get a level of ~1000 +# - services that core services depend on (database, Redis, ntfy, etc.) get a lower level - between 500 and 1000 +# - reverse-proxying services get level 3000 +# - Matrix utility services (bridges, bots) get a level of 2000/2200, so that: +# - they can start before the reverse-proxy +# - so that, when the reverse-proxy is up (Matrix is up), all bots and bridges can be interacted with +# - monitoring services (Prometheus, Grafana, ..) get a level of 4000 - they can start later than all-of-Matrix +# - services which aren't time-sensitive (various crons and timers) get a level of 5000 - they can start later than all-of-Matrix +devture_systemd_service_manager_services_list_auto: | + {{ + ([{'name': 'matrix-backup-borg.timer', 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if matrix_backup_borg_enabled else []) + + + ([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron']}] if matrix_bot_buscarron_enabled else []) + + + ([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb']}] if matrix_bot_go_neb_enabled else []) + + + ([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit']}] if matrix_bot_honoroit_enabled else []) + + + ([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else []) + + + ([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else []) + + + ([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot']}] if matrix_bot_maubot_enabled else []) + + + ([{'name': 'matrix-bot-mjolnir.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'mjolnir']}] if matrix_bot_mjolnir_enabled else []) + + + ([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'postmoogle']}] if matrix_bot_postmoogle_enabled else []) + + + ([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else []) + + + ([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else []) + + + ([{'name': 'matrix-appservice-kakaotalk.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk']}] if matrix_appservice_kakaotalk_enabled else []) + + + ([{'name': 'matrix-appservice-kakaotalk-node.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'appservice-kakaotalk', 'appservice-kakaotalk-node']}] if matrix_appservice_kakaotalk_enabled else []) + + + ([{'name': 'matrix-appservice-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-slack']}] if matrix_appservice_slack_enabled else []) + + + ([{'name': 'matrix-appservice-webhooks.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-webhooks']}] if matrix_appservice_webhooks_enabled else []) + + + ([{'name': 'matrix-beeper-linkedin.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'beeper-linkedin']}] if matrix_beeper_linkedin_enabled else []) + + + ([{'name': 'matrix-go-skype-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'go-skype']}] if matrix_go_skype_bridge_enabled else []) + + + ([{'name': 'matrix-heisenbridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'heisenbridge']}] if matrix_heisenbridge_enabled else []) + + + ([{'name': 'matrix-hookshot.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'hookshot']}] if matrix_hookshot_enabled else []) + + + ([{'name': 'matrix-mautrix-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-discord']}] if matrix_mautrix_discord_enabled else []) + + + ([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-facebook']}] if matrix_mautrix_facebook_enabled else []) + + + ([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-googlechat']}] if matrix_mautrix_googlechat_enabled else []) + + + ([{'name': 'matrix-mautrix-hangouts.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-hangouts']}] if matrix_mautrix_hangouts_enabled else []) + + + ([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-instagram']}] if matrix_mautrix_instagram_enabled else []) + + + ([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else []) + + + ([{'name': 'matrix-mautrix-signal-daemon.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal-daemon']}] if matrix_mautrix_signal_enabled else []) + + + ([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else []) + + + ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else []) + + + ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else []) + + + ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else []) + + + ([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-groupme']}] if matrix_mx_puppet_groupme_enabled else []) + + + ([{'name': 'matrix-mx-puppet-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-instagram']}] if matrix_mx_puppet_instagram_enabled else []) + + + ([{'name': 'matrix-mx-puppet-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-slack']}] if matrix_mx_puppet_slack_enabled else []) + + + ([{'name': 'matrix-mx-puppet-steam.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-steam']}] if matrix_mx_puppet_steam_enabled else []) + + + ([{'name': 'matrix-mx-puppet-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-twitter']}] if matrix_mx_puppet_twitter_enabled else []) + + + ([{'name': 'matrix-sms-bridge.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'sms']}] if matrix_sms_bridge_enabled else []) + + + ([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else []) + + + ([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny']}] if matrix_client_cinny_enabled else []) + + + ([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element']}] if matrix_client_element_enabled else []) + + + ([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen']}] if matrix_client_hydrogen_enabled else []) + + + ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else []) + + + ([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else []) + + + ([{'name': 'matrix-coturn.service', 'priority': 4000, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else []) + + + ([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else []) + + + ([{'name': 'matrix-dimension.service', 'priority': 2500, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else []) + + + ([{'name': 'matrix-dynamic-dns.service', 'priority': 5000, 'groups': ['matrix', 'dynamic-dns']}] if matrix_dynamic_dns_enabled else []) + + + ([{'name': 'matrix-email2matrix.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'email2matrix']}] if matrix_email2matrix_enabled else []) + + + ([{'name': 'matrix-etherpad.service', 'priority': 4000, 'groups': ['matrix', 'etherpad']}] if matrix_etherpad_enabled else []) + + + ([{'name': 'matrix-grafana.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if matrix_grafana_enabled else []) + + + ([{'name': 'matrix-jitsi-web.service', 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if matrix_jitsi_enabled else []) + + + ([{'name': 'matrix-jitsi-prosody.service', 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if matrix_jitsi_enabled else []) + + + ([{'name': 'matrix-jitsi-jicofo.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if matrix_jitsi_enabled else []) + + + ([{'name': 'matrix-jitsi-jvb.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if matrix_jitsi_enabled else []) + + + ([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else []) + + + ([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else []) + + + ([{'name': 'matrix-mailer.service', 'priority': 2000, 'groups': ['matrix', 'mailer']}] if matrix_mailer_enabled else []) + + + ([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else []) + + + (matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable')) + + + ([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else []) + + + ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else []) + + + ([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else []) + + + ([{'name': 'matrix-prometheus.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-core']}] if matrix_prometheus_enabled else []) + + + ([{'name': 'matrix-prometheus-node-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_node_exporter_enabled else []) + + + ([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else []) + + + ([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_nginxlog_exporter_enabled else []) + + + ([{'name': 'matrix-redis', 'priority': 750, 'groups': ['matrix', 'redis']}] if matrix_redis_enabled else []) + + + ([{'name': 'matrix-registration.service', 'priority': 4000, 'groups': ['matrix', 'registration']}] if matrix_registration_enabled else []) + + + ([{'name': 'matrix-sygnal.service', 'priority': 800, 'groups': ['matrix', 'sygnal']}] if matrix_sygnal_enabled else []) + + + ([{'name': 'matrix-goofys.service', 'priority': 800, 'groups': ['matrix', 'goofys']}] if matrix_s3_media_store_enabled else []) + + + ([{'name': 'matrix-synapse-s3-storage-provider-migrate.timer', 'priority': 5000, 'groups': ['matrix']}] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else []) + + + ([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else []) + + + ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else []) + }} + +######################################################################## +# # +# /com.devture.ansible.role.systemd_service_manager # +# # +######################################################################## + ######################################################################## # # @@ -57,12 +368,10 @@ devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_d matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" -# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}'. -# This is because we explicitly disable them for the main Synapse process. matrix_homeserver_container_url: |- {{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else { - 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string), + 'synapse': ('http://matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string), 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string), 'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string), }[matrix_homeserver_implementation] @@ -71,7 +380,7 @@ matrix_homeserver_container_url: |- matrix_homeserver_container_federation_url: |- {{ 'http://matrix-nginx-proxy:12088' if matrix_nginx_proxy_enabled else { - 'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string), + 'synapse': ('http://matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string), 'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string), 'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string), }[matrix_homeserver_implementation] @@ -110,19 +419,20 @@ matrix_appservice_discord_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token') | to_uuid }}" +matrix_appservice_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.as.token', rounds=655555) | to_uuid }}" -matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token') | to_uuid }}" +matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'discord.hs.token', rounds=655555) | to_uuid }}" # We only make this use Postgres if our own Postgres server is enabled. # It's only then (for now) that we can automatically create the necessary database and user for this service. -matrix_appservice_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db') | to_uuid }}" +matrix_appservice_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_appservice_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -147,12 +457,12 @@ matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture ! # matrix-appservice-webhooks' client-server port to the local host. matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_webhooks_matrix_port) }}" -matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token') | to_uuid }}" +matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}" matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}" -matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token') | to_uuid }}" +matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.hs.token', rounds=655555) | to_uuid }}" -matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token') | to_uuid }}" +matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.id.token', rounds=655555) | to_uuid }}" matrix_appservice_webhooks_systemd_required_services_list: | {{ @@ -186,12 +496,12 @@ matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not # matrix-appservice-slack's client-server port to the local host. matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_slack_slack_port) }}" -matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token') | to_uuid }}" +matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}" matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}" -matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token') | to_uuid }}" +matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.hs.token', rounds=655555) | to_uuid }}" -matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token') | to_uuid }}" +matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token', rounds=655555) | to_uuid }}" matrix_appservice_slack_systemd_required_services_list: | {{ @@ -202,9 +512,10 @@ matrix_appservice_slack_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_appservice_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}" -matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_appservice_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}" +matrix_appservice_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -241,12 +552,13 @@ matrix_appservice_irc_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token') | to_uuid }}" +matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.as.token', rounds=655555) | to_uuid }}" -matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token') | to_uuid }}" +matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}" -matrix_appservice_irc_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'nedb' }}" -matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db') | to_uuid }}" +matrix_appservice_irc_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}" +matrix_appservice_irc_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -274,17 +586,18 @@ matrix_appservice_kakaotalk_systemd_required_services_list: | + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} -matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}" +matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}" -matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}" +matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs', rounds=655555) | to_uuid }}" matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}" +matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_appservice_kakaotalk_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -310,20 +623,21 @@ matrix_beeper_linkedin_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token') | to_uuid }}" +matrix_beeper_linkedin_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.as.token', rounds=655555) | to_uuid }}" -matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token') | to_uuid }}" +matrix_beeper_linkedin_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'linked.hs.token', rounds=655555) | to_uuid }}" matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" -matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" +matrix_beeper_linkedin_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -348,20 +662,21 @@ matrix_go_skype_bridge_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}" +matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token', rounds=655555) | to_uuid }}" -matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}" +matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token', rounds=655555) | to_uuid }}" matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_go_skype_bridge_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_go_skype_bridge_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -369,6 +684,47 @@ matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_ge # ###################################################################### + +###################################################################### +# +# matrix-bridge-mautrix-discord +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_discord_enabled: false + +matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +matrix_mautrix_discord_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}" + +matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok', rounds=655555) | to_uuid }}" + +matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using internal Postgres server +matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-discord +# +###################################################################### + + ###################################################################### # # matrix-bridge-mautrix-facebook @@ -386,16 +742,16 @@ matrix_mautrix_facebook_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token') | to_uuid }}" +matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.as.token', rounds=655555) | to_uuid }}" -matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token') | to_uuid }}" +matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token', rounds=655555) | to_uuid }}" -matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook') | to_uuid }}" +matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook', rounds=655555) | to_uuid }}" matrix_mautrix_facebook_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9008' }}" @@ -405,8 +761,9 @@ matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. -matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db') | to_uuid }}" +matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_facebook_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -415,47 +772,6 @@ matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_g ###################################################################### -###################################################################### -# -# matrix-bridge-mautrix-hangouts -# -###################################################################### - -# We don't enable bridges by default. -matrix_mautrix_hangouts_enabled: false - -matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" - -matrix_mautrix_hangouts_systemd_required_services_list: | - {{ - ['docker.service'] - + - ['matrix-' + matrix_homeserver_implementation + '.service'] - + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) - + - (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) - }} - -matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token') | to_uuid }}" - -matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token') | to_uuid }}" - -matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}" - -matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" - -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db') | to_uuid }}" - -###################################################################### -# -# /matrix-bridge-mautrix-hangouts -# -###################################################################### - - ###################################################################### # # matrix-bridge-mautrix-googlechat @@ -473,22 +789,23 @@ matrix_mautrix_googlechat_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token') | to_uuid }}" +matrix_mautrix_googlechat_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.as.token', rounds=655555) | to_uuid }}" -matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token') | to_uuid }}" +matrix_mautrix_googlechat_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gc.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_googlechat_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}" matrix_mautrix_googlechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_googlechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -497,6 +814,48 @@ matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-hangouts +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_hangouts_enabled: false + +matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + +matrix_mautrix_hangouts_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_hangouts_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.as.token', rounds=655555) | to_uuid }}" + +matrix_mautrix_hangouts_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ho.hs.token', rounds=655555) | to_uuid }}" + +matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}" + +matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using internal Postgres server +matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_hangouts_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-hangouts +# +###################################################################### + + ###################################################################### # # matrix-bridge-mautrix-instagram @@ -514,14 +873,14 @@ matrix_mautrix_instagram_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token') | to_uuid }}" +matrix_mautrix_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.as.token', rounds=655555) | to_uuid }}" -matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token') | to_uuid }}" +matrix_mautrix_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ig.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" @@ -529,8 +888,9 @@ matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. -matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db') | to_uuid }}" +matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -554,7 +914,7 @@ matrix_mautrix_signal_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + @@ -565,14 +925,15 @@ matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}" -matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token') | to_uuid }}" +matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}" -matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token') | to_uuid }}" +matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}" matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_signal_database_engine: 'postgres' -matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" +matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}" matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -603,24 +964,25 @@ matrix_mautrix_telegram_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token') | to_uuid }}" +matrix_mautrix_telegram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.as.token', rounds=655555) | to_uuid }}" -matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token') | to_uuid }}" +matrix_mautrix_telegram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegr.hs.token', rounds=655555) | to_uuid }}" -matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram') | to_uuid }}" +matrix_mautrix_telegram_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'telegram', rounds=655555) | to_uuid }}" matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}" matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mautrix_telegram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mautrix_telegram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_telegram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -645,19 +1007,19 @@ matrix_mautrix_twitter_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}" +matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token', rounds=655555) | to_uuid }}" -matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}" +matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if devture_postgres_enabled else '' }}" ###################################################################### # @@ -682,20 +1044,21 @@ matrix_mautrix_whatsapp_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token') | to_uuid }}" +matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}" -matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token') | to_uuid }}" +matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_whatsapp_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -703,48 +1066,6 @@ matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_g # ###################################################################### -###################################################################### -# -# matrix-bridge-mautrix-discord -# -###################################################################### - -# We don't enable bridges by default. -matrix_mautrix_discord_enabled: false - -matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" - -matrix_mautrix_discord_systemd_required_services_list: | - {{ - ['docker.service'] - + - ['matrix-' + matrix_homeserver_implementation + '.service'] - + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) - + - (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) - }} - -matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}" - -matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}" - -matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" - -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}" - -# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default. -# This will be fixed in the upcoming `0.5.0` release of conduit. -matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}" - -###################################################################### -# -# /matrix-bridge-mautrix-discord -# -###################################################################### - ###################################################################### # # matrix-sms-bridge @@ -763,10 +1084,10 @@ matrix_sms_bridge_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token') | to_uuid }}" +matrix_sms_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.as.token', rounds=655555) | to_uuid }}" matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}" -matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token') | to_uuid }}" +matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sms.hs.token', rounds=655555) | to_uuid }}" ###################################################################### # @@ -783,9 +1104,9 @@ matrix_sms_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_ # We don't enable bridges by default. matrix_heisenbridge_enabled: false -matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok') | to_uuid }}" +matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}" -matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok') | to_uuid }}" +matrix_heisenbridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.hs.tok', rounds=655555) | to_uuid }}" matrix_heisenbridge_systemd_wanted_services_list: | {{ @@ -811,9 +1132,9 @@ matrix_hookshot_enabled: false matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" -matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" +matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok', rounds=655555) | to_uuid }}" -matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" +matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok', rounds=655555) | to_uuid }}" matrix_hookshot_systemd_wanted_services_list: | {{ @@ -868,20 +1189,21 @@ matrix_mx_puppet_slack_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" +matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}" -matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" +matrix_mx_puppet_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.hs.tok', rounds=655555) | to_uuid }}" matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -906,22 +1228,23 @@ matrix_mx_puppet_twitter_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}" +matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}" -matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}" +matrix_mx_puppet_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.hs.tok', rounds=655555) | to_uuid }}" matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_mx_puppet_twitter_appservice_port) }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -947,20 +1270,21 @@ matrix_mx_puppet_instagram_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok') | to_uuid }}" +matrix_mx_puppet_instagram_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.as.tok', rounds=655555) | to_uuid }}" -matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}" +matrix_mx_puppet_instagram_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxig.hs.tok', rounds=655555) | to_uuid }}" matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -985,20 +1309,21 @@ matrix_mx_puppet_discord_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}" +matrix_mx_puppet_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.as.tok', rounds=655555) | to_uuid }}" -matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}" +matrix_mx_puppet_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxdsc.hs.tok', rounds=655555) | to_uuid }}" matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1023,20 +1348,21 @@ matrix_mx_puppet_steam_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok') | to_uuid }}" +matrix_mx_puppet_steam_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.as.tok', rounds=655555) | to_uuid }}" -matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}" +matrix_mx_puppet_steam_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxste.hs.tok', rounds=655555) | to_uuid }}" matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_steam_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1061,20 +1387,21 @@ matrix_mx_puppet_groupme_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}" +matrix_mx_puppet_groupme_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.as.tok', rounds=655555) | to_uuid }}" -matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}" +matrix_mx_puppet_groupme_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxgro.hs.tok', rounds=655555) | to_uuid }}" matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_groupme_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1097,14 +1424,15 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_bot_matrix_reminder_bot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}" matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" ###################################################################### @@ -1158,7 +1486,7 @@ matrix_bot_maubot_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} @@ -1167,15 +1495,16 @@ matrix_bot_maubot_registration_shared_secret: |- {{ { 'synapse': matrix_synapse_registration_shared_secret, - 'dendrite': matrix_dendrite_registration_shared_secret, + 'dendrite': matrix_dendrite_client_api_registration_shared_secret, }[matrix_homeserver_implementation] }} matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_bot_maubot_management_interface_port | string) }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_bot_maubot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_bot_maubot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1197,16 +1526,17 @@ matrix_bot_honoroit_systemd_required_services_list: | {{ ['docker.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_bot_honoroit_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_bot_honoroit_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_bot_honoroit_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}" matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### @@ -1224,21 +1554,23 @@ matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in [ # We don't enable bots by default. matrix_bot_buscarron_enabled: false +matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + matrix_bot_buscarron_systemd_required_services_list: | {{ ['docker.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}" -matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" +# Postgres is the default, except if not using internal Postgres server +matrix_bot_buscarron_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_bot_buscarron_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1254,24 +1586,26 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in # We don't enable bots by default. matrix_bot_postmoogle_enabled: false + +matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}" -matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem" -matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem" +matrix_bot_postmoogle_tls_cert: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/fullchain.pem {% endfor %}" +matrix_bot_postmoogle_tls_key: "{% for domain in matrix_bot_postmoogle_domains %}/ssl/live/{{ domain }}/privkey.pem {% endfor %}" matrix_bot_postmoogle_systemd_required_services_list: | {{ ['docker.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db') | to_uuid }}" - -matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" +# Postgres is the default, except if not using internal Postgres server +matrix_bot_postmoogle_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_bot_postmoogle_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1324,7 +1658,7 @@ matrix_bot_mjolnir_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} @@ -1342,33 +1676,31 @@ matrix_bot_mjolnir_systemd_required_services_list: | ###################################################################### matrix_backup_borg_enabled: false + matrix_backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" -matrix_backup_borg_postgresql_enabled: "{{ matrix_postgres_enabled }}" -matrix_backup_borg_postgresql_databases_hostname: "{{ matrix_postgres_connection_hostname }}" -matrix_backup_borg_postgresql_databases_username: "{{ matrix_postgres_connection_username }}" -matrix_backup_borg_postgresql_databases_password: "{{ matrix_postgres_connection_password }}" -matrix_backup_borg_postgresql_databases_port: "{{ matrix_postgres_connection_port }}" -matrix_backup_borg_postgresql_databases: | - {{ - (([{ - 'name': matrix_synapse_database_database - }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) - + - matrix_postgres_additional_databases)|map(attribute='name') | list - }} + +matrix_backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}" +matrix_backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" +matrix_backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" +matrix_backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" +matrix_backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" + matrix_backup_borg_location_source_directories: - "{{ matrix_base_data_path }}" + matrix_backup_borg_location_exclude_patterns: | {{ ([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else []) + - ([matrix_postgres_data_path] if matrix_postgres_enabled else []) + ([devture_postgres_data_path] if devture_postgres_enabled else []) }} + matrix_backup_borg_systemd_required_services_list: | {{ ['docker.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} ###################################################################### @@ -1385,8 +1717,8 @@ matrix_backup_borg_systemd_required_services_list: | matrix_cactus_comments_enabled: false # Derive secret values from homeserver secret -matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token') | to_uuid }}" -matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token') | to_uuid }}" +matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token', rounds=655555) | to_uuid }}" +matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token', rounds=655555) | to_uuid }}" matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" matrix_cactus_comments_systemd_required_services_list: | @@ -1456,7 +1788,7 @@ matrix_coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64 matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" -matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}" +matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas', rounds=655555) | to_uuid }}" matrix_coturn_tls_enabled: "{{ matrix_ssl_retrieval_method != 'none' }}" matrix_coturn_tls_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_server_fqn_matrix }}/fullchain.pem" @@ -1501,14 +1833,15 @@ matrix_dimension_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_dimension_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_dimension_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_dimension_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1526,16 +1859,17 @@ matrix_etherpad_enabled: false matrix_etherpad_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9001' }}" -matrix_etherpad_base_url: "{{ 'https://'+ matrix_server_fqn_dimension + matrix_etherpad_public_endpoint if matrix_etherpad_mode == 'dimension' else 'https://' + matrix_server_fqn_etherpad + '/' }}" +matrix_etherpad_base_url: "{{ 'https://' + matrix_server_fqn_dimension + matrix_etherpad_public_endpoint if matrix_etherpad_mode == 'dimension' else 'https://' + matrix_server_fqn_etherpad + '/' }}" matrix_etherpad_systemd_required_services_list: | {{ ['docker.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} -matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db') | to_uuid }}" +matrix_etherpad_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1590,9 +1924,9 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_pro matrix_jitsi_prosody_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:5280' }}" -matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri') | to_uuid }}" -matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo') | to_uuid }}" -matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb') | to_uuid }}" +matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}" +matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}" +matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}" matrix_jitsi_web_stun_servers: | {{ @@ -1698,21 +2032,22 @@ matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval matrix_ma1sd_systemd_required_services_list: | {{ - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} matrix_ma1sd_systemd_wanted_services_list: | {{ (['matrix-corporal.service'] if matrix_corporal_enabled else ['matrix-' + matrix_homeserver_implementation + '.service']) + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-mailer.service'] if matrix_mailer_enabled else []) }} -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_ma1sd_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_ma1sd_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_ma1sd_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -1720,6 +2055,7 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr # ###################################################################### + ###################################################################### # # matrix-nginx-proxy @@ -1782,10 +2118,10 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-ngin matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088" matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" -matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" -matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port | string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port | string}}" +matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "{{ 'matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:8008' }}" +matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:8008" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "{{ 'matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:8048' }}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:8048" matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}" @@ -1815,26 +2151,14 @@ matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_ret # and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1074 matrix_nginx_proxy_ocsp_stapling_enabled: "{{ matrix_ssl_retrieval_method != 'self-signed' }}" -matrix_nginx_proxy_synapse_presence_disabled: "{{ not matrix_synapse_presence_enabled }}" - -matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}" -matrix_nginx_proxy_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}" -matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}" -matrix_nginx_proxy_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}" -matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}" -matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}" -matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}" -matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}" -matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}" -matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}" -matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}" - matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] + (matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled else []) + + (['matrix-synapse-reverse-proxy-companion.service'] if matrix_synapse_reverse_proxy_companion_enabled else []) + + (['matrix-corporal.service'] if matrix_corporal_enabled else []) + (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else []) @@ -1909,35 +2233,50 @@ matrix_ssl_architecture: "{{ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}" +matrix_nginx_proxy_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}" +matrix_nginx_proxy_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}" + ###################################################################### # # /matrix-nginx-proxy # ###################################################################### -###################################################################### -# -# matrix-postgres -# -###################################################################### -matrix_postgres_enabled: true +######################################################################## +# # +# com.devture.ansible.role.postgres # +# # +######################################################################## -matrix_postgres_architecture: "{{ matrix_architecture }}" +# To completely disable installing Postgres, use `devture_postgres_enabled: false`. -# We unset this if internal Postgres disabled, which will cascade to some other variables -# and tell users they need to set it (either here or in those variables). -matrix_postgres_connection_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" +devture_postgres_identifier: matrix-postgres -matrix_postgres_pgloader_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +devture_postgres_architecture: "{{ matrix_architecture }}" -matrix_postgres_additional_databases: | +devture_postgres_base_path: "{{ matrix_base_data_path }}/postgres" + +devture_postgres_container_network: "{{ matrix_docker_network }}" + +devture_postgres_uid: "{{ matrix_user_uid }}" +devture_postgres_gid: "{{ matrix_user_gid }}" + +devture_postgres_connection_username: matrix +devture_postgres_db_name: matrix + +devture_postgres_systemd_services_to_stop_for_maintenance_list: | + {{ + ['matrix-' + matrix_homeserver_implementation + '.service'] + }} + +devture_postgres_managed_databases_auto: | {{ ([{ 'name': matrix_synapse_database_database, 'username': matrix_synapse_database_user, 'password': matrix_synapse_database_password, - }] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + }] if (matrix_synapse_enabled and matrix_synapse_database_host == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_dendrite_federationapi_database, @@ -1971,206 +2310,244 @@ matrix_postgres_additional_databases: | 'name': matrix_dendrite_mscs_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, - }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == 'matrix-postgres') else []) + }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_ma1sd_database_name, 'username': matrix_ma1sd_database_username, 'password': matrix_ma1sd_database_password, - }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == 'matrix-postgres') else []) + }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_matrix_reminder_bot_database_name, 'username': matrix_bot_matrix_reminder_bot_database_username, 'password': matrix_bot_matrix_reminder_bot_database_password, - }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == 'matrix-postgres') else []) + }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_honoroit_database_name, 'username': matrix_bot_honoroit_database_username, 'password': matrix_bot_honoroit_database_password, - }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else []) + }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_postmoogle_database_name, 'username': matrix_bot_postmoogle_database_username, 'password': matrix_bot_postmoogle_database_password, - }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == 'matrix-postgres') else []) + }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_maubot_database_name, 'username': matrix_bot_maubot_database_username, 'password': matrix_bot_maubot_database_password, - }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == 'matrix-postgres') else []) + }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_buscarron_database_name, 'username': matrix_bot_buscarron_database_username, 'password': matrix_bot_buscarron_database_password, - }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == 'matrix-postgres') else []) + }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_registration_database_name, 'username': matrix_registration_database_username, 'password': matrix_registration_database_password, - }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == 'matrix-postgres') else []) + }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_discord_database_name, 'username': matrix_appservice_discord_database_username, 'password': matrix_appservice_discord_database_password, - }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == 'matrix-postgres') else []) + }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_slack_database_name, 'username': matrix_appservice_slack_database_username, 'password': matrix_appservice_slack_database_password, - }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == 'matrix-postgres') else []) + }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_irc_database_name, 'username': matrix_appservice_irc_database_username, 'password': matrix_appservice_irc_database_password, - }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else []) + }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_kakaotalk_database_name, 'username': matrix_appservice_kakaotalk_database_username, 'password': matrix_appservice_kakaotalk_database_password, - }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == 'matrix-postgres') else []) + }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_beeper_linkedin_database_name, 'username': matrix_beeper_linkedin_database_username, 'password': matrix_beeper_linkedin_database_password, - }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else []) + }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_go_skype_bridge_database_name, 'username': matrix_go_skype_bridge_database_username, 'password': matrix_go_skype_bridge_database_password, - }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == 'matrix-postgres') else []) + }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_facebook_database_name, 'username': matrix_mautrix_facebook_database_username, 'password': matrix_mautrix_facebook_database_password, - }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_hangouts_database_name, 'username': matrix_mautrix_hangouts_database_username, 'password': matrix_mautrix_hangouts_database_password, - }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_googlechat_database_name, 'username': matrix_mautrix_googlechat_database_username, 'password': matrix_mautrix_googlechat_database_password, - }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_instagram_database_name, 'username': matrix_mautrix_instagram_database_username, 'password': matrix_mautrix_instagram_database_password, - }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_signal_database_name, 'username': matrix_mautrix_signal_database_username, 'password': matrix_mautrix_signal_database_password, - }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_telegram_database_name, 'username': matrix_mautrix_telegram_database_username, 'password': matrix_mautrix_telegram_database_password, - }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_twitter_database_name, 'username': matrix_mautrix_twitter_database_username, 'password': matrix_mautrix_twitter_database_password, - }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_whatsapp_database_name, 'username': matrix_mautrix_whatsapp_database_username, 'password': matrix_mautrix_whatsapp_database_password, - }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_discord_database_name, 'username': matrix_mautrix_discord_database_username, 'password': matrix_mautrix_discord_database_password, - }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_slack_database_name, 'username': matrix_mx_puppet_slack_database_username, 'password': matrix_mx_puppet_slack_database_password, - }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_twitter_database_name, 'username': matrix_mx_puppet_twitter_database_username, 'password': matrix_mx_puppet_twitter_database_password, - }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_instagram_database_name, 'username': matrix_mx_puppet_instagram_database_username, 'password': matrix_mx_puppet_instagram_database_password, - }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_discord_database_name, 'username': matrix_mx_puppet_discord_database_username, 'password': matrix_mx_puppet_discord_database_password, - }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_steam_database_name, 'username': matrix_mx_puppet_steam_database_username, 'password': matrix_mx_puppet_steam_database_password, - }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_groupme_database_name, 'username': matrix_mx_puppet_groupme_database_username, 'password': matrix_mx_puppet_groupme_database_password, - }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_dimension_database_name, 'username': matrix_dimension_database_username, 'password': matrix_dimension_database_password, - }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == 'matrix-postgres') else []) + }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_etherpad_database_name, 'username': matrix_etherpad_database_username, 'password': matrix_etherpad_database_password, - }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else []) + }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_prometheus_postgres_exporter_database_name, 'username': matrix_prometheus_postgres_exporter_database_username, 'password': matrix_prometheus_postgres_exporter_database_password, - }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else []) + }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else []) }} -matrix_postgres_systemd_services_to_stop_for_maintenance_list: | +######################################################################## +# # +# /com.devture.ansible.role.postgres # +# # +######################################################################## + + +######################################################################## +# # +# com.devture.ansible.role.postgres_backup # +# # +######################################################################## + +devture_postgres_backup_enabled: false + +devture_postgres_backup_identifier: matrix-postgres-backup + +devture_postgres_backup_architecture: "{{ matrix_architecture }}" + +devture_postgres_backup_base_path: "{{ matrix_base_data_path }}/postgres-backup" + +devture_postgres_backup_systemd_required_services_list: | {{ - ['matrix-' + matrix_homeserver_implementation + '.service'] + (['docker.service']) + + + ([(devture_postgres_identifier + '.service')] if devture_postgres_enabled else []) }} -###################################################################### -# -# /matrix-postgres -# -###################################################################### +devture_postgres_backup_container_network: "{{ matrix_docker_network }}" + +devture_postgres_backup_uid: "{{ matrix_user_uid }}" +devture_postgres_backup_gid: "{{ matrix_user_gid }}" + +devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" +devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" +devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" + +devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}" + +devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" + +######################################################################## +# # +# /com.devture.ansible.role.postgres_backup # +# # +######################################################################## + ###################################################################### # @@ -2277,6 +2654,8 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr matrix_client_hydrogen_enabled: false +matrix_client_hydrogen_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + # Normally, matrix-nginx-proxy is enabled and nginx can reach Hydrogen over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # the HTTP port to the local host. @@ -2330,16 +2709,6 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6 # When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself. matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" -# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. -# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, -# you can expose Synapse's ports to the host. -# -# For exposing the Matrix Client API's port (plain HTTP) to the local host. -matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port | string }}" -# -# For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. -matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port | string }}" -# # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" # @@ -2352,9 +2721,10 @@ matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if mat # For exposing the Synapse worker (and metrics) ports to the local host. matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}" -matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db') | to_uuid }}" +matrix_synapse_database_host: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}" -matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac') | to_uuid }}" +matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}" # We do not enable TLS in Synapse by default. # TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse. @@ -2402,7 +2772,7 @@ matrix_synapse_systemd_required_services_list: | {{ (['docker.service']) + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} @@ -2419,8 +2789,8 @@ matrix_synapse_redis_enabled: "{{ matrix_redis_enabled }}" matrix_synapse_redis_host: "{{ 'matrix-redis' if matrix_redis_enabled else '' }}" matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_redis_enabled else '' }}" -matrix_synapse_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}" -matrix_synapse_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}" +matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" +matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" ###################################################################### # @@ -2428,6 +2798,40 @@ matrix_synapse_app_service_runtime_injected_config_files: "{{ matrix_homeserver_ # ###################################################################### +###################################################################### +# +# matrix-synapse-reverse-proxy-companion +# +###################################################################### + +matrix_synapse_reverse_proxy_companion_enabled: "{{ matrix_synapse_enabled }}" + +matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}" + +matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" +matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}" + +matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}" +matrix_synapse_reverse_proxy_companion_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}" +matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}" +matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}" +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}" +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}" +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}" +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}" +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}" +matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}" +matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}" + +matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}" +matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}" + +###################################################################### +# +# /matrix-synapse-reverse-proxy-companion +# +###################################################################### + ###################################################################### # # matrix-synapse-admin @@ -2463,6 +2867,20 @@ matrix_prometheus_node_exporter_enabled: false # ###################################################################### +###################################################################### +# +# matrix-prometheus-nginxlog-exporter +# +###################################################################### + +matrix_prometheus_nginxlog_exporter_enabled: false + +###################################################################### +# +# /matrix-prometheus-nginxlog-exporter +# +###################################################################### + ###################################################################### # # matrix-prometheus @@ -2490,6 +2908,10 @@ matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exp matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|default(false) }}" matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | string +':'+ matrix_hookshot_metrics_port | string] if matrix_hookshot_metrics_enabled else [] }}" +matrix_prometheus_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}" +matrix_prometheus_scraper_nginxlog_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_metrics_port | string) +| default('') }}" + ###################################################################### # # /matrix-prometheus @@ -2503,13 +2925,14 @@ matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | ###################################################################### matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db') | to_uuid }}" +matrix_prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}" matrix_prometheus_postgres_exporter_systemd_required_services_list: | {{ ['docker.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} ###################################################################### @@ -2538,6 +2961,8 @@ matrix_grafana_dashboard_download_urls: | (matrix_prometheus_node_exporter_dashboard_urls if matrix_prometheus_node_exporter_enabled else []) + (matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else []) + + + (matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else []) }} matrix_grafana_default_home_dashboard_path: |- @@ -2581,7 +3006,7 @@ matrix_registration_shared_secret: |- {{ { 'synapse': matrix_synapse_registration_shared_secret, - 'dendrite': matrix_dendrite_registration_shared_secret, + 'dendrite': matrix_dendrite_client_api_registration_shared_secret, 'conduit': '', }[matrix_homeserver_implementation] }} @@ -2596,12 +3021,13 @@ matrix_registration_systemd_required_services_list: | {{ ['docker.service'] + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_registration_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db') | to_uuid }}" +# Postgres is the default, except if not using internal Postgres server +matrix_registration_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_registration_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}" ###################################################################### # @@ -2609,34 +3035,6 @@ matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_gener # ###################################################################### -###################################################################### -# -# matrix-postgres-backup -# -###################################################################### - -matrix_postgres_backup_connection_hostname: "{{ matrix_postgres_connection_hostname }}" -matrix_postgres_backup_connection_port: "{{ matrix_postgres_connection_port }}" -matrix_postgres_backup_connection_username: "{{ matrix_postgres_connection_username }}" -matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_password }}" - -matrix_postgres_backup_postgres_data_path: "{{ matrix_postgres_data_path if matrix_postgres_enabled else '' }}" - -# the default matrix synapse databse is not always part of the matrix_postgres_additional_databases variable thus we have to add it if the default database is used -matrix_postgres_backup_databases: | - {{ - (([{ - 'name': matrix_synapse_database_database - }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) - + - matrix_postgres_additional_databases)|map(attribute='name') | list - }} - -###################################################################### -# -# /matrix-postgres-backup -# -###################################################################### ###################################################################### # @@ -2658,13 +3056,15 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_ matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}" -matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}" +matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}" -matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}" +matrix_dendrite_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" + +matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}" # Even if TURN doesn't support TLS (it does by default), # it doesn't hurt to try a secure connection anyway. -matrix_dendrite_turn_uris: | +matrix_dendrite_client_api_turn_uris: | {{ [ 'turns:' + matrix_server_fqn_matrix + '?transport=udp', @@ -2676,7 +3076,7 @@ matrix_dendrite_turn_uris: | else [] }} -matrix_dendrite_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}" +matrix_dendrite_client_api_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}" matrix_dendrite_disable_tls_validation: "{{ true if matrix_ssl_retrieval_method == 'self-signed' else false }}" @@ -2688,7 +3088,7 @@ matrix_dendrite_systemd_required_services_list: | {{ (['docker.service']) + - (['matrix-postgres.service'] if matrix_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} @@ -2698,8 +3098,8 @@ matrix_dendrite_systemd_wanted_services_list: | (['matrix-coturn.service'] if matrix_coturn_enabled else []) }} -matrix_dendrite_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}" -matrix_dendrite_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}" +matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" +matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" ###################################################################### # @@ -2736,29 +3136,29 @@ matrix_conduit_systemd_required_services_list: | matrix_user_creator_users_auto: | {{ - [{ + ([{ 'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart, 'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password, 'initial_type': 'bot', - }] if matrix_bot_matrix_reminder_bot_enabled else [] + }] if matrix_bot_matrix_reminder_bot_enabled else []) + - [{ + ([{ 'username': matrix_bot_honoroit_login, 'initial_password': matrix_bot_honoroit_password, 'initial_type': 'bot', - }] if matrix_bot_honoroit_enabled else [] + }] if matrix_bot_honoroit_enabled else []) + - [{ + ([{ 'username': matrix_bot_postmoogle_login, 'initial_password': matrix_bot_postmoogle_password, 'initial_type': 'bot', - }] if matrix_bot_postmoogle_enabled else [] + }] if matrix_bot_postmoogle_enabled else []) + - [{ + ([{ 'username': matrix_bot_buscarron_login, 'initial_password': matrix_bot_buscarron_password, 'initial_type': 'bot', - }] if matrix_bot_buscarron_enabled else [] + }] if matrix_bot_buscarron_enabled else []) }} ###################################################################### diff --git a/playbooks/jitsi_jvb.yml b/playbooks/jitsi_jvb.yml new file mode 100644 index 000000000..f19800908 --- /dev/null +++ b/playbooks/jitsi_jvb.yml @@ -0,0 +1,12 @@ +--- +- name: "Set up additional Jitsi JVB servers" + hosts: "jitsi_jvb_servers" + become: true + + roles: + - role: galaxy/com.devture.ansible.role.playbook_help + - role: galaxy/com.devture.ansible.role.systemd_docker_base + + - custom/matrix-base + - custom/matrix-jitsi + - custom/matrix-common-after diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml new file mode 100755 index 000000000..088ea6406 --- /dev/null +++ b/playbooks/matrix.yml @@ -0,0 +1,126 @@ +--- +- name: "Set up a Matrix server" + hosts: "{{ target if target is defined else 'matrix_servers' }}" + become: true + + roles: + # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`). + - role: galaxy/com.devture.ansible.role.playbook_help + + - role: galaxy/com.devture.ansible.role.systemd_docker_base + + - role: custom/matrix_playbook_migration + + - when: matrix_playbook_docker_installation_enabled | bool + role: galaxy/geerlingguy.docker + vars: + docker_install_compose: false + tags: + - setup-docker + - setup-all + - install-docker + - install-all + + - when: devture_docker_sdk_for_python_installation_enabled | bool + role: galaxy/com.devture.ansible.role.docker_sdk_for_python + tags: + - setup-docker + - setup-all + - install-docker + - install-all + + - when: devture_timesync_installation_enabled | bool + role: galaxy/com.devture.ansible.role.timesync + tags: + - setup-timesync + - setup-all + - install-timesync + - install-all + + - custom/matrix-base + - custom/matrix-dynamic-dns + - custom/matrix-mailer + + - role: galaxy/com.devture.ansible.role.postgres + + - custom/matrix-redis + - custom/matrix-corporal + - custom/matrix-bridge-appservice-discord + - custom/matrix-bridge-appservice-slack + - custom/matrix-bridge-appservice-webhooks + - custom/matrix-bridge-appservice-irc + - custom/matrix-bridge-appservice-kakaotalk + - custom/matrix-bridge-beeper-linkedin + - custom/matrix-bridge-go-skype-bridge + - custom/matrix-bridge-mautrix-facebook + - custom/matrix-bridge-mautrix-twitter + - custom/matrix-bridge-mautrix-hangouts + - custom/matrix-bridge-mautrix-googlechat + - custom/matrix-bridge-mautrix-instagram + - custom/matrix-bridge-mautrix-signal + - custom/matrix-bridge-mautrix-telegram + - custom/matrix-bridge-mautrix-whatsapp + - custom/matrix-bridge-mautrix-discord + - custom/matrix-bridge-mx-puppet-discord + - custom/matrix-bridge-mx-puppet-groupme + - custom/matrix-bridge-mx-puppet-steam + - custom/matrix-bridge-mx-puppet-slack + - custom/matrix-bridge-mx-puppet-twitter + - custom/matrix-bridge-mx-puppet-instagram + - custom/matrix-bridge-sms + - custom/matrix-bridge-heisenbridge + - custom/matrix-bridge-hookshot + - custom/matrix-bot-matrix-reminder-bot + - custom/matrix-bot-matrix-registration-bot + - custom/matrix-bot-maubot + - custom/matrix-bot-buscarron + - custom/matrix-bot-honoroit + - custom/matrix-bot-postmoogle + - custom/matrix-bot-go-neb + - custom/matrix-bot-mjolnir + - custom/matrix-cactus-comments + - custom/matrix-synapse + - custom/matrix-synapse-reverse-proxy-companion + - custom/matrix-dendrite + - custom/matrix-conduit + - custom/matrix-synapse-admin + - custom/matrix-prometheus-node-exporter + - custom/matrix-prometheus-postgres-exporter + - custom/matrix-prometheus-nginxlog-exporter + - custom/matrix-prometheus + - custom/matrix-grafana + - custom/matrix-registration + - custom/matrix-client-element + - custom/matrix-client-hydrogen + - custom/matrix-client-cinny + - custom/matrix-jitsi + - custom/matrix-ldap-registration-proxy + - custom/matrix-ma1sd + - custom/matrix-dimension + - custom/matrix-etherpad + - custom/matrix-email2matrix + - custom/matrix-sygnal + - custom/matrix-ntfy + - custom/matrix-nginx-proxy + - custom/matrix-coturn + - custom/matrix-aux + + - role: galaxy/com.devture.ansible.role.postgres_backup + + - custom/matrix-backup-borg + + - custom/matrix-user-creator + - custom/matrix-common-after + + - when: devture_systemd_service_manager_enabled | bool + role: galaxy/com.devture.ansible.role.systemd_service_manager + + # This is pretty much last, because we want it to better serve as a "last known good configuration". + # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 + - when: devture_playbook_state_preserver_enabled | bool + role: galaxy/com.devture.ansible.role.playbook_state_preserver + tags: + - setup-all + - install-all + + - role: galaxy/com.devture.ansible.role.playbook_runtime_messages diff --git a/requirements.yml b/requirements.yml index a57b63a9b..93c802158 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,5 +1,11 @@ --- +- src: geerlingguy.docker + version: 6.0.4 + +- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git + version: 6ba3be490b6f4c6f35ea109aeb8e533fa231b3a5 + - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f @@ -7,10 +13,19 @@ version: 327d2e17f5189ac2480d6012f58cf64a2b46efba - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git - version: 461ace97fcf0e36c76747b36fcad8587d9b072f5 + version: 660f384f176a9ea3b5cc702bde39e7dc10bf6186 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 +- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git + version: e75973e3a4edc12dfc3e880e43b12ebecbf82c61 + +- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git + version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b + +- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git + version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096 + - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git - version: f1c78d4e85e875129790c58335d0e44385683f6b + version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 diff --git a/roles/custom/matrix-aux/tasks/main.yml b/roles/custom/matrix-aux/tasks/main.yml index df7c77d0c..57db09653 100644 --- a/roles/custom/matrix-aux/tasks/main.yml +++ b/roles/custom/matrix-aux/tasks/main.yml @@ -1,7 +1,9 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" - when: run_stop | bool +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml" tags: - setup-all - setup-aux-files + - install-all + - install-aux-files diff --git a/roles/custom/matrix-backup-borg/defaults/main.yml b/roles/custom/matrix-backup-borg/defaults/main.yml index de086ebd9..472abe976 100644 --- a/roles/custom/matrix-backup-borg/defaults/main.yml +++ b/roles/custom/matrix-backup-borg/defaults/main.yml @@ -37,9 +37,9 @@ matrix_backup_borg_location_source_directories: [] # postgres db backup matrix_backup_borg_postgresql_enabled: true -matrix_backup_borg_supported_postgres_versions: ['12', '13', '14'] +matrix_backup_borg_supported_postgres_versions: ['12', '13', '14', '15'] matrix_backup_borg_postgresql_databases: [] -matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres" +matrix_backup_borg_postgresql_databases_hostname: '' matrix_backup_borg_postgresql_databases_username: "matrix" matrix_backup_borg_postgresql_databases_password: "" matrix_backup_borg_postgresql_databases_port: 5432 diff --git a/roles/custom/matrix-backup-borg/tasks/init.yml b/roles/custom/matrix-backup-borg/tasks/init.yml deleted file mode 100644 index d57f12491..000000000 --- a/roles/custom/matrix-backup-borg/tasks/init.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}" - when: matrix_backup_borg_enabled | bool diff --git a/roles/custom/matrix-backup-borg/tasks/main.yml b/roles/custom/matrix-backup-borg/tasks/main.yml index 5de4559c5..88d120c04 100644 --- a/roles/custom/matrix-backup-borg/tasks/main.yml +++ b/roles/custom/matrix-backup-borg/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_backup_borg_enabled | bool" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_backup_borg_enabled | bool" + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_backup_borg_enabled | bool" tags: - setup-all - setup-backup-borg + - install-all + - install-backup-borg -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_backup_borg_enabled | bool" - tags: - - setup-all - - setup-backup-borg - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_backup_borg_enabled | bool" +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_backup_borg_enabled | bool" tags: - setup-all - setup-backup-borg diff --git a/roles/custom/matrix-backup-borg/tasks/setup_install.yml b/roles/custom/matrix-backup-borg/tasks/setup_install.yml index d12229e20..647aabf40 100644 --- a/roles/custom/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml @@ -5,22 +5,22 @@ - name: Fail with matrix_backup_borg_version advice if Postgres not enabled ansible.builtin.fail: msg: >- - You are not running a built-in Postgres server (`matrix_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen. + You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen. Consider setting `matrix_backup_borg_version` to your Postgres version manually. - when: not matrix_postgres_enabled + when: not devture_postgres_enabled - - ansible.builtin.import_role: - name: custom/matrix-postgres + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres tasks_from: detect_existing_postgres_version - name: Fail if detected Postgres version is unsupported ansible.builtin.fail: - msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql" - when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions" + msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql" + when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions" - name: Set the correct borg backup version to use ansible.builtin.set_fact: - matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" + matrix_backup_borg_version: "{{ devture_postgres_detected_version }}" - name: Ensure borg paths exist ansible.builtin.file: @@ -105,19 +105,3 @@ src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer" mode: 0644 - register: matrix_backup_borg_systemd_timer_result - -- name: Ensure systemd reloaded after matrix-backup-borg.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_backup_borg_systemd_service_result.changed | bool" - -- name: Ensure matrix-backup-borg.service enabled - ansible.builtin.service: - enabled: true - name: matrix-backup-borg.service - -- name: Ensure matrix-backup-borg.timer enabled - ansible.builtin.service: - enabled: true - name: matrix-backup-borg.timer diff --git a/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml index c4c1028d4..3d8b08ef4 100644 --- a/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml @@ -1,41 +1,25 @@ --- + - name: Check existence of matrix-backup-borg service ansible.builtin.stat: path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" register: matrix_backup_borg_service_stat -- name: Ensure matrix-backup-borg is stopped - ansible.builtin.service: - name: matrix-backup-borg - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_backup_borg_service_stat.stat.exists | bool" +- when: matrix_backup_borg_service_stat.stat.exists | bool + block: + - name: Ensure matrix-backup-borg is stopped + ansible.builtin.service: + name: matrix-backup-borg + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-backup-borg.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" - state: absent - when: "matrix_backup_borg_service_stat.stat.exists | bool" + - name: Ensure matrix-backup-borg.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" + state: absent -- name: Ensure matrix-backup-borg.timer doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer" - state: absent - when: "matrix_backup_borg_service_stat.stat.exists | bool" - -- name: Ensure systemd reloaded after matrix-backup-borg.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_backup_borg_service_stat.stat.exists | bool" - -- name: Ensure Matrix borg paths don't exist - ansible.builtin.file: - path: "{{ matrix_backup_borg_base_path }}" - state: absent - -- name: Ensure borg Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_backup_borg_docker_image }}" - state: absent + - name: Ensure matrix-backup-borg.timer doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer" + state: absent diff --git a/roles/custom/matrix-backup-borg/tasks/validate_config.yml b/roles/custom/matrix-backup-borg/tasks/validate_config.yml index 66e487dd9..bb6cd4151 100644 --- a/roles/custom/matrix-backup-borg/tasks/validate_config.yml +++ b/roles/custom/matrix-backup-borg/tasks/validate_config.yml @@ -1,12 +1,13 @@ --- -- name: Fail if required settings not defined +- name: Fail if required backup-borg settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_backup_borg_ssh_key_private" - - "matrix_backup_borg_location_repositories" + - {'name': 'matrix_backup_borg_ssh_key_private', when: true} + - {'name': 'matrix_backup_borg_location_repositories', when: true} + - {'name': 'matrix_backup_borg_postgresql_databases_hostname', when: "{{ matrix_backup_borg_postgresql_enabled }}"} - name: Fail if encryption passphrase is undefined unless repository is unencrypted ansible.builtin.fail: diff --git a/roles/custom/matrix-backup-borg/templates/config.yaml.j2 b/roles/custom/matrix-backup-borg/templates/config.yaml.j2 index 210b7a65a..105c0ce1f 100644 --- a/roles/custom/matrix-backup-borg/templates/config.yaml.j2 +++ b/roles/custom/matrix-backup-borg/templates/config.yaml.j2 @@ -34,7 +34,7 @@ hooks: hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }} username: {{ matrix_backup_borg_postgresql_databases_username|to_json }} password: {{ matrix_backup_borg_postgresql_databases_password|to_json }} - port: {{ matrix_backup_borg_postgresql_databases_port|to_json }} + port: {{ matrix_backup_borg_postgresql_databases_port | int | to_json }} {% endfor %} {% endif %} after_backup: diff --git a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 index 533f6e42f..900369b9d 100644 --- a/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 +++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -31,14 +31,21 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --n {{ arg }} \ {% endfor %} {{ matrix_backup_borg_docker_image }} \ - sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}" + sh -c "borgmatic rcreate --encryption {{ matrix_backup_borg_encryption }}" +# The `CAP_DAC_OVERRIDE` capability is required, so that `root` in the container +# can read the `/etc/borgmatic.d/config.yaml` (`{{ matrix_backup_borg_config_path }}/config.yaml`) file, +# owned by `matrix:matrix` on the filesystem. +# +# `/root` is mountes as temporary filesystem, because we're using `--read-only` and because +# Borgmatic tries to write to at least a few paths under `/root` (`.config`, `.ssh`, `.borgmatic`). ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \ --log-driver=none \ --cap-drop=ALL \ + --cap-add=CAP_DAC_OVERRIDE \ --read-only \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --network={{ matrix_docker_network }} \ + --tmpfs=/root:rw,noexec,nosuid,size=100m \ --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 5c0f16dcf..63aee58ac 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -1,4 +1,5 @@ --- + # The bare domain name which represents your Matrix identity. # Matrix user ids for your server will be of the form (`@user:`). # @@ -12,6 +13,15 @@ matrix_domain: ~ # Example value: "@someone:{{ matrix_domain }}" matrix_admin: '' +# matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc. +# +# Unless you're wrapping this playbook in another one +# where you optionally wish to disable homeserver integration, you don't need to use this. +# +# Note: disabling this does not mean that a homeserver won't get installed. +# Whether homeserver software is installed depends on other (`matrix_HOMESERVER_enabled`) variables - see `group_vars/matrix_servers`. +matrix_homeserver_enabled: true + # Homeserver admin contacts and support page as per MSC 1929 # See: https://github.com/matrix-org/matrix-spec-proposals/pull/1929 # Users in form: @@ -86,7 +96,7 @@ matrix_federation_public_port: 8448 # Recognized values by us are 'amd64', 'arm32' and 'arm64'. # Not all architectures support all services, so your experience (on non-amd64) may vary. # See docs/alternative-architectures.md -matrix_architecture: amd64 +matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}" # The architecture for Debian packages. # See: https://wiki.debian.org/SupportedArchitectures @@ -107,14 +117,10 @@ matrix_user_gid: ~ matrix_base_data_path: "/matrix" matrix_base_data_path_mode: "750" +matrix_bin_path: "{{ matrix_base_data_path }}/bin" + matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" -# This is now unused. We keep it so that cleanup tasks can use it. -# To be removed in the future. -matrix_cron_path: "/etc/cron.d" - -matrix_local_bin_path: "/usr/local/bin" - matrix_host_command_sleep: "/usr/bin/env sleep" matrix_host_command_chown: "/usr/bin/env chown" matrix_host_command_fusermount: "/usr/bin/env fusermount" @@ -253,13 +259,8 @@ matrix_well_known_matrix_server_enabled: true # See `matrix_homeserver_admin_contacts`, `matrix_homeserver_support_url`, etc. matrix_well_known_matrix_support_enabled: false -# Controls whether Docker is automatically installed. -# If you change this to false you must install and update Docker manually. You also need to install the docker (https://pypi.org/project/docker/) Python package. -matrix_docker_installation_enabled: true - -# Controls the Docker package that is installed. -# Possible values are "docker-ce" (default) and "docker.io" (Debian). -matrix_docker_package_name: docker-ce +matrix_homeserver_container_extra_arguments_auto: [] +matrix_homeserver_app_service_config_files_auto: [] # Variables to Control which parts of our roles run. run_postgres_import: true diff --git a/roles/custom/matrix-base/tasks/clean_up_old_files.yml b/roles/custom/matrix-base/tasks/clean_up_old_files.yml deleted file mode 100644 index b79c01b3f..000000000 --- a/roles/custom/matrix-base/tasks/clean_up_old_files.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Get rid of old files and directories - ansible.builtin.file: - path: "{{ item }}" - state: absent - with_items: - - "{{ matrix_base_data_path }}/environment-variables" - - "{{ matrix_base_data_path }}/scratchpad" diff --git a/roles/custom/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml index 2205056d8..c67e20908 100644 --- a/roles/custom/matrix-base/tasks/main.yml +++ b/roles/custom/matrix-base/tasks/main.yml @@ -1,37 +1,39 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/sanity_check.yml" - tags: - - always - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml" - when: run_setup | bool - tags: - - setup-all - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/server_base/setup.yml" - when: run_setup | bool +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" tags: - setup-all + - install-all # This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`, # which are required by many other roles. -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml" - when: run_setup | bool +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml" tags: - always - setup-system-user + - common -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml" - when: run_setup | bool +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml" tags: - setup-all + - install-all + - common -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_well_known.yml" - when: run_setup | bool +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_well_known.yml" tags: - setup-all - setup-ma1sd - setup-synapse - setup-dendrite + - setup-conduit - setup-nginx-proxy + - install-all + - install-ma1sd + - install-synapse + - install-dendrite + - install-conduit + - install-nginx-proxy diff --git a/roles/custom/matrix-base/tasks/server_base/setup.yml b/roles/custom/matrix-base/tasks/server_base/setup.yml deleted file mode 100644 index d0b9f0b95..000000000 --- a/roles/custom/matrix-base/tasks/server_base/setup.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 8 - -- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7 and ansible_distribution_major_version | int < 30 - -- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30 - -- when: ansible_os_family == 'Debian' - block: - # ansible_lsb is only available if lsb-release is installed. - - name: Ensure lsb-release installed - ansible.builtin.apt: - name: - - lsb-release - state: present - update_cache: true - register: lsb_release_installation_result - - - name: Reread ansible_lsb facts if lsb-release got installed - ansible.builtin.setup: - filter: ansible_lsb* - when: lsb_release_installation_result.changed - - - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml" - when: (ansible_os_family == 'Debian') and (ansible_lsb.id != 'Raspbian') - - - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml" - when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian') - -- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml" - when: ansible_distribution == 'Archlinux' - -- name: Ensure Docker is started and autoruns - ansible.builtin.service: - name: docker - state: started - enabled: true diff --git a/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml deleted file mode 100644 index a93136148..000000000 --- a/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Install host dependencies - community.general.pacman: - name: - - python-docker - - python-dnspython - state: present - update_cache: true - -- name: Ensure Docker is installed - community.general.pacman: - name: - - docker - state: present - when: matrix_docker_installation_enabled | bool diff --git a/roles/custom/matrix-base/tasks/server_base/setup_debian.yml b/roles/custom/matrix-base/tasks/server_base/setup_debian.yml deleted file mode 100644 index 412a11d02..000000000 --- a/roles/custom/matrix-base/tasks/server_base/setup_debian.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- - -- name: Ensure APT usage dependencies are installed - ansible.builtin.apt: - name: - - apt-transport-https - - ca-certificates - - gnupg - state: present - update_cache: true - -- name: Ensure Docker's APT key is trusted - ansible.builtin.apt_key: - url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" - id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 - state: present - register: add_repository_key - ignore_errors: true - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker repository is enabled - ansible.builtin.apt_repository: - repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" - state: present - update_cache: true - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker is installed - ansible.builtin.apt: - name: - - "{{ matrix_docker_package_name }}" - - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker" - state: present - when: matrix_docker_installation_enabled | bool diff --git a/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml b/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml deleted file mode 100644 index 19d465718..000000000 --- a/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -- name: Ensure Docker repository is enabled - ansible.builtin.template: - src: "{{ role_path }}/files/yum.repos.d/{{ item }}" - dest: "/etc/yum.repos.d/docker-ce.repo" - owner: "root" - group: "root" - mode: 0644 - with_items: - - docker-ce-fedora.repo - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker's RPM key is trusted - ansible.builtin.rpm_key: - state: present - key: https://download.docker.com/linux/fedora/gpg - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker is installed - ansible.builtin.yum: - name: - - "{{ matrix_docker_package_name }}" - - python3-pip - state: present - when: matrix_docker_installation_enabled | bool - -- name: Ensure Docker-Py is installed - ansible.builtin.pip: - name: docker-py - state: present - when: matrix_docker_installation_enabled | bool diff --git a/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml deleted file mode 100644 index 6959b39c8..000000000 --- a/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- - -- name: Ensure APT usage dependencies are installed - ansible.builtin.apt: - name: - - apt-transport-https - - ca-certificates - - gnupg - state: present - update_cache: true - -- name: Ensure Docker's APT key is trusted - ansible.builtin.apt_key: - url: https://download.docker.com/linux/raspbian/gpg - id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 - state: present - register: add_repository_key - ignore_errors: true - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker repository is enabled - ansible.builtin.apt_repository: - repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" - state: present - update_cache: true - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker is installed - ansible.builtin.apt: - name: - - "{{ matrix_docker_package_name }}" - - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker" - state: present - when: matrix_docker_installation_enabled | bool diff --git a/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml b/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml deleted file mode 100644 index dbddd9130..000000000 --- a/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Ensure Docker repository is enabled - ansible.builtin.template: - src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" - dest: "/etc/yum.repos.d/docker-ce.repo" - owner: "root" - group: "root" - mode: 0644 - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker's RPM key is trusted - ansible.builtin.rpm_key: - state: present - key: https://download.docker.com/linux/centos/gpg - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker is installed - ansible.builtin.yum: - name: - - "{{ matrix_docker_package_name }}" - - docker-python - state: present - when: matrix_docker_installation_enabled | bool diff --git a/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml deleted file mode 100644 index c303abb8f..000000000 --- a/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- - -- name: Ensure Docker repository is enabled - ansible.builtin.template: - src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo" - dest: "/etc/yum.repos.d/docker-ce.repo" - owner: "root" - group: "root" - mode: 0644 - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure Docker's RPM key is trusted - ansible.builtin.rpm_key: - state: present - key: https://download.docker.com/linux/centos/gpg - when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' - -- name: Ensure EPEL is installed - ansible.builtin.yum: - name: - - epel-release - state: present - update_cache: true - -- name: Ensure Docker is installed - ansible.builtin.yum: - name: - - "{{ matrix_docker_package_name }}" - - python3-pip - state: present - when: matrix_docker_installation_enabled | bool - -- name: Ensure Docker-Py is installed - ansible.builtin.pip: - name: docker-py - state: present - when: matrix_docker_installation_enabled | bool diff --git a/roles/custom/matrix-base/tasks/setup_matrix_base.yml b/roles/custom/matrix-base/tasks/setup_matrix_base.yml index f954bd796..3d95af020 100644 --- a/roles/custom/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/custom/matrix-base/tasks/setup_matrix_base.yml @@ -1,6 +1,6 @@ --- -- name: Ensure Matrix base path exists +- name: Ensure Matrix base paths exists ansible.builtin.file: path: "{{ item }}" state: directory @@ -9,14 +9,15 @@ group: "{{ matrix_user_groupname }}" with_items: - "{{ matrix_base_data_path }}" + - "{{ matrix_bin_path }}" - name: Ensure Matrix network is created in Docker community.docker.docker_network: name: "{{ matrix_docker_network }}" driver: bridge -- name: Ensure matrix-remove-all script created +- name: Ensure remove-all script created ansible.builtin.template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2" - dest: "{{ matrix_local_bin_path }}/matrix-remove-all" + src: "{{ role_path }}/templates/bin/remove-all.j2" + dest: "{{ matrix_bin_path }}/remove-all" mode: 0750 diff --git a/roles/custom/matrix-base/tasks/setup_matrix_user.yml b/roles/custom/matrix-base/tasks/setup_matrix_user.yml index 0435b7a3c..0c9086e59 100644 --- a/roles/custom/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/custom/matrix-base/tasks/setup_matrix_user.yml @@ -7,10 +7,6 @@ state: present register: matrix_group -- name: Set Matrix Group GID Variable - ansible.builtin.set_fact: - matrix_user_gid: "{{ matrix_group.gid }}" - - name: Ensure Matrix user is created ansible.builtin.user: name: "{{ matrix_user_username }}" @@ -22,6 +18,7 @@ system: true register: matrix_user -- name: Set Matrix Group UID Variable +- name: Initialize matrix_user_uid and matrix_user_gid ansible.builtin.set_fact: matrix_user_uid: "{{ matrix_user.uid }}" + matrix_user_gid: "{{ matrix_group.gid }}" diff --git a/roles/custom/matrix-base/tasks/sanity_check.yml b/roles/custom/matrix-base/tasks/validate_config.yml similarity index 72% rename from roles/custom/matrix-base/tasks/sanity_check.yml rename to roles/custom/matrix-base/tasks/validate_config.yml index 5104ba434..b3551e2e3 100644 --- a/roles/custom/matrix-base/tasks/sanity_check.yml +++ b/roles/custom/matrix-base/tasks/validate_config.yml @@ -5,21 +5,6 @@ msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`" when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']" -# We generally support Ansible 2.7.1 and above. -- name: Fail if running on Ansible < 2.7.1 - ansible.builtin.fail: - msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" - when: - - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)" - -# Though we do not support Ansible 2.9.6 which is buggy -- name: Fail if running on Ansible 2.9.6 on Ubuntu - ansible.builtin.fail: - msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" - when: - - ansible_distribution == 'Ubuntu' - - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6" - - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: msg: >- @@ -32,6 +17,7 @@ - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'} - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'} - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'} + - {'old': 'matrix_local_bin_path', 'new': ''} # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message. - name: Fail if matrix_homeserver_generic_secret_key is undefined @@ -40,6 +26,8 @@ The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value. If you're observing this error on a new installation, you should ensure that the `matrix_homeserver_generic_secret_key` is defined. + If you think you've defined it, but are still getting this error, then it's likely that you have a typo + in your domain name in `inventory/hosts` or in one of the directories leading up to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. If you're observing this error on an existing homeserver installation, you can fix it easily and in a backward-compatible way by adding `{% raw %}matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"{% endraw %}` @@ -55,8 +43,14 @@ - {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element | default('') }}"} - {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url | default('') }}"} - {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url | default('') }}"} + - {'var': matrix_architecture, 'value': "{{ matrix_architecture | default('') }}"} when: "item.value is none or item.value == ''" +- name: Fail if matrix_architecture is set incorrectly + ansible.builtin.fail: + msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}." + when: matrix_architecture not in ['amd64', 'arm32', 'arm64'] + - name: Fail if uppercase domain used ansible.builtin.fail: msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!" @@ -66,20 +60,6 @@ - "{{ matrix_server_fqn_element }}" when: "item != item | lower" -- name: Fail if using python2 on Archlinux - ansible.builtin.fail: - msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3." - when: - - ansible_distribution == 'Archlinux' - - ansible_python.version.major != 3 - -- name: Fail if architecture is set incorrectly - ansible.builtin.fail: - msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}." - when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or - (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or - (ansible_architecture.startswith("armv") and matrix_architecture != "arm32") - - name: Fail if encountering usage of removed role (mx-puppet-skype) ansible.builtin.fail: msg: >- diff --git a/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 b/roles/custom/matrix-base/templates/bin/remove-all.j2 similarity index 92% rename from roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 rename to roles/custom/matrix-base/templates/bin/remove-all.j2 index f9b174e57..5dd862aea 100644 --- a/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 +++ b/roles/custom/matrix-base/templates/bin/remove-all.j2 @@ -23,8 +23,6 @@ else systemctl daemon-reload - echo "Remove matrix scripts" - find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete echo "Remove unused Docker images and resources" docker system prune -af echo "Remove Docker matrix network (should be gone already, but ..)" diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index a4356d1d8..4595bed11 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -25,6 +25,11 @@ "im.vector.riot.jitsi": { "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } + {% endif %} + {% if matrix_client_element_location_sharing_enabled %}, + "m.tile_server": { + "map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json" + } {% endif %} , "io.element.e2ee": { diff --git a/roles/custom/matrix-base/vars/main.yml b/roles/custom/matrix-base/vars/main.yml deleted file mode 100644 index 3578666f3..000000000 --- a/roles/custom/matrix-base/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# This will contain a list of enabled services that the playbook is managing. -# Each component is expected to append its service name to this list. -matrix_systemd_services_list: [] - -matrix_homeserver_container_runtime_injected_arguments: [] -matrix_homeserver_app_service_runtime_injected_config_files: [] diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 21d9a4a39..290248e0a 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -43,7 +43,7 @@ matrix_bot_buscarron_sqlite_database_path_in_container: "/data/bot.db" matrix_bot_buscarron_database_username: 'buscarron' matrix_bot_buscarron_database_password: 'some-password' -matrix_bot_buscarron_database_hostname: 'matrix-postgres' +matrix_bot_buscarron_database_hostname: '' matrix_bot_buscarron_database_port: 5432 matrix_bot_buscarron_database_name: 'buscarron' diff --git a/roles/custom/matrix-bot-buscarron/tasks/init.yml b/roles/custom/matrix-bot-buscarron/tasks/init.yml deleted file mode 100644 index a1f5751db..000000000 --- a/roles/custom/matrix-bot-buscarron/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}" - when: matrix_bot_buscarron_enabled | bool diff --git a/roles/custom/matrix-bot-buscarron/tasks/main.yml b/roles/custom/matrix-bot-buscarron/tasks/main.yml index e6712262f..b4a58e910 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/main.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_buscarron_enabled | bool" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_bot_buscarron_enabled | bool" + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_buscarron_enabled | bool" tags: - setup-all - setup-bot-buscarron + - install-all + - install-bot-buscarron -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_bot_buscarron_enabled | bool" - tags: - - setup-all - - setup-bot-buscarron - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool" +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool" tags: - setup-all - setup-bot-buscarron diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 156813def..6ae0f9b92 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -11,8 +11,11 @@ - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" dst: "{{ matrix_bot_buscarron_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -20,10 +23,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-buscarron.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: true @@ -89,15 +88,10 @@ src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" mode: 0644 - register: matrix_bot_buscarron_systemd_service_result - -- name: Ensure systemd reloaded after matrix-bot-buscarron.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_buscarron_systemd_service_result.changed | bool" - name: Ensure matrix-bot-buscarron.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-buscarron.service" state: restarted + daemon_reload: true when: "matrix_bot_buscarron_requires_restart | bool" diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml index cb3333bf2..26d920f48 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" register: matrix_bot_buscarron_service_stat -- name: Ensure matrix-buscarron is stopped - ansible.builtin.service: - name: matrix-bot-buscarron - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_bot_buscarron_service_stat.stat.exists | bool" +- when: matrix_bot_buscarron_service_stat.stat.exists | bool + block: + - name: Ensure matrix-buscarron is stopped + ansible.builtin.service: + name: matrix-bot-buscarron + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-bot-buscarron.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" - state: absent - when: "matrix_bot_buscarron_service_stat.stat.exists | bool" + - name: Ensure matrix-bot-buscarron.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" + state: absent -- name: Ensure systemd reloaded after matrix-bot-buscarron.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_buscarron_service_stat.stat.exists | bool" - -- name: Ensure Matrix buscarron paths don't exist - ansible.builtin.file: - path: "{{ matrix_bot_buscarron_base_path }}" - state: absent - -- name: Ensure buscarron Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_bot_buscarron_docker_image }}" - state: absent + - name: Ensure Matrix buscarron paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_buscarron_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml index 04238012a..3547fc037 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml @@ -1,9 +1,10 @@ --- -- name: Fail if required settings not defined +- name: Fail if required Buscarron settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_bot_buscarron_password" + - {'name': 'matrix_bot_buscarron_password', when: true} + - {'name': 'matrix_bot_buscarron_database_hostname', when: "{{ matrix_bot_buscarron_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bot-go-neb/tasks/init.yml b/roles/custom/matrix-bot-go-neb/tasks/init.yml deleted file mode 100644 index 9d5b4f896..000000000 --- a/roles/custom/matrix-bot-go-neb/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" - when: matrix_bot_go_neb_enabled | bool diff --git a/roles/custom/matrix-bot-go-neb/tasks/main.yml b/roles/custom/matrix-bot-go-neb/tasks/main.yml index 27487ac53..126f6ae03 100644 --- a/roles/custom/matrix-bot-go-neb/tasks/main.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_go_neb_enabled | bool" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_bot_go_neb_enabled | bool" + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_go_neb_enabled | bool" tags: - setup-all - setup-bot-go-neb + - install-all + - install-bot-go-neb -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_bot_go_neb_enabled | bool" - tags: - - setup-all - - setup-bot-go-neb - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool" +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool" tags: - setup-all - setup-bot-go-neb diff --git a/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml index 70aec14ad..1db16b911 100644 --- a/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml @@ -42,13 +42,9 @@ mode: 0644 register: matrix_bot_go_neb_systemd_service_result -- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_go_neb_systemd_service_result.changed | bool" - - name: Ensure matrix-bot-go-neb.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-go-neb.service" state: restarted + daemon_reload: true when: "matrix_bot_go_neb_requires_restart | bool" diff --git a/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml index d5caa86b7..cc5f9fa57 100644 --- a/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" register: matrix_bot_go_neb_service_stat -- name: Ensure matrix-go-neb is stopped - ansible.builtin.service: - name: matrix-bot-go-neb - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_bot_go_neb_service_stat.stat.exists | bool" +- when: matrix_bot_go_neb_service_stat.stat.exists | bool + block: + - name: Ensure matrix-go-neb is stopped + ansible.builtin.service: + name: matrix-bot-go-neb + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-bot-go-neb.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" - state: absent - when: "matrix_bot_go_neb_service_stat.stat.exists | bool" + - name: Ensure matrix-bot-go-neb.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" + state: absent -- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_go_neb_service_stat.stat.exists | bool" - -- name: Ensure Matrix go-neb paths don't exist - ansible.builtin.file: - path: "{{ matrix_bot_go_neb_base_path }}" - state: absent - -- name: Ensure go-neb Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_bot_go_neb_docker_image }}" - state: absent + - name: Ensure Matrix go-neb paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_go_neb_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index 3510f4732..186ef3f4e 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -43,7 +43,7 @@ matrix_bot_honoroit_sqlite_database_path_in_container: "/data/bot.db" matrix_bot_honoroit_database_username: 'honoroit' matrix_bot_honoroit_database_password: 'some-password' -matrix_bot_honoroit_database_hostname: 'matrix-postgres' +matrix_bot_honoroit_database_hostname: '' matrix_bot_honoroit_database_port: 5432 matrix_bot_honoroit_database_name: 'honoroit' diff --git a/roles/custom/matrix-bot-honoroit/tasks/init.yml b/roles/custom/matrix-bot-honoroit/tasks/init.yml deleted file mode 100644 index 1b03373c8..000000000 --- a/roles/custom/matrix-bot-honoroit/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}" - when: matrix_bot_honoroit_enabled | bool diff --git a/roles/custom/matrix-bot-honoroit/tasks/main.yml b/roles/custom/matrix-bot-honoroit/tasks/main.yml index 5de468fe7..d4dcbce4b 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/main.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_bot_honoroit_enabled | bool" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_bot_honoroit_enabled | bool" + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_bot_honoroit_enabled | bool" tags: - setup-all - setup-bot-honoroit + - install-all + - install-bot-honoroit -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_bot_honoroit_enabled | bool" - tags: - - setup-all - - setup-bot-honoroit - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool" +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool" tags: - setup-all - setup-bot-honoroit diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index 05dcd7c7c..f7b264a83 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -11,8 +11,11 @@ - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" dst: "{{ matrix_bot_honoroit_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -20,10 +23,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-honoroit.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: true @@ -91,13 +90,9 @@ mode: 0644 register: matrix_bot_honoroit_systemd_service_result -- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_honoroit_systemd_service_result.changed | bool" - - name: Ensure matrix-bot-honoroit.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-honoroit.service" state: restarted + daemon_reload: true when: "matrix_bot_honoroit_requires_restart | bool" diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml index 0fa83a02d..757345861 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" register: matrix_bot_honoroit_service_stat -- name: Ensure matrix-honoroit is stopped - ansible.builtin.service: - name: matrix-bot-honoroit - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_bot_honoroit_service_stat.stat.exists | bool" +- when: matrix_bot_honoroit_service_stat.stat.exists | bool + block: + - name: Ensure matrix-honoroit is stopped + ansible.builtin.service: + name: matrix-bot-honoroit + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-bot-honoroit.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" - state: absent - when: "matrix_bot_honoroit_service_stat.stat.exists | bool" + - name: Ensure matrix-bot-honoroit.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" + state: absent -- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_honoroit_service_stat.stat.exists | bool" - -- name: Ensure Matrix honoroit paths don't exist - ansible.builtin.file: - path: "{{ matrix_bot_honoroit_base_path }}" - state: absent - -- name: Ensure honoroit Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_bot_honoroit_docker_image }}" - state: absent + - name: Ensure Matrix honoroit paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_honoroit_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml index 0057e3c2c..228db8abc 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required honoroit settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_bot_honoroit_password" - - "matrix_bot_honoroit_roomid" + - {'name': 'matrix_bot_honoroit_password', when: true} + - {'name': 'matrix_bot_honoroit_roomid', when: true} + - {'name': 'matrix_bot_honoroit_database_hostname', when: "{{ matrix_bot_honoroit_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml deleted file mode 100644 index 91b1f095d..000000000 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}" - when: matrix_bot_matrix_registration_bot_enabled | bool diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml index cc162e991..90ee56ccf 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_bot_matrix_registration_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool" + - when: matrix_bot_matrix_registration_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-bot-matrix-registration-bot + - install-all + - install-bot-matrix-registration-bot -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_bot_matrix_registration_bot_enabled | bool" - tags: - - setup-all - - setup-bot-matrix-registration-bot - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_bot_matrix_registration_bot_enabled | bool" +- block: + - when: not matrix_bot_matrix_registration_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-bot-matrix-registration-bot diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index 3838fa079..515cd9973 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -61,14 +61,3 @@ src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" mode: 0644 - register: matrix_bot_matrix_registration_bot_systemd_service_result - -- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed | bool" - -- name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary - ansible.builtin.service: - name: "matrix-bot-matrix-registration-bot.service" - state: restarted diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml index c7ee13652..b83ea783b 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" register: matrix_bot_matrix_registration_bot_service_stat -- name: Ensure matrix-matrix-registration-bot is stopped - ansible.builtin.service: - name: matrix-bot-matrix-registration-bot - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool" +- when: matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool + block: + - name: Ensure matrix-matrix-registration-bot is stopped + ansible.builtin.service: + name: matrix-bot-matrix-registration-bot + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" - state: absent - when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool" + - name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" + state: absent -- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool" - -- name: Ensure Matrix matrix-registration-bot paths don't exist - ansible.builtin.file: - path: "{{ matrix_bot_matrix_registration_bot_base_path }}" - state: absent - -- name: Ensure matrix-registration-bot Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" - state: absent + - name: Ensure Matrix matrix-registration-bot paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_matrix_registration_bot_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml index 610a43a32..03f117679 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -44,7 +44,7 @@ matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container: "/data/bot.db" matrix_bot_matrix_reminder_bot_database_username: 'matrix_reminder_bot' matrix_bot_matrix_reminder_bot_database_password: 'some-password' -matrix_bot_matrix_reminder_bot_database_hostname: 'matrix-postgres' +matrix_bot_matrix_reminder_bot_database_hostname: '' matrix_bot_matrix_reminder_bot_database_port: 5432 matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot' diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml deleted file mode 100644 index 0a5ba4821..000000000 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}" - when: matrix_bot_matrix_reminder_bot_enabled | bool diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml index 19c3823fa..22c014de6 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_bot_matrix_reminder_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool" + - when: matrix_bot_matrix_reminder_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-bot-matrix-reminder-bot + - install-all + - install-bot-matrix-reminder-bot -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_bot_matrix_reminder_bot_enabled | bool" - tags: - - setup-all - - setup-bot-matrix-reminder-bot - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_bot_matrix_reminder_bot_enabled | bool" +- block: + - when: not matrix_bot_matrix_reminder_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-bot-matrix-reminder-bot diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index 00e25c361..39bf63e64 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -12,8 +12,11 @@ - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -21,10 +24,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: true @@ -92,13 +91,9 @@ mode: 0644 register: matrix_bot_matrix_reminder_bot_systemd_service_result -- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed | bool" - - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-matrix-reminder-bot.service" state: restarted + daemon_reload: true when: "matrix_bot_matrix_reminder_bot_requires_restart | bool" diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index 1b940f32e..512c0f2dd 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" register: matrix_bot_matrix_reminder_bot_service_stat -- name: Ensure matrix-matrix-reminder-bot is stopped - ansible.builtin.service: - name: matrix-bot-matrix-reminder-bot - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool" +- when: matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool + block: + - name: Ensure matrix-matrix-reminder-bot is stopped + ansible.builtin.service: + name: matrix-bot-matrix-reminder-bot + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" - state: absent - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool" + - name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" + state: absent -- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool" - -- name: Ensure Matrix matrix-reminder-bot paths don't exist - ansible.builtin.file: - path: "{{ matrix_bot_matrix_reminder_bot_base_path }}" - state: absent - -- name: Ensure matrix-reminder-bot Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" - state: absent + - name: Ensure Matrix matrix-reminder-bot paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_matrix_reminder_bot_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml index 54f38dd51..f6e7afdf6 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml @@ -1,15 +1,16 @@ --- -- name: Fail if required settings not defined +- name: Fail if required matrix-reminder-bot settings not defined ansible.builtin.fail: msg: >- You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_bot_matrix_reminder_bot_matrix_user_password" - - "matrix_bot_matrix_reminder_bot_reminders_timezone" + - {'name': 'matrix_bot_matrix_reminder_bot_matrix_user_password', when: true} + - {'name': 'matrix_bot_matrix_reminder_bot_reminders_timezone', when: true} + - {'name': 'matrix_bot_matrix_reminder_bot_database_hostname', when: "{{ matrix_bot_matrix_reminder_bot_database_engine == 'postgres' }}"} -- name: (Deprecation) Catch and report renamed settings +- name: (Deprecation) Catch and report renamed matrix-reminder-bot settings ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index 0a73d92e0..71353914b 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -27,7 +27,7 @@ matrix_bot_maubot_sqlite_database_path_in_container: "/data/maubot.db" matrix_bot_maubot_database_username: matrix_bot_maubot matrix_bot_maubot_database_password: ~ -matrix_bot_maubot_database_hostname: 'matrix-postgres' +matrix_bot_maubot_database_hostname: '' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot diff --git a/roles/custom/matrix-bot-maubot/tasks/init.yml b/roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml similarity index 90% rename from roles/custom/matrix-bot-maubot/tasks/init.yml rename to roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml index ccb5956e6..f7aec6273 100644 --- a/roles/custom/matrix-bot-maubot/tasks/init.yml +++ b/roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml @@ -1,10 +1,5 @@ --- -- name: Add maubot to the systemd service list - ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-maubot.service'] }}" - when: matrix_bot_maubot_enabled | bool - - name: Configure nginx for maubot block: - name: Generate Maubot proxying configuration for matrix-nginx-proxy diff --git a/roles/custom/matrix-bot-maubot/tasks/main.yml b/roles/custom/matrix-bot-maubot/tasks/main.yml index 773f4b9fa..95fad19e5 100644 --- a/roles/custom/matrix-bot-maubot/tasks/main.yml +++ b/roles/custom/matrix-bot-maubot/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_bot_maubot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_bot_maubot_enabled|bool" +- block: + - when: matrix_bot_maubot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_bot_maubot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-bot-maubot + - install-all + - install-bot-maubot -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup|bool and matrix_bot_maubot_enabled|bool" - tags: - - setup-all - - setup-bot-maubot - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup|bool and not matrix_bot_maubot_enabled|bool" +- block: + - when: not matrix_bot_maubot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-bot-maubot diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml index 22f53b6fe..97f189c45 100644 --- a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml @@ -65,9 +65,3 @@ src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" mode: 0644 - register: matrix_bot_maubot_systemd_service_result - -- name: Ensure systemd reloaded after matrix-bot-maubot.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_maubot_systemd_service_result.changed|bool" diff --git a/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml index 33b8fc149..9d7695763 100644 --- a/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" register: matrix_bot_maubot_service_stat -- name: Ensure matrix-bot-maubot is stopped - ansible.builtin.service: - name: matrix-bot-maubot - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_bot_maubot_service_stat.stat.exists | bool" +- when: matrix_bot_maubot_service_stat.stat.exists | bool + block: + - name: Ensure matrix-bot-maubot is stopped + ansible.builtin.service: + name: matrix-bot-maubot + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-bot-maubot.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" - state: absent - when: "matrix_bot_maubot_service_stat.stat.exists | bool" + - name: Ensure matrix-bot-maubot.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" + state: absent -- name: Ensure systemd reloaded after matrix-bot-maubot.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_maubot_service_stat.stat.exists | bool" - -- name: Ensure Matrix maubot paths don't exist - ansible.builtin.file: - path: "{{ matrix_bot_maubot_base_path }}" - state: absent - -- name: Ensure maubot Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_bot_maubot_docker_image }}" - state: absent + - name: Ensure Matrix maubot paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_maubot_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml index 5b28d9c0e..d8bac550a 100644 --- a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required maubot settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - matrix_bot_maubot_unshared_secret - - matrix_bot_maubot_admins + - {'name': 'matrix_bot_maubot_unshared_secret', when: true} + - {'name': 'matrix_bot_maubot_admins', when: true} + - {'name': 'matrix_bot_maubot_database_hostname', when: "{{ matrix_bot_maubot_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index 0be97eaec..b17f2f4b7 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.5.0" +matrix_bot_mjolnir_version: "v1.6.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" diff --git a/roles/custom/matrix-bot-mjolnir/tasks/init.yml b/roles/custom/matrix-bot-mjolnir/tasks/init.yml deleted file mode 100644 index 2b6053428..000000000 --- a/roles/custom/matrix-bot-mjolnir/tasks/init.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}" - when: matrix_bot_mjolnir_enabled | bool diff --git a/roles/custom/matrix-bot-mjolnir/tasks/main.yml b/roles/custom/matrix-bot-mjolnir/tasks/main.yml index 867201a20..def5c9f05 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/main.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_bot_mjolnir_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool" + - when: matrix_bot_mjolnir_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-bot-mjolnir + - install-all + - install-bot-mjolnir -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_bot_mjolnir_enabled | bool" - tags: - - setup-all - - setup-bot-mjolnir - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_bot_mjolnir_enabled | bool" +- block: + - when: not matrix_bot_mjolnir_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-bot-mjolnir diff --git a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml index 995e3b2be..3088fe8bd 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml @@ -66,13 +66,9 @@ mode: 0644 register: matrix_bot_mjolnir_systemd_service_result -- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_mjolnir_systemd_service_result.changed | bool" - - name: Ensure matrix-bot-mjolnir.service restarted, if necessary ansible.builtin.service: name: "matrix-bot-mjolnir.service" state: restarted + daemon_reload: true when: "matrix_bot_mjolnir_requires_restart | bool" diff --git a/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml index 708a7bb01..06be71e15 100644 --- a/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" register: matrix_bot_mjolnir_service_stat -- name: Ensure matrix-bot-mjolnir is stopped - ansible.builtin.service: - name: matrix-bot-mjolnir - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_bot_mjolnir_service_stat.stat.exists | bool" +- when: matrix_bot_mjolnir_service_stat.stat.exists | bool + block: + - name: Ensure matrix-bot-mjolnir is stopped + ansible.builtin.service: + name: matrix-bot-mjolnir + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-bot-mjolnir.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" - state: absent - when: "matrix_bot_mjolnir_service_stat.stat.exists | bool" + - name: Ensure matrix-bot-mjolnir.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" + state: absent -- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_mjolnir_service_stat.stat.exists | bool" - -- name: Ensure matrix-bot-mjolnir paths don't exist - ansible.builtin.file: - path: "{{ matrix_bot_mjolnir_base_path }}" - state: absent - -- name: Ensure mjolnir Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_bot_mjolnir_docker_image }}" - state: absent + - name: Ensure matrix-bot-mjolnir paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_mjolnir_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index af6c23ac0..14795d1f3 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.8 +matrix_bot_postmoogle_version: v0.9.10 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" @@ -42,7 +42,7 @@ matrix_bot_postmoogle_sqlite_database_path_in_container: "/data/bot.db" matrix_bot_postmoogle_database_username: 'postmoogle' matrix_bot_postmoogle_database_password: 'some-password' -matrix_bot_postmoogle_database_hostname: 'matrix-postgres' +matrix_bot_postmoogle_database_hostname: '' matrix_bot_postmoogle_database_port: 5432 matrix_bot_postmoogle_database_name: 'postmoogle' @@ -78,18 +78,6 @@ matrix_bot_postmoogle_prefix: '!pm' # Max email size in megabytes, including attachments matrix_bot_postmoogle_maxsize: '1024' -# DEPRECATED, use !pm users instead -# A list of whitelisted users allowed to use the bridge. -# If not defined, everyone is allowed. -# Example set of rules: -# matrix_bot_postmoogle_users: -# - @someone:example.com -# - @another:example.com -# - @bot.*:example.com -# - @*:another.com -matrix_bot_postmoogle_users: - - "@*:{{ matrix_domain }}" - # A list of admins # Example set of rules: # matrix_bot_postmoogle_admins: @@ -99,17 +87,29 @@ matrix_bot_postmoogle_users: # - @*:another.com matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}" -# Sentry DSN +# Sentry DSN. Deprecated, use matrix_bot_postmoogle_monitoring_sentry_dsn matrix_bot_postmoogle_sentry: '' +# Sentry integration +matrix_bot_postmoogle_monitoring_sentry_dsn: "{{ matrix_bot_postmoogle_sentry }}" +matrix_bot_postmoogle_monitoring_sentry_rate: 20 + +# healthchecks.io integration +matrix_bot_postmoogle_monitoring_healthchecks_uuid: '' +matrix_bot_postmoogle_monitoring_healthchecks_duration: 60 + # Log level matrix_bot_postmoogle_loglevel: 'INFO' # Disable encryption matrix_bot_postmoogle_noencryption: false +# deprecated, use matrix_bot_postmoogle_domains matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}" +matrix_bot_postmoogle_domains: + - "{{ matrix_bot_postmoogle_domain }}" # backward compatibility + # Password (passphrase) to encrypt account data matrix_bot_postmoogle_data_secret: "" @@ -126,15 +126,15 @@ matrix_bot_postmoogle_submission_host_bind_port: '587' matrix_bot_postmoogle_ssl_path: "" ## in-container SSL paths -# matrix_bot_postmoogle_tls_cert is the SSL certificate's certificate. -# This is likely set via group_vars/matrix_servers, so you don't need to set it. +# matrix_bot_postmoogle_tls_cert is the SSL certificates' certificates. +# This var is likely set via group_vars/matrix_servers, so you don't need to set certs manually. # If you do need to set it manually, note that this is an in-container path. # To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path # Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem matrix_bot_postmoogle_tls_cert: "" -# matrix_bot_postmoogle_tls_key is the SSL certificate's key. -# This is likely set via group_vars/matrix_servers, so you don't need to set it. +# matrix_bot_postmoogle_tls_key is the SSL certificates' keys. +# This var is likely set via group_vars/matrix_servers, so you don't need to set keys manually. # If you do need to set it manually, note that this is an in-container path. # To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path # Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem @@ -143,6 +143,15 @@ matrix_bot_postmoogle_tls_key: "" # Mandatory TLS, even on plain SMTP port matrix_bot_postmoogle_tls_required: false +# trusted proxies +matrix_bot_postmoogle_proxies: [] + +# reserved mailboxes +matrix_bot_postmoogle_mailboxes_reserved: [] + +# mailbox activation flow +matrix_bot_postmoogle_mailboxes_activation: none + # Additional environment variables to pass to the postmoogle container # # Example: diff --git a/roles/custom/matrix-bot-postmoogle/tasks/init.yml b/roles/custom/matrix-bot-postmoogle/tasks/init.yml deleted file mode 100644 index 16b781713..000000000 --- a/roles/custom/matrix-bot-postmoogle/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-postmoogle.service'] }}" - when: matrix_bot_postmoogle_enabled | bool diff --git a/roles/custom/matrix-bot-postmoogle/tasks/main.yml b/roles/custom/matrix-bot-postmoogle/tasks/main.yml index cbe590e17..a6bc76a35 100644 --- a/roles/custom/matrix-bot-postmoogle/tasks/main.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_bot_postmoogle_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool" + - when: matrix_bot_postmoogle_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-bot-postmoogle + - install-all + - install-bot-postmoogle -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool" - tags: - - setup-all - - setup-bot-postmoogle - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_bot_postmoogle_enabled | bool" +- block: + - when: not matrix_bot_postmoogle_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-bot-postmoogle diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml index 993cf8e5b..ed2bcc9d6 100644 --- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml @@ -8,8 +8,11 @@ - when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}" dst: "{{ matrix_bot_postmoogle_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -17,10 +20,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-bot-postmoogle.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_bot_postmoogle_requires_restart: true @@ -86,8 +85,3 @@ dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" mode: 0644 register: matrix_bot_postmoogle_systemd_service_result - -- name: Ensure systemd reloaded after matrix-bot-postmoogle.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_postmoogle_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml index 198df7d78..93e00dda2 100644 --- a/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" register: matrix_bot_postmoogle_service_stat -- name: Ensure matrix-postmoogle is stopped - ansible.builtin.service: - name: matrix-bot-postmoogle - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_bot_postmoogle_service_stat.stat.exists | bool" +- when: matrix_bot_postmoogle_service_stat.stat.exists | bool + block: + - name: Ensure matrix-postmoogle is stopped + ansible.builtin.service: + name: matrix-bot-postmoogle + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-bot-postmoogle.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" - state: absent - when: "matrix_bot_postmoogle_service_stat.stat.exists | bool" + - name: Ensure matrix-bot-postmoogle.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" + state: absent -- name: Ensure systemd reloaded after matrix-bot-postmoogle.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_bot_postmoogle_service_stat.stat.exists | bool" - -- name: Ensure Matrix postmoogle paths don't exist - ansible.builtin.file: - path: "{{ matrix_bot_postmoogle_base_path }}" - state: absent - -- name: Ensure postmoogle Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_bot_postmoogle_docker_image }}" - state: absent + - name: Ensure Matrix postmoogle paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_postmoogle_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml b/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml index b5d9d1ed2..1e31bd4f6 100644 --- a/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml @@ -1,9 +1,10 @@ --- -- name: Fail if required settings not defined +- name: Fail if required Postmoogle settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_bot_postmoogle_password" + - {'name': 'matrix_bot_postmoogle_password', when: true} + - {'name': 'matrix_bot_postmoogle_database_hostname', when: "{{ matrix_bot_postmoogle_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bot-postmoogle/templates/env.j2 b/roles/custom/matrix-bot-postmoogle/templates/env.j2 index c81510534..072d12dad 100644 --- a/roles/custom/matrix-bot-postmoogle/templates/env.j2 +++ b/roles/custom/matrix-bot-postmoogle/templates/env.j2 @@ -1,13 +1,12 @@ POSTMOOGLE_LOGIN={{ matrix_bot_postmoogle_login }} POSTMOOGLE_PASSWORD={{ matrix_bot_postmoogle_password }} POSTMOOGLE_HOMESERVER={{ matrix_bot_postmoogle_homeserver }} -POSTMOOGLE_DOMAIN={{ matrix_bot_postmoogle_domain }} +POSTMOOGLE_DOMAINS={{ matrix_bot_postmoogle_domains | join(' ') }} POSTMOOGLE_PORT={{ matrix_bot_postmoogle_port }} POSTMOOGLE_DB_DSN={{ matrix_bot_postmoogle_database_connection_string }} POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }} POSTMOOGLE_PREFIX={{ matrix_bot_postmoogle_prefix }} POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }} -POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }} POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }} POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }} POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }} @@ -16,5 +15,12 @@ POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }} POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }} POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }} POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }} +POSTMOOGLE_PROXIES={{ matrix_bot_postmoogle_proxies | join(' ') }} +POSTMOOGLE_MONITORING_SENTRY_DSN={{ matrix_bot_postmoogle_monitoring_sentry_dsn }} +POSTMOOGLE_MONITORING_SENTRY_RATE={{ matrix_bot_postmoogle_monitoring_sentry_rate }} +POSTMOOGLE_MONITORING_HEALTHCHECKS_UUID={{ matrix_bot_postmoogle_monitoring_healthchecks_uuid }} +POSTMOOGLE_MONITORING_HEALTHCHECKS_DURATION={{ matrix_bot_postmoogle_monitoring_healthchecks_duration }} +POSTMOOGLE_MAILBOXES_RESERVED={{ matrix_bot_postmoogle_mailboxes_reserved | join(' ') }} +POSTMOOGLE_MAILBOXES_ACTIVATION={{ matrix_bot_postmoogle_mailboxes_activation }} {{ matrix_bot_postmoogle_environment_variables_extension }} diff --git a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml index 9e061d678..ec194855e 100644 --- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml @@ -60,7 +60,7 @@ matrix_appservice_discord_sqlite_database_path_in_container: "/data/discord.db" matrix_appservice_discord_database_username: 'matrix_appservice_discord' matrix_appservice_discord_database_password: 'some-password' -matrix_appservice_discord_database_hostname: 'matrix-postgres' +matrix_appservice_discord_database_hostname: '' matrix_appservice_discord_database_port: 5432 matrix_appservice_discord_database_name: 'matrix_appservice_discord' diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml deleted file mode 100644 index 915d73021..000000000 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role. - when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed | default(False)" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord.service'] }}" - when: matrix_appservice_discord_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-appservice-discord-registration.yaml"] - }} - when: matrix_appservice_discord_enabled | bool diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml index 7ab8f3a65..926fe3670 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_appservice_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_appservice_discord_enabled | bool" + - when: matrix_appservice_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-appservice-discord + - install-all + - install-appservice-discord -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_appservice_discord_enabled | bool" - tags: - - setup-all - - setup-appservice-discord - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_appservice_discord_enabled | bool" +- block: + - when: not matrix_appservice_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-appservice-discord diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml index f04e7f69e..4a6419edd 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -12,8 +12,11 @@ - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" dst: "{{ matrix_appservice_discord_database_connString }}" caller: "{{ role_path | basename }}" @@ -21,10 +24,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-appservice-discord.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: true @@ -109,13 +108,9 @@ mode: 0644 register: matrix_appservice_discord_systemd_service_result -- name: Ensure systemd reloaded after matrix-appservice-discord.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_discord_systemd_service_result.changed" - - name: Ensure matrix-appservice-discord.service restarted, if necessary ansible.builtin.service: name: "matrix-appservice-discord.service" state: restarted + daemon_reload: true when: "matrix_appservice_discord_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 50d108fa5..ca2354c63 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" register: matrix_appservice_discord_service_stat -- name: Ensure matrix-appservice-discord is stopped - ansible.builtin.service: - name: matrix-appservice-discord - state: stopped - enabled: false - daemon_reload: true - when: "matrix_appservice_discord_service_stat.stat.exists" +- when: matrix_appservice_discord_service_stat.stat.exists | bool + block: + - name: Ensure matrix-appservice-discord is stopped + ansible.builtin.service: + name: matrix-appservice-discord + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-appservice-discord.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" - state: absent - when: "matrix_appservice_discord_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-discord.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_discord_service_stat.stat.exists" + - name: Ensure matrix-appservice-discord.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" + state: absent diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml index e005f162b..fab6a5b6e 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml @@ -1,16 +1,17 @@ --- -- name: Fail if required settings not defined +- name: Fail if required appservice-discord settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_appservice_discord_client_id" - - "matrix_appservice_discord_bot_token" - - "matrix_appservice_discord_appservice_token" - - "matrix_appservice_discord_homeserver_token" - - "matrix_appservice_discord_homeserver_domain" + - {'name': 'matrix_appservice_discord_client_id', when: true} + - {'name': 'matrix_appservice_discord_bot_token', when: true} + - {'name': 'matrix_appservice_discord_appservice_token', when: true} + - {'name': 'matrix_appservice_discord_homeserver_token', when: true} + - {'name': 'matrix_appservice_discord_homeserver_domain', when: true} + - {'name': 'matrix_appservice_discord_database_hostname', when: "{{ matrix_appservice_discord_database_engine == 'postgres' }}"} - name: (Deprecation) Catch and report renamed appservice-discord variables ansible.builtin.fail: diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index d54a7685d..5e8c11910 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -29,8 +29,8 @@ matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999' matrix_appservice_irc_database_engine: nedb matrix_appservice_irc_database_username: matrix_appservice_irc -matrix_appservice_irc_database_password: ~ -matrix_appservice_irc_database_hostname: 'matrix-postgres' +matrix_appservice_irc_database_password: 'some-password' +matrix_appservice_irc_database_hostname: '' matrix_appservice_irc_database_port: 5432 matrix_appservice_irc_database_name: matrix_appservice_irc diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml deleted file mode 100644 index 031271279..000000000 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the matrix-appservice-irc image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled" - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role. - when: "matrix_appservice_irc_enabled | bool and matrix_synapse_role_executed | default(False)" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc.service'] }}" - when: matrix_appservice_irc_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-appservice-irc-registration.yaml"] - }} - when: matrix_appservice_irc_enabled | bool diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml index 41d2017b0..1cc6b35c4 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_appservice_irc_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_appservice_irc_enabled | bool" + - when: matrix_appservice_irc_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-appservice-irc + - install-all + - install-appservice-irc -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_appservice_irc_enabled | bool" - tags: - - setup-all - - setup-appservice-irc - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_appservice_irc_enabled | bool" +- block: + - when: not matrix_appservice_irc_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-appservice-irc diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index 9dda24019..79978ecd3 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -2,8 +2,8 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." - when: "not matrix_postgres_enabled | bool" + msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate." + when: "not devture_postgres_enabled | bool" # Defaults @@ -14,19 +14,19 @@ # Actual import work -- name: Ensure matrix-postgres is started +- name: Ensure Postgres is started ansible.builtin.service: - name: matrix-postgres + name: "{{ devture_postgres_identifier }}" state: started daemon_reload: true - register: matrix_postgres_service_start_result + register: postgres_service_start_result - name: Wait a bit, so that Postgres can start ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false - when: "matrix_postgres_service_start_result.changed | bool" + when: postgres_service_start_result.changed | bool - name: Check existence of matrix-appservice-irc service ansible.builtin.stat: diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml index 32d87408d..a5fdacded 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- ansible.builtin.import_role: +- ansible.builtin.include_role: name: custom/matrix-base tasks_from: ensure_openssl_installed @@ -60,7 +60,7 @@ - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_irc_requires_restart: true @@ -199,13 +199,9 @@ mode: 0644 register: matrix_appservice_irc_systemd_service_result -- name: Ensure systemd reloaded after matrix-appservice-irc.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_irc_systemd_service_result.changed" - - name: Ensure matrix-appservice-irc.service restarted, if necessary ansible.builtin.service: name: "matrix-appservice-irc.service" state: restarted + daemon_reload: true when: "matrix_appservice_irc_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 8921d48e1..f16d3763f 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat -- name: Ensure matrix-appservice-irc is stopped - ansible.builtin.service: - name: matrix-appservice-irc - state: stopped - enabled: false - daemon_reload: true - when: "matrix_appservice_irc_service_stat.stat.exists" +- when: matrix_appservice_irc_service_stat.stat.exists | bool + block: + - name: Ensure matrix-appservice-irc is stopped + ansible.builtin.service: + name: matrix-appservice-irc + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-appservice-irc.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" - state: absent - when: "matrix_appservice_irc_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-irc.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_irc_service_stat.stat.exists" + - name: Ensure matrix-appservice-irc.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" + state: absent diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml index f0d887c8f..0c4c6c29d 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml @@ -3,11 +3,12 @@ - name: Fail if required settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_appservice_irc_appservice_token" - - "matrix_appservice_irc_homeserver_token" + - {'name': 'matrix_appservice_irc_appservice_token', when: true} + - {'name': 'matrix_appservice_irc_homeserver_token', when: true} + - {'name': 'matrix_appservice_irc_database_hostname', when: "{{ matrix_appservice_irc_database_engine == 'postgres' }}"} # Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to # let the playbook run without errors. diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml index f27f75c55..681695073 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -90,7 +90,7 @@ matrix_appservice_kakaotalk_sqlite_database_path_in_container: "/data/appservice matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk' matrix_appservice_kakaotalk_database_password: 'some-password' -matrix_appservice_kakaotalk_database_hostname: 'matrix-postgres' +matrix_appservice_kakaotalk_database_hostname: '' matrix_appservice_kakaotalk_database_port: 5432 matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk' diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml deleted file mode 100644 index 6112b5cce..000000000 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the appservice-kakaotalk image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_kakaotalk_container_image_self_build and matrix_appservice_kakaotalk_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] }}" - when: matrix_appservice_kakaotalk_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-appservice-kakaotalk-registration.yaml"] - }} - when: matrix_appservice_kakaotalk_enabled | bool diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml index dfb286f2c..14a30e65b 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_appservice_kakaotalk_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool" + - when: matrix_appservice_kakaotalk_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-appservice-kakaotalk + - install-all + - install-appservice-kakaotalk -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool" - tags: - - setup-all - - setup-appservice-kakaotalk - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_appservice_kakaotalk_enabled | bool" +- block: + - when: not matrix_appservice_kakaotalk_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-appservice-kakaotalk diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml index 2f5b6be15..bcf213cde 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-matrix-appservice-kakaotalk role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - name: Ensure matrix-appservice-kakaotalk image is pulled community.docker.docker_image: name: "{{ matrix_appservice_kakaotalk_docker_image }}" @@ -117,9 +109,3 @@ src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" mode: 0644 - register: matrix_appservice_kakaotalk_systemd_service_result - -- name: Ensure systemd reloaded after matrix-appservice-kakaotalk.service or matrix-appservice-kakaotalk-node.service installation - ansible.builtin.service: - daemon_reload: true - when: matrix_appservice_kakaotalk_node_systemd_service_result.changed or matrix_appservice_kakaotalk_systemd_service_result.changed diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml index 8e46d80f9..e258b9ab2 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml @@ -11,7 +11,7 @@ state: stopped enabled: false daemon_reload: true - when: "matrix_appservice_kakaotalk_service_stat.stat.exists" + when: matrix_appservice_kakaotalk_service_stat.stat.exists | bool - name: Check existence of matrix-appservice-kakaotalk-node service ansible.builtin.stat: @@ -24,7 +24,7 @@ state: stopped enabled: false daemon_reload: true - when: "matrix_appservice_kakaotalk_node_service_stat.stat.exists" + when: matrix_appservice_kakaotalk_node_service_stat.stat.exists | bool - name: Ensure matrix-appservice-kakaotalk.service files don't exist ansible.builtin.file: @@ -33,9 +33,4 @@ with_items: - "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service" - "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" - when: "matrix_appservice_kakaotalk_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_kakaotalk_service_stat.stat.exists or matrix_appservice_kakaotalk_node_service_stat.stat.exists" + when: matrix_appservice_kakaotalk_service_stat.stat.exists | bool or matrix_appservice_kakaotalk_node_service_stat.stat.exists | bool diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml index 4f838e7a5..63b173395 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required appservice-kakaotalk settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_appservice_kakaotalk_appservice_token" - - "matrix_appservice_kakaotalk_homeserver_token" + - {'name': 'matrix_appservice_kakaotalk_appservice_token', when: true} + - {'name': 'matrix_appservice_kakaotalk_homeserver_token', when: true} + - {'name': 'matrix_appservice_kakaotalk_database_hostname', when: "{{ matrix_appservice_kakaotalk_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 index 1bb87cb41..803d443fd 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -230,8 +230,8 @@ bridge: # $message - The message content message_formats: m.text: '$sender_displayname: $message' - m.notice: '$sender_displayname: $message' - m.emote: '* $sender_displayname $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' m.file: 'File from $sender_displayname: $message' m.image: 'Image from $sender_displayname: $message' m.audio: 'Audio from $sender_displayname: $message' diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index b5fbc13f9..6fb6d7e7f 100644 --- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_slack_version: 2.0.1 +matrix_appservice_slack_version: 2.0.2 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" @@ -57,8 +57,8 @@ matrix_appservice_slack_id_token: '' matrix_appservice_slack_database_engine: nedb matrix_appservice_slack_database_username: matrix_appservice_slack -matrix_appservice_slack_database_password: ~ -matrix_appservice_slack_database_hostname: 'matrix-postgres' +matrix_appservice_slack_database_password: 'some-passsword' +matrix_appservice_slack_database_hostname: '' matrix_appservice_slack_database_port: 5432 matrix_appservice_slack_database_name: matrix_appservice_slack diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml deleted file mode 100644 index 5d03b24b9..000000000 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the matrix-appservice-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled" - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack.service'] }}" - when: matrix_appservice_slack_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-appservice-slack-registration.yaml"] - }} - when: matrix_appservice_slack_enabled | bool - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - -- when: matrix_appservice_slack_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_appservice_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_appservice_slack_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; - {% endif %} - } - - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_appservice_slack_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}` - URL endpoint to the matrix-appservice-slack container. - You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..4ddcb954d --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_appservice_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_appservice_slack_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }}; + {% endif %} + } + +- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_appservice_slack_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}` + URL endpoint to the matrix-appservice-slack container. + You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. + when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml index cd83f61fb..41e2679ed 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_appservice_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_appservice_slack_enabled | bool" +- block: + - when: matrix_appservice_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_appservice_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-appservice-slack + - install-all + - install-appservice-slack -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_appservice_slack_enabled | bool" - tags: - - setup-all - - setup-appservice-slack - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_appservice_slack_enabled | bool" +- block: + - when: not matrix_appservice_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-appservice-slack diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index 0ed3e18b2..58c125ab9 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -2,8 +2,8 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." - when: "not matrix_postgres_enabled | bool" + msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate." + when: "not devture_postgres_enabled | bool" # Defaults @@ -14,19 +14,19 @@ # Actual import work -- name: Ensure matrix-postgres is started +- name: Ensure Postgres is started ansible.builtin.service: - name: matrix-postgres + name: "{{ devture_postgres_identifier }}" state: started daemon_reload: true - register: matrix_postgres_service_start_result + register: postgres_service_start_result - name: Wait a bit, so that Postgres can start ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 become: false - when: "matrix_postgres_service_start_result.changed | bool" + when: "postgres_service_start_result.changed | bool" - name: Ensure matrix-appservice-slack is stopped ansible.builtin.service: diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml index 2c7140851..9a72f69d0 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -26,7 +26,7 @@ - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: true @@ -87,15 +87,10 @@ src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" mode: 0644 - register: matrix_appservice_slack_systemd_service_result - -- name: Ensure systemd reloaded after matrix-appservice-slack.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_slack_systemd_service_result.changed" - name: Ensure matrix-appservice-slack.service restarted, if necessary ansible.builtin.service: name: "matrix-appservice-slack.service" state: restarted + daemon_reload: true when: "matrix_appservice_slack_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index 434f90676..51c77fef0 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" register: matrix_appservice_slack_service_stat -- name: Ensure matrix-appservice-slack is stopped - ansible.builtin.service: - name: matrix-appservice-slack - state: stopped - enabled: false - daemon_reload: true - when: "matrix_appservice_slack_service_stat.stat.exists" +- when: matrix_appservice_slack_service_stat.stat.exists | bool + block: + - name: Ensure matrix-appservice-slack is stopped + ansible.builtin.service: + name: matrix-appservice-slack + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-appservice-slack.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" - state: absent - when: "matrix_appservice_slack_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-slack.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_slack_service_stat.stat.exists" + - name: Ensure matrix-appservice-slack.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" + state: absent diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml index e00eb6d4a..ef97635ec 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml @@ -1,16 +1,17 @@ --- -- name: Fail if required settings not defined +- name: Fail if required appservice-slack settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_appservice_slack_control_room_id" - - "matrix_appservice_slack_appservice_token" - - "matrix_appservice_slack_homeserver_url" - - "matrix_appservice_slack_homeserver_token" - - "matrix_appservice_slack_id_token" + - {'name': 'matrix_appservice_slack_control_room_id', when: true} + - {'name': 'matrix_appservice_slack_appservice_token', when: true} + - {'name': 'matrix_appservice_slack_homeserver_url', when: true} + - {'name': 'matrix_appservice_slack_homeserver_token', when: true} + - {'name': 'matrix_appservice_slack_id_token', when: true} + - {'name': 'matrix_appservice_slack_database_hostname', when: "{{ matrix_appservice_slack_database_engine == 'postgres' }}"} - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml deleted file mode 100644 index 1f8ace9e8..000000000 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml +++ /dev/null @@ -1,86 +0,0 @@ ---- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks.service'] }}" - when: matrix_appservice_webhooks_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-appservice-webhooks-registration.yaml"] - }} - when: matrix_appservice_webhooks_enabled | bool - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - -- when: matrix_appservice_webhooks_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { - resolver 127.0.0.11 valid=5s; - set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; - proxy_pass http://$backend/$1; - } - {% else %} - {# Generic configuration for use outside of our container setup #} - location {{ matrix_appservice_webhooks_public_endpoint }}/ { - proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; - } - {% endif %} - - - name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}` - URL endpoint to the matrix-appservice-webhooks container. - You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable. - when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..2e4ad18e4 --- /dev/null +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,46 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_appservice_webhooks_matrix_nginx_proxy_configuration: | + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ { + resolver 127.0.0.11 valid=5s; + set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}"; + proxy_pass http://$backend/$1; + } + {% else %} + {# Generic configuration for use outside of our container setup #} + location {{ matrix_appservice_webhooks_public_endpoint }}/ { + proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/; + } + {% endif %} + +- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}` + URL endpoint to the matrix-appservice-webhooks container. + You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable. + when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml index 30f05469c..ae36cf700 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_appservice_webhooks_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool" +- block: + - when: matrix_appservice_webhooks_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_appservice_webhooks_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-appservice-webhooks + - install-all + - install-appservice-webhooks -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool" - tags: - - setup-all - - setup-appservice-webhooks - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_appservice_webhooks_enabled | bool" +- block: + - when: not matrix_appservice_webhooks_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-appservice-webhooks diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 734b6e60c..194ef0176 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -86,9 +86,3 @@ src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" mode: 0644 - register: matrix_appservice_webhooks_systemd_service_result - -- name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_webhooks_systemd_service_result.changed" diff --git a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 960fe58b0..c47b724cf 100644 --- a/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" register: matrix_appservice_webhooks_service_stat -- name: Ensure matrix-appservice-webhooks is stopped - ansible.builtin.service: - name: matrix-appservice-webhooks - state: stopped - enabled: false - daemon_reload: true - when: "matrix_appservice_webhooks_service_stat.stat.exists" +- when: matrix_appservice_webhooks_service_stat.stat.exists | bool + block: + - name: Ensure matrix-appservice-webhooks is stopped + ansible.builtin.service: + name: matrix-appservice-webhooks + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-appservice-webhooks.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" - state: absent - when: "matrix_appservice_webhooks_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_appservice_webhooks_service_stat.stat.exists" + - name: Ensure matrix-appservice-webhooks.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" + state: absent diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index 4f3d554b3..513eba14e 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -4,7 +4,7 @@ matrix_beeper_linkedin_enabled: true -matrix_beeper_linkedin_version: v0.5.3 +matrix_beeper_linkedin_version: v0.5.4 # See: https://github.com/beeper/linkedin/pkgs/container/linkedin matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}" @@ -27,6 +27,8 @@ matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" matrix_beeper_linkedin_bridge_presence: true +matrix_beeper_linkedin_bridge_space_support_enable: true + matrix_beeper_linkedin_command_prefix: "!li" matrix_beeper_linkedin_bridge_permissions: | @@ -55,8 +57,8 @@ matrix_beeper_linkedin_appservice_bot_username: linkedinbot matrix_beeper_linkedin_database_engine: "postgres" matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin' -matrix_beeper_linkedin_database_password: "" -matrix_beeper_linkedin_database_hostname: 'matrix-postgres' +matrix_beeper_linkedin_database_password: 'some-password' +matrix_beeper_linkedin_database_hostname: '' matrix_beeper_linkedin_database_port: 5432 matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml deleted file mode 100644 index 1208f185b..000000000 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" - when: matrix_beeper_linkedin_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-beeper-linkedin-registration.yaml"] - }} - when: matrix_beeper_linkedin_enabled | bool diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml index 8f295d2ca..502280428 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_beeper_linkedin_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_beeper_linkedin_enabled | bool" + - when: matrix_beeper_linkedin_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-beeper-linkedin + - install-all + - install-beeper-linkedin -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_beeper_linkedin_enabled" - tags: - - setup-all - - setup-beeper-linkedin - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_beeper_linkedin_enabled" +- block: + - when: not matrix_beeper_linkedin_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-beeper-linkedin diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 8784b6311..e553b9122 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -1,12 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - name: Ensure Beeper LinkedIn paths exists ansible.builtin.file: path: "{{ item.path }}" @@ -95,9 +88,3 @@ src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" mode: 0644 - register: matrix_beeper_linkedin_systemd_service_result - -- name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_beeper_linkedin_systemd_service_result.changed" diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index 4a75a4c7a..4d3334692 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" register: matrix_beeper_linkedin_service_stat -- name: Ensure matrix-beeper-linkedin is stopped - ansible.builtin.service: - name: matrix-beeper-linkedin - state: stopped - enabled: false - daemon_reload: true - when: "matrix_beeper_linkedin_service_stat.stat.exists" +- when: matrix_beeper_linkedin_service_stat.stat.exists | bool + block: + - name: Ensure matrix-beeper-linkedin is stopped + ansible.builtin.service: + name: matrix-beeper-linkedin + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-beeper-linkedin.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" - state: absent - when: "matrix_beeper_linkedin_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_beeper_linkedin_service_stat.stat.exists" + - name: Ensure matrix-beeper-linkedin.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" + state: absent diff --git a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml index 61489b7c6..59d56ca85 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required beeper-linkedin settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_beeper_linkedin_appservice_token" - - "matrix_beeper_linkedin_homeserver_token" + - {'name': 'matrix_beeper_linkedin_appservice_token', when: true} + - {'name': 'matrix_beeper_linkedin_homeserver_token', when: true} + - {'name': 'matrix_beeper_linkedin_database_hostname', when: "{{ matrix_beeper_linkedin_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index a30f24253..8b9c81ead 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -88,15 +88,15 @@ manhole: # Bridge config bridge: # Localpart template of MXIDs for LinkedIn users. + # {userid} is replaced with the user ID of the LinkedIn user username_template: "linkedin_{userid}" - # Displayname template for LinkedIn users. - # Localpart template for per-user room grouping community IDs. - # The bridge will create these communities and add all of the specific user's portals to the community. - # {localpart} is the MXID localpart and {server} is the MXID server part of the user. - # (Note that, by default, non-admins might not have your homeserver's permission to create - # communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.) - # `linkedin_{localpart}={server}` is a good value. - community_template: null + # Settings for creating a space for every user. + space_support: + # Whether or not to enable creating a space per user and inviting the + # user (as well as all of the puppets) to that space. + enable: {{ matrix_beeper_linkedin_bridge_space_support_enable|to_json }} + # The name of the space + name: "LinkedIn" # Displayname template for LinkedIn users. # {displayname} is replaced with the display name of the LinkedIn user diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index a6f7aa9d3..e3cdea4bb 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -56,7 +56,7 @@ matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge' matrix_go_skype_bridge_database_password: 'some-password' -matrix_go_skype_bridge_database_hostname: 'matrix-postgres' +matrix_go_skype_bridge_database_hostname: '' matrix_go_skype_bridge_database_port: 5432 matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge' diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml deleted file mode 100644 index 58808454f..000000000 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}" - when: matrix_go_skype_bridge_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-go-skype-bridge-registration.yaml"] - }} - when: matrix_go_skype_bridge_enabled | bool diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml index 39f4b2e52..5bf9236b5 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_go_skype_bridge_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool" + - when: matrix_go_skype_bridge_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-go-skype-bridge + - install-all + - install-go-skype-bridge -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_go_skype_bridge_enabled | bool" - tags: - - setup-all - - setup-go-skype-bridge - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_go_skype_bridge_enabled | bool" +- block: + - when: not matrix_go_skype_bridge_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-go-skype-bridge diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index 68718ccf3..6146637f5 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: false @@ -20,8 +12,11 @@ - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" dst: "{{ matrix_go_skype_bridge_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -30,10 +25,6 @@ systemd_services_to_stop: ['matrix-go-skype-bridge.service'] pgloader_options: ['--with "quote identifiers"'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: true @@ -136,13 +127,9 @@ mode: 0644 register: matrix_go_skype_bridge_systemd_service_result -- name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_go_skype_bridge_systemd_service_result.changed" - - name: Ensure matrix-go-skype-bridge.service restarted, if necessary ansible.builtin.service: name: "matrix-go-skype-bridge.service" state: restarted + daemon_reload: true when: "matrix_go_skype_bridge_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml index 975b25ab4..d7b5999a1 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "/etc/systemd/system/matrix-go-skype-bridge.service" register: matrix_go_skype_bridge_service_stat -- name: Ensure matrix-go-skype-bridge is stopped - ansible.builtin.service: - name: matrix-go-skype-bridge - state: stopped - enabled: false - daemon_reload: true - when: "matrix_go_skype_bridge_service_stat.stat.exists" +- when: matrix_go_skype_bridge_service_stat.stat.exists | bool + block: + - name: Ensure matrix-go-skype-bridge is stopped + ansible.builtin.service: + name: matrix-go-skype-bridge + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-go-skype-bridge.service doesn't exist - ansible.builtin.file: - path: "/etc/systemd/system/matrix-go-skype-bridge.service" - state: absent - when: "matrix_go_skype_bridge_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_go_skype_bridge_service_stat.stat.exists" + - name: Ensure matrix-go-skype-bridge.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-go-skype-bridge.service" + state: absent diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml index d681299f2..c9b3c2ffd 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required go-skype-bridge settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_go_skype_bridge_appservice_token" - - "matrix_go_skype_bridge_homeserver_token" + - {'name': 'matrix_go_skype_bridge_appservice_token', when: true} + - {'name': 'matrix_go_skype_bridge_homeserver_token', when: true} + - {'name': 'matrix_go_skype_bridge_database_hostname', when: "{{ matrix_go_skype_bridge_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml deleted file mode 100644 index dd3d4c7d0..000000000 --- a/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-heisenbridge role needs to execute before the matrix-synapse role. - when: "matrix_heisenbridge_enabled and matrix_synapse_role_executed | default(False)" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-heisenbridge.service'] }}" - when: matrix_heisenbridge_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/heisenbridge-registration.yaml"] - }} - when: matrix_heisenbridge_enabled | bool diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml index 6af9813ec..0d8354cf9 100644 --- a/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml @@ -1,17 +1,17 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_heisenbridge_enabled | bool" +- block: + - when: matrix_heisenbridge_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-heisenbridge + - install-all + - install-heisenbridge -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_heisenbridge_enabled | bool" +- block: + - when: not matrix_heisenbridge_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-heisenbridge diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml index 9a0cac354..23b7de5d9 100644 --- a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -34,9 +34,3 @@ src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" mode: 0644 - register: matrix_heisenbridge_systemd_service_result - -- name: Ensure systemd reloaded after matrix-heisenbridge.service installation - ansible.builtin.service: - daemon_reload: true - when: matrix_heisenbridge_systemd_service_result.changed diff --git a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index 688ff9d47..090427ca3 100644 --- a/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" register: matrix_heisenbridge_service_stat -- name: Ensure matrix-heisenbridge is stopped - ansible.builtin.service: - name: matrix-heisenbridge - state: stopped - enabled: false - daemon_reload: true - when: "matrix_heisenbridge_service_stat.stat.exists" +- when: matrix_heisenbridge_service_stat.stat.exists | bool + block: + - name: Ensure matrix-heisenbridge is stopped + ansible.builtin.service: + name: matrix-heisenbridge + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-heisenbridge.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" - state: absent - when: "matrix_heisenbridge_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-heisenbridge.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_heisenbridge_service_stat.stat.exists" + - name: Ensure matrix-heisenbridge.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" + state: absent diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 4e6965847..14c0e6df3 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 2.4.0 +matrix_hookshot_version: 2.5.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -52,7 +52,7 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook # You need to create a GitHub app to enable this and fill in the empty variables below # https://matrix-org.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false -matrix_hookshot_github_appid: '' +matrix_hookshot_github_auth_id: '' # Set this variable to the contents of the generated and downloaded GitHub private key: # matrix_hookshot_github_private_key: | # -----BEGIN RSA PRIVATE KEY----- @@ -61,22 +61,25 @@ matrix_hookshot_github_appid: '' # Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info. matrix_hookshot_github_private_key: '' matrix_hookshot_github_private_key_file: 'private-key.pem' -matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page +matrix_hookshot_github_webhook_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_oauth_enabled: false # You need to configure oauth settings only when you have enabled oauth (optional) -matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page -matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page +matrix_hookshot_github_oauth_client_id: '' # "Client ID" on the GitHub App page +matrix_hookshot_github_oauth_client_secret: '' # "Client Secret" on the GitHub App page # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" -matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}" +matrix_hookshot_github_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}" + # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration -matrix_hookshot_github_ignore_hooks: "{}" -matrix_hookshot_github_command_prefix: '!gh' -matrix_hookshot_github_showIssueRoomLink: false # noqa var-naming -matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" -matrix_hookshot_github_including_labels: '' -matrix_hookshot_github_excluding_labels: '' -matrix_hookshot_github_hotlink_prefix: "#" +matrix_hookshot_github_defaultOptions_ignoreHooks: {} # noqa var-naming +matrix_hookshot_github_defaultOptions_commandPrefix: '!gh' # noqa var-naming +matrix_hookshot_github_defaultOptions_showIssueRoomLink: false # noqa var-naming +matrix_hookshot_github_defaultOptions_prDiff: # noqa var-naming + enabled: false + maxLines: 5 +matrix_hookshot_github_defaultOptions_includingLabels: '' # noqa var-naming +matrix_hookshot_github_defaultOptions_excludingLabels: '' # noqa var-naming +matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix: "#" # noqa var-naming matrix_hookshot_gitlab_enabled: true @@ -91,7 +94,7 @@ matrix_hookshot_gitlab_instances: url: https://gitlab.com # This will be the "Secret token" you have to enter into all GitLab instances for authentication -matrix_hookshot_gitlab_secret: '' +matrix_hookshot_gitlab_webhook_secret: '' matrix_hookshot_figma_enabled: false @@ -104,33 +107,35 @@ matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hooks # teamId: your-team-id # accessToken: your-personal-access-token # passcode: your-webhook-passcode - +matrix_hookshot_figma_instances: {} matrix_hookshot_jira_enabled: false # Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth -matrix_hookshot_jira_secret: '' +matrix_hookshot_jira_webhook_secret: '' matrix_hookshot_jira_oauth_enabled: false -matrix_hookshot_jira_oauth_id: '' -matrix_hookshot_jira_oauth_secret: '' +matrix_hookshot_jira_oauth_client_id: '' +matrix_hookshot_jira_oauth_client_secret: '' # Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" -matrix_hookshot_jira_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}" +matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}" # No need to change these matrix_hookshot_generic_enabled: true +matrix_hookshot_generic_enableHttpGet: false # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" # urlprefix gets updated with protocol & port in group_vars/matrix_servers -matrix_hookshot_generic_urlprefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}" -matrix_hookshot_generic_allow_js_transformation_functions: false +matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}" # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap -matrix_hookshot_generic_user_id_prefix: '_webhooks_' +matrix_hookshot_generic_userIdPrefix: '_webhooks_' +matrix_hookshot_generic_allowJsTransformationFunctions: false +matrix_hookshot_generic_waitForComplete: false matrix_hookshot_feeds_enabled: true matrix_hookshot_feeds_pollIntervalSeconds: 600 # noqa var-naming -matrix_hookshot_feeds_pollTimeoutSeconds: 10 # noqa var-naming +matrix_hookshot_feeds_pollTimeoutSeconds: 30 # noqa var-naming # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. @@ -141,6 +146,8 @@ matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_internal: "/v1" matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" +# Valid logging levels are: debug, info, warn, error +matrix_hookshot_logging_level: warn matrix_hookshot_widgets_enabled: true matrix_hookshot_widgets_port: 9003 diff --git a/roles/custom/matrix-bridge-hookshot/tasks/init.yml b/roles/custom/matrix-bridge-hookshot/tasks/init.yml deleted file mode 100644 index 63921f311..000000000 --- a/roles/custom/matrix-bridge-hookshot/tasks/init.yml +++ /dev/null @@ -1,141 +0,0 @@ ---- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-hookshot role needs to execute before the matrix-synapse role. - when: "matrix_hookshot_enabled and matrix_synapse_role_executed | default(False)" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}" - when: matrix_hookshot_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/hookshot-registration.yml"] - }} - when: matrix_hookshot_enabled | bool - -- when: matrix_hookshot_enabled | bool - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_hookshot_matrix_nginx_proxy_configuration: | - location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; - {% endif %} - proxy_set_header Host $host; - } - {% if matrix_hookshot_provisioning_enabled %} - location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; - {% endif %} - proxy_set_header Host $host; - } - {% endif %} - {% if matrix_hookshot_widgets_enabled %} - location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; - proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; - {% endif %} - proxy_set_header Host $host; - } - {% endif %} - location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; - proxy_pass http://$backend/$1$is_args$args; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args; - {% endif %} - proxy_set_header Host $host; - } - - - name: Register hookshot proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_hookshot_matrix_nginx_proxy_configuration] - }} - - - name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) - ansible.builtin.set_fact: - matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | - location /metrics/hookshot { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; - proxy_pass http://$backend/metrics; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; - {% endif %} - } - when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool - - - name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] - }} - when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` - URL endpoint to the matrix-hookshot container. - You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. - when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..5712489c3 --- /dev/null +++ b/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,111 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_hookshot_matrix_nginx_proxy_configuration: | + location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1; + {% endif %} + proxy_set_header Host $host; + } + {% if matrix_hookshot_provisioning_enabled %} + location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; + proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} + {% if matrix_hookshot_widgets_enabled %} + location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; + proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} + location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; + proxy_pass http://$backend/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + +- name: Register hookshot proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_hookshot_matrix_nginx_proxy_configuration] + }} + +- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) + ansible.builtin.set_fact: + matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: | + location /metrics/hookshot { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}"; + proxy_pass http://$backend/metrics; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics; + {% endif %} + } + when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool + +- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] + }} + when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` + URL endpoint to the matrix-hookshot container. + You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-hookshot/tasks/main.yml b/roles/custom/matrix-bridge-hookshot/tasks/main.yml index 99febe114..c7ffc3041 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/main.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_hookshot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_hookshot_enabled | bool" +- block: + - when: matrix_hookshot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_hookshot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-hookshot + - install-all + - install-hookshot -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_hookshot_enabled | bool" - tags: - - setup-all - - setup-hookshot - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_hookshot_enabled | bool" +- block: + - when: not matrix_hookshot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-hookshot diff --git a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml index e13af1986..e9b277ce4 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- ansible.builtin.import_role: +- ansible.builtin.include_role: name: custom/matrix-base tasks_from: ensure_openssl_installed @@ -110,9 +110,3 @@ src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" mode: 0644 - register: matrix_hookshot_systemd_service_result - -- name: Ensure systemd reloaded after matrix-hookshot.service installation - ansible.builtin.service: - daemon_reload: true - when: matrix_hookshot_systemd_service_result.changed diff --git a/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml index 2028a34e1..b4c72d38a 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" register: matrix_hookshot_service_stat -- name: Ensure matrix-hookshot is stopped - ansible.builtin.service: - name: matrix-hookshot - state: stopped - enabled: false - daemon_reload: true - when: "matrix_hookshot_service_stat.stat.exists" +- when: matrix_hookshot_service_stat.stat.exists | bool + block: + - name: Ensure matrix-hookshot is stopped + ansible.builtin.service: + name: matrix-hookshot + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-hookshot.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" - state: absent - when: "matrix_hookshot_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-hookshot.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_hookshot_service_stat.stat.exists" + - name: Ensure matrix-hookshot.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" + state: absent diff --git a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml index 3392f1b64..91d29eceb 100644 --- a/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml @@ -1,5 +1,34 @@ --- +- name: (Deprecation) Catch and report renamed Hookshot variables + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'} + - {'old': 'matrix_hookshot_generic_urlprefix', 'new': 'matrix_hookshot_generic_urlPrefix'} + - {'old': 'matrix_hookshot_generic_allow_js_transformation_functions', 'new': 'matrix_hookshot_generic_allowJsTransformationFunctions'} + - {'old': 'matrix_hookshot_generic_user_id_prefix', 'new': 'matrix_hookshot_generic_userIdPrefix'} + - {'old': 'matrix_hookshot_github_secret', 'new': 'matrix_hookshot_github_webhook_secret'} + - {'old': 'matrix_hookshot_github_appid', 'new': 'matrix_hookshot_github_auth_id'} + - {'old': 'matrix_hookshot_github_oauth_id', 'new': 'matrix_hookshot_github_oauth_client_id'} + - {'old': 'matrix_hookshot_github_oauth_secret', 'new': 'matrix_hookshot_github_oauth_client_secret'} + - {'old': 'matrix_hookshot_github_oauth_uri', 'new': 'matrix_hookshot_github_oauth_redirect_uri'} + - {'old': 'matrix_hookshot_github_ignore_hooks', 'new': 'matrix_hookshot_github_defaultOptions_ignoreHooks'} + - {'old': 'matrix_hookshot_github_command_prefix', 'new': 'matrix_hookshot_github_defaultOptions_commandPrefix'} + - {'old': 'matrix_hookshot_github_showIssueRoomLink', 'new': 'matrix_hookshot_github_defaultOptions_showIssueRoomLink'} + - {'old': 'matrix_hookshot_github_pr_diff', 'new': 'matrix_hookshot_github_defaultOptions_prDiff'} + - {'old': 'matrix_hookshot_github_including_labels', 'new': 'matrix_hookshot_github_defaultOptions_includingLabels'} + - {'old': 'matrix_hookshot_github_excluding_labels', 'new': 'matrix_hookshot_github_defaultOptions_excludingLabels'} + - {'old': 'matrix_hookshot_github_hotlink_prefix', 'new': 'matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix'} + - {'old': 'matrix_hookshot_jira_secret', 'new': 'matrix_hookshot_jira_webhook_secret'} + - {'old': 'matrix_hookshot_jira_oauth_id', 'new': 'matrix_hookshot_jira_oauth_client_id'} + - {'old': 'matrix_hookshot_jira_oauth_secret', 'new': 'matrix_hookshot_jira_oauth_client_secret'} + - {'old': 'matrix_hookshot_jira_oauth_uri', 'new': 'matrix_hookshot_jira_oauth_client_secret'} + - {'old': 'matrix_hookshot_gitlab_secret', 'new': 'matrix_hookshot_gitlab_webhook_secret'} + - name: Fail if required settings not defined ansible.builtin.fail: msg: >- @@ -15,8 +44,8 @@ You need to define a required configuration setting (`{{ item }}`) to enable GitHub. when: "matrix_hookshot_github_enabled and vars[item] == ''" with_items: - - "matrix_hookshot_github_appid" - - "matrix_hookshot_github_secret" + - "matrix_hookshot_github_auth_id" + - "matrix_hookshot_github_webhook_secret" - name: Fail if required GitHub OAuth settings not defined ansible.builtin.fail: @@ -24,8 +53,8 @@ You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth. when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''" with_items: - - "matrix_hookshot_github_oauth_id" - - "matrix_hookshot_github_oauth_secret" + - "matrix_hookshot_github_oauth_client_id" + - "matrix_hookshot_github_oauth_client_secret" - name: Fail if required Jira settings not defined ansible.builtin.fail: @@ -33,7 +62,7 @@ You need to define a required configuration setting (`{{ item }}`) to enable Jira. when: "matrix_hookshot_jira_enabled and vars[item] == ''" with_items: - - "matrix_hookshot_jira_secret" + - "matrix_hookshot_jira_webhook_secret" - name: Fail if required Jira OAuth settings not defined ansible.builtin.fail: @@ -41,14 +70,14 @@ You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth. when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''" with_items: - - "matrix_hookshot_jira_oauth_id" - - "matrix_hookshot_jira_oauth_secret" + - "matrix_hookshot_jira_oauth_client_id" + - "matrix_hookshot_jira_oauth_client_secret" - name: Fail if required Figma settings not defined ansible.builtin.fail: msg: >- - You need to define at least one Figma instance to enable Figma. - when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances is undefined" + You need to define at least one Figma instance in `matrix_hookshot_figma_instances` to enable Figma. + when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances | length == 0" - name: Fail if required provisioning settings not defined ansible.builtin.fail: @@ -58,15 +87,6 @@ with_items: - "matrix_hookshot_provisioning_secret" -- name: (Deprecation) Catch and report renamed Hookshot variables - ansible.builtin.fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'} - - name: (Deprecation) Catch and report old metrics usage ansible.builtin.fail: msg: >- diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 index 527afafaf..c3b0bbd48 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 @@ -14,69 +14,70 @@ github: auth: # Authentication for the GitHub App. # - id: {{ matrix_hookshot_github_appid }} + id: {{ matrix_hookshot_github_auth_id | to_json }} privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }} webhook: # Webhook settings for the GitHub app. # - secret: {{ matrix_hookshot_github_secret|to_json }} + secret: {{ matrix_hookshot_github_webhook_secret | to_json }} {% if matrix_hookshot_github_oauth_enabled %} oauth: # (Optional) Settings for allowing users to sign in via OAuth. # - client_id: {{ matrix_hookshot_github_oauth_id }} - client_secret: {{ matrix_hookshot_github_oauth_secret|to_json }} - redirect_uri: {{ matrix_hookshot_github_oauth_uri }} + client_id: {{ matrix_hookshot_github_oauth_client_id | to_json }} + client_secret: {{ matrix_hookshot_github_oauth_client_secret | to_json }} + redirect_uri: {{ matrix_hookshot_github_oauth_redirect_uri | to_json }} {% endif %} defaultOptions: # (Optional) Default options for GitHub connections. # - ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} - commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" - showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }} - prDiff: {{ matrix_hookshot_github_pr_diff }} - includingLabels:{{ matrix_hookshot_github_including_labels }} - excludingLabels: {{ matrix_hookshot_github_excluding_labels }} + ignoreHooks: {{ matrix_hookshot_github_defaultOptions_ignoreHooks | to_json }} + commandPrefix: {{ matrix_hookshot_github_defaultOptions_commandPrefix | to_json }} + showIssueRoomLink: {{ matrix_hookshot_github_defaultOptions_showIssueRoomLink | to_json }} + prDiff: {{ matrix_hookshot_github_defaultOptions_prDiff | to_json }} + includingLabels: {{ matrix_hookshot_github_defaultOptions_includingLabels | to_json }} + excludingLabels: {{ matrix_hookshot_github_defaultOptions_excludingLabels | to_json }} hotlinkIssues: - prefix: "{{ matrix_hookshot_github_hotlink_prefix }}" + prefix: {{ matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix | to_json }} {% endif %} {% if matrix_hookshot_gitlab_enabled %} gitlab: # (Optional) Configure this to enable GitLab support # - instances: - {{ matrix_hookshot_gitlab_instances }} + instances: {{ matrix_hookshot_gitlab_instances | to_json }} webhook: - secret: {{ matrix_hookshot_gitlab_secret|to_json }} + secret: {{ matrix_hookshot_gitlab_webhook_secret | to_json }} {% endif %} {% if matrix_hookshot_figma_enabled %} figma: # (Optional) Configure this to enable Figma support # - publicUrl: {{ matrix_hookshot_figma_publicUrl }} - instances: {{ matrix_hookshot_figma_instances }} + publicUrl: {{ matrix_hookshot_figma_publicUrl | to_json }} + instances: {{ matrix_hookshot_figma_instances | to_json }} {% endif %} {% if matrix_hookshot_jira_enabled %} jira: # (Optional) Configure this to enable Jira support # webhook: - secret: {{ matrix_hookshot_jira_secret|to_json }} + secret: {{ matrix_hookshot_jira_webhook_secret | to_json }} {% if matrix_hookshot_jira_oauth_enabled %} oauth: - client_id: {{ matrix_hookshot_jira_oauth_id|to_json }} - client_secret: {{ matrix_hookshot_jira_oauth_secret|to_json }} - redirect_uri: {{ matrix_hookshot_jira_oauth_uri }} + client_id: {{ matrix_hookshot_jira_oauth_client_id | to_json }} + client_secret: {{ matrix_hookshot_jira_oauth_client_secret | to_json }} + redirect_uri: {{ matrix_hookshot_jira_oauth_redirect_uri | to_json }} {% endif %} {% endif %} {% if matrix_hookshot_generic_enabled %} generic: # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments # - enabled: {{ matrix_hookshot_generic_enabled }} - urlPrefix: {{ matrix_hookshot_generic_urlprefix }} - allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} - userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} + enabled: {{ matrix_hookshot_generic_enabled | to_json }} + enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }} + urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }} + userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }} + allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }} + waitForComplete: {{ matrix_hookshot_generic_waitForComplete | to_json }} {% endif %} {% if matrix_hookshot_feeds_enabled %} feeds: @@ -90,7 +91,7 @@ feeds: provisioning: # (Optional) Provisioning API for integration managers # - secret: {{ matrix_hookshot_provisioning_secret|to_json }} + secret: {{ matrix_hookshot_provisioning_secret | to_json }} {% endif %} passFile: # A passkey used to encrypt tokens stored inside the bridge. @@ -100,34 +101,34 @@ passFile: bot: # (Optional) Define profile information for the bot user # - displayname: {{ matrix_hookshot_bot_displayname }} - avatar: {{ matrix_hookshot_bot_avatar }} + displayname: {{ matrix_hookshot_bot_displayname | to_json }} + avatar: {{ matrix_hookshot_bot_avatar | to_json }} metrics: # (Optional) Prometheus metrics support # - enabled: {{ matrix_hookshot_metrics_enabled }} + enabled: {{ matrix_hookshot_metrics_enabled | to_json }} logging: # (Optional) Logging settings. You can have a severity debug,info,warn,error # - level: warn + level: {{ matrix_hookshot_logging_level | to_json }} {% if matrix_hookshot_widgets_enabled %} widgets: # (Optional) EXPERIMENTAL support for complimentary widgets # - addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }} + addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms | to_json }} {% if matrix_hookshot_widgets_roomSetupWidget_enabled %} roomSetupWidget: - addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }} + addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite | to_json }} {% endif %} {% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %} - disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }} + disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges | to_json }} {% endif %} - publicUrl: {{ matrix_hookshot_widgets_publicUrl }} + publicUrl: {{ matrix_hookshot_widgets_publicUrl | to_json }} branding: - widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }} + widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle | to_json }} {% endif %} {% if matrix_hookshot_permissions %} -permissions: {{ matrix_hookshot_permissions }} +permissions: {{ matrix_hookshot_permissions | to_json }} {% endif %} listeners: # (Optional) HTTP Listener configuration. diff --git a/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 index d076ea108..87509a127 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -18,7 +18,7 @@ namespaces: exclusive: true {% endif %} {% if matrix_hookshot_generic_enabled %} - - regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf + - regex: "@{{ matrix_hookshot_generic_userIdPrefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf exclusive: true {% endif %} aliases: diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 7163954a4..a66d5c6ad 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -67,7 +67,7 @@ matrix_mautrix_discord_sqlite_database_path_in_container: "/data/mautrix-discord matrix_mautrix_discord_database_username: 'matrix_mautrix_discord' matrix_mautrix_discord_database_password: 'some-password' -matrix_mautrix_discord_database_hostname: 'matrix-postgres' +matrix_mautrix_discord_database_hostname: '' matrix_mautrix_discord_database_port: 5432 matrix_mautrix_discord_database_name: 'matrix_mautrix_discord' @@ -141,6 +141,6 @@ matrix_mautrix_discord_bridge_encryption_allow: false matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" -# On conduit this option may prevent you from joining spaces created by the bridge. -# Setting this to false fixes the issue. +# On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge. +# Setting this to false fixed the issue. matrix_mautrix_discord_bridge_restricted_rooms: true diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml deleted file mode 100644 index 3f94a73ad..000000000 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-discord.service'] }}" - when: matrix_mautrix_discord_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_discord_config_path }}/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-discord-registration.yaml"] - }} - when: matrix_mautrix_discord_enabled | bool diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml index 9eaadf684..cc90f2fae 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml @@ -1,22 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_discord_enabled | bool" +- block: + - when: matrix_mautrix_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-discord + - install-all + - install-mautrix-discord -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_mautrix_discord_enabled" - tags: - - setup-all - - setup-mautrix-discord - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_mautrix_discord_enabled" +- block: + - when: not matrix_mautrix_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-discord diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml index 06bae8dd0..f16422f7a 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-discord role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_mautrix_discord_requires_restart: false @@ -20,8 +12,11 @@ - when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_discord_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -30,10 +25,6 @@ systemd_services_to_stop: ['matrix-mautrix-discord.service'] pgloader_options: ['--with "quote identifiers"'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mautrix_discord_requires_restart: true @@ -109,13 +100,9 @@ mode: 0644 register: matrix_mautrix_discord_systemd_service_result -- name: Ensure systemd reloaded after matrix-mautrix-discord.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_discord_systemd_service_result.changed" - - name: Ensure matrix-mautrix-discord.service restarted, if necessary ansible.builtin.service: name: "matrix-mautrix-discord.service" state: restarted + daemon_reload: true when: "matrix_mautrix_discord_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml index d75f51647..ade37c2f8 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" register: matrix_mautrix_discord_service_stat -- name: Ensure matrix-mautrix-discord is stopped - ansible.builtin.service: - name: matrix-mautrix-discord - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_discord_service_stat.stat.exists" +- when: matrix_mautrix_discord_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-discord is stopped + ansible.builtin.service: + name: matrix-mautrix-discord + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-discord.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" - state: absent - when: "matrix_mautrix_discord_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-discord.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_discord_service_stat.stat.exists" + - name: Ensure matrix-mautrix-discord.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml index 4ba7e1270..8f4fe29e4 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-discord settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_discord_appservice_token" - - "matrix_mautrix_discord_homeserver_token" + - {'name': 'matrix_mautrix_discord_appservice_token', when: true} + - {'name': 'matrix_mautrix_discord_homeserver_token', when: true} + - {'name': 'matrix_mautrix_discord_database_hostname', when: "{{ matrix_mautrix_discord_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index 719c86dc0..989720140 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.4.0 +matrix_mautrix_facebook_version: v0.4.1 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" @@ -74,7 +74,7 @@ matrix_mautrix_facebook_sqlite_database_path_in_container: "/data/mautrix-facebo matrix_mautrix_facebook_database_username: 'matrix_mautrix_facebook' matrix_mautrix_facebook_database_password: 'some-password' -matrix_mautrix_facebook_database_hostname: 'matrix-postgres' +matrix_mautrix_facebook_database_hostname: '' matrix_mautrix_facebook_database_port: 5432 matrix_mautrix_facebook_database_name: 'matrix_mautrix_facebook' diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml deleted file mode 100644 index 5565689f4..000000000 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Mautrix-Facebook image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}" - when: matrix_mautrix_facebook_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-facebook-registration.yaml"] - }} - when: matrix_mautrix_facebook_enabled | bool - -- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mautrix_facebook_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_facebook_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-facebook:29319"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9008; - {% endif %} - } - - - name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mautrix_facebook_matrix_nginx_proxy_configuration] - }} - - - name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}` - URL endpoint to the matrix-mautrix-facebook container. - You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. - when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..b9f95cb7d --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_facebook_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_facebook_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-facebook:29319"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9008; + {% endif %} + } + +- name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mautrix_facebook_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}` + URL endpoint to the matrix-mautrix-facebook container. + You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml index 3ef2cb233..fa7cec7dc 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool" +- block: + - when: matrix_mautrix_facebook_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_facebook_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-facebook + - install-all + - install-mautrix-facebook -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool" - tags: - - setup-all - - setup-mautrix-facebook - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mautrix_facebook_enabled | bool" +- block: + - when: not matrix_mautrix_facebook_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-facebook diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 50a024270..758a5feda 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: false @@ -20,8 +12,11 @@ - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_facebook_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -29,10 +24,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-facebook.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: true @@ -124,15 +115,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" mode: 0644 - register: matrix_mautrix_facebook_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_facebook_systemd_service_result.changed" - name: Ensure matrix-mautrix-facebook.service restarted, if necessary ansible.builtin.service: name: "matrix-mautrix-facebook.service" state: restarted + daemon_reload: true when: "matrix_mautrix_facebook_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index fb235b54a..566da5b71 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" register: matrix_mautrix_facebook_service_stat -- name: Ensure matrix-mautrix-facebook is stopped - ansible.builtin.service: - name: matrix-mautrix-facebook - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_facebook_service_stat.stat.exists" +- when: matrix_mautrix_facebook_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-facebook is stopped + ansible.builtin.service: + name: matrix-mautrix-facebook + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-facebook.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" - state: absent - when: "matrix_mautrix_facebook_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_facebook_service_stat.stat.exists" + - name: Ensure matrix-mautrix-facebook.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index 04e45c319..d61981a67 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -1,14 +1,15 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-facebook settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_facebook_public_endpoint" - - "matrix_mautrix_facebook_appservice_token" - - "matrix_mautrix_facebook_homeserver_token" + - {'name': 'matrix_mautrix_facebook_public_endpoint', when: true} + - {'name': 'matrix_mautrix_facebook_appservice_token', when: true} + - {'name': 'matrix_mautrix_facebook_homeserver_token', when: true} + - {'name': 'matrix_mautrix_facebook_database_hostname', when: "{{ matrix_mautrix_facebook_database_engine == 'postgres' }}"} - when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" block: diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 3318255dc..b8e25feeb 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -216,8 +216,8 @@ bridge: # $message - The message content message_formats: m.text: '$sender_displayname: $message' - m.notice: '$sender_displayname: $message' - m.emote: '* $sender_displayname $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' m.file: '$sender_displayname sent a file' m.image: '$sender_displayname sent an image' m.audio: '$sender_displayname sent an audio file' diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml index a4b1438b0..f432cc637 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}" -matrix_mautrix_googlechat_version: v0.3.3 +matrix_mautrix_googlechat_version: v0.4.0 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" @@ -68,7 +68,7 @@ matrix_mautrix_googlechat_sqlite_database_path_in_container: "/data/mautrix-goog matrix_mautrix_googlechat_database_username: 'matrix_mautrix_googlechat' matrix_mautrix_googlechat_database_password: 'some-password' -matrix_mautrix_googlechat_database_hostname: 'matrix-postgres' +matrix_mautrix_googlechat_database_hostname: '' matrix_mautrix_googlechat_database_port: 5432 matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat' diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml deleted file mode 100644 index c4ae920c4..000000000 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Mautrix-Google Chat image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_googlechat_container_image_self_build and matrix_mautrix_googlechat_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-googlechat.service'] }}" - when: matrix_mautrix_googlechat_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-googlechat-registration.yaml"] - }} - when: matrix_mautrix_googlechat_enabled | bool - -- when: matrix_mautrix_googlechat_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_googlechat_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-googlechat:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}` - URL endpoint to the matrix-mautrix-googlechat container. - You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable. - when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..6a417b61e --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,43 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_googlechat_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-googlechat:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } +- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}` + URL endpoint to the matrix-mautrix-googlechat container. + You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable. + when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml index 070abfcd9..917ba7a9d 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_mautrix_googlechat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool" +- block: + - when: matrix_mautrix_googlechat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_googlechat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-googlechat + - install-all + - install-mautrix-googlechat -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool" - tags: - - setup-all - - setup-mautrix-googlechat - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mautrix_googlechat_enabled | bool" +- block: + - when: not matrix_mautrix_googlechat_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-googlechat diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index daadcba24..c1258471c 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-googlechat role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: false @@ -20,8 +12,11 @@ - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_googlechat_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -29,10 +24,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-googlechat.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: true @@ -124,15 +115,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" mode: 0644 - register: matrix_mautrix_googlechat_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_googlechat_systemd_service_result.changed" - name: Ensure matrix-mautrix-googlechat.service restarted, if necessary ansible.builtin.service: name: "matrix-mautrix-googlechat.service" state: restarted + daemon_reload: true when: "matrix_mautrix_googlechat_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index 37a4e6751..12b486308 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" register: matrix_mautrix_googlechat_service_stat -- name: Ensure matrix-mautrix-googlechat is stopped - ansible.builtin.service: - name: matrix-mautrix-googlechat - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_googlechat_service_stat.stat.exists" +- when: matrix_mautrix_googlechat_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-googlechat is stopped + ansible.builtin.service: + name: matrix-mautrix-googlechat + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-googlechat.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" - state: absent - when: "matrix_mautrix_googlechat_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_googlechat_service_stat.stat.exists" + - name: Ensure matrix-mautrix-googlechat.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml index fc36472eb..06cb8de76 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml @@ -1,14 +1,12 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-googlechat settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_googlechat_public_endpoint" - - "matrix_mautrix_googlechat_appservice_token" - - "matrix_mautrix_googlechat_homeserver_token" -- ansible.builtin.debug: - msg: - - '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}' + - {'name': 'matrix_mautrix_googlechat_public_endpoint', when: true} + - {'name': 'matrix_mautrix_googlechat_appservice_token', when: true} + - {'name': 'matrix_mautrix_googlechat_homeserver_token', when: true} + - {'name': 'matrix_mautrix_googlechat_database_hostname', when: "{{ matrix_mautrix_googlechat_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml index 8b338fd76..27f3e5930 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -65,7 +65,7 @@ matrix_mautrix_hangouts_sqlite_database_path_in_container: "/data/mautrix-hangou matrix_mautrix_hangouts_database_username: 'matrix_mautrix_hangouts' matrix_mautrix_hangouts_database_password: 'some-password' -matrix_mautrix_hangouts_database_hostname: 'matrix-postgres' +matrix_mautrix_hangouts_database_hostname: '' matrix_mautrix_hangouts_database_port: 5432 matrix_mautrix_hangouts_database_name: 'matrix_mautrix_hangouts' diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml deleted file mode 100644 index 380dc4b38..000000000 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Mautrix-Hangouts image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}" - when: matrix_mautrix_hangouts_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-hangouts-registration.yaml"] - }} - when: matrix_mautrix_hangouts_enabled | bool - -- when: matrix_mautrix_hangouts_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_hangouts_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-hangouts:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9007; - {% endif %} - } - - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` - URL endpoint to the matrix-mautrix-hangouts container. - You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. - when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..b5696c841 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_hangouts_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-hangouts:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + +- name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` + URL endpoint to the matrix-mautrix-hangouts container. + You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. + when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml index d69136899..e9d8048c7 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_mautrix_hangouts_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool" +- block: + - when: matrix_mautrix_hangouts_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_hangouts_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-hangouts + - install-all + - install-mautrix-hangouts -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool" - tags: - - setup-all - - setup-mautrix-hangouts - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mautrix_hangouts_enabled | bool" +- block: + - when: not matrix_mautrix_hangouts_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-hangouts diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index a846a7b06..f8fdb023d 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: false @@ -20,8 +12,11 @@ - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_hangouts_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -29,10 +24,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-hangouts.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: true @@ -124,15 +115,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" mode: 0644 - register: matrix_mautrix_hangouts_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_hangouts_systemd_service_result.changed" - name: Ensure matrix-mautrix-hangouts.service restarted, if necessary ansible.builtin.service: name: "matrix-mautrix-hangouts.service" state: restarted + daemon_reload: true when: "matrix_mautrix_hangouts_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index b7ff72393..02d7183f6 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" register: matrix_mautrix_hangouts_service_stat -- name: Ensure matrix-mautrix-hangouts is stopped - ansible.builtin.service: - name: matrix-mautrix-hangouts - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_hangouts_service_stat.stat.exists" +- when: matrix_mautrix_hangouts_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-hangouts is stopped + ansible.builtin.service: + name: matrix-mautrix-hangouts + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-hangouts.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" - state: absent - when: "matrix_mautrix_hangouts_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_hangouts_service_stat.stat.exists" + - name: Ensure matrix-mautrix-hangouts.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index c80586e09..11635642c 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -1,14 +1,12 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-hangouts settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_hangouts_public_endpoint" - - "matrix_mautrix_hangouts_appservice_token" - - "matrix_mautrix_hangouts_homeserver_token" -- ansible.builtin.debug: - msg: - - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' + - {'name': 'matrix_mautrix_hangouts_public_endpoint', when: true} + - {'name': 'matrix_mautrix_hangouts_appservice_token', when: true} + - {'name': 'matrix_mautrix_hangouts_homeserver_token', when: true} + - {'name': 'matrix_mautrix_hangouts_database_hostname', when: "{{ matrix_mautrix_hangouts_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index dcdf6723d..0e726aa80 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}" -matrix_mautrix_instagram_version: v0.2.2 +matrix_mautrix_instagram_version: v0.2.3 # See: https://mau.dev/tulir/mautrix-instagram/container_registry matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" @@ -55,7 +55,7 @@ matrix_mautrix_instagram_database_engine: 'postgres' matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram' matrix_mautrix_instagram_database_password: 'some-password' -matrix_mautrix_instagram_database_hostname: 'matrix-postgres' +matrix_mautrix_instagram_database_hostname: '' matrix_mautrix_instagram_database_port: 5432 matrix_mautrix_instagram_database_name: 'matrix_mautrix_instagram' diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml deleted file mode 100644 index 7ef037e33..000000000 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Mautrix-Instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build and matrix_mautrix_instagram_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}" - when: matrix_mautrix_instagram_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-instagram-registration.yaml"] - }} - when: matrix_mautrix_instagram_enabled | bool diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml index d5becb6d3..2bd0417ee 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_mautrix_instagram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool" + - when: matrix_mautrix_instagram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-instagram + - install-all + - install-mautrix-instagram -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mautrix_instagram_enabled | bool" - tags: - - setup-all - - setup-mautrix-instagram - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mautrix_instagram_enabled | bool" +- block: + - when: not matrix_mautrix_instagram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-instagram diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 19a2ff9ae..68891c9eb 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -1,11 +1,4 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-instagram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - name: Ensure Mautrix instagram image is pulled community.docker.docker_image: @@ -77,9 +70,3 @@ src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" mode: 0644 - register: matrix_mautrix_instagram_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_instagram_systemd_service_result.changed" diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index a029a90ac..6ac0f6d52 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -4,21 +4,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" register: matrix_mautrix_instagram_service_stat -- name: Ensure matrix-mautrix-instagram is stopped - ansible.builtin.service: - name: matrix-mautrix-instagram - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_instagram_service_stat.stat.exists" +- when: matrix_mautrix_instagram_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-instagram is stopped + ansible.builtin.service: + name: matrix-mautrix-instagram + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-instagram.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" - state: absent - when: "matrix_mautrix_instagram_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_instagram_service_stat.stat.exists" + - name: Ensure matrix-mautrix-instagram.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml index 99f7b0156..51bedf683 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml @@ -1,9 +1,10 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-instagram settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_instagram_appservice_token" - - "matrix_mautrix_instagram_homeserver_token" + - {'name': 'matrix_mautrix_instagram_appservice_token', when: true} + - {'name': 'matrix_mautrix_instagram_homeserver_token', when: true} + - {'name': 'matrix_mautrix_instagram_database_hostname', when: "{{ matrix_mautrix_instagram_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 24ba9b39d..3bdb02c87 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,8 +9,8 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.4.1 -matrix_mautrix_signal_daemon_version: 0.23.0 +matrix_mautrix_signal_version: v0.4.2 +matrix_mautrix_signal_daemon_version: 0.23.1 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" @@ -76,7 +76,7 @@ matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_username: 'matrix_mautrix_signal' matrix_mautrix_signal_database_password: 'some-password' -matrix_mautrix_signal_database_hostname: 'matrix-postgres' +matrix_mautrix_signal_database_hostname: '' matrix_mautrix_signal_database_port: 5432 matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml deleted file mode 100644 index 17ad98a4c..000000000 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}" - when: matrix_mautrix_signal_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-signal-registration.yaml"] - }} - when: matrix_mautrix_signal_enabled | bool diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml index 54bdafcda..0c0a1239f 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_mautrix_signal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_signal_enabled | bool" + - when: matrix_mautrix_signal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-signal + - install-all + - install-mautrix-signal -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mautrix_signal_enabled | bool" - tags: - - setup-all - - setup-mautrix-signal - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mautrix_signal_enabled | bool" +- block: + - when: not matrix_mautrix_signal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-signal diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml index f5a162a3c..41e6394f1 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - name: Ensure Mautrix Signal image is pulled community.docker.docker_image: name: "{{ matrix_mautrix_signal_docker_image }}" @@ -129,9 +121,3 @@ src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" mode: 0644 - register: matrix_mautrix_signal_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-signal.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed" diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index d98d28ba7..8cc0b419c 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -6,19 +6,19 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" register: matrix_mautrix_signal_daemon_service_stat -- name: Ensure matrix-mautrix-signal-daemon is stopped - ansible.builtin.service: - name: matrix-mautrix-signal-daemon - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" +- when: matrix_mautrix_signal_daemon_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-signal-daemon is stopped + ansible.builtin.service: + name: matrix-mautrix-signal-daemon + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-signal-daemon.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" - state: absent - when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" + - name: Ensure matrix-mautrix-signal-daemon.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" + state: absent # Bridge service - name: Check existence of matrix-mautrix-signal service @@ -26,22 +26,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" register: matrix_mautrix_signal_service_stat -- name: Ensure matrix-mautrix-signal is stopped - ansible.builtin.service: - name: matrix-mautrix-signal - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_signal_service_stat.stat.exists" +- when: matrix_mautrix_signal_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-signal is stopped + ansible.builtin.service: + name: matrix-mautrix-signal + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-signal.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" - state: absent - when: "matrix_mautrix_signal_service_stat.stat.exists" - -# All services -- name: Ensure systemd reloaded after matrix-mautrix-signal_X.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_signal_service_stat.stat.exists or matrix_mautrix_signal_daemon_service_stat.stat.exists" + - name: Ensure matrix-mautrix-signal.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml index ea2c1c430..5cabf18c5 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml @@ -1,15 +1,16 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-signal settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_signal_homeserver_domain" - - "matrix_mautrix_signal_homeserver_address" - - "matrix_mautrix_signal_homeserver_token" - - "matrix_mautrix_signal_appservice_token" + - {'name': 'matrix_mautrix_signal_homeserver_domain', when: true} + - {'name': 'matrix_mautrix_signal_homeserver_address', when: true} + - {'name': 'matrix_mautrix_signal_homeserver_token', when: true} + - {'name': 'matrix_mautrix_signal_appservice_token', when: true} + - {'name': 'matrix_mautrix_signal_database_hostname', when: "{{ matrix_mautrix_signal_database_engine == 'postgres' }}"} - name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary ansible.builtin.fail: diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 0f52cc222..5d2c0c88c 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -16,7 +16,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.12.1 +matrix_mautrix_telegram_version: v0.12.2 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" @@ -95,7 +95,7 @@ matrix_mautrix_telegram_sqlite_database_path_in_container: "/data/mautrix-telegr matrix_mautrix_telegram_database_username: 'matrix_mautrix_telegram' matrix_mautrix_telegram_database_password: 'some-password' -matrix_mautrix_telegram_database_hostname: 'matrix-postgres' +matrix_mautrix_telegram_database_hostname: '' matrix_mautrix_telegram_database_port: 5432 matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram' diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml deleted file mode 100644 index f828f7932..000000000 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Mautrix-Telegram image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_image_self_build and matrix_mautrix_telegram_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}" - when: matrix_mautrix_telegram_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-telegram-registration.yaml"] - }} - when: matrix_mautrix_telegram_enabled | bool - -- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | - location {{ matrix_mautrix_telegram_public_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-telegram:8080"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:9006; - {% endif %} - } - - - name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] - }} - - name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` - URL endpoint to the matrix-mautrix-telegram container. - You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. - when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..7bbd15518 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_telegram_public_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-telegram:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9006; + {% endif %} + } + +- name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` + URL endpoint to the matrix-mautrix-telegram container. + You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml index 471f0cf13..3c8e6d044 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -1,22 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool" +- block: + - when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + +- block: + - when: matrix_mautrix_telegram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_telegram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-telegram + - install-all + - install-mautrix-telegram -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool" - tags: - - setup-all - - setup-mautrix-telegram - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mautrix_telegram_enabled | bool" +- block: + - when: not matrix_mautrix_telegram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-telegram diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index ba9c450fa..383d48275 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-telegram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: false @@ -20,8 +12,11 @@ - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_telegram_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -29,10 +24,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mautrix-telegram.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: true @@ -149,15 +140,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" mode: 0644 - register: matrix_mautrix_telegram_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_telegram_systemd_service_result.changed" - name: Ensure matrix-mautrix-telegram.service restarted, if necessary ansible.builtin.service: name: "matrix-mautrix-telegram.service" state: restarted + daemon_reload: true when: "matrix_mautrix_telegram_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index 90ca01951..ebb7e5db2 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" register: matrix_mautrix_telegram_service_stat -- name: Ensure matrix-mautrix-telegram is stopped - ansible.builtin.service: - name: matrix-mautrix-telegram - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_telegram_service_stat.stat.exists" +- when: matrix_mautrix_telegram_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-telegram is stopped + ansible.builtin.service: + name: matrix-mautrix-telegram + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-telegram.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" - state: absent - when: "matrix_mautrix_telegram_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_telegram_service_stat.stat.exists" + - name: Ensure matrix-mautrix-telegram.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml index 9711448bf..16ebf37dc 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml @@ -1,16 +1,17 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-telegram settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_telegram_api_id" - - "matrix_mautrix_telegram_api_hash" - - "matrix_mautrix_telegram_public_endpoint" - - "matrix_mautrix_telegram_appservice_token" - - "matrix_mautrix_telegram_homeserver_token" + - {'name': 'matrix_mautrix_telegram_api_id', when: true} + - {'name': 'matrix_mautrix_telegram_api_hash', when: true} + - {'name': 'matrix_mautrix_telegram_public_endpoint', when: true} + - {'name': 'matrix_mautrix_telegram_appservice_token', when: true} + - {'name': 'matrix_mautrix_telegram_homeserver_token', when: true} + - {'name': 'matrix_mautrix_telegram_database_hostname', when: "{{ matrix_mautrix_telegram_database_engine == 'postgres' }}"} - name: (Deprecation) Catch and report renamed Telegram variables ansible.builtin.fail: diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 684b889ac..22475596a 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -54,7 +54,7 @@ matrix_mautrix_twitter_federate_rooms: true matrix_mautrix_twitter_database_engine: 'postgres' matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter' -matrix_mautrix_twitter_database_password: '' +matrix_mautrix_twitter_database_password: 'some-password' matrix_mautrix_twitter_database_hostname: '' matrix_mautrix_twitter_database_port: 5432 matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter' diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml deleted file mode 100644 index 67f0a7dcf..000000000 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}" - when: matrix_mautrix_twitter_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-twitter-registration.yaml"] - }} - when: matrix_mautrix_twitter_enabled | bool - -# ansible lower than 2.8, does not support docker_image build parameters -# for self buildig it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - ansible.builtin.fail: - msg: "To self build Mautrix Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_twitter_container_image_self_build" diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml index 2f0c39b2a..f8dbc28be 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_mautrix_twitter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_twitter_enabled | bool" + - when: matrix_mautrix_twitter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-twitter + - install-all + - install-mautrix-twitter -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mautrix_twitter_enabled | bool" - tags: - - setup-all - - setup-mautrix-twitter - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mautrix_twitter_enabled | bool" +- block: + - when: not matrix_mautrix_twitter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-twitter diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index c3ab2d4e7..d5c26c2b5 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-twitter role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_mautrix_twitter_requires_restart: false @@ -80,15 +72,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" mode: 0644 - register: matrix_mautrix_twitter_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_twitter_systemd_service_result.changed" - name: Ensure matrix-mautrix-twitter.service restarted, if necessary ansible.builtin.service: name: "matrix-mautrix-twitter.service" state: restarted + daemon_reload: true when: "matrix_mautrix_twitter_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml index 5f6b14916..2a73e4818 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml @@ -5,20 +5,15 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" register: matrix_mautrix_twitter_service_stat -- name: Ensure matrix-mautrix-twitter is stopped - ansible.builtin.service: - name: matrix-mautrix-twitter - state: stopped - daemon_reload: true - when: "matrix_mautrix_twitter_service_stat.stat.exists" +- when: matrix_mautrix_twitter_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-twitter is stopped + ansible.builtin.service: + name: matrix-mautrix-twitter + state: stopped + daemon_reload: true -- name: Ensure matrix-mautrix-twitter.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" - state: absent - when: "matrix_mautrix_twitter_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_twitter_service_stat.stat.exists" + - name: Ensure matrix-mautrix-twitter.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml index 326dca83a..cfd408a7b 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml @@ -1,12 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-twitter settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_twitter_appservice_token" - - "matrix_mautrix_twitter_homeserver_token" - - "matrix_mautrix_twitter_database_hostname" - - "matrix_mautrix_twitter_database_password" + - {'name': 'matrix_mautrix_twitter_appservice_token', when: true} + - {'name': 'matrix_mautrix_twitter_homeserver_token', when: true} + - {'name': 'matrix_mautrix_twitter_database_hostname', when: "{{ matrix_mautrix_twitter_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 55b7387f1..1307d09ed 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.7.1 +matrix_mautrix_whatsapp_version: v0.8.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" @@ -61,7 +61,7 @@ matrix_mautrix_whatsapp_sqlite_database_path_in_container: "/data/mautrix-whatsa matrix_mautrix_whatsapp_database_username: 'matrix_mautrix_whatsapp' matrix_mautrix_whatsapp_database_password: 'some-password' -matrix_mautrix_whatsapp_database_hostname: 'matrix-postgres' +matrix_mautrix_whatsapp_database_hostname: '' matrix_mautrix_whatsapp_database_port: 5432 matrix_mautrix_whatsapp_database_name: 'matrix_mautrix_whatsapp' diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml deleted file mode 100644 index 7907c73d0..000000000 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}" - when: matrix_mautrix_whatsapp_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-whatsapp-registration.yaml"] - }} - when: matrix_mautrix_whatsapp_enabled | bool diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml index 4df6fd23b..fdb654315 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -1,22 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_whatsapp_enabled | bool" +- block: + - when: matrix_mautrix_whatsapp_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_whatsapp_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-whatsapp + - install-all + - install-mautrix-whatsapp -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_mautrix_whatsapp_enabled" - tags: - - setup-all - - setup-mautrix-whatsapp - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_mautrix_whatsapp_enabled" +- block: + - when: not matrix_mautrix_whatsapp_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-whatsapp diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 6b376946d..1cf883c56 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-whatsapp role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: false @@ -20,8 +12,11 @@ - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -30,10 +25,6 @@ systemd_services_to_stop: ['matrix-mautrix-whatsapp.service'] pgloader_options: ['--with "quote identifiers"'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: true @@ -134,15 +125,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" mode: 0644 - register: matrix_mautrix_whatsapp_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_whatsapp_systemd_service_result.changed" - name: Ensure matrix-mautrix-whatsapp.service restarted, if necessary ansible.builtin.service: name: "matrix-mautrix-whatsapp.service" state: restarted + daemon_reload: true when: "matrix_mautrix_whatsapp_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index ff2150011..98607b945 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" register: matrix_mautrix_whatsapp_service_stat -- name: Ensure matrix-mautrix-whatsapp is stopped - ansible.builtin.service: - name: matrix-mautrix-whatsapp - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_whatsapp_service_stat.stat.exists" +- when: matrix_mautrix_whatsapp_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-whatsapp is stopped + ansible.builtin.service: + name: matrix-mautrix-whatsapp + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-whatsapp.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" - state: absent - when: "matrix_mautrix_whatsapp_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_whatsapp_service_stat.stat.exists" + - name: Ensure matrix-mautrix-whatsapp.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml index 863dc926f..0a6a38cd7 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -1,14 +1,14 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-whatsapp settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_whatsapp_appservice_token" - - "matrix_mautrix_whatsapp_homeserver_token" - + - {'name': 'matrix_mautrix_whatsapp_appservice_token', when: true} + - {'name': 'matrix_mautrix_whatsapp_homeserver_token', when: true} + - {'name': 'matrix_mautrix_whatsapp_database_hostname', when: "{{ matrix_mautrix_whatsapp_database_engine == 'postgres' }}"} - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 9c0b95e8d..4b5af2e93 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -290,6 +290,8 @@ bridge: # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. # This is currently not supported in most clients. caption_in_message: false + # Should polls be sent using MSC3381 event types? + extev_polls: false # Should Matrix edits be bridged to WhatsApp edits? # Official WhatsApp clients don't render edits yet, but once they do, the bridge should work with them right away. send_whatsapp_edits: false diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml index 771af9922..be6911570 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -66,7 +66,7 @@ matrix_mx_puppet_discord_sqlite_database_path_in_container: "/data/database.db" matrix_mx_puppet_discord_database_username: matrix_mx_puppet_discord matrix_mx_puppet_discord_database_password: ~ -matrix_mx_puppet_discord_database_hostname: 'matrix-postgres' +matrix_mx_puppet_discord_database_hostname: '' matrix_mx_puppet_discord_database_port: 5432 matrix_mx_puppet_discord_database_name: matrix_mx_puppet_discord diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml deleted file mode 100644 index 9e2a937fe..000000000 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the mx-puppet-discord image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build and matrix_mx_puppet_discord_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}" - when: matrix_mx_puppet_discord_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mx-puppet-discord-registration.yaml"] - }} - when: matrix_mx_puppet_discord_enabled | bool diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml index 281092e1a..c1403dfa3 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_mx_puppet_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mx_puppet_discord_enabled | bool" + - when: matrix_mx_puppet_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mx-puppet-discord + - install-all + - install-mx-puppet-discord -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mx_puppet_discord_enabled | bool" - tags: - - setup-all - - setup-mx-puppet-discord - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mx_puppet_discord_enabled | bool" +- block: + - when: not matrix_mx_puppet_discord_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mx-puppet-discord diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3b119745c..8bf19f80e 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - name: Ensure MX Puppet Discord paths exist ansible.builtin.file: path: "{{ item.path }}" @@ -54,8 +46,11 @@ - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_discord_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -63,10 +58,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-discord.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: true @@ -126,15 +117,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-discord.service" mode: 0644 - register: matrix_mx_puppet_discord_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_discord_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-discord.service restarted, if necessary ansible.builtin.service: name: "matrix-mx-puppet-discord.service" state: restarted + daemon_reload: true when: "matrix_mx_puppet_discord_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml index 585c6c856..c1ed9ec36 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "/etc/systemd/system/matrix-mx-puppet-discord.service" register: matrix_mx_puppet_discord_service_stat -- name: Ensure matrix-mx-puppet-discord is stopped - ansible.builtin.service: - name: matrix-mx-puppet-discord - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mx_puppet_discord_service_stat.stat.exists" +- when: matrix_mx_puppet_discord_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mx-puppet-discord is stopped + ansible.builtin.service: + name: matrix-mx-puppet-discord + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mx-puppet-discord.service doesn't exist - ansible.builtin.file: - path: "/etc/systemd/system/matrix-mx-puppet-discord.service" - state: absent - when: "matrix_mx_puppet_discord_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_discord_service_stat.stat.exists" + - name: Ensure matrix-mx-puppet-discord.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-mx-puppet-discord.service" + state: absent diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml index e73a868a5..4526198a0 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mx-puppet-discord settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mx_puppet_discord_appservice_token" - - "matrix_mx_puppet_discord_homeserver_token" + - {'name': 'matrix_mx_puppet_discord_appservice_token', when: true} + - {'name': 'matrix_mx_puppet_discord_homeserver_token', when: true} + - {'name': 'matrix_mx_puppet_discord_database_hostname', when: "{{ matrix_mx_puppet_discord_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml index 59b8c1936..ca9d7668f 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -62,7 +62,7 @@ matrix_mx_puppet_groupme_sqlite_database_path_in_container: "/data/database.db" matrix_mx_puppet_groupme_database_username: matrix_mx_puppet_groupme matrix_mx_puppet_groupme_database_password: ~ -matrix_mx_puppet_groupme_database_hostname: 'matrix-postgres' +matrix_mx_puppet_groupme_database_hostname: '' matrix_mx_puppet_groupme_database_port: 5432 matrix_mx_puppet_groupme_database_name: matrix_mx_puppet_groupme diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml deleted file mode 100644 index 76d184dd1..000000000 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the mx-puppet-groupme image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build and matrix_mx_puppet_groupme_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}" - when: matrix_mx_puppet_groupme_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mx-puppet-groupme-registration.yaml"] - }} - when: matrix_mx_puppet_groupme_enabled | bool diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml index 8cc557592..ab5b0d445 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_mx_puppet_groupme_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mx_puppet_groupme_enabled | bool" + - when: matrix_mx_puppet_groupme_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mx-puppet-groupme + - install-all + - install-mx-puppet-groupme -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mx_puppet_groupme_enabled | bool" - tags: - - setup-all - - setup-mx-puppet-groupme - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mx_puppet_groupme_enabled | bool" +- block: + - when: not matrix_mx_puppet_groupme_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mx-puppet-groupme diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 400de9c58..9db25e864 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mx-puppet-groupme role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - name: Ensure MX Puppet Groupme paths exist ansible.builtin.file: path: "{{ item.path }}" @@ -52,8 +44,11 @@ - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -61,10 +56,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-groupme.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: true @@ -124,15 +115,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-groupme.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-groupme.service" mode: 0644 - register: matrix_mx_puppet_groupme_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_groupme_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary ansible.builtin.service: name: "matrix-mx-puppet-groupme.service" state: restarted + daemon_reload: true when: "matrix_mx_puppet_groupme_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml index 5ded61070..ce0823e6e 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "/etc/systemd/system/matrix-mx-puppet-groupme.service" register: matrix_mx_puppet_groupme_service_stat -- name: Ensure matrix-mx-puppet-groupme is stopped - ansible.builtin.service: - name: matrix-mx-puppet-groupme - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mx_puppet_groupme_service_stat.stat.exists" +- when: matrix_mx_puppet_groupme_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mx-puppet-groupme is stopped + ansible.builtin.service: + name: matrix-mx-puppet-groupme + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mx-puppet-groupme.service doesn't exist - ansible.builtin.file: - path: "/etc/systemd/system/matrix-mx-puppet-groupme.service" - state: absent - when: "matrix_mx_puppet_groupme_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_groupme_service_stat.stat.exists" + - name: Ensure matrix-mx-puppet-groupme.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-mx-puppet-groupme.service" + state: absent diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml index d091de6dc..60d8fffd2 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mx-puppet-groupme settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mx_puppet_groupme_appservice_token" - - "matrix_mx_puppet_groupme_homeserver_token" + - {'name': 'matrix_mx_puppet_groupme_appservice_token', when: true} + - {'name': 'matrix_mx_puppet_groupme_homeserver_token', when: true} + - {'name': 'matrix_mx_puppet_groupme_database_hostname', when: "{{ matrix_mx_puppet_groupme_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml index aae6eb5a7..0f6dd4438 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -56,7 +56,7 @@ matrix_mx_puppet_instagram_sqlite_database_path_in_container: "/data/database.db matrix_mx_puppet_instagram_database_username: matrix_mx_puppet_instagram matrix_mx_puppet_instagram_database_password: ~ -matrix_mx_puppet_instagram_database_hostname: 'matrix-postgres' +matrix_mx_puppet_instagram_database_hostname: '' matrix_mx_puppet_instagram_database_port: 5432 matrix_mx_puppet_instagram_database_name: matrix_mx_puppet_instagram diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml deleted file mode 100644 index 741c32c0f..000000000 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the mx-puppet-instagram image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_instagram_container_image_self_build and matrix_mx_puppet_instagram_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}" - when: matrix_mx_puppet_instagram_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mx-puppet-instagram-registration.yaml"] - }} - when: matrix_mx_puppet_instagram_enabled | bool diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml index 978577cc3..3cf027736 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_mx_puppet_instagram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mx_puppet_instagram_enabled | bool" + - when: matrix_mx_puppet_instagram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mx-puppet-instagram + - install-all + - install-mx-puppet-instagram -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mx_puppet_instagram_enabled | bool" - tags: - - setup-all - - setup-mx-puppet-instagram - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mx_puppet_instagram_enabled | bool" +- block: + - when: not matrix_mx_puppet_instagram_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mx-puppet-instagram diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index c98535e3b..be68d9fc1 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -1,14 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: false @@ -21,8 +12,11 @@ - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -30,10 +24,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-instagram.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: true @@ -107,15 +97,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service" mode: 0644 - register: matrix_mx_puppet_instagram_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_instagram_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-instagram.service restarted, if necessary ansible.builtin.service: name: "matrix-mx-puppet-instagram.service" state: restarted + daemon_reload: true when: "matrix_mx_puppet_instagram_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml index 2d5a98aa4..943c0556a 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" register: matrix_mx_puppet_instagram_service_stat -- name: Ensure matrix-mx-puppet-instagram is stopped - ansible.builtin.service: - name: matrix-mx-puppet-instagram - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mx_puppet_instagram_service_stat.stat.exists" +- when: matrix_mx_puppet_instagram_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mx-puppet-instagram is stopped + ansible.builtin.service: + name: matrix-mx-puppet-instagram + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mx-puppet-instagram.service doesn't exist - ansible.builtin.file: - path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" - state: absent - when: "matrix_mx_puppet_instagram_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_instagram_service_stat.stat.exists" + - name: Ensure matrix-mx-puppet-instagram.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-mx-puppet-instagram.service" + state: absent diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml index 383fe5021..77be870f9 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mx-puppet-instagram settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mx_puppet_instagram_appservice_token" - - "matrix_mx_puppet_instagram_homeserver_token" + - {'name': 'matrix_mx_puppet_instagram_appservice_token', when: true} + - {'name': 'matrix_mx_puppet_instagram_homeserver_token', when: true} + - {'name': 'matrix_mx_puppet_instagram_database_hostname', when: "{{ matrix_mx_puppet_instagram_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml index eae0b933b..b428c40bd 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -70,7 +70,7 @@ matrix_mx_puppet_slack_sqlite_database_path_in_container: "/data/database.db" matrix_mx_puppet_slack_database_username: matrix_mx_puppet_slack matrix_mx_puppet_slack_database_password: ~ -matrix_mx_puppet_slack_database_hostname: 'matrix-postgres' +matrix_mx_puppet_slack_database_hostname: '' matrix_mx_puppet_slack_database_port: 5432 matrix_mx_puppet_slack_database_name: matrix_mx_puppet_slack diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml deleted file mode 100644 index 9eff170ac..000000000 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the mx-puppet-slack image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build and matrix_mx_puppet_slack_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}" - when: matrix_mx_puppet_slack_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mx-puppet-slack-registration.yaml"] - }} - when: matrix_mx_puppet_slack_enabled | bool - -- when: matrix_mx_puppet_slack_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_slack_redirect_path }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; - {% endif %} - } - - - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` - URL endpoint to the matrix-mx-puppet-slack container. - You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..c4e82a5b5 --- /dev/null +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_slack_redirect_path }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; + {% endif %} + } + +- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` + URL endpoint to the matrix-mx-puppet-slack container. + You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml index 869afc497..3d6e722bf 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_mx_puppet_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool" +- block: + - when: matrix_mx_puppet_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mx_puppet_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mx-puppet-slack + - install-all + - install-mx-puppet-slack -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool" - tags: - - setup-all - - setup-mx-puppet-slack - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mx_puppet_slack_enabled | bool" +- block: + - when: not matrix_mx_puppet_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mx-puppet-slack diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index e5d837633..e75d47e57 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mx-puppet-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - name: Ensure MX Puppet Slack paths exist ansible.builtin.file: path: "{{ item.path }}" @@ -48,8 +40,11 @@ - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_slack_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -57,10 +52,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-slack.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: true @@ -124,15 +115,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-slack.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-slack.service" mode: 0644 - register: matrix_mx_puppet_slack_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_slack_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-slack.service restarted, if necessary ansible.builtin.service: name: "matrix-mx-puppet-slack.service" state: restarted + daemon_reload: true when: "matrix_mx_puppet_slack_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml index 3f91b467b..444939198 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "/etc/systemd/system/matrix-mx-puppet-slack.service" register: matrix_mx_puppet_slack_service_stat -- name: Ensure matrix-mx-puppet-slack is stopped - ansible.builtin.service: - name: matrix-mx-puppet-slack - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mx_puppet_slack_service_stat.stat.exists" +- when: matrix_mx_puppet_slack_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mx-puppet-slack is stopped + ansible.builtin.service: + name: matrix-mx-puppet-slack + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mx-puppet-slack.service doesn't exist - ansible.builtin.file: - path: "/etc/systemd/system/matrix-mx-puppet-slack.service" - state: absent - when: "matrix_mx_puppet_slack_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_slack_service_stat.stat.exists" + - name: Ensure matrix-mx-puppet-slack.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-mx-puppet-slack.service" + state: absent diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml index ea917f97e..f3c9d1ebc 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mx-puppet-slack settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mx_puppet_slack_appservice_token" - - "matrix_mx_puppet_slack_homeserver_token" + - {'name': 'matrix_mx_puppet_slack_appservice_token', when: true} + - {'name': 'matrix_mx_puppet_slack_homeserver_token', when: true} + - {'name': 'matrix_mx_puppet_slack_database_hostname', when: "{{ matrix_mx_puppet_slack_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml index 895411624..9efedb13b 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -62,7 +62,7 @@ matrix_mx_puppet_steam_sqlite_database_path_in_container: "/data/database.db" matrix_mx_puppet_steam_database_username: matrix_mx_puppet_steam matrix_mx_puppet_steam_database_password: ~ -matrix_mx_puppet_steam_database_hostname: 'matrix-postgres' +matrix_mx_puppet_steam_database_hostname: '' matrix_mx_puppet_steam_database_port: 5432 matrix_mx_puppet_steam_database_name: matrix_mx_puppet_steam diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml deleted file mode 100644 index 5f9a5a833..000000000 --- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the mx-puppet-steam image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build and matrix_mx_puppet_steam_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}" - when: matrix_mx_puppet_steam_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mx-puppet-steam-registration.yaml"] - }} - when: matrix_mx_puppet_steam_enabled | bool diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml index 236a7009f..6eacc6fc8 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_mx_puppet_steam_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mx_puppet_steam_enabled | bool" + - when: matrix_mx_puppet_steam_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mx-puppet-steam + - install-all + - install-mx-puppet-steam -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mx_puppet_steam_enabled | bool" - tags: - - setup-all - - setup-mx-puppet-steam - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mx_puppet_steam_enabled | bool" +- block: + - when: not matrix_mx_puppet_steam_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mx-puppet-steam diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 988544691..ca2de4480 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - name: Ensure MX Puppet Steam paths exist ansible.builtin.file: path: "{{ item.path }}" @@ -52,8 +44,11 @@ - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_steam_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -61,10 +56,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-steam.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: true @@ -124,15 +115,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-steam.service" mode: 0644 - register: matrix_mx_puppet_steam_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_steam_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-steam.service restarted, if necessary ansible.builtin.service: name: "matrix-mx-puppet-steam.service" state: restarted + daemon_reload: true when: "matrix_mx_puppet_steam_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml index d88e54722..75d0ebc0f 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "/etc/systemd/system/matrix-mx-puppet-steam.service" register: matrix_mx_puppet_steam_service_stat -- name: Ensure matrix-mx-puppet-steam is stopped - ansible.builtin.service: - name: matrix-mx-puppet-steam - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mx_puppet_steam_service_stat.stat.exists" +- when: matrix_mx_puppet_steam_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mx-puppet-steam is stopped + ansible.builtin.service: + name: matrix-mx-puppet-steam + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mx-puppet-steam.service doesn't exist - ansible.builtin.file: - path: "/etc/systemd/system/matrix-mx-puppet-steam.service" - state: absent - when: "matrix_mx_puppet_steam_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_steam_service_stat.stat.exists" + - name: Ensure matrix-mx-puppet-steam.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-mx-puppet-steam.service" + state: absent diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml index 2e54d6ffa..b25345dc6 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mx-puppet-steam settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mx_puppet_steam_appservice_token" - - "matrix_mx_puppet_steam_homeserver_token" + - {'name': 'matrix_mx_puppet_steam_appservice_token', when: true} + - {'name': 'matrix_mx_puppet_steam_homeserver_token', when: true} + - {'name': 'matrix_mx_puppet_steam_database_hostname', when: "{{ matrix_mx_puppet_steam_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 73674220f..8e5e82f06 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -71,7 +71,7 @@ matrix_mx_puppet_twitter_sqlite_database_path_in_container: "/data/database.db" matrix_mx_puppet_twitter_database_username: mx_puppet_twitter matrix_mx_puppet_twitter_database_password: ~ -matrix_mx_puppet_twitter_database_hostname: 'matrix-postgres' +matrix_mx_puppet_twitter_database_hostname: '' matrix_mx_puppet_twitter_database_port: 5432 matrix_mx_puppet_twitter_database_name: matrix_mx_puppet_twitter diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml deleted file mode 100644 index a58cd9ac6..000000000 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the mx-puppet-twitter image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build and matrix_mx_puppet_twitter_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}" - when: matrix_mx_puppet_twitter_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mx-puppet-twitter-registration.yaml"] - }} - when: matrix_mx_puppet_twitter_enabled | bool - -- when: matrix_mx_puppet_twitter_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | - location {{ matrix_mx_puppet_twitter_webhook_path }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; - proxy_pass $backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; - {% endif %} - } - - - name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` - URL endpoint to the matrix-mx-puppet-twitter container. - You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_twitter_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..df2b76feb --- /dev/null +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_twitter_webhook_path }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }}; + {% endif %} + } + +- name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` + URL endpoint to the matrix-mx-puppet-twitter container. + You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml index 20e4f6862..85c06f04b 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_mx_puppet_twitter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool" +- block: + - when: matrix_mx_puppet_twitter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mx_puppet_twitter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mx-puppet-twitter + - install-all + - install-mx-puppet-twitter -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool" - tags: - - setup-all - - setup-mx-puppet-twitter - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_mx_puppet_twitter_enabled | bool" +- block: + - when: not matrix_mx_puppet_twitter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mx-puppet-twitter diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index d5ebec74e..a84502056 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - name: Ensure MX Puppet Twitter paths exist ansible.builtin.file: path: "{{ item.path }}" @@ -52,8 +44,11 @@ - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -61,10 +56,6 @@ engine_old: 'sqlite' systemd_services_to_stop: ['matrix-mx-puppet-twitter.service'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: true @@ -124,15 +115,10 @@ src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2" dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service" mode: 0644 - register: matrix_mx_puppet_twitter_systemd_service_result - -- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_twitter_systemd_service_result.changed" - name: Ensure matrix-mx-puppet-twitter.service restarted, if necessary ansible.builtin.service: name: "matrix-mx-puppet-twitter.service" state: restarted + daemon_reload: true when: "matrix_mx_puppet_twitter_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml index 6db13de08..c529f0b34 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" register: matrix_mx_puppet_twitter_service_stat -- name: Ensure matrix-mx-puppet-twitter is stopped - ansible.builtin.service: - name: matrix-mx-puppet-twitter - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mx_puppet_twitter_service_stat.stat.exists" +- when: matrix_mx_puppet_twitter_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mx-puppet-twitter is stopped + ansible.builtin.service: + name: matrix-mx-puppet-twitter + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mx-puppet-twitter.service doesn't exist - ansible.builtin.file: - path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" - state: absent - when: "matrix_mx_puppet_twitter_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mx_puppet_twitter_service_stat.stat.exists" + - name: Ensure matrix-mx-puppet-twitter.service doesn't exist + ansible.builtin.file: + path: "/etc/systemd/system/matrix-mx-puppet-twitter.service" + state: absent diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml index b5b7ef5b7..373c1ccb8 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml @@ -1,10 +1,11 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mx-puppet-twitter settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mx_puppet_twitter_appservice_token" - - "matrix_mx_puppet_twitter_homeserver_token" + - {'name': 'matrix_mx_puppet_twitter_appservice_token', when: true} + - {'name': 'matrix_mx_puppet_twitter_homeserver_token', when: true} + - {'name': 'matrix_mx_puppet_twitter_database_hostname', when: "{{ matrix_mx_puppet_twitter_database_engine == 'postgres' }}"} diff --git a/roles/custom/matrix-bridge-sms/tasks/init.yml b/roles/custom/matrix-bridge-sms/tasks/init.yml deleted file mode 100644 index 3c044c152..000000000 --- a/roles/custom/matrix-bridge-sms/tasks/init.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- - -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-sms-bridge role needs to execute before the matrix-synapse role. - when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed | default(False)" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge.service'] }}" - when: matrix_sms_bridge_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-sms-bridge-registration.yaml"] - }} - when: matrix_sms_bridge_enabled | bool diff --git a/roles/custom/matrix-bridge-sms/tasks/main.yml b/roles/custom/matrix-bridge-sms/tasks/main.yml index 1a6b964ba..f9bd502c7 100644 --- a/roles/custom/matrix-bridge-sms/tasks/main.yml +++ b/roles/custom/matrix-bridge-sms/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_sms_bridge_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_sms_bridge_enabled | bool" + - when: matrix_sms_bridge_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-matrix-sms-bridge + - install-all + - install-matrix-sms-bridge -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_sms_bridge_enabled | bool" - tags: - - setup-all - - setup-matrix-sms-bridge - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_sms_bridge_enabled | bool" +- block: + - when: not matrix_sms_bridge_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-matrix-sms-bridge diff --git a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml index 2050797af..b3d78a342 100644 --- a/roles/custom/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml @@ -51,9 +51,3 @@ src: "{{ role_path }}/templates/systemd/matrix-sms-bridge.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sms-bridge.service" mode: 0644 - register: matrix_sms_bridge_systemd_service_result - -- name: Ensure systemd reloaded after matrix-sms-bridge.service installation - ansible.builtin.service: - daemon_reload: true - when: matrix_sms_bridge_systemd_service_result.changed diff --git a/roles/custom/matrix-cactus-comments/tasks/init.yml b/roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml similarity index 67% rename from roles/custom/matrix-cactus-comments/tasks/init.yml rename to roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml index 5067d0254..a1da604c9 100644 --- a/roles/custom/matrix-cactus-comments/tasks/init.yml +++ b/roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml @@ -1,30 +1,6 @@ --- -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-cactus-comments.service'] }}" - when: matrix_cactus_comments_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_cactus_comments_app_service_config_file }},dst=/matrix-cactus-comments.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-cactus-comments.yaml"] - }} - when: matrix_cactus_comments_enabled | bool - -- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool - tags: - - always - block: +- block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- diff --git a/roles/custom/matrix-cactus-comments/tasks/main.yml b/roles/custom/matrix-cactus-comments/tasks/main.yml index 857e2db19..c6108e91f 100644 --- a/roles/custom/matrix-cactus-comments/tasks/main.yml +++ b/roles/custom/matrix-cactus-comments/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_cactus_comments_enabled | bool" +- block: + - when: matrix_cactus_comments_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_cactus_comments_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-cactus-comments + - install-all + - install-cactus-comments -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_cactus_comments_enabled | bool" - tags: - - setup-all - - setup-cactus-comments - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_cactus_comments_enabled | bool" +- block: + - when: not matrix_cactus_comments_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-cactus-comments diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml index 8de14d19b..8a8bf3261 100644 --- a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml +++ b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml @@ -125,14 +125,3 @@ src: "{{ role_path }}/templates/systemd/matrix-cactus-comments.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" mode: 0644 - register: matrix_cactus_comments_systemd_service_result - -- name: Ensure systemd reloaded after matrix-cactus-comments.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_cactus_comments_systemd_service_result.changed | bool" - -- name: Ensure matrix-cactus-comments.service restarted, if necessary - ansible.builtin.service: - name: "matrix-cactus-comments.service" - state: restarted diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml index bd46f252b..e3a5f3909 100644 --- a/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" register: matrix_cactus_comments_service_stat -- name: Ensure cactus comments is stopped - ansible.builtin.service: - name: matrix-cactus-comments - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_cactus_comments_service_stat.stat.exists | bool" +- when: matrix_cactus_comments_service_stat.stat.exists | bool + block: + - name: Ensure cactus comments is stopped + ansible.builtin.service: + name: matrix-cactus-comments + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-cactus-comments.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" - state: absent - when: "matrix_cactus_comments_service_stat.stat.exists | bool" + - name: Ensure matrix-cactus-comments.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" + state: absent -- name: Ensure systemd reloaded after matrix-cactus-comments.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_cactus_comments_service_stat.stat.exists | bool" - -- name: Ensure Matrix cactus comments paths don't exist - ansible.builtin.file: - path: "{{ matrix_cactus_comments_base_path }}" - state: absent - -- name: Ensure cactus comments Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_cactus_comments_docker_image }}" - state: absent + - name: Ensure Matrix cactus comments paths don't exist + ansible.builtin.file: + path: "{{ matrix_cactus_comments_base_path }}" + state: absent diff --git a/roles/custom/matrix-client-cinny/tasks/init.yml b/roles/custom/matrix-client-cinny/tasks/init.yml deleted file mode 100644 index 00e46dc82..000000000 --- a/roles/custom/matrix-client-cinny/tasks/init.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Cinny image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_cinny_container_image_self_build and matrix_client_cinny_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-cinny.service'] }}" - when: matrix_client_cinny_enabled | bool diff --git a/roles/custom/matrix-client-cinny/tasks/main.yml b/roles/custom/matrix-client-cinny/tasks/main.yml index 9eb007810..1e6d47590 100644 --- a/roles/custom/matrix-client-cinny/tasks/main.yml +++ b/roles/custom/matrix-client-cinny/tasks/main.yml @@ -1,30 +1,26 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_client_cinny_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_client_cinny_enabled | bool" + - when: matrix_client_cinny_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-client-cinny + - install-all + - install-client-cinny + +- block: + - when: not matrix_client_cinny_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-client-cinny -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_client_cinny_enabled | bool" - tags: - - setup-all - - setup-client-cinny - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml" - delegate_to: 127.0.0.1 - become: false - when: "run_self_check | bool and matrix_client_cinny_enabled | bool" +- block: + - when: matrix_client_cinny_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml" tags: - self-check - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_client_cinny_enabled | bool" - tags: - - setup-all - - setup-client-cinny diff --git a/roles/custom/matrix-client-cinny/tasks/self_check.yml b/roles/custom/matrix-client-cinny/tasks/self_check.yml index e0f9bfc1e..c1c6195e0 100644 --- a/roles/custom/matrix-client-cinny/tasks/self_check.yml +++ b/roles/custom/matrix-client-cinny/tasks/self_check.yml @@ -11,6 +11,8 @@ register: matrix_client_cinny_self_check_result check_mode: false ignore_errors: true + delegate_to: 127.0.0.1 + become: false - name: Fail if Cinny not working ansible.builtin.fail: diff --git a/roles/custom/matrix-client-cinny/tasks/setup_install.yml b/roles/custom/matrix-client-cinny/tasks/setup_install.yml index 09b117be8..46458f0b0 100644 --- a/roles/custom/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_install.yml @@ -69,9 +69,3 @@ src: "{{ role_path }}/templates/systemd/matrix-client-cinny.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" mode: 0644 - register: matrix_client_cinny_systemd_service_result - -- name: Ensure systemd reloaded after matrix-client-cinny.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_client_cinny_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml index 5b67e819e..a73825623 100644 --- a/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml @@ -4,32 +4,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" register: matrix_client_cinny_service_stat -- name: Ensure matrix-client-cinny is stopped - ansible.builtin.service: - name: matrix-client-cinny - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_client_cinny_service_stat.stat.exists | bool" +- when: matrix_client_cinny_service_stat.stat.exists | bool + block: + - name: Ensure matrix-client-cinny is stopped + ansible.builtin.service: + name: matrix-client-cinny + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-client-cinny.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" - state: absent - when: "matrix_client_cinny_service_stat.stat.exists | bool" + - name: Ensure matrix-client-cinny.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" + state: absent -- name: Ensure systemd reloaded after matrix-client-cinny.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_client_cinny_service_stat.stat.exists | bool" - -- name: Ensure Cinny paths doesn't exist - ansible.builtin.file: - path: "{{ matrix_client_cinny_data_path }}" - state: absent - -- name: Ensure Cinny Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_client_cinny_docker_image }}" - state: absent + - name: Ensure Cinny paths doesn't exist + ansible.builtin.file: + path: "{{ matrix_client_cinny_data_path }}" + state: absent diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index a1543b5bb..d359108ca 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.14 +matrix_client_element_version: v1.11.17 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" @@ -135,3 +135,70 @@ matrix_client_element_configuration_extension: "{{ matrix_client_element_configu # Holds the final Element configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_client_element_configuration_default`. matrix_client_element_configuration: "{{ matrix_client_element_configuration_default | combine(matrix_client_element_configuration_extension, recursive=True) }}" + +# Element Location sharing functionality +# More info: https://element.io/blog/element-launches-e2ee-location-sharing/ +# How to host your own map tile server: https://matrix.org/docs/guides/map-tile-server +matrix_client_element_location_sharing_enabled: false + +# Default Element location sharing map style configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_client_element_location_sharing_map_style_extension_json`) +# or completely replace this variable with your own template. +# +# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. +# This is unlike what it does when looking up YAML template files (no automatic parsing there). +matrix_client_element_location_sharing_map_style_default: "{{ lookup('template', 'templates/map_style.json.j2') }}" + +# Your custom JSON configuration for Element location sharing map style should go to `matrix_client_element_location_sharing_map_style_extension_json`. +# This configuration extends the default starting configuration (`matrix_client_element_location_sharing_map_style_default`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_client_element_location_sharing_map_style_default`. +# +# Example configuration override follows: +# +# matrix_client_element_location_sharing_map_style_extension_json: | +# { +# "sources": { +# "localsource": { +# "tileSize": 512 +# } +# } +# } +# +# Example configuration extension follows: +# +# matrix_client_element_location_sharing_map_style_extension_json: | +# { +# "sources": { +# "anothersource": { +# "attribution": "", +# "tileSize": 256, +# "tiles": ["https://anothertile.example.com/{z}/{x}/{y}.png"], +# "type": "raster" +# } +# } +# } +matrix_client_element_location_sharing_map_style_extension_json: '{}' + +matrix_client_element_location_sharing_map_style_extension: "{{ matrix_client_element_location_sharing_map_style_extension_json | from_json if matrix_client_element_location_sharing_map_style_extension_json | from_json is mapping else {} }}" + +# Holds the final Element location sharing map style configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_client_element_location_sharing_map_style_default`. +matrix_client_element_location_sharing_map_style: "{{ matrix_client_element_location_sharing_map_style_default | combine(matrix_client_element_location_sharing_map_style_extension, recursive=True) }}" + +# Example tile servers configuration +# matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: ["https://tile.example.com/{z}/{x}/{y}.png"] +# or +# matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: ["https://s1.example.com/{z}/{x}/{y}.png", "https://s2.example.com/{z}/{x}/{y}.png", "https://s3.example.com/{z}/{x}/{y}.png"] +matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles: [] + +# Map attribution (optional): +# Attribution for OpenStreetMap would be like this: +# matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution: "© OpenStreetMap contributors" +# Leave blank, if map does not require attribution. +matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution: "" diff --git a/roles/custom/matrix-client-element/tasks/init.yml b/roles/custom/matrix-client-element/tasks/init.yml deleted file mode 100644 index 7bdad9e1a..000000000 --- a/roles/custom/matrix-client-element/tasks/init.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}" - when: matrix_client_element_enabled | bool - -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_element_container_image_self_build and matrix_client_element_enabled" diff --git a/roles/custom/matrix-client-element/tasks/main.yml b/roles/custom/matrix-client-element/tasks/main.yml index 53a25afb9..89e50ba70 100644 --- a/roles/custom/matrix-client-element/tasks/main.yml +++ b/roles/custom/matrix-client-element/tasks/main.yml @@ -1,42 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_client_element_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_client_element_enabled | bool" + - when: matrix_client_element_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/prepare_themes.yml" + + - when: matrix_client_element_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-client-element + - install-all + - install-client-element + +- block: + - when: not matrix_client_element_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-client-element -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/prepare_themes.yml" - when: run_setup | bool - tags: - - setup-all - - setup-client-element - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_riot_web.yml" - when: run_setup | bool - tags: - - setup-all - - setup-client-element - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_client_element_enabled | bool" - tags: - - setup-all - - setup-client-element - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_client_element_enabled | bool" - tags: - - setup-all - - setup-client-element - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml" - delegate_to: 127.0.0.1 - become: false - when: "run_self_check | bool and matrix_client_element_enabled | bool" +- block: + - when: matrix_client_element_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml" tags: - self-check diff --git a/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml b/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml deleted file mode 100644 index bb62b7ce5..000000000 --- a/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- - -- name: Check existence of matrix-riot-web.service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-riot-web.service" - register: matrix_client_riot_web_service_stat - when: "matrix_client_element_enabled | bool" - -- name: Ensure matrix-riot-web is stopped - ansible.builtin.service: - name: matrix-riot-web - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists" - -- name: Ensure matrix-riot-web.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-riot-web.service" - state: absent - when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-riot-web.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists" - -- name: Check existence of /matrix/riot-web - ansible.builtin.stat: - path: "/matrix/riot-web" - register: matrix_client_riot_web_dir_stat - when: "matrix_client_element_enabled | bool" - -- name: Relocate /matrix/riot-web to /matrix/client-element - ansible.builtin.command: "mv /matrix/riot-web /matrix/client-element" - when: "matrix_client_element_enabled | bool and matrix_client_riot_web_dir_stat.stat.exists" diff --git a/roles/custom/matrix-client-element/tasks/self_check.yml b/roles/custom/matrix-client-element/tasks/self_check.yml index 031bb5f90..c336e4b65 100644 --- a/roles/custom/matrix-client-element/tasks/self_check.yml +++ b/roles/custom/matrix-client-element/tasks/self_check.yml @@ -11,6 +11,8 @@ register: matrix_client_element_self_check_result check_mode: false ignore_errors: true + delegate_to: 127.0.0.1 + become: false - name: Fail if Element not working ansible.builtin.fail: diff --git a/roles/custom/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml index 0edb0b50e..813b4da04 100644 --- a/roles/custom/matrix-client-element/tasks/setup_install.yml +++ b/roles/custom/matrix-client-element/tasks/setup_install.yml @@ -50,16 +50,13 @@ when: "matrix_client_element_container_image_self_build | bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled | bool" - name: Ensure Element Docker image is built - community.docker.docker_image: - name: "{{ matrix_client_element_docker_image }}" - source: build - force_source: "{{ matrix_client_element_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_client_element_docker_src_files_path }}" - pull: true - when: "matrix_client_element_container_image_self_build | bool" + ansible.builtin.command: + cmd: |- + {{ devture_systemd_docker_base_host_command_docker }} buildx build + --tag={{ matrix_client_element_docker_image }} + --file={{ matrix_client_element_docker_src_files_path }}/Dockerfile + {{ matrix_client_element_docker_src_files_path }} + when: matrix_client_element_container_image_self_build | bool - name: Ensure Element configuration installed ansible.builtin.copy: @@ -69,6 +66,15 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Ensure Element location sharing map style installed + when: matrix_client_element_location_sharing_enabled | bool + ansible.builtin.copy: + content: "{{ matrix_client_element_location_sharing_map_style | to_nice_json }}" + dest: "{{ matrix_client_element_data_path }}/map_style.json" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Ensure Element config files installed ansible.builtin.template: src: "{{ item.src }}" @@ -95,9 +101,3 @@ src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" mode: 0644 - register: matrix_client_element_systemd_service_result - -- name: Ensure systemd reloaded after matrix-client-element.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_client_element_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-client-element/tasks/setup_uninstall.yml b/roles/custom/matrix-client-element/tasks/setup_uninstall.yml index 3a1de4094..e1b25caa6 100644 --- a/roles/custom/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-element/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" register: matrix_client_element_service_stat -- name: Ensure matrix-client-element is stopped - ansible.builtin.service: - name: matrix-client-element - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_client_element_service_stat.stat.exists | bool" +- when: matrix_client_element_service_stat.stat.exists | bool + block: + - name: Ensure matrix-client-element is stopped + ansible.builtin.service: + name: matrix-client-element + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-client-element.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" - state: absent - when: "matrix_client_element_service_stat.stat.exists | bool" + - name: Ensure matrix-client-element.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" + state: absent -- name: Ensure systemd reloaded after matrix-client-element.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_client_element_service_stat.stat.exists | bool" - -- name: Ensure Element paths doesn't exist - ansible.builtin.file: - path: "{{ matrix_client_element_data_path }}" - state: absent - -- name: Ensure Element Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_client_element_docker_image }}" - state: absent + - name: Ensure Element paths doesn't exist + ansible.builtin.file: + path: "{{ matrix_client_element_data_path }}" + state: absent diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index fdf74f07d..0e252db80 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -8,6 +8,14 @@ with_items: - "matrix_client_element_default_hs_url" +- name: Fail if Element location sharing enabled, but no tile server defined + ansible.builtin.fail: + msg: >- + You need to define at least one map tile server in matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles list + when: + - matrix_client_element_location_sharing_enabled | bool + - matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles | length == 0 + - name: (Deprecation) Catch and report riot-web variables ansible.builtin.fail: msg: >- diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index e34773981..1ae16f416 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -36,6 +36,9 @@ "jitsi": { "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} }, + {% endif %} + {% if matrix_client_element_location_sharing_enabled %} + "map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json", {% endif %} "branding": { "authFooterLinks": {{ matrix_client_element_branding_authFooterLinks|to_json }}, diff --git a/roles/custom/matrix-client-element/templates/map_style.json.j2 b/roles/custom/matrix-client-element/templates/map_style.json.j2 new file mode 100644 index 000000000..1b92df633 --- /dev/null +++ b/roles/custom/matrix-client-element/templates/map_style.json.j2 @@ -0,0 +1,18 @@ +{ + "layers": [ + { + "id": "locallayer", + "source": "localsource", + "type": "raster" + } + ], + "sources": { + "localsource": { + "attribution": {{ matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution|to_json }}, + "tileSize": 256, + "tiles": {{ matrix_client_element_location_sharing_map_style_content_sources_localsource_tiles|to_json }}, + "type": "raster" + } + }, + "version": 8 +} diff --git a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index 52f3249a9..be96cab78 100644 --- a/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -26,6 +26,9 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --mount type=bind,src={{ matrix_client_element_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \ --mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \ --mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \ + {% if matrix_client_element_location_sharing_enabled %} + --mount type=bind,src={{ matrix_client_element_data_path }}/map_style.json,dst=/app/map_style.json,ro \ + {% endif %} {% if matrix_client_element_embedded_pages_home_path is not none %} --mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \ {% endif %} diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml index d207df742..c3f2ab958 100644 --- a/roles/custom/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -3,14 +3,12 @@ matrix_client_hydrogen_enabled: true -# Self building is used by default because the `config.json` file is only read at build time. -# The pre-built images also were not functional as of 2021-05-15. -matrix_client_hydrogen_container_image_self_build: true +matrix_client_hydrogen_container_image_self_build: false matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.3.3 -matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" -matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_client_hydrogen_version: v0.3.6 +matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vector-im/hydrogen-web:{{ matrix_client_hydrogen_version }}" +matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else 'ghcr.io/' }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" matrix_client_hydrogen_data_path: "{{ matrix_base_data_path }}/client-hydrogen" diff --git a/roles/custom/matrix-client-hydrogen/tasks/init.yml b/roles/custom/matrix-client-hydrogen/tasks/init.yml deleted file mode 100644 index 561018e1a..000000000 --- a/roles/custom/matrix-client-hydrogen/tasks/init.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Hydrogen image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_client_hydrogen_container_image_self_build and matrix_client_hydrogen_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-hydrogen.service'] }}" - when: matrix_client_hydrogen_enabled | bool diff --git a/roles/custom/matrix-client-hydrogen/tasks/main.yml b/roles/custom/matrix-client-hydrogen/tasks/main.yml index 89133364e..9bb8bc080 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/main.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/main.yml @@ -1,30 +1,26 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_client_hydrogen_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_client_hydrogen_enabled | bool" + - when: matrix_client_hydrogen_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-client-hydrogen + - install-all + - install-client-hydrogen + +- block: + - when: not matrix_client_hydrogen_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-client-hydrogen -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_client_hydrogen_enabled | bool" - tags: - - setup-all - - setup-client-hydrogen - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_client_hydrogen_enabled | bool" - tags: - - setup-all - - setup-client-hydrogen - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml" - delegate_to: 127.0.0.1 - become: false - when: "run_self_check | bool and matrix_client_hydrogen_enabled | bool" +- block: + - when: matrix_client_hydrogen_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml" tags: - self-check diff --git a/roles/custom/matrix-client-hydrogen/tasks/self_check.yml b/roles/custom/matrix-client-hydrogen/tasks/self_check.yml index 978e531f2..478f0dc86 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/self_check.yml @@ -11,6 +11,8 @@ register: matrix_client_hydrogen_self_check_result check_mode: false ignore_errors: true + delegate_to: 127.0.0.1 + become: false - name: Fail if Hydrogen not working ansible.builtin.fail: diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 6905081ad..5fe4ceadd 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -38,11 +38,10 @@ - name: Ensure Hydrogen configuration installed ansible.builtin.copy: content: "{{ matrix_client_hydrogen_configuration | to_nice_json }}" - dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/src/platform/web/assets/config.json" + dest: "{{ matrix_client_hydrogen_data_path }}/config.json" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: "matrix_client_hydrogen_container_image_self_build | bool" - name: Ensure Hydrogen additional config files installed ansible.builtin.template: @@ -55,8 +54,6 @@ - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} when: "item.src is not none" -# This step MUST come after the steps to install the configuration files because the config files -# are currently only read at build time, not at run time like most other components in the playbook - name: Ensure Hydrogen Docker image is built community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" @@ -73,9 +70,3 @@ src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" mode: 0644 - register: matrix_client_hydrogen_systemd_service_result - -- name: Ensure systemd reloaded after matrix-client-hydrogen.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_client_hydrogen_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml index 090ce5673..d6caa5b97 100644 --- a/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" register: matrix_client_hydrogen_service_stat -- name: Ensure matrix-client-hydrogen is stopped - ansible.builtin.service: - name: matrix-client-hydrogen - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_client_hydrogen_service_stat.stat.exists | bool" +- when: matrix_client_hydrogen_service_stat.stat.exists | bool + block: + - name: Ensure matrix-client-hydrogen is stopped + ansible.builtin.service: + name: matrix-client-hydrogen + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-client-hydrogen.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" - state: absent - when: "matrix_client_hydrogen_service_stat.stat.exists | bool" + - name: Ensure matrix-client-hydrogen.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" + state: absent -- name: Ensure systemd reloaded after matrix-client-hydrogen.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_client_hydrogen_service_stat.stat.exists | bool" - -- name: Ensure Hydrogen paths doesn't exist - ansible.builtin.file: - path: "{{ matrix_client_hydrogen_data_path }}" - state: absent - -- name: Ensure Hydrogen Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - state: absent + - name: Ensure Hydrogen paths doesn't exist + ansible.builtin.file: + path: "{{ matrix_client_hydrogen_data_path }}" + state: absent diff --git a/roles/custom/matrix-client-hydrogen/templates/config.json.j2 b/roles/custom/matrix-client-hydrogen/templates/config.json.j2 index 161ee47bb..b6b1b9be5 100644 --- a/roles/custom/matrix-client-hydrogen/templates/config.json.j2 +++ b/roles/custom/matrix-client-hydrogen/templates/config.json.j2 @@ -3,7 +3,7 @@ "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }}, "bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }}, "themeManifests": [ - "assets/theme-Element.json" + "assets/theme-element.json" ], "defaultTheme": { "light": "element-light", diff --git a/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index 92bfadcb9..d8a3fb98b 100644 --- a/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -24,6 +24,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endif %} --tmpfs=/tmp:rw,noexec,nosuid,size=10m \ --mount type=bind,src={{ matrix_client_hydrogen_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \ + --mount type=bind,src={{ matrix_client_hydrogen_data_path }}/config.json,dst=/usr/share/nginx/html/config.json,ro \ {% for arg in matrix_client_hydrogen_container_extra_arguments %} {{ arg }} \ {% endfor %} diff --git a/roles/custom/matrix-common-after/defaults/main.yml b/roles/custom/matrix-common-after/defaults/main.yml deleted file mode 100644 index 51c48c7d0..000000000 --- a/roles/custom/matrix-common-after/defaults/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Specifies how long to wait between starting systemd services and checking if they're started. -# -# A too low value may lead to a failure, as services may not have enough time to start and potentially fail. -# -# A value higher than 30 seconds (or any multiple of that) may also not work well, because a failing systemd service -# auto-restarts after 30 seconds (`RestartSec=30` in systemd service files). -# Checking if a service is running right after it had potentially restarted in such a way will lead us to -# thinking it's running, while it's merely starting again (and likely to fail again, given that it already did once). -# -# All of the services we manage are also started sequentially, which in itself can take a long time. -# There may be a ~10 second (or even larger) interval between starting the first service and starting the last one. -# This makes it even harder to pick a correct value. Such a 10 second gap and a waiting time of 20 seconds will -# put us right at the "dangerous" 30-second mark. -# -# We can try to measure this gap and adjust our waiting time accordingly, but we currently don't. -matrix_common_after_systemd_service_start_wait_for_timeout_seconds: 15 diff --git a/roles/custom/matrix-common-after/tasks/main.yml b/roles/custom/matrix-common-after/tasks/main.yml index 2cffecb1e..fe23e467b 100644 --- a/roles/custom/matrix-common-after/tasks/main.yml +++ b/roles/custom/matrix-common-after/tasks/main.yml @@ -1,15 +1,6 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/start.yml" - when: run_start | bool - tags: - - start - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/stop.yml" - when: run_stop | bool - tags: - - stop - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune diff --git a/roles/custom/matrix-common-after/tasks/start.yml b/roles/custom/matrix-common-after/tasks/start.yml deleted file mode 100644 index a781dab75..000000000 --- a/roles/custom/matrix-common-after/tasks/start.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- - -- name: Determine whether we should make services autostart - ansible.builtin.set_fact: - matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled | default('') == '' else matrix_services_autostart_enabled | bool }}" - -- name: Ensure systemd is reloaded - ansible.builtin.service: - daemon_reload: true - -- name: Ensure Matrix services are stopped - ansible.builtin.service: - name: "{{ item }}" - state: stopped - with_items: "{{ matrix_systemd_services_list }}" - when: not ansible_check_mode - -- name: Ensure Matrix services are started - ansible.builtin.service: - name: "{{ item }}" - enabled: "{{ matrix_services_autostart_enabled_bool }}" - state: started - with_items: "{{ matrix_systemd_services_list }}" - when: not ansible_check_mode - -# If we check service state immediately, we may succeed, -# because it takes some time for the service to attempt to start and actually fail. -# -# Waiting too long (30s) may not work for a similar reason, -# as we may run into systemd's automatic restart logic retrying the service. -- name: Wait a bit, so that services can start (or fail) - ansible.builtin.wait_for: - timeout: "{{ matrix_common_after_systemd_service_start_wait_for_timeout_seconds }}" - delegate_to: 127.0.0.1 - become: false - -- when: "ansible_distribution != 'Archlinux'" - block: - - name: Populate service facts - ansible.builtin.service_facts: - - - name: Fail if service isn't detected to be running - ansible.builtin.fail: - msg: >- - {{ item }} was not detected to be running. - It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). - Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. - If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. - You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. - See `roles/custom/matrix-common-after/defaults/main.yml` for more details about that. - with_items: "{{ matrix_systemd_services_list }}" - when: - - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')" - -- when: "ansible_distribution == 'Archlinux'" - block: - # Currently there is a bug in ansible that renders is incompatible with systemd. - # service_facts is not collecting the data successfully. - # Therefore iterating here manually - - name: Fetch systemd information - ansible.builtin.systemd: - name: "{{ item }}" - register: systemdstatus - with_items: "{{ matrix_systemd_services_list }}" - - - name: Fail if service isn't detected to be running - ansible.builtin.fail: - msg: >- - {{ item.item }} was not detected to be running. - It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). - Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. - with_items: "{{ systemdstatus.results }}" - when: "item.status['ActiveState'] != 'active'" diff --git a/roles/custom/matrix-common-after/tasks/stop.yml b/roles/custom/matrix-common-after/tasks/stop.yml deleted file mode 100644 index a343999c6..000000000 --- a/roles/custom/matrix-common-after/tasks/stop.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Ensure Matrix services stopped - ansible.builtin.service: - name: "{{ item }}" - state: stopped - with_items: "{{ matrix_systemd_services_list }}" diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 366321b9c..bbab5cde0 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -6,7 +6,7 @@ matrix_conduit_enabled: true matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}" matrix_conduit_docker_image_name_prefix: "docker.io/" -matrix_conduit_docker_image_tag: "v0.4.0" +matrix_conduit_docker_image_tag: "v0.5.0" matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit" diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup.yml b/roles/custom/matrix-conduit/tasks/conduit/setup.yml deleted file mode 100644 index 425d0f7e9..000000000 --- a/roles/custom/matrix-conduit/tasks/conduit/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup_install.yml" - when: "matrix_conduit_enabled | bool" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup_uninstall.yml" - when: "not matrix_conduit_enabled | bool" diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml b/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml deleted file mode 100644 index efe7d40a0..000000000 --- a/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- - -- name: Check existence of matrix-conduit service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" - register: matrix_conduit_service_stat - -- name: Ensure matrix-conduit is stopped - ansible.builtin.systemd: - name: matrix-conduit - state: stopped - daemon_reload: true - register: stopping_result - when: "matrix_conduit_service_stat.stat.exists" - -- name: Ensure matrix-conduit.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" - state: absent - when: "matrix_conduit_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-conduit.service removal - ansible.builtin.systemd: - daemon_reload: true - when: "matrix_conduit_service_stat.stat.exists" - -- name: Ensure Conduit Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_conduit_docker_image }}" - state: absent diff --git a/roles/custom/matrix-conduit/tasks/init.yml b/roles/custom/matrix-conduit/tasks/init.yml deleted file mode 100644 index 5f464e404..000000000 --- a/roles/custom/matrix-conduit/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-conduit.service'] }}" - when: matrix_conduit_enabled | bool diff --git a/roles/custom/matrix-conduit/tasks/main.yml b/roles/custom/matrix-conduit/tasks/main.yml index 623d04582..d733ac08b 100644 --- a/roles/custom/matrix-conduit/tasks/main.yml +++ b/roles/custom/matrix-conduit/tasks/main.yml @@ -1,17 +1,17 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup.yml" - when: run_setup | bool +- block: + - when: matrix_conduit_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-conduit + - install-all + - install-conduit -- name: Mark matrix-conduit role as executed - ansible.builtin.set_fact: - matrix_conduit_role_executed: true +- block: + - when: not matrix_conduit_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - - always + - setup-all + - setup-conduit diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup_install.yml b/roles/custom/matrix-conduit/tasks/setup_install.yml similarity index 87% rename from roles/custom/matrix-conduit/tasks/conduit/setup_install.yml rename to roles/custom/matrix-conduit/tasks/setup_install.yml index ebc5447b2..ef47c620c 100644 --- a/roles/custom/matrix-conduit/tasks/conduit/setup_install.yml +++ b/roles/custom/matrix-conduit/tasks/setup_install.yml @@ -39,9 +39,3 @@ src: "{{ role_path }}/templates/conduit/systemd/matrix-conduit.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" mode: 0644 - register: matrix_conduit_systemd_service_result - -- name: Ensure systemd reloaded after matrix-conduit.service installation - ansible.builtin.systemd: - daemon_reload: true - when: "matrix_conduit_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-conduit/tasks/setup_uninstall.yml b/roles/custom/matrix-conduit/tasks/setup_uninstall.yml new file mode 100644 index 000000000..1745ff973 --- /dev/null +++ b/roles/custom/matrix-conduit/tasks/setup_uninstall.yml @@ -0,0 +1,19 @@ +--- + +- name: Check existence of matrix-conduit service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" + register: matrix_conduit_service_stat + +- when: matrix_conduit_service_stat.stat.exists | bool + block: + - name: Ensure matrix-conduit is stopped + ansible.builtin.systemd: + name: matrix-conduit + state: stopped + daemon_reload: true + + - name: Ensure matrix-conduit.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" + state: absent diff --git a/roles/custom/matrix-conduit/vars/main.yml b/roles/custom/matrix-conduit/vars/main.yml index f6cc471bf..ad60e1c3e 100644 --- a/roles/custom/matrix-conduit/vars/main.yml +++ b/roles/custom/matrix-conduit/vars/main.yml @@ -1,6 +1,3 @@ --- matrix_conduit_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" matrix_conduit_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" - -# Tells whether this role had executed or not. Toggled to `true` during runtime. -matrix_conduit_role_executed: false diff --git a/roles/custom/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml index 8c391dfbf..9f6da78ae 100644 --- a/roles/custom/matrix-corporal/defaults/main.yml +++ b/roles/custom/matrix-corporal/defaults/main.yml @@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.4.0 +matrix_corporal_version: 2.5.1 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility @@ -37,7 +37,7 @@ matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}" -# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"). +# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse-reverse-proxy-companion:{{ matrix_synapse_container_client_api_port }}"). # If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`. matrix_corporal_matrix_homeserver_api_endpoint: "" diff --git a/roles/custom/matrix-corporal/tasks/init.yml b/roles/custom/matrix-corporal/tasks/init.yml deleted file mode 100644 index dffdbe908..000000000 --- a/roles/custom/matrix-corporal/tasks/init.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Matrix Corporal image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_corporal_container_image_self_build and matrix_corporal_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}" - when: matrix_corporal_enabled | bool diff --git a/roles/custom/matrix-corporal/tasks/main.yml b/roles/custom/matrix-corporal/tasks/main.yml index 1699262b1..c4c7b7fc1 100644 --- a/roles/custom/matrix-corporal/tasks/main.yml +++ b/roles/custom/matrix-corporal/tasks/main.yml @@ -1,24 +1,26 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_corporal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_corporal_enabled | bool" + - when: matrix_corporal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-corporal + - install-all + - install-corporal + +- block: + - when: not matrix_corporal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-corporal -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_corporal.yml" - when: run_setup | bool - tags: - - setup-all - - setup-corporal - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_corporal.yml" - delegate_to: 127.0.0.1 - become: false - when: "run_self_check | bool and matrix_corporal_enabled | bool" +- block: + - when: matrix_corporal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml" tags: - self-check diff --git a/roles/custom/matrix-corporal/tasks/self_check_corporal.yml b/roles/custom/matrix-corporal/tasks/self_check.yml similarity index 96% rename from roles/custom/matrix-corporal/tasks/self_check_corporal.yml rename to roles/custom/matrix-corporal/tasks/self_check.yml index 3ddda8e04..bf0e768b4 100644 --- a/roles/custom/matrix-corporal/tasks/self_check_corporal.yml +++ b/roles/custom/matrix-corporal/tasks/self_check.yml @@ -11,6 +11,8 @@ check_mode: false register: result_corporal_client_api ignore_errors: true + delegate_to: 127.0.0.1 + become: false - name: Fail if Matrix Corporal HTTP gateway not working ansible.builtin.fail: diff --git a/roles/custom/matrix-corporal/tasks/setup_corporal.yml b/roles/custom/matrix-corporal/tasks/setup_install.yml similarity index 53% rename from roles/custom/matrix-corporal/tasks/setup_corporal.yml rename to roles/custom/matrix-corporal/tasks/setup_install.yml index 3f6ac86cd..e257d0118 100644 --- a/roles/custom/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/custom/matrix-corporal/tasks/setup_install.yml @@ -1,9 +1,5 @@ --- -# -# Tasks related to setting up matrix-corporal -# - - name: Ensure Matrix Corporal paths exist ansible.builtin.file: path: "{{ item }}" @@ -15,7 +11,6 @@ - "{{ matrix_corporal_config_dir_path }}" - "{{ matrix_corporal_cache_dir_path }}" - "{{ matrix_corporal_var_dir_path }}" - when: matrix_corporal_enabled | bool - name: Ensure Matrix Corporal repository is present on self-build ansible.builtin.git: @@ -26,7 +21,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_corporal_git_pull_results - when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool" + when: matrix_corporal_container_image_self_build | bool - name: Ensure Matrix Corporal Docker image is built community.docker.docker_image: @@ -38,7 +33,7 @@ dockerfile: etc/docker/Dockerfile path: "{{ matrix_corporal_container_src_files_path }}" pull: true - when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool" + when: matrix_corporal_container_image_self_build | bool - name: Ensure Matrix Corporal Docker image is pulled community.docker.docker_image: @@ -46,7 +41,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" - when: "matrix_corporal_enabled | bool and not matrix_corporal_container_image_self_build | bool" + when: not matrix_corporal_container_image_self_build | bool register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" @@ -59,7 +54,6 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_corporal_enabled | bool - name: Ensure matrix-corporal.service installed ansible.builtin.template: @@ -67,55 +61,3 @@ dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" mode: 0644 register: matrix_corporal_systemd_service_result - when: matrix_corporal_enabled | bool - -- name: Ensure systemd reloaded after matrix-corporal.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_corporal_enabled | bool and matrix_corporal_systemd_service_result.changed" - - -# -# Tasks related to getting rid of matrix-corporal (if it was previously enabled) -# - -- name: Check existence of matrix-corporal service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" - register: matrix_corporal_service_stat - when: "not matrix_corporal_enabled | bool" - -- name: Ensure matrix-corporal is stopped - ansible.builtin.service: - name: matrix-corporal - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists" - -- name: Ensure matrix-corporal.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" - state: absent - when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-corporal.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists" - -- name: Ensure matrix-corporal files don't exist - ansible.builtin.file: - path: "{{ item }}" - state: absent - with_items: - - "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" - - "{{ matrix_corporal_config_dir_path }}/config.json" - when: "not matrix_corporal_enabled | bool" - -- name: Ensure Matrix Corporal Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_corporal_docker_image }}" - state: absent - when: "not matrix_corporal_enabled | bool" diff --git a/roles/custom/matrix-corporal/tasks/setup_uninstall.yml b/roles/custom/matrix-corporal/tasks/setup_uninstall.yml new file mode 100644 index 000000000..6c6e8063a --- /dev/null +++ b/roles/custom/matrix-corporal/tasks/setup_uninstall.yml @@ -0,0 +1,28 @@ +--- + +- name: Check existence of matrix-corporal service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" + register: matrix_corporal_service_stat + +- when: matrix_corporal_service_stat.stat.exists | bool + block: + - name: Ensure matrix-corporal is stopped + ansible.builtin.service: + name: matrix-corporal + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-corporal.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" + state: absent + + - name: Ensure matrix-corporal files don't exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" + - "{{ matrix_corporal_config_dir_path }}/config.json" diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index b2aff9844..3a125de48 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.6.0-r0 +matrix_coturn_version: 4.6.1-r0 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-coturn/tasks/init.yml b/roles/custom/matrix-coturn/tasks/init.yml deleted file mode 100644 index 315dfb656..000000000 --- a/roles/custom/matrix-coturn/tasks/init.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the coturn image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build and matrix_coturn_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn.service'] }}" - when: matrix_coturn_enabled | bool - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn-reload.timer'] }}" - when: "matrix_coturn_enabled | bool and matrix_coturn_tls_enabled | bool" diff --git a/roles/custom/matrix-coturn/tasks/main.yml b/roles/custom/matrix-coturn/tasks/main.yml index 78f712f01..45ce9fd9e 100644 --- a/roles/custom/matrix-coturn/tasks/main.yml +++ b/roles/custom/matrix-coturn/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_coturn_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_coturn_enabled | bool" + - when: matrix_coturn_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-coturn + - install-all + - install-coturn -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_coturn_enabled | bool" - tags: - - setup-all - - setup-coturn - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_coturn_enabled | bool" +- block: + - when: not matrix_coturn_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-coturn diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml index 31b5446cb..ab94db27e 100644 --- a/roles/custom/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -1,11 +1,5 @@ --- -# This is a cleanup/migration task. It can be removed some time in the future. -- name: (Migration) Remove deprecated cronjob - ansible.builtin.file: - path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload" - state: absent - - name: Ensure Matrix Coturn path exists ansible.builtin.file: path: "{{ item.path }}" diff --git a/roles/custom/matrix-coturn/tasks/setup_uninstall.yml b/roles/custom/matrix-coturn/tasks/setup_uninstall.yml index bf71b90ae..e747ff094 100644 --- a/roles/custom/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-coturn/tasks/setup_uninstall.yml @@ -6,42 +6,33 @@ register: matrix_coturn_service_stat when: "not matrix_coturn_enabled | bool" -- name: Ensure matrix-coturn is stopped - ansible.builtin.service: - name: matrix-coturn - state: stopped - enabled: false - daemon_reload: true - when: "matrix_coturn_service_stat.stat.exists | bool" +- when: matrix_coturn_service_stat.stat.exists | bool + block: + - name: Ensure matrix-coturn is stopped + ansible.builtin.service: + name: matrix-coturn + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-coturn-reload.timer is stopped - ansible.builtin.service: - name: matrix-coturn - state: stopped - enabled: false - daemon_reload: true - failed_when: false - when: "matrix_coturn_service_stat.stat.exists | bool" + - name: Ensure matrix-coturn-reload.timer is stopped + ansible.builtin.service: + name: matrix-coturn + state: stopped + enabled: false + daemon_reload: true + failed_when: false -- name: Ensure systemd units don't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" - state: absent - register: matrix_coturn_systemd_unit_uninstallation_result - with_items: - - matrix-coturn.service - - matrix-coturn-reload.service - - matrix-coturn-reload.timer + - name: Ensure systemd units don't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" + state: absent + with_items: + - matrix-coturn.service + - matrix-coturn-reload.service + - matrix-coturn-reload.timer -- name: Ensure systemd reloaded after unit removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_coturn_systemd_unit_uninstallation_result.changed | bool" - -- name: Ensure Matrix coturn paths don't exist - ansible.builtin.file: - path: "{{ matrix_coturn_base_path }}" - state: absent - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. + - name: Ensure Matrix coturn paths don't exist + ansible.builtin.file: + path: "{{ matrix_coturn_base_path }}" + state: absent diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index b9dddfe9b..32f262ad5 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.10.7" +matrix_dendrite_docker_image_tag: "v0.10.8" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" @@ -14,6 +14,7 @@ matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config" matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage" matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store" matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats" +matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin" matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" # By default, we make Dendrite only serve HTTP (not HTTPS). @@ -46,15 +47,15 @@ matrix_dendrite_container_https_host_bind_address: "" # Also see `matrix_dendrite_container_arguments` matrix_dendrite_container_extra_arguments: [] -# matrix_dendrite_container_runtime_injected_arguments is a list of extra arguments to pass to the container. -# This list is built during runtime. You're not meant to override this variable. +# matrix_dendrite_container_extra_arguments_auto is a list of extra arguments to pass to the container. +# This list is managed by the playbook. You're not meant to override this variable. # If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`. -matrix_dendrite_container_runtime_injected_arguments: [] +matrix_dendrite_container_extra_arguments_auto: [] # matrix_dendrite_container_arguments holds the final list of extra arguments to pass to the container. # You're not meant to override this variable. # If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`. -matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_arguments + matrix_dendrite_container_runtime_injected_arguments }}" +matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_arguments + matrix_dendrite_container_extra_arguments_auto }}" # A list of extra arguments to pass to the container process (`dendrite-monolith` command) # Example: @@ -76,7 +77,7 @@ matrix_dendrite_systemd_wanted_services_list: [] # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars//dendrite.yaml.j2" matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2" -matrix_dendrite_registration_shared_secret: '' +matrix_dendrite_client_api_registration_shared_secret: '' matrix_dendrite_allow_guest_access: false matrix_dendrite_max_file_size_bytes: 10485760 @@ -89,18 +90,21 @@ matrix_dendrite_sync_api_real_ip_header: '' matrix_dendrite_tmp_directory_size_mb: 500 # Rate limits -matrix_dendrite_rate_limiting_enabled: true -matrix_dendrite_rate_limiting_threshold: 20 -matrix_dendrite_rate_limiting_cooloff_ms: 500 +matrix_dendrite_client_api_rate_limiting_enabled: true +matrix_dendrite_client_api_rate_limiting_threshold: 20 +matrix_dendrite_client_api_rate_limiting_cooloff_ms: 500 # Controls whether people with access to the homeserver can register by themselves. -matrix_dendrite_registration_disabled: true +matrix_dendrite_client_api_registration_disabled: true # reCAPTCHA API for validating registration attempts -matrix_dendrite_enable_registration_captcha: false -matrix_dendrite_recaptcha_public_key: "" -matrix_dendrite_recaptcha_private_key: "" -matrix_dendrite_recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" +matrix_dendrite_client_api_enable_registration_captcha: false +matrix_dendrite_client_api_recaptcha_public_key: "" +matrix_dendrite_client_api_recaptcha_private_key: "" +matrix_dendrite_client_api_recaptcha_siteverify_api: "" +matrix_dendrite_client_api_recaptcha_api_js_url: "" +matrix_dendrite_client_api_recaptcha_form_field: "" +matrix_dendrite_client_api_recaptcha_sitekey_class: "" # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Dendrite extensions that have been enabled. @@ -118,15 +122,15 @@ matrix_dendrite_container_additional_volumes: [] # Also see `matrix_dendrite_app_service_config_files_final` matrix_dendrite_app_service_config_files: [] -# matrix_dendrite_app_service_runtime_injected_config_files is a list of appservice config files. -# This list is built during runtime. You're not meant to override this variable. +# matrix_dendrite_app_service_config_files_auto is a list of appservice config files. +# This list is managed by the playbook. You're not meant to override this variable. # If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`. -matrix_dendrite_app_service_runtime_injected_config_files: [] +matrix_dendrite_app_service_config_files_auto: [] # matrix_dendrite_app_service_config_files_final holds the final list of config files to pass to the container. # You're not meant to override this variable. # If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`. -matrix_dendrite_app_service_config_files_final: "{{ matrix_dendrite_app_service_config_files + matrix_dendrite_app_service_runtime_injected_config_files }}" +matrix_dendrite_app_service_config_files_final: "{{ matrix_dendrite_app_service_config_files + matrix_dendrite_app_service_config_files_auto }}" # Enable exposure of metrics matrix_dendrite_metrics_enabled: false @@ -135,7 +139,7 @@ matrix_dendrite_metrics_password: "metrics" # Postgres database information matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}" -matrix_dendrite_database_hostname: "matrix-postgres" +matrix_dendrite_database_hostname: '' matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" matrix_dendrite_federationapi_database: "dendrite_federationapi" @@ -147,11 +151,10 @@ matrix_dendrite_userapi_database: "dendrite_userapi" matrix_dendrite_pushserver_database: "dendrite_pushserver" matrix_dendrite_mscs_database: "dendrite_mscs" -matrix_dendrite_turn_uris: [] -matrix_dendrite_turn_shared_secret: "" -matrix_dendrite_turn_allow_guests: false +matrix_dendrite_client_api_turn_uris: [] +matrix_dendrite_client_api_turn_shared_secret: "" +matrix_dendrite_client_api_turn_allow_guests: false -# Controls whether the self-check feature should validate TLS certificates. matrix_dendrite_disable_tls_validation: false matrix_dendrite_trusted_id_servers: @@ -194,3 +197,9 @@ matrix_dendrite_configuration_extension: "{{ matrix_dendrite_configuration_exten # Holds the final Dendrite configuration (a combination of the default and its extension). # You most likely don't need to touch this variable. Instead, see `matrix_dendrite_configuration_yaml`. matrix_dendrite_configuration: "{{ matrix_dendrite_configuration_yaml | from_yaml | combine(matrix_dendrite_configuration_extension, recursive=True) }}" + +matrix_dendrite_userapi_auto_join_rooms: [] + +# statistics reporting configuration. These statistics contain the server +# name, number of active users and some information on your deployment config. +matrix_dendrite_report_stats: false diff --git a/roles/custom/matrix-dendrite/tasks/dendrite/setup.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup.yml deleted file mode 100644 index 1a8497294..000000000 --- a/roles/custom/matrix-dendrite/tasks/dendrite/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup_install.yml" - when: matrix_dendrite_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup_uninstall.yml" - when: "not matrix_dendrite_enabled | bool" diff --git a/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml deleted file mode 100644 index ce3e34769..000000000 --- a/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- - -- name: Check existence of matrix-dendrite service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" - register: matrix_dendrite_service_stat - -- name: Ensure matrix-dendrite is stopped - ansible.builtin.service: - name: matrix-dendrite - state: stopped - daemon_reload: true - register: stopping_result - when: "matrix_dendrite_service_stat.stat.exists" - -- name: Ensure matrix-dendrite.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" - state: absent - when: "matrix_dendrite_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-dendrite.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_dendrite_service_stat.stat.exists" - -- name: Ensure Dendrite Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_dendrite_docker_image }}" - state: absent diff --git a/roles/custom/matrix-dendrite/tasks/init.yml b/roles/custom/matrix-dendrite/tasks/init.yml deleted file mode 100644 index 4ce641e9d..000000000 --- a/roles/custom/matrix-dendrite/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dendrite.service'] }}" - when: matrix_dendrite_enabled | bool diff --git a/roles/custom/matrix-dendrite/tasks/main.yml b/roles/custom/matrix-dendrite/tasks/main.yml index d14beb154..0e88ec510 100644 --- a/roles/custom/matrix-dendrite/tasks/main.yml +++ b/roles/custom/matrix-dendrite/tasks/main.yml @@ -1,42 +1,35 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_dendrite_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup | bool + - when: matrix_dendrite_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-dendrite + - install-all + - install-dendrite + +- block: + - when: not matrix_dendrite_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-dendrite -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_dendrite.yml" - when: run_setup | bool - tags: - - setup-all - - setup-dendrite +- block: + - when: matrix_dendrite_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/register_user.yml" - when: run_dendrite_register_user | bool and matrix_dendrite_enabled | bool + - when: matrix_dendrite_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" + tags: + - self-check + +- block: + - when: matrix_dendrite_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/register_user.yml" tags: - register-user - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" - delegate_to: 127.0.0.1 - become: false - when: run_self_check | bool and matrix_dendrite_enabled | bool - tags: - - self-check - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" - delegate_to: 127.0.0.1 - become: false - when: run_self_check | bool and matrix_dendrite_enabled | bool - tags: - - self-check - -- name: Mark matrix-dendrite role as executed - ansible.builtin.set_fact: - matrix_dendrite_role_executed: true - tags: - - always diff --git a/roles/custom/matrix-dendrite/tasks/register_user.yml b/roles/custom/matrix-dendrite/tasks/register_user.yml index d37e633bf..8ee18ed2f 100644 --- a/roles/custom/matrix-dendrite/tasks/register_user.yml +++ b/roles/custom/matrix-dendrite/tasks/register_user.yml @@ -1,4 +1,5 @@ --- + - name: Fail if playbook called incorrectly ansible.builtin.fail: msg: "The `username` variable needs to be provided to this playbook, via --extra-vars" @@ -28,6 +29,6 @@ - name: Register user ansible.builtin.command: - cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}" + cmd: "{{ matrix_dendrite_bin_path }}/create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}" register: matrix_dendrite_register_user_result changed_when: matrix_dendrite_register_user_result.rc == 0 diff --git a/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml b/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml index 99b6cb40d..f6eb602c6 100644 --- a/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml +++ b/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml @@ -7,6 +7,8 @@ register: result_matrix_dendrite_client_api ignore_errors: true check_mode: false + delegate_to: 127.0.0.1 + become: false - name: Fail if Matrix Client API not working ansible.builtin.fail: diff --git a/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml index 25b2871ce..bba20ff16 100644 --- a/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml +++ b/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml @@ -7,6 +7,8 @@ register: result_matrix_dendrite_federation_api ignore_errors: true check_mode: false + delegate_to: 127.0.0.1 + become: false - name: Fail if Matrix Federation API not working ansible.builtin.fail: diff --git a/roles/custom/matrix-dendrite/tasks/setup_dendrite.yml b/roles/custom/matrix-dendrite/tasks/setup_dendrite.yml deleted file mode 100644 index f74f08c2d..000000000 --- a/roles/custom/matrix-dendrite/tasks/setup_dendrite.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Ensure Dendrite paths exist - ansible.builtin.file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} - - {path: "{{ matrix_dendrite_ext_path }}", when: true} - - {path: "{{ matrix_dendrite_nats_storage_path }}", when: true} - when: "matrix_dendrite_enabled | bool and item.when" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml similarity index 84% rename from roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml rename to roles/custom/matrix-dendrite/tasks/setup_install.yml index aec7f77b4..c516c5b7c 100644 --- a/roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -1,4 +1,18 @@ --- + +- name: Ensure Dendrite paths exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_dendrite_config_dir_path }}" + - "{{ matrix_dendrite_bin_path }}" + - "{{ matrix_dendrite_ext_path }}" + - "{{ matrix_dendrite_nats_storage_path }}" + # This will throw a Permission Denied error if already mounted using fuse - name: Check Dendrite media store path ansible.builtin.stat: @@ -67,15 +81,11 @@ src: "{{ role_path }}/templates/dendrite/systemd/matrix-dendrite.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" mode: 0644 - register: matrix_dendrite_systemd_service_result -- name: Ensure systemd reloaded after matrix-dendrite.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_dendrite_systemd_service_result.changed | bool" - -- name: Ensure matrix-dendrite-create-account script created +- name: Ensure Dendrite scripts created ansible.builtin.template: - src: "{{ role_path }}/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2" - dest: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account" + src: "{{ role_path }}/templates/dendrite/bin/{{ item }}.j2" + dest: "{{ matrix_dendrite_bin_path }}/{{ item }}" mode: 0750 + with_items: + - create-account diff --git a/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml b/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml new file mode 100644 index 000000000..f6a537b30 --- /dev/null +++ b/roles/custom/matrix-dendrite/tasks/setup_uninstall.yml @@ -0,0 +1,22 @@ +--- + +- name: Check existence of matrix-dendrite service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" + register: matrix_dendrite_service_stat + +- when: matrix_dendrite_service_stat.stat.exists | bool + block: + - name: Ensure matrix-dendrite is stopped + ansible.builtin.service: + name: matrix-dendrite + state: stopped + daemon_reload: true + + - name: Ensure Dendrite paths don't exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" + - "{{ matrix_dendrite_bin_path }}" diff --git a/roles/custom/matrix-dendrite/tasks/validate_config.yml b/roles/custom/matrix-dendrite/tasks/validate_config.yml index 390da9380..53c17498c 100644 --- a/roles/custom/matrix-dendrite/tasks/validate_config.yml +++ b/roles/custom/matrix-dendrite/tasks/validate_config.yml @@ -5,7 +5,8 @@ You need to define a required configuration setting (`{{ item }}`) for using Dendrite. when: "vars[item] == ''" with_items: - - "matrix_dendrite_registration_shared_secret" + - matrix_dendrite_client_api_registration_shared_secret + - matrix_dendrite_database_hostname - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: @@ -13,4 +14,16 @@ Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). when: "item.old in vars" - with_items: [] + with_items: + - {'old': 'matrix_dendrite_enable_registration_captcha', 'new': 'matrix_dendrite_client_api_enable_registration_captcha'} + - {'old': 'matrix_dendrite_recaptcha_public_key', 'new': 'matrix_dendrite_client_api_recaptcha_public_key'} + - {'old': 'matrix_dendrite_recaptcha_private_key', 'new': 'matrix_dendrite_client_api_recaptcha_private_key'} + - {'old': 'matrix_dendrite_registration_disabled', 'new': 'matrix_dendrite_client_api_registration_disabled'} + - {'old': 'matrix_dendrite_registration_shared_secret', 'new': 'matrix_dendrite_client_api_registration_shared_secret'} + - {'old': 'matrix_dendrite_turn_uris', 'new': 'matrix_dendrite_client_api_turn_uris'} + - {'old': 'matrix_dendrite_turn_client_api_shared_secret', 'new': 'matrix_dendrite_client_api_turn_shared_secret'} + - {'old': 'matrix_dendrite_client_api_turn_client_api_shared_secret', 'new': 'matrix_dendrite_client_api_turn_shared_secret'} + - {'old': 'matrix_dendrite_turn_allow_guests', 'new': 'matrix_dendrite_client_api_turn_allow_guests'} + - {'old': 'matrix_dendrite_rate_limiting_enabled', 'new': 'matrix_dendrite_client_api_rate_limiting_enabled'} + - {'old': 'matrix_dendrite_rate_limiting_threshold', 'new': 'matrix_dendrite_client_api_rate_limiting_threshold'} + - {'old': 'matrix_dendrite_rate_limiting_cooloff_ms', 'new': 'matrix_dendrite_client_api_rate_limiting_cooloff_ms'} diff --git a/roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 b/roles/custom/matrix-dendrite/templates/dendrite/bin/create-account.j2 similarity index 100% rename from roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 rename to roles/custom/matrix-dendrite/templates/dendrite/bin/create-account.j2 diff --git a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 86a12d7c2..005f9bd64 100644 --- a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -175,7 +175,7 @@ client_api: # Prevents new users from being able to register on this homeserver, except when # using the registration shared secret below. - registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }} + registration_disabled: {{ matrix_dendrite_client_api_registration_disabled | to_json }} # Prevents new guest accounts from being created. Guest registration is also # disabled implicitly by setting 'registration_disabled' above. @@ -183,22 +183,25 @@ client_api: # If set, allows registration by anyone who knows the shared secret, regardless of # whether registration is otherwise disabled. - registration_shared_secret: {{ matrix_dendrite_registration_shared_secret | string|to_json }} + registration_shared_secret: {{ matrix_dendrite_client_api_registration_shared_secret | string | to_json }} # Whether to require reCAPTCHA for registration. - enable_registration_captcha: {{ matrix_dendrite_enable_registration_captcha|to_json }} + enable_registration_captcha: {{ matrix_dendrite_client_api_enable_registration_captcha | to_json }} # Settings for ReCAPTCHA. - recaptcha_public_key: {{ matrix_dendrite_recaptcha_public_key|to_json }} - recaptcha_private_key: {{ matrix_dendrite_recaptcha_private_key|to_json }} + recaptcha_public_key: {{ matrix_dendrite_client_api_recaptcha_public_key | to_json }} + recaptcha_private_key: {{ matrix_dendrite_client_api_recaptcha_private_key | to_json }} recaptcha_bypass_secret: "" - recaptcha_siteverify_api: {{ matrix_dendrite_recaptcha_siteverify_api|to_json }} + recaptcha_siteverify_api: {{ matrix_dendrite_client_api_recaptcha_siteverify_api | to_json }} + recaptcha_api_js_url: {{ matrix_dendrite_client_api_recaptcha_api_js_url | to_json }} + recaptcha_form_field: {{ matrix_dendrite_client_api_recaptcha_form_field | to_json }} + recaptcha_sitekey_class: {{ matrix_dendrite_client_api_recaptcha_sitekey_class | to_json }} # TURN server information that this homeserver should send to clients. turn: turn_user_lifetime: "" - turn_uris: {{ matrix_dendrite_turn_uris|to_json }} - turn_shared_secret: {{ matrix_dendrite_turn_shared_secret|to_json }} + turn_uris: {{ matrix_dendrite_client_api_turn_uris | to_json }} + turn_shared_secret: {{ matrix_dendrite_client_api_turn_shared_secret | to_json }} turn_username: "" turn_password: "" @@ -206,9 +209,9 @@ client_api: # threshold number of "slots" have been taken by requests from a specific # host. Each "slot" will be released after the cooloff time in milliseconds. rate_limiting: - enabled: {{ matrix_dendrite_rate_limiting_enabled|to_json }} - threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }} - cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }} + enabled: {{ matrix_dendrite_client_api_rate_limiting_enabled | to_json }} + threshold: {{ matrix_dendrite_client_api_rate_limiting_threshold | to_json }} + cooloff_ms: {{ matrix_dendrite_client_api_rate_limiting_cooloff_ms | to_json }} exempt_user_ids: # - "@user:domain.com" @@ -382,6 +385,7 @@ user_api: # is considered to be valid in milliseconds. # The default lifetime is 3600000ms (60 minutes). # openid_token_lifetime_ms: 3600000 + auto_join_rooms: {{ matrix_dendrite_userapi_auto_join_rooms | to_json }} # Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml # Configuration for the Push Server API. @@ -414,3 +418,7 @@ tracing: # Logging configuration, in addition to the standard logging that is sent to # stdout by Dendrite. logging: [] + +# statistics reporting configuration. These statistics contain the server +# name, number of active users and some information on your deployment config. +report_stats: {{ matrix_dendrite_report_stats|to_json }} diff --git a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index b83f00bc4..4649c3a31 100644 --- a/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -16,8 +16,8 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' -{% if 'matrix-postgres.service' in matrix_dendrite_systemd_required_services_list %} -# Dendrite is too quick to start in relation to its matrix-postgres dependency. +{% if (devture_postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %} +# Dendrite is too quick to start in relation to its Postgres dependency. # Delay Dendrite startup to avoid failing with: "failed to connect to accounts db" ("pq: the database system is starting up"). ExecStartPre={{ matrix_host_command_sleep }} 5 {% endif %} diff --git a/roles/custom/matrix-dendrite/vars/main.yml b/roles/custom/matrix-dendrite/vars/main.yml index fcf020c2c..1e7aa378b 100644 --- a/roles/custom/matrix-dendrite/vars/main.yml +++ b/roles/custom/matrix-dendrite/vars/main.yml @@ -2,9 +2,6 @@ matrix_dendrite_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" matrix_dendrite_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" -# Tells whether this role had executed or not. Toggled to `true` during runtime. -matrix_dendrite_role_executed: false - matrix_dendrite_media_store_parent_path: "{{ matrix_dendrite_media_store_path | dirname }}" matrix_dendrite_media_store_directory_name: "{{ matrix_dendrite_media_store_path | basename }}" diff --git a/roles/custom/matrix-dimension/defaults/main.yml b/roles/custom/matrix-dimension/defaults/main.yml index ea1dde108..4be76fd1e 100644 --- a/roles/custom/matrix-dimension/defaults/main.yml +++ b/roles/custom/matrix-dimension/defaults/main.yml @@ -65,7 +65,7 @@ matrix_dimension_sqlite_database_path_in_container: "dimension.db" matrix_dimension_database_username: 'matrix_dimension' matrix_dimension_database_password: 'some-password' -matrix_dimension_database_hostname: 'matrix-postgres' +matrix_dimension_database_hostname: '' matrix_dimension_database_port: 5432 matrix_dimension_database_name: 'matrix_dimension' diff --git a/roles/custom/matrix-dimension/tasks/init.yml b/roles/custom/matrix-dimension/tasks/init.yml deleted file mode 100644 index c60a2fe2e..000000000 --- a/roles/custom/matrix-dimension/tasks/init.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}" - when: matrix_dimension_enabled | bool diff --git a/roles/custom/matrix-dimension/tasks/main.yml b/roles/custom/matrix-dimension/tasks/main.yml index 6eef50d65..efd0f8d47 100644 --- a/roles/custom/matrix-dimension/tasks/main.yml +++ b/roles/custom/matrix-dimension/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_dimension_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup | bool + - when: matrix_dimension_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-dimension + - install-all + - install-dimension -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup | bool and matrix_dimension_enabled | bool - tags: - - setup-all - - setup-dimension - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup | bool and not matrix_dimension_enabled | bool +- block: + - when: not matrix_dimension_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-dimension diff --git a/roles/custom/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml index 2aeb1e2a7..26617f7a3 100644 --- a/roles/custom/matrix-dimension/tasks/setup_install.yml +++ b/roles/custom/matrix-dimension/tasks/setup_install.yml @@ -51,8 +51,11 @@ - {'table': 'dimension_bridges', 'column': 'isEnabled', 'default': ''} - {'table': 'dimension_bridges', 'column': 'isPublic', 'default': ''} - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_dimension_sqlite_database_path_local }}" dst: "{{ matrix_dimension_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -63,10 +66,6 @@ additional_psql_statements_list: "{{ matrix_dimension_pgloader_additional_psql_statements_list }}" additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}" - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_dimension_requires_restart: true @@ -126,15 +125,10 @@ src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" mode: 0644 - register: matrix_dimension_systemd_service_result - -- name: Ensure systemd reloaded after matrix-dimension.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_dimension_systemd_service_result.changed | bool" - name: Ensure matrix-dimension.service restarted, if necessary ansible.builtin.service: name: "matrix-dimension.service" state: restarted + daemon_reload: true when: "matrix_dimension_requires_restart | bool" diff --git a/roles/custom/matrix-dimension/tasks/setup_uninstall.yml b/roles/custom/matrix-dimension/tasks/setup_uninstall.yml index 8a5f5c755..239e4d892 100644 --- a/roles/custom/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-dimension/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" register: matrix_dimension_service_stat -- name: Ensure matrix-dimension is stopped - ansible.builtin.service: - name: matrix-dimension - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_dimension_service_stat.stat.exists | bool" +- when: matrix_dimension_service_stat.stat.exists | bool + block: + - name: Ensure matrix-dimension is stopped + ansible.builtin.service: + name: matrix-dimension + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-dimension.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" - state: absent - when: "matrix_dimension_service_stat.stat.exists | bool" + - name: Ensure matrix-dimension.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" + state: absent -- name: Ensure systemd reloaded after matrix-dimension.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_dimension_service_stat.stat.exists | bool" - -- name: Ensure Dimension base directory doesn't exist - ansible.builtin.file: - path: "{{ matrix_dimension_base_path }}" - state: absent - -- name: Ensure Dimension Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_dimension_docker_image }}" - state: absent + - name: Ensure Dimension base directory doesn't exist + ansible.builtin.file: + path: "{{ matrix_dimension_base_path }}" + state: absent diff --git a/roles/custom/matrix-dimension/tasks/validate_config.yml b/roles/custom/matrix-dimension/tasks/validate_config.yml index 5af0ba6d6..8f681e082 100644 --- a/roles/custom/matrix-dimension/tasks/validate_config.yml +++ b/roles/custom/matrix-dimension/tasks/validate_config.yml @@ -1,11 +1,13 @@ --- + - name: Fail if required Dimension settings not defined ansible.builtin.fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`) for using Dimension. + msg: > + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_dimension_access_token" - when: "matrix_dimension_enabled and vars[item] == ''" + - {'name': 'matrix_dimension_access_token', when: true} + - {'name': 'matrix_dimension_database_hostname', when: "{{ matrix_dimension_database_engine == 'postgres' }}"} - name: (Deprecation) Catch and report renamed Dimension variables ansible.builtin.fail: diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 77e01d0ee..95e197f3f 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls103 +matrix_dynamic_dns_version: v3.10.0-ls106 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" diff --git a/roles/custom/matrix-dynamic-dns/tasks/init.yml b/roles/custom/matrix-dynamic-dns/tasks/init.yml deleted file mode 100644 index 9c906441f..000000000 --- a/roles/custom/matrix-dynamic-dns/tasks/init.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Dynamic DNS image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_dynamic_dns_container_image_self_build and matrix_dynamic_dns_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}" - when: "matrix_dynamic_dns_enabled | bool" diff --git a/roles/custom/matrix-dynamic-dns/tasks/main.yml b/roles/custom/matrix-dynamic-dns/tasks/main.yml index 2f33af86e..ae7503b73 100644 --- a/roles/custom/matrix-dynamic-dns/tasks/main.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_dynamic_dns_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_dynamic_dns_enabled | bool" + - when: matrix_dynamic_dns_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-dynamic-dns + - install-all + - install-dynamic-dns -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/install.yml" - when: "run_setup | bool and matrix_dynamic_dns_enabled | bool" - tags: - - setup-all - - setup-dynamic-dns - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/uninstall.yml" - when: "run_setup | bool and not matrix_dynamic_dns_enabled | bool" +- block: + - when: not matrix_dynamic_dns_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-dynamic-dns diff --git a/roles/custom/matrix-dynamic-dns/tasks/install.yml b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml similarity index 92% rename from roles/custom/matrix-dynamic-dns/tasks/install.yml rename to roles/custom/matrix-dynamic-dns/tasks/setup_install.yml index 2367e9cb1..e64cc0a7d 100644 --- a/roles/custom/matrix-dynamic-dns/tasks/install.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/setup_install.yml @@ -61,9 +61,3 @@ src: "{{ role_path }}/templates/systemd/matrix-dynamic-dns.service.j2" dest: "/etc/systemd/system/matrix-dynamic-dns.service" mode: 0644 - register: matrix_dynamic_dns_systemd_service_result - -- name: Ensure systemd reloaded after matrix-dynamic-dns.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_dynamic_dns_systemd_service_result.changed" diff --git a/roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml b/roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml new file mode 100644 index 000000000..8f9f1b040 --- /dev/null +++ b/roles/custom/matrix-dynamic-dns/tasks/setup_uninstall.yml @@ -0,0 +1,20 @@ +--- + +- name: Check existence of matrix-dynamic-dns service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service" + register: matrix_dynamic_dns_service_stat + +- when: matrix_dynamic_dns_service_stat.stat.exists | bool + block: + - name: Ensure matrix-dynamic-dns is stopped + ansible.builtin.service: + name: matrix-dynamic-dns + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-dynamic-dns.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service" + state: absent diff --git a/roles/custom/matrix-dynamic-dns/tasks/uninstall.yml b/roles/custom/matrix-dynamic-dns/tasks/uninstall.yml deleted file mode 100644 index 7b4e76671..000000000 --- a/roles/custom/matrix-dynamic-dns/tasks/uninstall.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- - -- name: Check existence of matrix-dynamic-dns service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service" - register: matrix_dynamic_dns_service_stat - -- name: Ensure matrix-dynamic-dns is stopped - ansible.builtin.service: - name: matrix-dynamic-dns - state: stopped - enabled: false - daemon_reload: true - when: "matrix_dynamic_dns_service_stat.stat.exists" - -- name: Ensure matrix-dynamic-dns.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service" - state: absent - when: "matrix_dynamic_dns_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-dynamic-dns.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_dynamic_dns_service_stat.stat.exists" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/custom/matrix-email2matrix/tasks/init.yml b/roles/custom/matrix-email2matrix/tasks/init.yml deleted file mode 100644 index 02dbc9ee3..000000000 --- a/roles/custom/matrix-email2matrix/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}" - when: matrix_email2matrix_enabled | bool diff --git a/roles/custom/matrix-email2matrix/tasks/main.yml b/roles/custom/matrix-email2matrix/tasks/main.yml index 3adbc6466..8fac77ce2 100644 --- a/roles/custom/matrix-email2matrix/tasks/main.yml +++ b/roles/custom/matrix-email2matrix/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_email2matrix_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_email2matrix_enabled | bool" + - when: matrix_email2matrix_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-email2matrix + - install-all + - install-email2matrix -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_email2matrix_enabled | bool" - tags: - - setup-all - - setup-email2matrix - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_email2matrix_enabled | bool" +- block: + - when: not matrix_email2matrix_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-email2matrix diff --git a/roles/custom/matrix-email2matrix/tasks/setup_install.yml b/roles/custom/matrix-email2matrix/tasks/setup_install.yml index 740506338..8cfbc5ea3 100644 --- a/roles/custom/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/custom/matrix-email2matrix/tasks/setup_install.yml @@ -61,9 +61,3 @@ src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" mode: 0644 - register: matrix_email2matrix_systemd_service_result - -- name: Ensure systemd reloaded after matrix-email2matrix.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_email2matrix_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml index c9600d0c9..e95ce6617 100644 --- a/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" register: matrix_email2matrix_service_stat -- name: Ensure matrix-email2matrix is stopped - ansible.builtin.service: - name: matrix-email2matrix - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_email2matrix_service_stat.stat.exists | bool" +- when: matrix_email2matrix_service_stat.stat.exists | bool + block: + - name: Ensure matrix-email2matrix is stopped + ansible.builtin.service: + name: matrix-email2matrix + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-email2matrix.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" - state: absent - when: "matrix_email2matrix_service_stat.stat.exists | bool" + - name: Ensure matrix-email2matrix.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" + state: absent -- name: Ensure systemd reloaded after matrix-email2matrix.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_email2matrix_service_stat.stat.exists | bool" - -- name: Ensure Email2Matrix data path doesn't exist - ansible.builtin.file: - path: "{{ matrix_email2matrix_base_path }}" - state: absent - -- name: Ensure Email2Matrix Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_email2matrix_docker_image }}" - state: absent + - name: Ensure Email2Matrix data path doesn't exist + ansible.builtin.file: + path: "{{ matrix_email2matrix_base_path }}" + state: absent diff --git a/roles/custom/matrix-etherpad/defaults/main.yml b/roles/custom/matrix-etherpad/defaults/main.yml index 540b2a518..874e9a300 100644 --- a/roles/custom/matrix-etherpad/defaults/main.yml +++ b/roles/custom/matrix-etherpad/defaults/main.yml @@ -45,7 +45,7 @@ matrix_etherpad_database_engine: 'postgres' matrix_etherpad_database_username: 'matrix_etherpad' matrix_etherpad_database_password: 'some-password' -matrix_etherpad_database_hostname: 'matrix-postgres' +matrix_etherpad_database_hostname: '' matrix_etherpad_database_port: 5432 matrix_etherpad_database_name: 'matrix_etherpad' diff --git a/roles/custom/matrix-etherpad/tasks/init.yml b/roles/custom/matrix-etherpad/tasks/init.yml deleted file mode 100644 index d35ed375e..000000000 --- a/roles/custom/matrix-etherpad/tasks/init.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" - when: matrix_etherpad_enabled | bool - -- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension' - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-etherpad role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Etherpad proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_etherpad_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; - - location {{ matrix_etherpad_public_endpoint }}/ { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-etherpad:9001/; - {# These are proxy directives needed specifically by Etherpad #} - proxy_buffering off; - proxy_http_version 1.1; # recommended with keepalive connections - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used - # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - {% else %} - {# Generic configuration for use outside of our container setup #} - # A good guide for setting up your Etherpad behind nginx: - # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html - proxy_pass http://127.0.0.1:9001/; - {% endif %} - } - - - name: Register Etherpad proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([]) - + - [matrix_etherpad_matrix_nginx_proxy_configuration] - }} diff --git a/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..e32cdf964 --- /dev/null +++ b/roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,46 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-etherpad role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Etherpad proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_etherpad_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent; + + location {{ matrix_etherpad_public_endpoint }}/ { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + proxy_pass http://matrix-etherpad:9001/; + {# These are proxy directives needed specifically by Etherpad #} + proxy_buffering off; + proxy_http_version 1.1; # recommended with keepalive connections + proxy_pass_header Server; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used + # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% else %} + {# Generic configuration for use outside of our container setup #} + # A good guide for setting up your Etherpad behind nginx: + # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html + proxy_pass http://127.0.0.1:9001/; + {% endif %} + } + +- name: Register Etherpad proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([]) + + + [matrix_etherpad_matrix_nginx_proxy_configuration] + }} diff --git a/roles/custom/matrix-etherpad/tasks/main.yml b/roles/custom/matrix-etherpad/tasks/main.yml index caf0dda50..eaafd98a9 100644 --- a/roles/custom/matrix-etherpad/tasks/main.yml +++ b/roles/custom/matrix-etherpad/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension' + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup | bool and matrix_etherpad_enabled | bool +- block: + - when: matrix_etherpad_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_etherpad_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-etherpad + - install-all + - install-etherpad -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup | bool and matrix_etherpad_enabled | bool - tags: - - setup-all - - setup-etherpad - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup | bool and not matrix_etherpad_enabled | bool +- block: + - when: not matrix_etherpad_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-etherpad diff --git a/roles/custom/matrix-etherpad/tasks/setup_install.yml b/roles/custom/matrix-etherpad/tasks/setup_install.yml index bb5e0e53e..d4e2952e9 100644 --- a/roles/custom/matrix-etherpad/tasks/setup_install.yml +++ b/roles/custom/matrix-etherpad/tasks/setup_install.yml @@ -32,9 +32,3 @@ src: "{{ role_path }}/templates/systemd/matrix-etherpad.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" mode: 0644 - register: matrix_etherpad_systemd_service_result - -- name: Ensure systemd reloaded after matrix-etherpad.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_etherpad_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml b/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml index 7d93b9ab2..e03829845 100644 --- a/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" register: matrix_etherpad_service_stat -- name: Ensure matrix-etherpad is stopped - ansible.builtin.service: - name: matrix-etherpad - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_etherpad_service_stat.stat.exists | bool" +- when: matrix_etherpad_service_stat.stat.exists | bool + block: + - name: Ensure matrix-etherpad is stopped + ansible.builtin.service: + name: matrix-etherpad + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-etherpad.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" - state: absent - when: "matrix_etherpad_service_stat.stat.exists | bool" + - name: Ensure matrix-etherpad.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" + state: absent -- name: Ensure systemd reloaded after matrix-etherpad.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_etherpad_service_stat.stat.exists | bool" - -- name: Ensure Etherpad base directory doesn't exist - ansible.builtin.file: - path: "{{ matrix_etherpad_base_path }}" - state: absent - -- name: Ensure Etherpad Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_etherpad_docker_image }}" - state: absent + - name: Ensure Etherpad base directory doesn't exist + ansible.builtin.file: + path: "{{ matrix_etherpad_base_path }}" + state: absent diff --git a/roles/custom/matrix-etherpad/tasks/validate_config.yml b/roles/custom/matrix-etherpad/tasks/validate_config.yml index 10ddc5843..2bc773a63 100644 --- a/roles/custom/matrix-etherpad/tasks/validate_config.yml +++ b/roles/custom/matrix-etherpad/tasks/validate_config.yml @@ -1,10 +1,12 @@ --- -- name: Fail if no database is configured for Etherpad +- name: Fail if required Etherpad settings not defined ansible.builtin.fail: - msg: >- - Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname" - when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled + msg: > + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_etherpad_database_hostname', when: true} - name: Fail if wrong mode selected ansible.builtin.fail: diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml index 7c5e8d993..44821b577 100644 --- a/roles/custom/matrix-grafana/defaults/main.yml +++ b/roles/custom/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: true -matrix_grafana_version: 9.2.4 +matrix_grafana_version: 9.3.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-grafana/tasks/init.yml b/roles/custom/matrix-grafana/tasks/init.yml deleted file mode 100644 index 7b363ee77..000000000 --- a/roles/custom/matrix-grafana/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-grafana.service'] }}" - when: matrix_grafana_enabled | bool diff --git a/roles/custom/matrix-grafana/tasks/main.yml b/roles/custom/matrix-grafana/tasks/main.yml index 34a3f415b..263d894fe 100644 --- a/roles/custom/matrix-grafana/tasks/main.yml +++ b/roles/custom/matrix-grafana/tasks/main.yml @@ -1,16 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_grafana_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_grafana_enabled | bool" + - when: matrix_grafana_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-grafana + - install-all + - install-grafana -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" +- block: + - when: not matrix_grafana_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-grafana diff --git a/roles/custom/matrix-grafana/tasks/setup.yml b/roles/custom/matrix-grafana/tasks/setup_install.yml similarity index 65% rename from roles/custom/matrix-grafana/tasks/setup.yml rename to roles/custom/matrix-grafana/tasks/setup_install.yml index eabd25e5f..86a6b04b8 100644 --- a/roles/custom/matrix-grafana/tasks/setup.yml +++ b/roles/custom/matrix-grafana/tasks/setup_install.yml @@ -1,16 +1,11 @@ --- -# -# Tasks related to setting up matrix-grafana -# - - name: Ensure matrix-grafana image is pulled community.docker.docker_image: name: "{{ matrix_grafana_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" - when: "matrix_grafana_enabled | bool" register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" @@ -31,7 +26,6 @@ - "{{ matrix_grafana_config_path }}/provisioning/dashboards" - "{{ matrix_grafana_config_path }}/dashboards" - "{{ matrix_grafana_data_path }}" - when: matrix_grafana_enabled | bool - name: Ensure grafana.ini present ansible.builtin.template: @@ -40,7 +34,6 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled | bool - name: Ensure provisioning/datasources/default.yaml present ansible.builtin.template: @@ -49,7 +42,6 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled | bool - name: Ensure provisioning/dashboards/default.yaml present ansible.builtin.template: @@ -58,7 +50,6 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_grafana_enabled | bool - name: Ensure dashboard(s) downloaded ansible.builtin.get_url: @@ -69,7 +60,6 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: "{{ matrix_grafana_dashboard_download_urls }}" - when: matrix_grafana_enabled | bool register: result retries: "{{ devture_playbook_help_geturl_retries_count }}" delay: "{{ devture_playbook_help_geturl_retries_delay }}" @@ -81,38 +71,3 @@ dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" mode: 0644 register: matrix_grafana_systemd_service_result - when: matrix_grafana_enabled | bool - -- name: Ensure systemd reloaded after matrix-grafana.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_grafana_enabled | bool and matrix_grafana_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-grafana (if it was previously enabled) -# - -- name: Check existence of matrix-grafana service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" - register: matrix_grafana_service_stat - -- name: Ensure matrix-grafana is stopped - ansible.builtin.service: - name: matrix-grafana - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists" - -- name: Ensure matrix-grafana.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" - state: absent - when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-grafana.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists" diff --git a/roles/custom/matrix-grafana/tasks/setup_uninstall.yml b/roles/custom/matrix-grafana/tasks/setup_uninstall.yml new file mode 100644 index 000000000..12c3cde93 --- /dev/null +++ b/roles/custom/matrix-grafana/tasks/setup_uninstall.yml @@ -0,0 +1,20 @@ +--- + +- name: Check existence of matrix-grafana service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" + register: matrix_grafana_service_stat + +- when: matrix_grafana_service_stat.stat.exists | bool + block: + - name: Ensure matrix-grafana is stopped + ansible.builtin.service: + name: matrix-grafana + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-grafana.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" + state: absent diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml index e1fcc318a..ce4d19cc1 100644 --- a/roles/custom/matrix-jitsi/defaults/main.yml +++ b/roles/custom/matrix-jitsi/defaults/main.yml @@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7882 +matrix_jitsi_version: stable-8138-1 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" @@ -96,6 +96,7 @@ matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}" matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}" matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}" matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}" +matrix_jitsi_turn_transport: tcp # Controls whether Etherpad will be available within Jitsi matrix_jitsi_etherpad_enabled: false @@ -189,6 +190,8 @@ matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] # Neccessary Port binding for those disabling the integrated nginx proxy matrix_jitsi_prosody_container_http_host_bind_port: '' +matrix_jitsi_prosody_container_jvb_host_bind_port: 5222 + matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" @@ -205,6 +208,9 @@ matrix_jitsi_jicofo_component_secret: '' matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: '' +# To enable Sentry integration for Jicofo, specify a valid DSN connection string +matrix_jitsi_jicofo_sentry_dsn: '' + matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" @@ -215,11 +221,14 @@ matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config" matrix_jitsi_jvb_container_extra_arguments: [] # List of systemd services that matrix-jitsi-jvb.service depends on -matrix_jitsi_jvb_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service'] +matrix_jitsi_jvb_systemd_required_services_list: ['docker.service'] matrix_jitsi_jvb_auth_user: jvb matrix_jitsi_jvb_auth_password: '' +# To enable Sentry integration for JVB, specify a valid DSN connection string +matrix_jitsi_jvb_sentry_dsn: '' + # STUN servers used by JVB on the server-side, so it can discover its own external IP address. # Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery. matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443'] @@ -227,6 +236,8 @@ matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443'] matrix_jitsi_jvb_brewery_muc: jvbbrewery matrix_jitsi_jvb_rtp_udp_port: 10000 matrix_jitsi_jvb_rtp_tcp_port: 4443 +matrix_jitsi_jvb_server_id: 'jvb-1' + # Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB. # This configuration gets appended to the final configuration that Jitsi JVB uses. @@ -267,3 +278,8 @@ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_ # # Takes an ":" or "" value (e.g. "127.0.0.1:12090"), or empty string to not expose. matrix_jitsi_jvb_container_colibri_ws_host_bind_port: '' + +# Default max participants to the empty string +# +# The setting requires an integer to be set for usage and allows a user to specify the max number of particpants on a conference. +matrix_prosody_jitsi_max_participants: '' diff --git a/roles/custom/matrix-jitsi/tasks/init.yml b/roles/custom/matrix-jitsi/tasks/init.yml deleted file mode 100644 index 8606c4b3e..000000000 --- a/roles/custom/matrix-jitsi/tasks/init.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" - when: matrix_jitsi_enabled | bool - -- name: Fail if on an unsupported architecture - ansible.builtin.fail: - msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" - when: matrix_jitsi_enabled | bool and matrix_architecture not in ['amd64', 'arm64'] diff --git a/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml new file mode 100644 index 000000000..87420bc49 --- /dev/null +++ b/roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml @@ -0,0 +1,5 @@ +--- + +- ansible.builtin.set_fact: + devture_systemd_service_manager_services_list_auto: "{{ [{'name': 'matrix-jitsi-jvb.service', 'priority': 1000, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] }}" + when: matrix_jitsi_enabled | bool diff --git a/roles/custom/matrix-jitsi/tasks/main.yml b/roles/custom/matrix-jitsi/tasks/main.yml index 7da6ebf95..d7dc66232 100644 --- a/roles/custom/matrix-jitsi/tasks/main.yml +++ b/roles/custom/matrix-jitsi/tasks/main.yml @@ -1,41 +1,69 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml" tags: - - always + - setup-additional-jitsi-jvb + - install-additional-jitsi-jvb -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_jitsi_enabled | bool" +- block: + - when: matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" + tags: + - setup-all + - setup-jitsi + - setup-additional-jitsi-jvb + - install-all + - install-jitsi + - install-additional-jitsi-jvb + +- block: + - when: matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_install.yml" + + - when: matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_install.yml" + + - when: matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_install.yml" + tags: + - setup-all + - setup-jitsi + - install-all + - install-jitsi + +- block: + - when: not matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_uninstall.yml" + + - when: not matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_uninstall.yml" + + - when: not matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_uninstall.yml" tags: - setup-all - setup-jitsi -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml" - when: run_setup | bool +- block: + - when: matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_install.yml" tags: - setup-all - setup-jitsi + - setup-additional-jitsi-jvb + - install-all + - install-jitsi + - install-additional-jitsi-jvb -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_web.yml" - when: run_setup | bool - tags: - - setup-all - - setup-jitsi - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody.yml" - when: run_setup | bool - tags: - - setup-all - - setup-jitsi - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo.yml" - when: run_setup | bool - tags: - - setup-all - - setup-jitsi - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb.yml" - when: run_setup | bool +- block: + - when: not matrix_jitsi_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_uninstall.yml" tags: - setup-all - setup-jitsi + - setup-additional-jitsi-jvb diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml index c52c19021..68be1efb7 100644 --- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -1,13 +1,9 @@ --- -- ansible.builtin.import_role: +- ansible.builtin.include_role: name: custom/matrix-base tasks_from: ensure_openssl_installed -# -# Tasks related to setting up jitsi -# - - name: Ensure Matrix jitsi base path exists ansible.builtin.file: path: "{{ item.path }}" @@ -17,8 +13,4 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_jitsi_base_path }}", when: true} - when: matrix_jitsi_enabled | bool and item.when - -# -# Tasks related to getting rid of jitsi (if it was previously enabled) -# + when: item.when | bool diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_install.yml similarity index 52% rename from roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_install.yml index d93953086..6782ecd5b 100644 --- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_install.yml @@ -1,9 +1,5 @@ --- -# -# Tasks related to setting up jitsi-jicofo -# - - name: Ensure Matrix jitsi-jicofo path exists ansible.builtin.file: path: "{{ item.path }}" @@ -14,7 +10,7 @@ with_items: - {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true} - {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true} - when: matrix_jitsi_enabled | bool and item.when + when: item.when | bool - name: Ensure jitsi-jicofo Docker image is pulled community.docker.docker_image: @@ -22,7 +18,6 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" - when: matrix_jitsi_enabled | bool register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" @@ -47,7 +42,6 @@ with_items: - sip-communicator.properties - logging.properties - when: matrix_jitsi_enabled | bool - name: Ensure matrix-jitsi-jicofo.service installed ansible.builtin.template: @@ -55,48 +49,3 @@ dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" mode: 0644 register: matrix_jitsi_jicofo_systemd_service_result - when: matrix_jitsi_enabled | bool - -- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_jitsi_enabled and matrix_jitsi_jicofo_systemd_service_result.changed" - -# -# Tasks related to getting rid of jitsi-jicofo (if it was previously enabled) -# - -- name: Check existence of matrix-jitsi-jicofo service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" - register: matrix_jitsi_jicofo_service_stat - when: "not matrix_jitsi_enabled | bool" - -- name: Ensure matrix-jitsi-jicofo is stopped - ansible.builtin.service: - name: matrix-jitsi-jicofo - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists" - -- name: Ensure matrix-jitsi-jicofo.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" - state: absent - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-jitsi-jicofo.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists" - -- name: Ensure Matrix jitsi-jicofo paths doesn't exist - ansible.builtin.file: - path: "{{ matrix_jitsi_jicofo_base_path }}" - state: absent - when: "not matrix_jitsi_enabled | bool" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml new file mode 100644 index 000000000..6ddd89375 --- /dev/null +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-jitsi-jicofo service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" + register: matrix_jitsi_jicofo_service_stat + +- when: matrix_jitsi_jicofo_service_stat.stat.exists | bool + block: + - name: Ensure matrix-jitsi-jicofo is stopped + ansible.builtin.service: + name: matrix-jitsi-jicofo + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-jitsi-jicofo.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" + state: absent + + - name: Ensure Matrix jitsi-jicofo paths doesn't exist + ansible.builtin.file: + path: "{{ matrix_jitsi_jicofo_base_path }}" + state: absent diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_install.yml similarity index 50% rename from roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_install.yml index 966572af5..356b40680 100644 --- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_install.yml @@ -1,9 +1,5 @@ --- -# -# Tasks related to setting up jitsi-jvb -# - - name: Ensure Matrix jitsi-jvb path exists ansible.builtin.file: path: "{{ item.path }}" @@ -14,7 +10,7 @@ with_items: - {path: "{{ matrix_jitsi_jvb_base_path }}", when: true} - {path: "{{ matrix_jitsi_jvb_config_path }}", when: true} - when: matrix_jitsi_enabled | bool and item.when + when: item.when | bool - name: Ensure jitsi-jvb Docker image is pulled community.docker.docker_image: @@ -22,7 +18,6 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" - when: matrix_jitsi_enabled | bool register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" @@ -38,7 +33,6 @@ with_items: - custom-sip-communicator.properties - logging.properties - when: matrix_jitsi_enabled | bool - name: Ensure jitsi-jvb environment variables file created ansible.builtin.template: @@ -47,56 +41,9 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: 0640 - when: matrix_jitsi_enabled | bool - name: Ensure matrix-jitsi-jvb.service installed ansible.builtin.template: src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" mode: 0644 - register: matrix_jitsi_jvb_systemd_service_result - when: matrix_jitsi_enabled | bool - -- name: Ensure systemd reloaded after matrix-jitsi-jvb.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_jitsi_enabled and matrix_jitsi_jvb_systemd_service_result.changed" - -# -# Tasks related to getting rid of jitsi-jvb (if it was previously enabled) -# - -- name: Check existence of matrix-jitsi-jvb service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" - register: matrix_jitsi_jvb_service_stat - when: "not matrix_jitsi_enabled | bool" - -- name: Ensure matrix-jitsi-jvb is stopped - ansible.builtin.service: - name: matrix-jitsi-jvb - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists" - -- name: Ensure matrix-jitsi-jvb.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" - state: absent - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-jitsi-jvb.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists" - -- name: Ensure Matrix jitsi-jvb paths doesn't exist - ansible.builtin.file: - path: "{{ matrix_jitsi_jvb_base_path }}" - state: absent - when: "not matrix_jitsi_enabled | bool" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml new file mode 100644 index 000000000..e3d7094f0 --- /dev/null +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-jitsi-jvb service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" + register: matrix_jitsi_jvb_service_stat + +- when: matrix_jitsi_jvb_service_stat.stat.exists | bool + block: + - name: Ensure matrix-jitsi-jvb is stopped + ansible.builtin.service: + name: matrix-jitsi-jvb + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-jitsi-jvb.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" + state: absent + + - name: Ensure Matrix jitsi-jvb paths doesn't exist + ansible.builtin.file: + path: "{{ matrix_jitsi_jvb_base_path }}" + state: absent diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml deleted file mode 100644 index 1a1656b2c..000000000 --- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- - -# -# Tasks related to setting up jitsi-prosody -# - -- name: Ensure Matrix jitsi-prosody environment exists - ansible.builtin.file: - path: "{{ item.path }}" - state: directory - mode: 0777 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true} - - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true} - - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true} - when: matrix_jitsi_enabled | bool and item.when - -- name: Ensure jitsi-prosody Docker image is pulled - community.docker.docker_image: - name: "{{ matrix_jitsi_prosody_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" - when: matrix_jitsi_enabled | bool - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure jitsi-prosody environment variables file is created - ansible.builtin.template: - src: "{{ role_path }}/templates/prosody/env.j2" - dest: "{{ matrix_jitsi_prosody_base_path }}/env" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0640 - when: matrix_jitsi_enabled | bool - -- name: Ensure matrix-jitsi-prosody.service file is installed - ansible.builtin.template: - src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" - mode: 0644 - register: matrix_jitsi_prosody_systemd_service_result - when: matrix_jitsi_enabled | bool - -- name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed" - -- name: Ensure authentication is properly configured - ansible.builtin.include_tasks: - file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" - when: - - matrix_jitsi_enabled | bool - - matrix_jitsi_enable_auth | bool - - -# -# Tasks related to getting rid of jitsi-prosody (if it was previously enabled) -# - -- name: Ensure matrix-jitsi-prosody.service file exists - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" - register: matrix_jitsi_prosody_service_stat - when: "not matrix_jitsi_enabled | bool" - -- name: Ensure matrix-jitsi-prosody is stopped - ansible.builtin.service: - name: matrix-jitsi-prosody - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists" - -- name: Ensure matrix-jitsi-prosody.service file doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" - state: absent - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists" - -- name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists" - -- name: Ensure Matrix jitsi-prosody paths doesn't exist - ansible.builtin.file: - path: "{{ matrix_jitsi_prosody_base_path }}" - state: absent - when: "not matrix_jitsi_enabled | bool" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_install.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_install.yml new file mode 100644 index 000000000..785811666 --- /dev/null +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_install.yml @@ -0,0 +1,45 @@ +--- + +- name: Ensure Matrix jitsi-prosody environment exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0777 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_jitsi_prosody_base_path }}", when: true} + - {path: "{{ matrix_jitsi_prosody_config_path }}", when: true} + - {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true} + when: item.when | bool + +- name: Ensure jitsi-prosody Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_jitsi_prosody_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure jitsi-prosody environment variables file is created + ansible.builtin.template: + src: "{{ role_path }}/templates/prosody/env.j2" + dest: "{{ matrix_jitsi_prosody_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure matrix-jitsi-prosody.service file is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" + mode: 0644 + register: matrix_jitsi_prosody_systemd_service_result + +- name: Ensure authentication is properly configured + ansible.builtin.include_tasks: + file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml" + when: matrix_jitsi_enable_auth | bool diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml new file mode 100644 index 000000000..4907b2a1d --- /dev/null +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check if matrix-jitsi-prosody.service file exists + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" + register: matrix_jitsi_prosody_service_stat + +- when: matrix_jitsi_prosody_service_stat.stat.exists | bool + block: + - name: Ensure matrix-jitsi-prosody is stopped + ansible.builtin.service: + name: matrix-jitsi-prosody + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-jitsi-prosody.service file doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" + state: absent + + - name: Ensure Matrix jitsi-prosody paths doesn't exist + ansible.builtin.file: + path: "{{ matrix_jitsi_prosody_base_path }}" + state: absent diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_install.yml similarity index 53% rename from roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_web_install.yml index b6d3241b5..710b2b0ca 100644 --- a/roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_install.yml @@ -1,9 +1,5 @@ --- -# -# Tasks related to setting up jitsi-web -# - - name: Ensure Matrix jitsi-web path exists ansible.builtin.file: path: "{{ item.path }}" @@ -16,7 +12,7 @@ - {path: "{{ matrix_jitsi_web_config_path }}", when: true} - {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true} - {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true} - when: matrix_jitsi_enabled | bool and item.when + when: item.when | bool - name: Ensure jitsi-web Docker image is pulled community.docker.docker_image: @@ -24,7 +20,6 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" - when: matrix_jitsi_enabled | bool register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" @@ -37,7 +32,6 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" mode: 0640 - when: matrix_jitsi_enabled | bool - name: Ensure jitsi-web configuration files created ansible.builtin.template: @@ -49,7 +43,6 @@ with_items: - custom-config.js - custom-interface_config.js - when: matrix_jitsi_enabled | bool - name: Ensure matrix-jitsi-web.service installed ansible.builtin.template: @@ -57,48 +50,3 @@ dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" mode: 0644 register: matrix_jitsi_web_systemd_service_result - when: matrix_jitsi_enabled | bool - -- name: Ensure systemd reloaded after matrix-jitsi-web.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_jitsi_enabled and matrix_jitsi_web_systemd_service_result.changed" - -# -# Tasks related to getting rid of jitsi-web (if it was previously enabled) -# - -- name: Check existence of matrix-jitsi-web service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" - register: matrix_jitsi_web_service_stat - when: "not matrix_jitsi_enabled | bool" - -- name: Ensure matrix-jitsi-web is stopped - ansible.builtin.service: - name: matrix-jitsi-web - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists" - -- name: Ensure matrix-jitsi-web.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" - state: absent - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-jitsi-web.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists" - -- name: Ensure Matrix jitsi-web paths doesn't exist - ansible.builtin.file: - path: "{{ matrix_jitsi_web_base_path }}" - state: absent - when: "not matrix_jitsi_enabled | bool" - -# Intentionally not removing the Docker image when uninstalling. -# We can't be sure it had been pulled by us in the first place. diff --git a/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml new file mode 100644 index 000000000..1707d7e9b --- /dev/null +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-jitsi-web service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" + register: matrix_jitsi_web_service_stat + +- when: matrix_jitsi_web_service_stat.stat.exists | bool + block: + - name: Ensure matrix-jitsi-web is stopped + ansible.builtin.service: + name: matrix-jitsi-web + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-jitsi-web.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" + state: absent + + - name: Ensure Matrix jitsi-web paths doesn't exist + ansible.builtin.file: + path: "{{ matrix_jitsi_web_base_path }}" + state: absent diff --git a/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index 4edc5431b..60a49b427 100644 --- a/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -22,6 +22,7 @@ - matrix_jitsi_prosody_auth_internal_accounts|length > 0 register: matrix_jitsi_user_configuration_result changed_when: matrix_jitsi_user_configuration_result.rc == 0 + no_log: true # # Tasks related to configuring other Jitsi authentication mechanisms diff --git a/roles/custom/matrix-jitsi/tasks/validate_config.yml b/roles/custom/matrix-jitsi/tasks/validate_config.yml index df87b7589..258b4864c 100644 --- a/roles/custom/matrix-jitsi/tasks/validate_config.yml +++ b/roles/custom/matrix-jitsi/tasks/validate_config.yml @@ -1,5 +1,10 @@ --- +- name: Fail if on an unsupported architecture + ansible.builtin.fail: + msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" + when: matrix_jitsi_enabled | bool and matrix_architecture not in ['amd64', 'arm64'] + - name: Fail if required Jitsi settings not defined ansible.builtin.fail: msg: >- diff --git a/roles/custom/matrix-jitsi/templates/jicofo/env.j2 b/roles/custom/matrix-jitsi/templates/jicofo/env.j2 index 1f2cb68c4..65ae1ce1b 100644 --- a/roles/custom/matrix-jitsi/templates/jicofo/env.j2 +++ b/roles/custom/matrix-jitsi/templates/jicofo/env.j2 @@ -27,7 +27,7 @@ JIGASI_SIP_URI JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} MAX_BRIDGE_PARTICIPANTS OCTO_BRIDGE_SELECTION_STRATEGY -SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" +SENTRY_DSN={{ matrix_jitsi_jicofo_sentry_dsn }} SENTRY_ENVIRONMENT SENTRY_RELEASE TZ={{ matrix_jitsi_timezone }} diff --git a/roles/custom/matrix-jitsi/templates/jvb/env.j2 b/roles/custom/matrix-jitsi/templates/jvb/env.j2 index 41d343b31..4b9ce68f1 100644 --- a/roles/custom/matrix-jitsi/templates/jvb/env.j2 +++ b/roles/custom/matrix-jitsi/templates/jvb/env.j2 @@ -16,9 +16,9 @@ JVB_OCTO_PUBLIC_ADDRESS JVB_OCTO_BIND_PORT JVB_OCTO_REGION JVB_WS_DOMAIN -JVB_WS_SERVER_ID +JVB_WS_SERVER_ID={{ matrix_jitsi_jvb_server_id }} PUBLIC_URL={{ matrix_jitsi_web_public_url }} -SENTRY_DSN="${JVB_SENTRY_DSN:-0}" +SENTRY_DSN={{ matrix_jitsi_jvb_sentry_dsn }} SENTRY_ENVIRONMENT SENTRY_RELEASE COLIBRI_REST_ENABLED diff --git a/roles/custom/matrix-jitsi/templates/prosody/env.j2 b/roles/custom/matrix-jitsi/templates/prosody/env.j2 index 941f2c253..b0ebbefce 100644 --- a/roles/custom/matrix-jitsi/templates/prosody/env.j2 +++ b/roles/custom/matrix-jitsi/templates/prosody/env.j2 @@ -47,6 +47,7 @@ TURN_HOST={{ matrix_jitsi_turn_host }} TURNS_HOST={{ matrix_jitsi_turns_host }} TURN_PORT={{ matrix_jitsi_turn_port }} TURNS_PORT={{ matrix_jitsi_turns_port }} +TURN_TRANSPORT={{ matrix_jitsi_turn_transport }} TZ={{ matrix_jitsi_timezone }} XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} @@ -58,3 +59,6 @@ XMPP_MUC_MODULES= XMPP_INTERNAL_MUC_MODULES= XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} XMPP_CROSS_DOMAIN=true +{% if matrix_prosody_jitsi_max_participants is number %} +MAX_PARTICIPANTS={{ matrix_prosody_jitsi_max_participants }} +{% endif %} diff --git a/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 0b2592aed..89cec0914 100644 --- a/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -20,6 +20,9 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% if matrix_jitsi_prosody_container_http_host_bind_port %} -p {{ matrix_jitsi_prosody_container_http_host_bind_port }}:5280 \ {% endif %} + {% if matrix_jitsi_prosody_container_jvb_host_bind_port %} + -p {{ matrix_jitsi_prosody_container_jvb_host_bind_port }}:5222 \ + {% endif %} --env-file={{ matrix_jitsi_prosody_base_path }}/env \ --mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \ --mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \ diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml deleted file mode 100644 index 406236095..000000000 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the matrix_ldap_registration_proxy image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ldap_registration_proxy_container_image_self_build and matrix_ldap_registration_proxy_enabled | bool" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ldap-registration-proxy.service'] }}" - when: matrix_ldap_registration_proxy_enabled | bool - -- when: matrix_ldap_registration_proxy_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: | - location {{ matrix_ldap_registration_proxy_registration_endpoint }} { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}"; - proxy_pass http://$backend/register; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register; - {% endif %} - } - - - name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration] - }} - - name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}` - URL endpoint to the matrix-ldap-proxy container. - You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable. - when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..472503c9a --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,44 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: | + location {{ matrix_ldap_registration_proxy_registration_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}"; + proxy_pass http://$backend/register; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register; + {% endif %} + } + +- name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}` + URL endpoint to the matrix-ldap-proxy container. + You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml index 5815774ec..9309113fe 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml @@ -1,23 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_ldap_registration_proxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" +- block: + - when: matrix_ldap_registration_proxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_ldap_registration_proxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-matrix-ldap-registration-proxy + - install-all + - install-matrix-ldap-registration-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" - tags: - - setup-all - - setup-matrix-ldap-registration-proxy - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_ldap_registration_proxy_enabled | bool" +- block: + - when: not matrix_ldap_registration_proxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-matrix-ldap-registration-proxy diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml index 3ac8f9b8d..3814b1391 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml @@ -12,9 +12,6 @@ - {path: "{{ matrix_ldap_registration_proxy_docker_src_files_path }}", when: true} when: "item.when | bool" -- ansible.builtin.set_fact: - matrix_ldap_registration_proxy_requires_restart: false - - name: Ensure matrix_ldap_registration_proxy repository is present on self-build ansible.builtin.git: repo: "{{ matrix_ldap_registration_proxy_container_image_self_build_repo }}" @@ -49,15 +46,3 @@ src: "{{ role_path }}/templates/systemd/matrix-ldap-registration-proxy.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" mode: 0644 - register: matrix_ldap_registration_proxy_systemd_service_result - -- name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_ldap_registration_proxy_systemd_service_result.changed | bool" - -- name: Ensure matrix-ldap-registration-proxy.service restarted, if necessary - ansible.builtin.service: - name: "matrix-ldap-registration-proxy.service" - state: restarted - when: "matrix_ldap_registration_proxy_requires_restart | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml index ed19ad9c1..1d99b4062 100644 --- a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" register: matrix_ldap_registration_proxy_service_stat -- name: Ensure matrix-matrix_ldap_registration_proxy is stopped - ansible.builtin.service: - name: matrix-matrix_ldap_registration_proxy - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" +- when: matrix_ldap_registration_proxy_service_stat.stat.exists | bool + block: + - name: Ensure matrix-matrix_ldap_registration_proxy is stopped + ansible.builtin.service: + name: matrix-matrix_ldap_registration_proxy + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-ldap-registration-proxy.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" - state: absent - when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + - name: Ensure matrix-ldap-registration-proxy.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" + state: absent -- name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" - -- name: Ensure Matrix matrix_ldap_registration_proxy paths don't exist - ansible.builtin.file: - path: "{{ matrix_ldap_registration_proxy_base_path }}" - state: absent - -- name: Ensure matrix_ldap_registration_proxy Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_ldap_registration_proxy_docker_image }}" - state: absent + - name: Ensure Matrix matrix_ldap_registration_proxy paths don't exist + ansible.builtin.file: + path: "{{ matrix_ldap_registration_proxy_base_path }}" + state: absent diff --git a/roles/custom/matrix-ma1sd/defaults/main.yml b/roles/custom/matrix-ma1sd/defaults/main.yml index 3755a46ab..9dc32ce7b 100644 --- a/roles/custom/matrix-ma1sd/defaults/main.yml +++ b/roles/custom/matrix-ma1sd/defaults/main.yml @@ -35,6 +35,13 @@ matrix_ma1sd_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-ma1sd.service wants matrix_ma1sd_systemd_wanted_services_list: [] +# A list of additional container networks that matrix-ma1sd would be connected to. +# The playbook does not create these networks, so make sure they already exist. +# +# Use this to expose matrix-ma1sd to another docker network, that matrix-ma1sd might have to reach for authentication (e.g. an ldap instance) +# +matrix_ma1sd_container_additional_networks: [] + # Your identity server is private by default. # To ensure maximum discovery, you can make your identity server # also forward lookups to the central matrix.org Identity server @@ -57,7 +64,7 @@ matrix_ma1sd_sqlite_database_path_in_container: "/var/ma1sd/ma1sd.db" matrix_ma1sd_database_username: 'matrix_ma1sd' matrix_ma1sd_database_password: 'some-password' -matrix_ma1sd_database_hostname: 'matrix-postgres' +matrix_ma1sd_database_hostname: '' matrix_ma1sd_database_port: 5432 matrix_ma1sd_database_name: 'matrix_ma1sd' diff --git a/roles/custom/matrix-ma1sd/tasks/init.yml b/roles/custom/matrix-ma1sd/tasks/init.yml deleted file mode 100644 index 48226aa07..000000000 --- a/roles/custom/matrix-ma1sd/tasks/init.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the ma1sd image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ma1sd_container_image_self_build and matrix_ma1sd_enabled | bool" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}" - when: matrix_ma1sd_enabled | bool diff --git a/roles/custom/matrix-ma1sd/tasks/main.yml b/roles/custom/matrix-ma1sd/tasks/main.yml index f55e7891c..a65cf371e 100644 --- a/roles/custom/matrix-ma1sd/tasks/main.yml +++ b/roles/custom/matrix-ma1sd/tasks/main.yml @@ -1,30 +1,25 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_ma1sd_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_ma1sd_enabled | bool" + - when: matrix_ma1sd_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-ma1sd + - install-all + - install-ma1sd -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_ma1sd_enabled | bool" +- block: + - when: not matrix_ma1sd_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - - setup-all - setup-ma1sd -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_ma1sd_enabled | bool" - tags: - - setup-all - - setup-ma1sd - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_ma1sd.yml" - delegate_to: 127.0.0.1 - become: false - when: "run_self_check | bool and matrix_ma1sd_enabled | bool" +- block: + - when: matrix_ma1sd_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml" tags: - self-check diff --git a/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml deleted file mode 100644 index ee7228959..000000000 --- a/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- - -# This task is for migrating existing mxisd data when transitioning to the ma1sd fork. - -- name: Check for existent mxisd data - ansible.builtin.stat: - path: "{{ matrix_base_data_path }}/mxisd/data" - register: ma1sd_migrate_mxisd_data_dir_stat - -- name: Warn if mxisd data detected - ansible.builtin.debug: - msg: > - You seem to have an existing mxisd folder in `{{ matrix_base_data_path }}/mxisd`. - We are going to migrate it to ma1sd and rename the folder to mxisd.migrated. - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - -- name: Check existence of old matrix-mxisd service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mxisd.service" - register: matrix_mxisd_service_stat - -- name: Ensure matrix-mxisd is stopped - ansible.builtin.service: - name: matrix-mxisd - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mxisd_service_stat.stat.exists" - -- name: Check existence of matrix-ma1sd service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" - register: matrix_ma1sd_service_stat - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - -- name: Ensure matrix-ma1sd is stopped - ansible.builtin.service: - name: matrix-ma1sd - state: stopped - daemon_reload: true - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists and matrix_ma1sd_service_stat.stat.exists" - -# We use shell commands for the migration, because the Ansible copy module cannot -# recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. -- when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - block: - - name: Copy mxisd data files to ma1sd folder - ansible.builtin.command: - cmd: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" - register: matrix_ma1sd_migrate_mxisd_data_files_copying_result - changed_when: matrix_ma1sd_migrate_mxisd_data_files_copying_result.rc == 0 - - - name: Check existence of mxisd.db file - ansible.builtin.stat: - path: "{{ matrix_ma1sd_data_path }}/mxisd.db" - register: matrix_ma1sd_mxisd_db_stat - - - name: Rename database (mxisd.db -> ma1sd.db) - ansible.builtin.command: - cmd: "mv {{ matrix_ma1sd_data_path }}/mxisd.db {{ matrix_ma1sd_data_path }}/ma1sd.db" - register: matrix_ma1sd_migrate_mxisd_move_db_result - changed_when: matrix_ma1sd_migrate_mxisd_move_db_result.rc == 0 - when: "matrix_ma1sd_mxisd_db_stat.stat.exists" - - - name: Rename mxisd folder - ansible.builtin.command: - cmd: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" - register: matrix_ma1sd_migrate_mxisd_move_directory_result - changed_when: matrix_ma1sd_migrate_mxisd_move_directory_result.rc == 0 - -- name: Ensure outdated matrix-mxisd.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mxisd.service" - state: absent - when: "matrix_mxisd_service_stat.stat.exists" - -- name: Ensure systemd reloaded after removing outdated matrix-mxisd.service - ansible.builtin.service: - daemon_reload: true - when: "matrix_mxisd_service_stat.stat.exists" diff --git a/roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/custom/matrix-ma1sd/tasks/self_check.yml similarity index 95% rename from roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml rename to roles/custom/matrix-ma1sd/tasks/self_check.yml index 6fde9dd2f..66765727e 100644 --- a/roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml +++ b/roles/custom/matrix-ma1sd/tasks/self_check.yml @@ -11,6 +11,8 @@ check_mode: false register: result_ma1sd ignore_errors: true + delegate_to: 127.0.0.1 + become: false - name: Fail if ma1sd Identity Service not working ansible.builtin.fail: diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml index b9668a053..6fe20342b 100644 --- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml @@ -13,9 +13,6 @@ - {path: "{{ matrix_ma1sd_docker_src_files_path }}", when: "{{ matrix_ma1sd_container_image_self_build }}"} when: "item.when | bool" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_mxisd.yml" - - # These (SQLite -> Postgres) migration tasks are usually at the top, # but we'd like to run them after `migrate_mxisd.yml`, which requires the ma1sd paths to exist. - ansible.builtin.set_fact: @@ -30,8 +27,11 @@ - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_ma1sd_sqlite_database_path_local }}" dst: "{{ matrix_ma1sd_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -40,10 +40,6 @@ systemd_services_to_stop: ['matrix-ma1sd.service'] pgloader_options: ['--with "quote identifiers"'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_ma1sd_requires_restart: true @@ -159,15 +155,10 @@ src: "{{ role_path }}/templates/systemd/matrix-ma1sd.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" mode: 0644 - register: matrix_ma1sd_systemd_service_result - -- name: Ensure systemd reloaded after matrix-ma1sd.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_ma1sd_systemd_service_result.changed | bool" - name: Ensure matrix-ma1sd.service restarted, if necessary ansible.builtin.service: name: "matrix-ma1sd.service" state: restarted + daemon_reload: true when: "matrix_ma1sd_requires_restart | bool" diff --git a/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml index c7e8bf633..b27df269e 100644 --- a/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" register: matrix_ma1sd_service_stat -- name: Ensure matrix-ma1sd is stopped - ansible.builtin.service: - name: matrix-ma1sd - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_ma1sd_service_stat.stat.exists | bool" +- when: matrix_ma1sd_service_stat.stat.exists | bool + block: + - name: Ensure matrix-ma1sd is stopped + ansible.builtin.service: + name: matrix-ma1sd + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-ma1sd.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" - state: absent - when: "matrix_ma1sd_service_stat.stat.exists | bool" + - name: Ensure matrix-ma1sd.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" + state: absent -- name: Ensure systemd reloaded after matrix-ma1sd.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_ma1sd_service_stat.stat.exists | bool" - -- name: Ensure Matrix ma1sd paths don't exist - ansible.builtin.file: - path: "{{ matrix_ma1sd_base_path }}" - state: absent - -- name: Ensure ma1sd Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_ma1sd_docker_image }}" - state: absent + - name: Ensure Matrix ma1sd paths don't exist + ansible.builtin.file: + path: "{{ matrix_ma1sd_base_path }}" + state: absent diff --git a/roles/custom/matrix-ma1sd/tasks/validate_config.yml b/roles/custom/matrix-ma1sd/tasks/validate_config.yml index af12dd3f1..b490a5c62 100644 --- a/roles/custom/matrix-ma1sd/tasks/validate_config.yml +++ b/roles/custom/matrix-ma1sd/tasks/validate_config.yml @@ -42,11 +42,12 @@ - name: Fail if required ma1sd settings not defined ansible.builtin.fail: msg: > - You need to define a required configuration setting (`{{ item }}`) for using ma1sd. - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_ma1sd_threepid_medium_email_connectors_smtp_host" - - "matrix_ma1sd_dns_overwrite_homeserver_client_value" + - {'name': 'matrix_ma1sd_threepid_medium_email_connectors_smtp_host', when: true} + - {'name': 'matrix_ma1sd_dns_overwrite_homeserver_client_value', when: true} + - {'name': 'matrix_ma1sd_database_hostname', when: "{{ matrix_ma1sd_database_engine == 'postgres' }}"} - name: (Deprecation) Catch and report renamed ma1sd variables ansible.builtin.fail: diff --git a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 9dbddbbf1..19bd5720c 100644 --- a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -38,6 +38,10 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_ma1sd_docker_image }} +{% for network in matrix_ma1sd_container_additional_networks %} +ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-ma1sd; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name' +{% endfor %} + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-mailer/defaults/main.yml b/roles/custom/matrix-mailer/defaults/main.yml index 48cd638ce..71e87532a 100644 --- a/roles/custom/matrix-mailer/defaults/main.yml +++ b/roles/custom/matrix-mailer/defaults/main.yml @@ -10,7 +10,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.95-r0-4 +matrix_mailer_version: 4.96-r1-0 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-mailer/tasks/init.yml b/roles/custom/matrix-mailer/tasks/init.yml deleted file mode 100644 index 487ed0c9c..000000000 --- a/roles/custom/matrix-mailer/tasks/init.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Matrix Mailer image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mailer_container_image_self_build and matrix_mailer_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}" - when: matrix_mailer_enabled | bool diff --git a/roles/custom/matrix-mailer/tasks/main.yml b/roles/custom/matrix-mailer/tasks/main.yml index e49ff26d6..b269f63e7 100644 --- a/roles/custom/matrix-mailer/tasks/main.yml +++ b/roles/custom/matrix-mailer/tasks/main.yml @@ -1,11 +1,17 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_mailer.yml" - when: run_setup | bool +- block: + - when: matrix_mailer_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-mailer + - install-all + - install-mailer + +- block: + - when: not matrix_mailer_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mailer diff --git a/roles/custom/matrix-mailer/tasks/setup_mailer.yml b/roles/custom/matrix-mailer/tasks/setup_install.yml similarity index 53% rename from roles/custom/matrix-mailer/tasks/setup_mailer.yml rename to roles/custom/matrix-mailer/tasks/setup_install.yml index 5d81565a2..c03d0af64 100644 --- a/roles/custom/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/custom/matrix-mailer/tasks/setup_install.yml @@ -1,9 +1,5 @@ --- -# -# Tasks related to setting up the mailer -# - - name: Ensure mailer base path exists ansible.builtin.file: path: "{{ item.path }}" @@ -14,14 +10,13 @@ with_items: - {path: "{{ matrix_mailer_base_path }}", when: true} - {path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}"} - when: "matrix_mailer_enabled | bool and item.when" + when: item.when | bool - name: Ensure mailer environment variables file created ansible.builtin.template: src: "{{ role_path }}/templates/env-mailer.j2" dest: "{{ matrix_mailer_base_path }}/env-mailer" mode: 0640 - when: matrix_mailer_enabled | bool - name: Ensure exim-relay repository is present on self-build ansible.builtin.git: @@ -32,7 +27,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_mailer_git_pull_results - when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool" + when: matrix_mailer_container_image_self_build | bool - name: Ensure exim-relay Docker image is built community.docker.docker_image: @@ -44,7 +39,7 @@ dockerfile: Dockerfile path: "{{ matrix_mailer_container_image_self_build_src_files_path }}" pull: true - when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool" + when: matrix_mailer_container_image_self_build | bool - name: Ensure exim-relay image is pulled community.docker.docker_image: @@ -52,7 +47,7 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" - when: "matrix_mailer_enabled | bool and not matrix_mailer_container_image_self_build | bool" + when: "not matrix_mailer_container_image_self_build | bool" register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" @@ -63,52 +58,3 @@ src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" mode: 0644 - register: matrix_mailer_systemd_service_result - when: matrix_mailer_enabled | bool - -- name: Ensure systemd reloaded after matrix-mailer.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mailer_enabled | bool and matrix_mailer_systemd_service_result.changed" - -# -# Tasks related to getting rid of the mailer (if it was previously enabled) -# - -- name: Check existence of matrix-mailer service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" - register: matrix_mailer_service_stat - when: "not matrix_mailer_enabled | bool" - -- name: Ensure matrix-mailer is stopped - ansible.builtin.service: - name: matrix-mailer - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists" - -- name: Ensure matrix-mailer.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" - state: absent - when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mailer.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists" - -- name: Ensure Matrix mailer environment variables path doesn't exist - ansible.builtin.file: - path: "{{ matrix_mailer_base_path }}" - state: absent - when: "not matrix_mailer_enabled | bool" - -- name: Ensure mailer Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_mailer_docker_image }}" - state: absent - when: "not matrix_mailer_enabled | bool" diff --git a/roles/custom/matrix-mailer/tasks/setup_uninstall.yml b/roles/custom/matrix-mailer/tasks/setup_uninstall.yml new file mode 100644 index 000000000..fce8a4362 --- /dev/null +++ b/roles/custom/matrix-mailer/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-mailer service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" + register: matrix_mailer_service_stat + +- when: matrix_mailer_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mailer is stopped + ansible.builtin.service: + name: matrix-mailer + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-mailer.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" + state: absent + + - name: Ensure Matrix mailer path doesn't exist + ansible.builtin.file: + path: "{{ matrix_mailer_base_path }}" + state: absent diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index b7d4819dd..6fbc019e2 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.23.2-alpine +matrix_nginx_proxy_version: 1.23.3-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but @@ -554,7 +554,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.31.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v2.0.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ @@ -567,12 +567,13 @@ matrix_ssl_lets_encrypt_support_email: ~ matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80' # Specify key type of the private key algorithm. -# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys -matrix_ssl_lets_encrypt_key_type: rsa +# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys +matrix_ssl_lets_encrypt_key_type: ecdsa matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" +matrix_ssl_bin_dir_path: "{{ matrix_ssl_base_path }}/bin" # If you'd like to start some service before a certificate is obtained, specify it here. # This could be something like `matrix-dynamic-dns`, etc. @@ -639,31 +640,17 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}'] -# synapse worker activation and endpoint mappings -matrix_nginx_proxy_synapse_workers_enabled: false -matrix_nginx_proxy_synapse_workers_list: [] -matrix_nginx_proxy_synapse_generic_worker_client_server_locations: [] -matrix_nginx_proxy_synapse_generic_worker_federation_locations: [] -matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: [] -matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: [] -matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: [] -matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: [] -matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: [] -matrix_nginx_proxy_synapse_media_repository_locations: [] -matrix_nginx_proxy_synapse_user_dir_locations: [] - -# synapse content caching -matrix_nginx_proxy_synapse_cache_enabled: false -matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path + '/synapse-cache' }}" -matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC" -matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m" -matrix_nginx_proxy_synapse_cache_inactive_time: "48h" -matrix_nginx_proxy_synapse_cache_max_size_mb: 1024 -matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h" - - # The amount of worker processes and connections # Consider increasing these when you are expecting high amounts of traffic # http://nginx.org/en/docs/ngx_core_module.html#worker_connections matrix_nginx_proxy_worker_processes: auto matrix_nginx_proxy_worker_connections: 1024 + +# A mapping of JVB server ids to hostname/ipa addresses used to add additional jvb blocks +# to the Jitsi's server configuration (matrix-jitsi.conf) +# Note: avoid using the JVB server id "jvb-1" as this is reserved for the main host. +# Example: +# matrix_nginx_proxy_proxy_jitsi_additional_jvbs: +# jvb-2: 192.168.0.1 +# jvb-3: 192.168.0.2 +matrix_nginx_proxy_proxy_jitsi_additional_jvbs: {} diff --git a/roles/custom/matrix-nginx-proxy/tasks/init.yml b/roles/custom/matrix-nginx-proxy/tasks/init.yml deleted file mode 100644 index eb4249cb8..000000000 --- a/roles/custom/matrix-nginx-proxy/tasks/init.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}" - when: matrix_nginx_proxy_enabled | bool - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + [item.name] }}" - when: "item.applicable | bool and item.enableable | bool" - with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" diff --git a/roles/custom/matrix-nginx-proxy/tasks/main.yml b/roles/custom/matrix-nginx-proxy/tasks/main.yml index 9c34d1f56..39cec7e53 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/main.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/main.yml @@ -1,7 +1,4 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always # Always validating the configuration, even if `matrix_nginx_proxy: false`. # This role performs actions even if the role is disabled, so we need @@ -11,6 +8,8 @@ tags: - setup-all - setup-nginx-proxy + - install-all + - install-nginx-proxy - ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/main.yml" when: run_setup | bool @@ -18,17 +17,20 @@ - setup-all - setup-nginx-proxy - setup-ssl + - install-all + - install-nginx-proxy + - install-ssl - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml" when: run_setup | bool tags: - setup-all - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml" - delegate_to: 127.0.0.1 - become: false - when: run_self_check | bool +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known.yml" tags: - self-check diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 4a74d3991..dd11721a0 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -12,17 +12,15 @@ # - name: Ensure Matrix nginx-proxy paths exist ansible.builtin.file: - path: "{{ item.path }}" + path: "{{ item }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - {path: "{{ matrix_nginx_proxy_base_path }}", when: true} - - {path: "{{ matrix_nginx_proxy_data_path }}", when: true} - - {path: "{{ matrix_nginx_proxy_confd_path }}", when: true} - - {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"} - when: item.when | bool + - "{{ matrix_nginx_proxy_base_path }}" + - "{{ matrix_nginx_proxy_data_path }}" + - "{{ matrix_nginx_proxy_confd_path }}" - name: Ensure Matrix nginx-proxy configured (main config override) ansible.builtin.template: @@ -216,14 +214,8 @@ src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" mode: 0644 - register: matrix_nginx_proxy_systemd_service_result when: matrix_nginx_proxy_enabled | bool -- name: Ensure systemd reloaded after matrix-nginx-proxy.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed" - # # Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled) @@ -241,7 +233,6 @@ state: stopped enabled: false daemon_reload: true - register: stopping_result when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure matrix-nginx-proxy.service doesn't exist @@ -250,11 +241,6 @@ state: absent when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists" -- name: Ensure systemd reloaded after matrix-nginx-proxy.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists" - - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf" diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml index e9d270cfe..6eff8cbf7 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml @@ -24,6 +24,7 @@ with_items: - "{{ matrix_ssl_log_dir_path }}" - "{{ matrix_ssl_config_dir_path }}" + - "{{ matrix_ssl_bin_dir_path }}" when: "matrix_ssl_retrieval_method != 'none'" diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 77361f3ff..a1b14e3b2 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -1,17 +1,4 @@ --- - -# This is a cleanup/migration task, because of to the new way we manage cronjobs (`cron` module) and the new script name. -# This migration task can be removed some time in the future. -- name: (Migration) Remove deprecated Let's Encrypt SSL certificate management files - ansible.builtin.file: - path: "{{ item }}" - state: absent - with_items: - - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew" - - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal" - - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter" - - "/etc/cron.d/matrix-ssl-lets-encrypt" - # # Tasks related to setting up Let's Encrypt's management of certificates # @@ -36,8 +23,8 @@ - name: Ensure Let's Encrypt SSL renewal script installed ansible.builtin.template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2" - dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" + src: "{{ role_path }}/templates/bin/lets-encrypt-certificates-renew.j2" + dest: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew" mode: 0755 - name: Ensure SSL renewal systemd units installed @@ -63,5 +50,5 @@ - name: Ensure Let's Encrypt SSL renewal script removed ansible.builtin.file: - path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" + path: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew" state: absent diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml index 7ebdec790..b17e4e565 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml @@ -1,6 +1,6 @@ --- -- ansible.builtin.import_role: +- ansible.builtin.include_role: name: custom/matrix-base tasks_from: ensure_openssl_installed when: "matrix_ssl_retrieval_method == 'self-signed'" diff --git a/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2 similarity index 100% rename from roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 rename to roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2 diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index aa4b6b446..4d5a4ce7c 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -34,7 +34,7 @@ } # colibri (JVB) websockets - location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { + location ~ ^/colibri-ws/jvb-1/(.*) { {% if matrix_nginx_proxy_enabled %} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-jitsi-jvb:9090"; @@ -53,6 +53,22 @@ tcp_nodelay on; } + {% for id, ip_address in matrix_nginx_proxy_proxy_jitsi_additional_jvbs.items() %} + # colibri (JVB) websockets for additional JVBs + location ~ ^/colibri-ws/{{ id | regex_escape }}/(.*) { + proxy_pass http://{{ ip_address }}:9090/colibri-ws/{{ id }}/$1$is_args$args; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_http_version 1.1; + + tcp_nodelay on; + } + {% endfor %} + # XMPP websocket location = /xmpp-websocket { diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index da1893299..4d121e7d9 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -1,70 +1,5 @@ #jinja2: lstrip_blocks: "True" -{% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} -{% set stream_writer_typing_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %} -{% set stream_writer_to_device_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %} -{% set stream_writer_account_data_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %} -{% set stream_writer_receipts_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %} -{% set stream_writer_presence_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %} -{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} -{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} - -{% macro render_worker_upstream(name, workers, matrix_nginx_proxy_enabled) %} -{% if workers | length > 0 %} - upstream {{ name }} { - {% for worker in workers %} - {% if matrix_nginx_proxy_enabled %} - server "{{ worker.name }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } -{% endif %} -{% endmacro %} - -{% macro render_locations_to_upstream(locations, upstream_name) %} - {% for location in locations %} - location ~ {{ location }} { - proxy_pass http://{{ upstream_name }}$request_uri; - proxy_set_header Host $host; - } - {% endfor %} -{% endmacro %} - -{% if matrix_nginx_proxy_synapse_workers_enabled %} - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; - {% endif %} - # Round Robin "upstream" pools for workers - - {% if generic_workers |length > 0 %} - upstream generic_workers_upstream { - # ensures that requests from the same client will always be passed - # to the same server (except when this server is unavailable) - hash $http_x_forwarded_for; - - {% for worker in generic_workers %} - {% if matrix_nginx_proxy_enabled %} - server "{{ worker.name }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} - - {{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers, matrix_nginx_proxy_enabled) }} - {{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers, matrix_nginx_proxy_enabled) }} - {{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers, matrix_nginx_proxy_enabled) }} - {{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers, matrix_nginx_proxy_enabled) }} - {{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers, matrix_nginx_proxy_enabled) }} - - {{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers, matrix_nginx_proxy_enabled) }} - - {{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers, matrix_nginx_proxy_enabled) }} -{% endif %} - server { listen 12080; {% if matrix_nginx_proxy_enabled %} @@ -77,71 +12,6 @@ server { gzip on; gzip_types text/plain application/json; - {% if matrix_nginx_proxy_synapse_workers_enabled %} - {# Workers redirects BEGIN #} - - {% if generic_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker - {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }} - {% endif %} - - {% if stream_writer_typing_stream_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream - {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }} - {% endif %} - - {% if stream_writer_to_device_stream_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream - {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }} - {% endif %} - - {% if stream_writer_account_data_stream_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream - {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }} - {% endif %} - - {% if stream_writer_receipts_stream_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream - {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }} - {% endif %} - - {% if stream_writer_presence_stream_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream - {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }} - {% endif %} - - {% if media_repository_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository - {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} - location ~ {{ location }} { - proxy_pass http://media_repository_workers_upstream$request_uri; - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_buffering on; - proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; - proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; - proxy_force_ranges on; - add_header X-Cache-Status $upstream_cache_status; - {% endif %} - } - {% endfor %} - {% endif %} - - {% if user_dir_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory - # If matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set, requests may not reach here, - # but could be captured early on (see `matrix-domain.conf.j2`) and forwarded elsewhere (to an identity server, etc.). - {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_user_dir_locations, 'user_dir_workers_upstream') }} - {% endif %} - {# Workers redirects END #} - {% endif %} - - {% for configuration_block in matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks %} {{- configuration_block }} {% endfor %} @@ -180,34 +50,6 @@ server { gzip on; gzip_types text/plain application/json; - {% if matrix_nginx_proxy_synapse_workers_enabled %} - {% if generic_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker - {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }} - {% endif %} - {% if media_repository_workers | length > 0 %} - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository - {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} - location ~ {{ location }} { - proxy_pass http://media_repository_workers_upstream$request_uri; - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_buffering on; - proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; - proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; - proxy_force_ranges on; - add_header X-Cache-Status $upstream_cache_status; - {% endif %} - } - {% endfor %} - {% endif %} - {% endif %} - location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 index 1084d8cab..6b56878a1 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 @@ -39,12 +39,23 @@ http { {% if matrix_nginx_proxy_access_log_enabled %} access_log /var/log/nginx/access.log main; - {% else %} + {% endif %} + + {% if matrix_nginx_proxy_access_log_syslog_integration_enabled %} + log_format prometheus_fmt 'matrix-nginx-proxy $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] ' + '$host "$request" ' + '$status "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log syslog:server={{ matrix_nginx_proxy_access_log_syslog_integration_server_port }},tag=matrix_nginx_proxy prometheus_fmt; + {% endif %} + + {% if not matrix_nginx_proxy_access_log_enabled and not matrix_nginx_proxy_access_log_syslog_integration_enabled %} access_log off; {% endif %} - + proxy_connect_timeout {{ matrix_nginx_proxy_connect_timeout }}; - proxy_send_timeout {{ matrix_nginx_proxy_send_timeout }}; + proxy_send_timeout {{ matrix_nginx_proxy_send_timeout }}; proxy_read_timeout {{ matrix_nginx_proxy_read_timeout }}; send_timeout {{ matrix_nginx_send_timeout }}; diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index ee32be38e..0a7e90522 100755 --- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -22,9 +22,6 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \ - {% if matrix_nginx_proxy_synapse_cache_enabled %} - --tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_cache_directory_size_mb }}m\ - {% endif %} --network={{ matrix_docker_network }} \ {% if matrix_nginx_proxy_container_http_host_bind_port %} -p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \ @@ -51,7 +48,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_nginx_proxy_docker_image }} {% for network in matrix_nginx_proxy_container_additional_networks %} -ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' +ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-nginx-proxy; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name' {% endfor %} ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 index c7f372d9a..b2f07aca7 100644 --- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 @@ -4,4 +4,4 @@ Description=Renews Let's Encrypt SSL certificates [Service] Type=oneshot Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew +ExecStart={{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew diff --git a/roles/custom/matrix-nginx-proxy/vars/main.yml b/roles/custom/matrix-nginx-proxy/vars/main.yml index 1a9ed929c..34abf1903 100644 --- a/roles/custom/matrix-nginx-proxy/vars/main.yml +++ b/roles/custom/matrix-nginx-proxy/vars/main.yml @@ -7,12 +7,20 @@ matrix_ssl_renewal_systemd_units_list: - name: matrix-ssl-lets-encrypt-certificates-renew.service applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}" enableable: false + priority: 5000 + groups: ['matrix', 'nginx', 'ssl', 'reverse-proxies'] - name: matrix-ssl-lets-encrypt-certificates-renew.timer applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}" enableable: true + priority: 5000 + groups: ['matrix', 'nginx', 'ssl', 'reverse-proxies'] - name: matrix-ssl-nginx-proxy-reload.service applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}" enableable: false + priority: 5000 + groups: ['matrix', 'nginx', 'ssl', 'reverse-proxies'] - name: matrix-ssl-nginx-proxy-reload.timer applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}" enableable: true + priority: 5000 + groups: ['matrix', 'nginx', 'ssl', 'reverse-proxies'] diff --git a/roles/custom/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml index 762439806..397efb35f 100644 --- a/roles/custom/matrix-ntfy/defaults/main.yml +++ b/roles/custom/matrix-ntfy/defaults/main.yml @@ -7,13 +7,21 @@ matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config" matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" -matrix_ntfy_version: v1.28.0 +matrix_ntfy_version: v1.30.1 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" # Public facing base URL of the ntfy service matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" +# Rate limits + +matrix_ntfy_global_topic_limit: 15000 # default +matrix_ntfy_visitor_subscription_limit: 30 # default +matrix_ntfy_visitor_request_limit_burst: 60 # default +matrix_ntfy_visitor_request_limit_replenish: "5s" # default + + # Controls whether the container exposes its HTTP port (tcp/80 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:2586"), or empty string to not expose. diff --git a/roles/custom/matrix-ntfy/tasks/init.yml b/roles/custom/matrix-ntfy/tasks/init.yml deleted file mode 100644 index 6222ada0c..000000000 --- a/roles/custom/matrix-ntfy/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}" - when: matrix_ntfy_enabled | bool diff --git a/roles/custom/matrix-ntfy/tasks/main.yml b/roles/custom/matrix-ntfy/tasks/main.yml index 200d38c4a..85d80841d 100644 --- a/roles/custom/matrix-ntfy/tasks/main.yml +++ b/roles/custom/matrix-ntfy/tasks/main.yml @@ -1,24 +1,23 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_ntfy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - - always + - setup-all + - setup-ntfy + - install-all + - install-ntfy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_ntfy_enabled | bool" +- block: + - when: not matrix_ntfy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-ntfy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_ntfy_enabled | bool" - tags: - - setup-all - - setup-ntfy - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check.yml" - delegate_to: 127.0.0.1 - become: false - when: "run_self_check | bool and matrix_ntfy_enabled | bool" +- block: + - when: matrix_ntfy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml" tags: - self-check diff --git a/roles/custom/matrix-ntfy/tasks/self_check.yml b/roles/custom/matrix-ntfy/tasks/self_check.yml index 02529f35e..bdbd666a0 100644 --- a/roles/custom/matrix-ntfy/tasks/self_check.yml +++ b/roles/custom/matrix-ntfy/tasks/self_check.yml @@ -14,6 +14,8 @@ register: matrix_ntfy_self_check_result check_mode: false ignore_errors: true + delegate_to: 127.0.0.1 + become: false - name: Fail if ntfy not working ansible.builtin.fail: diff --git a/roles/custom/matrix-ntfy/tasks/setup_install.yml b/roles/custom/matrix-ntfy/tasks/setup_install.yml index 5ad8e507d..38adb122e 100644 --- a/roles/custom/matrix-ntfy/tasks/setup_install.yml +++ b/roles/custom/matrix-ntfy/tasks/setup_install.yml @@ -36,9 +36,3 @@ src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" mode: 0644 - register: matrix_ntfy_systemd_service_result - -- name: Ensure systemd reloaded after matrix-ntfy.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_ntfy_systemd_service_result.changed" diff --git a/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml index e0eedfd83..afd826f8d 100644 --- a/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" register: matrix_ntfy_service_stat -- name: Ensure matrix-ntfy is stopped - ansible.builtin.service: - name: matrix-ntfy - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_ntfy_service_stat.stat.exists" +- when: matrix_ntfy_service_stat.stat.exists | bool + block: + - name: Ensure matrix-ntfy is stopped + ansible.builtin.service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-ntfy.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" - state: absent - when: "matrix_ntfy_service_stat.stat.exists" + - name: Ensure matrix-ntfy.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" + state: absent -- name: Ensure systemd reloaded after matrix-ntfy.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_ntfy_service_stat.stat.exists" - -- name: Ensure matrix-ntfy path doesn't exist - ansible.builtin.file: - path: "{{ matrix_ntfy_base_path }}" - state: absent - -- name: Ensure ntfy Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_ntfy_docker_image }}" - state: absent + - name: Ensure matrix-ntfy path doesn't exist + ansible.builtin.file: + path: "{{ matrix_ntfy_base_path }}" + state: absent diff --git a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 index 096991a70..9815fd6b4 100644 --- a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 +++ b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 @@ -2,3 +2,10 @@ base_url: {{ matrix_ntfy_base_url }} behind_proxy: true cache_file: /data/cache.db listen-http: :8080 + +# Rate Limits +global-topic-limit: {{ matrix_ntfy_global_topic_limit | to_json }} +visitor-subscription-limit: {{ matrix_ntfy_visitor_subscription_limit | to_json }} + +visitor-request-limit-burst: {{ matrix_ntfy_visitor_request_limit_burst | to_json }} +visitor-request-limit-replenish: "{{ matrix_ntfy_visitor_request_limit_replenish }}" diff --git a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index a10cb5844..5c2feac01 100644 --- a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -11,11 +11,12 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \ +ExecStart={{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ + --env NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS={{matrix_server_fqn_matrix}},localhost,$(docker network inspect {{matrix_docker_network}} -f "{% raw %}{{ (index .IPAM.Config 0).Subnet }}{% endraw %}") \ {% for arg in matrix_ntfy_container_extra_arguments %} {{ arg }} \ {% endfor %} @@ -26,7 +27,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ {{ matrix_ntfy_docker_image }} \ - serve + serve' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' diff --git a/roles/custom/matrix-postgres-backup/defaults/main.yml b/roles/custom/matrix-postgres-backup/defaults/main.yml deleted file mode 100644 index abdfa74c5..000000000 --- a/roles/custom/matrix-postgres-backup/defaults/main.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Project source code URL: https://github.com/prodrigestivill/docker-postgres-backup-local - -matrix_postgres_backup_enabled: false - -matrix_postgres_backup_connection_hostname: "matrix-postgres" -matrix_postgres_backup_connection_port: 5432 -matrix_postgres_backup_connection_username: "matrix" -matrix_postgres_backup_connection_password: "" - -matrix_postgres_backup_extra_opts: "-Z9 --schema=public --blobs" -matrix_postgres_backup_schedule: "@daily" -matrix_postgres_backup_keep_days: 7 -matrix_postgres_backup_keep_weeks: 4 -matrix_postgres_backup_keep_months: 12 -matrix_postgres_backup_healthcheck_port: "8080" -matrix_postgres_backup_databases: [] -matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup" - -# Specifies where the Postgres data is. -# We use this to autodetect the Postgres version during playbook runtime (by parsing the `PG_VERSION` file contained there). -# You can leave this empty to prevent auto-detection. -matrix_postgres_backup_postgres_data_path: "" - -matrix_postgres_backup_architecture: amd64 - -# matrix_postgres_backup_docker_image_distro controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. -# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7). -# On ARM32, `-alpine` images fail with the following error: -# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault -matrix_postgres_backup_docker_image_distro: "{{ 'alpine' if matrix_postgres_backup_architecture in ['amd64', 'arm64'] else 'debian' }}" - -matrix_postgres_backup_docker_image_v9: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:9.6-{{ matrix_postgres_backup_docker_image_distro }}-2aa03d1" -matrix_postgres_backup_docker_image_v10: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:10-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" -matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:11-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" -matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" -matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" -matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" -matrix_postgres_backup_docker_image_v15: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:15-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" -matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v15 }}" - -# This variable is assigned at runtime. Overriding its value has no effect. -matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}' - -matrix_postgres_backup_docker_image_force_pull: "{{ matrix_postgres_backup_docker_image_to_use.endswith(':latest') }}" diff --git a/roles/custom/matrix-postgres-backup/tasks/init.yml b/roles/custom/matrix-postgres-backup/tasks/init.yml deleted file mode 100644 index 5ece870a4..000000000 --- a/roles/custom/matrix-postgres-backup/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}" - when: matrix_postgres_backup_enabled | bool diff --git a/roles/custom/matrix-postgres-backup/tasks/main.yml b/roles/custom/matrix-postgres-backup/tasks/main.yml deleted file mode 100644 index 1403fa5b2..000000000 --- a/roles/custom/matrix-postgres-backup/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_postgres_backup_enabled | bool" - tags: - - setup-all - - setup-postgres-backup - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_postgres_backup.yml" - when: run_setup | bool - tags: - - setup-all - - setup-postgres-backup diff --git a/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml deleted file mode 100644 index 6066ee491..000000000 --- a/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- - -# -# Tasks related to setting up postgres backup -# -- ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: detect_existing_postgres_version - when: 'matrix_postgres_backup_enabled | bool and matrix_postgres_backup_postgres_data_path != ""' - -# If we have found an existing version (installed from before), we use its corresponding Docker image. -# If not, we install using the latest Postgres. -# -# Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). -- ansible.builtin.set_fact: - matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image | default('') == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}" - when: matrix_postgres_backup_enabled | bool - -- name: Ensure postgres backup Docker image is pulled - community.docker.docker_image: - name: "{{ matrix_postgres_backup_docker_image_to_use }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" - when: matrix_postgres_backup_enabled | bool - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure Postgres backup paths exist - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: 0700 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_postgres_backup_path }}" - when: matrix_postgres_backup_enabled | bool - -- name: Ensure Postgres environment variables file created - ansible.builtin.template: - src: "{{ role_path }}/templates/{{ item }}.j2" - dest: "{{ matrix_postgres_backup_path }}/{{ item }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0640 - with_items: - - "env-postgres-backup" - when: matrix_postgres_backup_enabled | bool - -- name: Ensure matrix-postgres-backup.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" - mode: 0644 - register: matrix_postgres_backup_systemd_service_result - when: matrix_postgres_backup_enabled | bool - -- name: Ensure systemd reloaded after matrix-postgres-backup.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_postgres_backup_enabled | bool and matrix_postgres_backup_systemd_service_result.changed" - -# -# Tasks related to getting rid of postgres backup (if it was previously enabled) -# - -- name: Check existence of matrix-postgres-backup service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" - register: matrix_postgres_backup_service_stat - when: "not matrix_postgres_backup_enabled | bool" - -- name: Ensure matrix-postgres-backup is stopped - ansible.builtin.service: - name: matrix-postgres-backup - state: stopped - enabled: false - daemon_reload: true - when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists" - -- name: Ensure matrix-postgres-backup.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" - state: absent - when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-postgres-backup.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists" - -- name: Check existence of matrix-postgres-backup backup path - ansible.builtin.stat: - path: "{{ matrix_postgres_backup_path }}" - register: matrix_postgres_backup_path_stat - when: "not matrix_postgres_backup_enabled | bool" - -# We just want to notify the user. Deleting data is too destructive. -- name: Inject warning if matrix-postgres backup data remains - ansible.builtin.set_fact: - devture_playbook_runtime_messages_list: | - {{ - devture_playbook_runtime_messages_list | default([]) - + - [ - "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it." - ] - }} - when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_path_stat.stat.exists" diff --git a/roles/custom/matrix-postgres-backup/tasks/validate_config.yml b/roles/custom/matrix-postgres-backup/tasks/validate_config.yml deleted file mode 100644 index aab68eafa..000000000 --- a/roles/custom/matrix-postgres-backup/tasks/validate_config.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Fail if required Postgres settings not defined - ansible.builtin.fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_postgres_backup_connection_hostname" - - "matrix_postgres_backup_connection_username" - - "matrix_postgres_backup_connection_password" - - "matrix_postgres_backup_connection_port" - - "matrix_postgres_backup_schedule" - - "matrix_postgres_backup_keep_days" - - "matrix_postgres_backup_keep_weeks" - - "matrix_postgres_backup_keep_months" - - "matrix_postgres_backup_path" - - "matrix_postgres_backup_databases" - -- name: (Deprecation) Catch and report renamed settings - ansible.builtin.fail: - msg: >- - Your configuration contains a variable, which now has a different name. - Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). - when: "item.old in vars" - with_items: - - {'old': 'matrix_postgres_backup_docker_image_suffix', 'new': 'matrix_postgres_backup_docker_image_distro'} diff --git a/roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2 deleted file mode 100644 index 5a3a1ffd6..000000000 --- a/roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2 +++ /dev/null @@ -1,12 +0,0 @@ -#jinja2: lstrip_blocks: "True" -POSTGRES_USER={{ matrix_postgres_backup_connection_username }} -POSTGRES_PASSWORD={{ matrix_postgres_backup_connection_password }} -POSTGRES_HOST={{ matrix_postgres_backup_connection_hostname }} -POSTGRES_DB={{ matrix_postgres_backup_databases|join(', ') }} -POSTGRES_EXTRA_OPTS={{ matrix_postgres_backup_extra_opts }} -SCHEDULE={{ matrix_postgres_backup_schedule }} -BACKUP_KEEP_DAYS={{ matrix_postgres_backup_keep_days }} -BACKUP_KEEP_WEEKS={{ matrix_postgres_backup_keep_weeks }} -BACKUP_KEEP_MONTHS={{ matrix_postgres_backup_keep_months }} -HEALTHCHECK_PORT={{ matrix_postgres_backup_healthcheck_port }} -POSTGRES_PORT={{ matrix_postgres_backup_connection_port }} \ No newline at end of file diff --git a/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 deleted file mode 100644 index 618eb548e..000000000 --- a/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ /dev/null @@ -1,31 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Automatic Backup of Matrix Postgres server -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop matrix-postgres-backup -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' - -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-backup \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - --env-file={{ matrix_postgres_backup_path }}/env-postgres-backup \ - --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ - {{ matrix_postgres_backup_docker_image_to_use }} - -ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop matrix-postgres-backup -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-postgres-backup - -[Install] -WantedBy=multi-user.target diff --git a/roles/custom/matrix-postgres/defaults/main.yml b/roles/custom/matrix-postgres/defaults/main.yml deleted file mode 100644 index 5a0cdb6c6..000000000 --- a/roles/custom/matrix-postgres/defaults/main.yml +++ /dev/null @@ -1,133 +0,0 @@ ---- -# Project source code URL: https://github.com/postgres/postgres - -# Controls if the Postgres server managed by the playbook is enabled. -# You can turn it off and use an external Postgres server by setting this to `false`. -# Doing this has various downsides. See `docs/configuring-playbook-external-postgres.md` to learn more. -matrix_postgres_enabled: true - -matrix_postgres_connection_hostname: "matrix-postgres" -matrix_postgres_connection_port: 5432 -matrix_postgres_connection_username: "matrix" -matrix_postgres_connection_password: "" -matrix_postgres_db_name: "matrix" - -matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" -matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" - -# matrix_postgres_systemd_services_to_stop_for_maintenance_list specifies the list of systemd services to stop before vacuuming or upgrading. -# These services will be restarted after the operation completes. -matrix_postgres_systemd_services_to_stop_for_maintenance_list: [] - -matrix_postgres_architecture: amd64 - -# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. -# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7). -# On ARM32, `-alpine` images fail with the following error: -# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault -matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" - -matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.22{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.17{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.12{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.8{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.5{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v15: "{{ matrix_container_global_registry_prefix }}postgres:15.0{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v15 }}" - -# This variable is assigned at runtime. Overriding its value has no effect. -matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}' - -matrix_postgres_docker_image_force_pull: "{{ matrix_postgres_docker_image_to_use.endswith(':latest') }}" - -# A list of extra arguments to pass to the container -matrix_postgres_container_extra_arguments: [] - -# A list of extra arguments to pass to the postgres process -# e.g. "-c 'max_connections=200'" -matrix_postgres_process_extra_arguments: [] - -# Controls whether the matrix-postgres container exposes a port (tcp/5432 in the -# container) that can be used to access the database from outside the container (e.g. with psql) -# -# psql postgresql://username:password@localhost:/database_name -# -# Takes an ":" or "" value (e.g. "127.0.0.1:5432"), or empty string to not expose. -matrix_postgres_container_postgres_bind_port: "" - -# A list of additional (databases and their credentials) to create. -# -# Example: -# matrix_postgres_additional_databases: -# - name: matrix_appservice_discord -# username: matrix_appservice_discord -# password: some_password -# - name: matrix_appservice_slack -# username: matrix_appservice_slack -# password: some_password -matrix_postgres_additional_databases: [] - -# A list of roles/users to avoid creating when importing (or upgrading) the database. -# If a dump file contains the roles and they've also been created beforehand (see `matrix_postgres_additional_databases`), -# importing would fail. -# We either need to not create them or to ignore the `CREATE ROLE` statements in the dump. -matrix_postgres_import_roles_to_ignore: | - {{ - ( - [matrix_postgres_connection_username] - + - matrix_postgres_additional_databases|map(attribute='username') | list - ) | unique - }} - -# When importing an existing Postgres database (when restoring a backup) or when doing a Postgres upgrade (which dumps & restores), we'd like to avoid: -# - creating users (`CREATE ROLE ..`) -# - updating passwords for users (`ALTER ROLE matrix WITH SUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'md5...`) -# -# Both of these operations are done by the playbook anyway. -# Updating passwords is especially undesirable, because older versions hash passwords using md5 and export them as md5 hashes in the dump file, -# which is unsupported by default by newer Postgres versions (v14+). -# When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+. -# If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default. -# -# We also allow for the role name to be quoted, which is rare, but might happen for role names which are special keywords (e.g. `default`). -matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE \\\"?({{ matrix_postgres_import_roles_to_ignore | join('|') }})\\\"?(;| WITH)" # noqa jinja[spacing] - -# A list of databases to avoid creating when importing (or upgrading) the database. -# If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`), -# importing would fail. -# We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump. -matrix_postgres_import_databases_to_ignore: | - {{ - ( - [matrix_postgres_db_name] - + - matrix_postgres_additional_databases|map(attribute='name') | list - ) | unique - }} - -# We also allow for the database name to be quoted, which is rare, but might happen for database names which are special keywords (e.g. `default`). -matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE \\\"?({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\\"?\\s" # noqa jinja[spacing] - -# The number of seconds to wait after starting `matrix-postgres.service` -# and before trying to run queries for creating additional databases/users against it. -# -# For most (subsequent) runs, Postgres would already be running, so no waiting will be happening at all. -# -# On ARM, we wait some more. ARM32 devices are especially known for being slow. -# ARM64 likely don't need such a long delay, but it doesn't hurt too much having it. -matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: "{{ 45 if matrix_postgres_architecture in ['arm32', 'arm64'] else 15 }}" - - -matrix_postgres_pgloader_container_image_self_build: false -matrix_postgres_pgloader_container_image_self_build_repo: "https://github.com/illagrenan/pgloader-docker.git" -matrix_postgres_pgloader_container_image_self_build_repo_branch: "v{{ matrix_postgres_pgloader_docker_image_tag }}" -matrix_postgres_pgloader_container_image_self_build_src_path: "{{ matrix_postgres_base_path }}/pgloader-container-src" - -# We use illagrenan/pgloader, instead of the more official dimitri/pgloader image, -# because the official one only provides a `latest` tag. -matrix_postgres_pgloader_docker_image: "{{ matrix_postgres_pgloader_docker_image_name_prefix }}illagrenan/pgloader:{{ matrix_postgres_pgloader_docker_image_tag }}" -matrix_postgres_pgloader_docker_image_name_prefix: "{{ 'localhost/' if matrix_postgres_pgloader_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_postgres_pgloader_docker_image_tag: "3.6.2" -matrix_postgres_pgloader_docker_image_force_pull: "{{ matrix_postgres_pgloader_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml b/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml deleted file mode 100644 index 1be8291b6..000000000 --- a/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- - -# This utility aims to determine if there is some existing Postgres version in use or not. -# If there is, it also tries to detect the Docker image that corresponds to that version. -# -# This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible -# to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html - - -- name: Fail detection if expectation fails (Postgres not enabled) - ansible.builtin.fail: - msg: "Trying to detect the version of the built-in Postgres server, but Postgres installation is not enabled (`matrix_postgres_enabled: false`)" - when: not matrix_postgres_enabled - -- name: Initialize Postgres version determination variables (default to empty) - ansible.builtin.set_fact: - matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" - matrix_postgres_detected_existing: false - matrix_postgres_detected_version: "" - matrix_postgres_detected_version_corresponding_docker_image: "" - -- name: Determine existing Postgres version (check PG_VERSION file) - ansible.builtin.stat: - path: "{{ matrix_postgres_detection_pg_version_path }}" - register: result_pg_version_stat - -- ansible.builtin.set_fact: - matrix_postgres_detected_existing: true - when: "result_pg_version_stat.stat.exists" - -- name: Determine existing Postgres version (read PG_VERSION file) - ansible.builtin.slurp: - src: "{{ matrix_postgres_detection_pg_version_path }}" - register: result_pg_version - when: matrix_postgres_detected_existing | bool - -- name: Determine existing Postgres version (make sense of PG_VERSION file) - ansible.builtin.set_fact: - matrix_postgres_detected_version: "{{ result_pg_version['content'] | b64decode | replace('\n', '') }}" - when: matrix_postgres_detected_existing | bool - -- name: Determine corresponding Docker image to detected version (assume default of latest) - ansible.builtin.set_fact: - matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_latest }}" - when: "matrix_postgres_detected_version != ''" - -- name: Determine corresponding Docker image to detected version (use 9.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v9 }}" - when: "matrix_postgres_detected_version.startswith('9.')" - -- name: Determine corresponding Docker image to detected version (use 10.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v10 }}" - when: "matrix_postgres_detected_version == '10' or matrix_postgres_detected_version.startswith('10.')" - -- name: Determine corresponding Docker image to detected version (use 11.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}" - when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')" - -- name: Determine corresponding Docker image to detected version (use 12.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}" - when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')" - -- name: Determine corresponding Docker image to detected version (use 13.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v13 }}" - when: "matrix_postgres_detected_version == '13' or matrix_postgres_detected_version.startswith('13.')" - -- name: Determine corresponding Docker image to detected version (use 14.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v14 }}" - when: "matrix_postgres_detected_version == '14' or matrix_postgres_detected_version.startswith('14.')" diff --git a/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml deleted file mode 100644 index c3fff5208..000000000 --- a/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ /dev/null @@ -1,102 +0,0 @@ ---- - -# Pre-checks - -- name: Fail if Postgres not enabled - ansible.builtin.fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." - when: "not matrix_postgres_enabled | bool" - -- name: Fail if playbook called incorrectly - ansible.builtin.fail: - msg: "The `sqlite_database_path` variable needs to be provided to this playbook, via --extra-vars" - when: "sqlite_database_path is not defined or sqlite_database_path.startswith('<')" - -- name: Check if the provided SQLite database file exists - ansible.builtin.stat: - path: "{{ sqlite_database_path }}" - register: sqlite_database_path_stat_result - -- name: Fail if provided SQLite database file doesn't exist - ansible.builtin.fail: - msg: "File cannot be found on the server at {{ sqlite_database_path }}" - when: "not sqlite_database_path_stat_result.stat.exists" - -# We either expect `postgres_db_connection_string` specifying a full Postgres database connection string, -# or `postgres_connection_string_variable_name`, specifying a name of a variable, which contains a valid connection string. - -- when: 'postgres_connection_string_variable_name is defined' - block: - - name: Fail if postgres_connection_string_variable_name points to an undefined variable - ansible.builtin.fail: - msg: "postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`" - when: "postgres_connection_string_variable_name not in vars" - - - name: Get Postgres connection string from variable - ansible.builtin.set_fact: - postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}" - -- name: Fail if playbook called incorrectly - ansible.builtin.fail: - msg: >- - Either a `postgres_db_connection_string` variable or a `postgres_connection_string_variable_name` needs to be provided to this playbook, via `--extra-vars`. - Example: `--extra-vars="postgres_db_connection_string=postgresql://username:password@localhost:/database_name"` or `--extra-vars="postgres_connection_string_variable_name=matrix_appservice_discord_database_connString"` - when: "postgres_db_connection_string is not defined or not postgres_db_connection_string.startswith('postgresql://')" - - -# Defaults - -- name: Set postgres_start_wait_time, if not provided - ansible.builtin.set_fact: - postgres_start_wait_time: 15 - when: "postgres_start_wait_time | default('') == ''" - - -# Actual import work - -- name: Ensure matrix-postgres is started - ansible.builtin.service: - name: matrix-postgres - state: started - daemon_reload: true - register: matrix_postgres_service_start_result - -- name: Wait a bit, so that Postgres can start - ansible.builtin.wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - when: "matrix_postgres_service_start_result.changed | bool" - -- name: Import SQLite database from {{ sqlite_database_path }} into Postgres # noqa name[template] - ansible.builtin.command: - cmd: >- - {{ devture_systemd_docker_base_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --mount type=bind,src={{ sqlite_database_path }},dst=/in.db,ro - --entrypoint=/bin/sh - {{ matrix_postgres_pgloader_docker_image }} - -c - 'pgloader /in.db {{ postgres_db_connection_string }}' - register: matrix_postgres_import_generic_sqlite_db_import_result - changed_when: matrix_postgres_import_generic_sqlite_db_import_result.rc == 0 - -- name: Archive SQLite database ({{ sqlite_database_path }} -> {{ sqlite_database_path }}.backup) # noqa name[template] - ansible.builtin.command: - cmd: "mv {{ sqlite_database_path }} {{ sqlite_database_path }}.backup" - register: matrix_postgres_import_generic_sqlite_db_move_result - changed_when: matrix_postgres_import_generic_sqlite_db_move_result.rc == 0 - -- name: Inject result - ansible.builtin.set_fact: - devture_playbook_runtime_messages_list: | - {{ - devture_playbook_runtime_messages_list | default([]) - + - [ - "NOTE: Your SQLite database file has been imported into Postgres. The original file has been moved from `{{ sqlite_database_path }}` to `{{ sqlite_database_path }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file." - ] - }} diff --git a/roles/custom/matrix-postgres/tasks/import_postgres.yml b/roles/custom/matrix-postgres/tasks/import_postgres.yml deleted file mode 100644 index d21333adc..000000000 --- a/roles/custom/matrix-postgres/tasks/import_postgres.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- - -# Pre-checks - -- name: Fail if Postgres not enabled - ansible.builtin.fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." - when: "not matrix_postgres_enabled | bool" - -- name: Fail if playbook called incorrectly - ansible.builtin.fail: - msg: "The `server_path_postgres_dump` variable needs to be provided to this playbook, via --extra-vars" - when: "server_path_postgres_dump is not defined or server_path_postgres_dump.startswith('<')" - -- name: Check if the provided Postgres dump file exists - ansible.builtin.stat: - path: "{{ server_path_postgres_dump }}" - register: result_server_path_postgres_dump_stat - -- name: Fail if provided Postgres dump file doesn't exists - ansible.builtin.fail: - msg: "File cannot be found on the server at {{ server_path_postgres_dump }}" - when: "not result_server_path_postgres_dump_stat.stat.exists" - - -# Defaults - -- name: Set postgres_start_wait_time, if not provided - ansible.builtin.set_fact: - postgres_start_wait_time: 15 - when: "postgres_start_wait_time | default('') == ''" - -- name: Set postgres_import_wait_time, if not provided - ansible.builtin.set_fact: - postgres_import_wait_time: "{{ 7 * 86400 }}" - when: "postgres_import_wait_time | default('') == ''" - -# By default, we connect and import into the main (`matrix`) database. -# Single-database dumps for Synapse may wish to import into `synapse` instead. -- name: Set postgres_default_import_database, if not provided - ansible.builtin.set_fact: - postgres_default_import_database: "{{ matrix_postgres_db_name }}" - when: "postgres_default_import_database | default('') == ''" - -# Actual import work - -- name: Ensure matrix-postgres is started - ansible.builtin.service: - name: matrix-postgres - state: started - daemon_reload: true - register: matrix_postgres_import_start_result - -- name: Wait a bit, so that Postgres can start - when: matrix_postgres_import_start_result.changed | bool - ansible.builtin.wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - -- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml - -- name: Abort, if no existing Postgres version detected - ansible.builtin.fail: - msg: "Could not find existing Postgres installation" - when: "not matrix_postgres_detected_existing | bool" - -# Starting the database container had automatically created the default -# role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`). -# The dump most likely contains those same entries and would try to re-create them, leading to errors. -# We need to skip over those lines. -- name: Generate Postgres database import command - ansible.builtin.set_fact: - matrix_postgres_import_command: >- - {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-import - --log-driver=none - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - --mount type=bind,src={{ server_path_postgres_dump }},dst=/{{ server_path_postgres_dump | basename }},ro - --entrypoint=/bin/sh - {{ matrix_postgres_docker_image_latest }} - -c "cat /{{ server_path_postgres_dump | basename }} | - {{ 'gunzip |' if server_path_postgres_dump.endswith('.gz') else '' }} - grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' | - grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' | - psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname={{ postgres_default_import_database }}" - tags: - - skip_ansible_lint - -# This is a hack. -# See: https://ansibledaily.com/print-to-standard-output-without-escaping/ -# -# We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it, -# which ruins the command (`matrix_postgres_import_command`) -- name: Note about Postgres importing alternative - ansible.builtin.set_fact: - dummy: true - with_items: - - >- - Importing Postgres database using the following command: `{{ matrix_postgres_import_command }}`. - If this crashes, you can stop Postgres (`systemctl stop matrix-postgres`), - delete its existing data (`rm -rf {{ matrix_postgres_data_path }}/*`), start it again (`systemctl start matrix-postgres`) - and manually run the above import command directly on the server. - -- name: Perform Postgres database import - ansible.builtin.command: - cmd: "{{ matrix_postgres_import_command }}" - async: "{{ postgres_import_wait_time }}" - poll: 10 - register: matrix_postgres_import_postgres_command_result - failed_when: not matrix_postgres_import_postgres_command_result.finished or matrix_postgres_import_postgres_command_result.rc != 0 - changed_when: matrix_postgres_import_postgres_command_result.finished and matrix_postgres_import_postgres_command_result.rc == 0 diff --git a/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml deleted file mode 100644 index b885ea975..000000000 --- a/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- - -# Pre-checks - -- name: Fail if Postgres not enabled - ansible.builtin.fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." - when: "not matrix_postgres_enabled | bool" - -- name: Fail if playbook called incorrectly - ansible.builtin.fail: - msg: "The `server_path_homeserver_db` variable needs to be provided to this playbook, via --extra-vars" - when: "server_path_homeserver_db is not defined or server_path_homeserver_db.startswith('<')" - -- name: Check if the provided SQLite homeserver.db file exists - ansible.builtin.stat: - path: "{{ server_path_homeserver_db }}" - register: result_server_path_homeserver_db_stat - -- name: Fail if provided SQLite homeserver.db file doesn't exist - ansible.builtin.fail: - msg: "File cannot be found on the server at {{ server_path_homeserver_db }}" - when: "not result_server_path_homeserver_db_stat.stat.exists" - - -# Defaults - -- name: Set postgres_start_wait_time, if not provided - ansible.builtin.set_fact: - postgres_start_wait_time: 15 - when: "postgres_start_wait_time | default('') == ''" - - -# Actual import work - -- name: Ensure matrix-postgres is stopped - ansible.builtin.service: - name: matrix-postgres - state: stopped - daemon_reload: true - -- name: Ensure postgres data is wiped out - ansible.builtin.file: - path: "{{ matrix_postgres_data_path }}" - state: absent - -- name: Ensure postgres data path exists - ansible.builtin.file: - path: "{{ matrix_postgres_data_path }}" - state: directory - mode: 0700 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-postgres is started - ansible.builtin.service: - name: matrix-postgres - state: restarted - daemon_reload: true - -- name: Wait a bit, so that Postgres can start - ansible.builtin.wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - -# We don't use the `docker_container` module, because using it with `cap_drop` requires -# a very recent version, which is not available for a lot of people yet. -# -# Also, some old `docker_container` versions were buggy and would leave containers behind -# on failure, which we had to work around to allow retries (by re-running the playbook). -- name: Import SQLite database into Postgres - ansible.builtin.command: - cmd: | - docker run - --rm - --name=matrix-synapse-migrate - --log-driver=none - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --entrypoint=python - --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data - --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store - --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db | basename }} - {{ matrix_synapse_docker_image_final }} - /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db | basename }} --postgres-config /data/homeserver.yaml - register: matrix_postgres_import_synapse_sqlite_db_result - changed_when: matrix_postgres_import_synapse_sqlite_db_result.rc == 0 diff --git a/roles/custom/matrix-postgres/tasks/init.yml b/roles/custom/matrix-postgres/tasks/init.yml deleted file mode 100644 index 659380f10..000000000 --- a/roles/custom/matrix-postgres/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres.service'] }}" - when: matrix_postgres_enabled | bool diff --git a/roles/custom/matrix-postgres/tasks/main.yml b/roles/custom/matrix-postgres/tasks/main.yml deleted file mode 100644 index 8e21b3c63..000000000 --- a/roles/custom/matrix-postgres/tasks/main.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_postgres_enabled | bool" - tags: - - setup-all - - setup-postgres - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_postgres.yml" - when: run_setup | bool - tags: - - setup-all - - setup-postgres - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_postgres.yml" - when: run_postgres_import | bool - tags: - - import-postgres - -# The `run_postgres_import_sqlite_db` variable had better be renamed to be consistent, -# but that's a breaking change which may cause trouble for people. -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_synapse_sqlite_db.yml" - when: run_postgres_import_sqlite_db | bool - tags: - - import-synapse-sqlite-db - -# Perhaps we need a new variable here, instead of `run_postgres_import_sqlite_db`. -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_generic_sqlite_db.yml" - when: run_postgres_import_sqlite_db | bool - tags: - - import-generic-sqlite-db - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/upgrade_postgres.yml" - when: run_postgres_upgrade | bool - tags: - - upgrade-postgres - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_vacuum.yml" - when: run_postgres_vacuum | bool - tags: - - run-postgres-vacuum diff --git a/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml b/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml deleted file mode 100644 index dca284ad1..000000000 --- a/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml +++ /dev/null @@ -1,176 +0,0 @@ ---- - -- name: Fail if Postgres not enabled - ansible.builtin.fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." - when: "not matrix_postgres_enabled | bool" - -- name: Fail if util called incorrectly (missing matrix_postgres_db_migration_request) - ansible.builtin.fail: - msg: "The `matrix_postgres_db_migration_request` variable needs to be provided to this util." - when: "matrix_postgres_db_migration_request is not defined" - -- name: Fail if util called incorrectly (invalid matrix_postgres_db_migration_request) - ansible.builtin.fail: - msg: "The `matrix_postgres_db_migration_request` variable needs to contain `{{ item }}`." - with_items: - - src - - dst - - caller - - engine_variable_name - - systemd_services_to_stop - when: "item not in matrix_postgres_db_migration_request" - -- name: Check if the provided source database file exists - ansible.builtin.stat: - path: "{{ matrix_postgres_db_migration_request.src }}" - register: matrix_postgres_db_migration_request_src_stat_result - -- name: Fail if provided source database file doesn't exist - ansible.builtin.fail: - msg: "File cannot be found on the server at {{ matrix_postgres_db_migration_request.src }}" - when: "not matrix_postgres_db_migration_request_src_stat_result.stat.exists" - -- when: "matrix_postgres_pgloader_container_image_self_build | bool" - block: - - name: Ensure pgloader repository is present on self-build - ansible.builtin.git: - repo: "{{ matrix_postgres_pgloader_container_image_self_build_repo }}" - dest: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" - version: "{{ matrix_postgres_pgloader_container_image_self_build_repo_branch }}" - force: "yes" - become: true - become_user: "{{ matrix_user_username }}" - register: matrix_postgres_pgloader_git_pull_results - - # If `stable` is used, we hit an error when processing /opt/src/pgloader/build/quicklisp/dists/quicklisp/software/uax-15-20201220-git/data/CompositionExclusions.txt: - # > the octet sequence #(194) cannot be decoded - # - # The issue is described here and is not getting fixed for months: https://github.com/dimitri/pgloader/pull/1179 - # - # Although we're not using the dimitri/pgloader image, the one we're using suffers from the same problem. - - name: Switch pgloader base image from Debian stable (likely 10.x/Buster) to Bullseye - ansible.builtin.lineinfile: - path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}/Dockerfile" - regexp: "{{ item.match }}" - line: "{{ item.replace }}" - with_items: - - match: '^FROM debian:stable-slim as builder$' - replace: 'FROM debian:bullseye-slim as builder' - - match: '^FROM debian:stable-slim$' - replace: 'FROM debian:bullseye-slim' - - - name: Ensure pgloader Docker image is built - community.docker.docker_image: - name: "{{ matrix_postgres_pgloader_docker_image }}" - source: build - force_source: "{{ matrix_postgres_pgloader_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_pgloader_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" - pull: true - -- name: Ensure pgloader Docker image is pulled - community.docker.docker_image: - name: "{{ matrix_postgres_pgloader_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_postgres_pgloader_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_pgloader_docker_image_force_pull }}" - when: "not matrix_postgres_pgloader_container_image_self_build" - -# Defaults - -- name: Set postgres_start_wait_time, if not provided - ansible.builtin.set_fact: - postgres_start_wait_time: 15 - when: "postgres_start_wait_time | default('') == ''" - -# Actual import work - -# matrix-postgres is most likely started already -- name: Ensure matrix-postgres is started - ansible.builtin.service: - name: matrix-postgres - state: started - daemon_reload: true - register: matrix_postgres_service_start_result - -- name: Wait a bit, so that Postgres can start - ansible.builtin.wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - when: "matrix_postgres_service_start_result.changed | bool" - -# We only stop services here, leaving it to the caller to start them later. -# -# We can't start them, because they probably need to be reconfigured too (changing the configuration from using SQLite to Postgres, etc.), -# before starting. -# -# Since the caller will be starting them, it might make sense to leave stopping to it as well. -# However, we don't do it, because it's simpler having it here, and it also gets to happen only if we'll be doing an import. -# If we bailed out (somewhere above), nothing would have gotten stopped. It's nice to leave this running in such cases. -- name: Ensure systemd services blocking the database import are stopped - ansible.builtin.service: - name: "{{ item }}" - state: stopped - failed_when: false - with_items: "{{ matrix_postgres_db_migration_request.systemd_services_to_stop }}" - -- name: Import {{ matrix_postgres_db_migration_request.engine_old }} database from {{ matrix_postgres_db_migration_request.src }} into Postgres # noqa name[template] - ansible.builtin.command: - cmd: >- - {{ devture_systemd_docker_base_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --mount type=bind,src={{ matrix_postgres_db_migration_request.src }},dst=/in.db,ro - --entrypoint=/bin/sh - {{ matrix_postgres_pgloader_docker_image }} - -c - 'pgloader {{ matrix_postgres_db_migration_request.pgloader_options | default([]) | join(' ') }} /in.db {{ matrix_postgres_db_migration_request.dst }}' - register: matrix_postgres_migrate_db_to_postgres_import_result - changed_when: matrix_postgres_migrate_db_to_postgres_import_result.rc == 0 - -- when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0" - block: - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: detect_existing_postgres_version - - - ansible.builtin.set_fact: - matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" - - - name: Execute additional Postgres SQL migration statements - ansible.builtin.command: - cmd: >- - {{ devture_systemd_docker_base_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - --network={{ matrix_docker_network }} - {{ matrix_postgres_docker_image_to_use }} - psql --host=matrix-postgres --dbname={{ matrix_postgres_db_migration_request.additional_psql_statements_db_name }} --command='{{ item }}' - with_items: "{{ matrix_postgres_db_migration_request.additional_psql_statements_list }}" - register: matrix_postgres_migrate_db_to_postgres_additional_queries_result - changed_when: matrix_postgres_migrate_db_to_postgres_additional_queries_result.rc == 0 - -- name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) # noqa name[template] - ansible.builtin.command: - cmd: "mv {{ matrix_postgres_db_migration_request.src }} {{ matrix_postgres_db_migration_request.src }}.backup" - register: matrix_postgres_migrate_db_to_postgres_move_result - changed_when: matrix_postgres_migrate_db_to_postgres_move_result.rc == 0 - -- name: Inject result - ansible.builtin.set_fact: - devture_playbook_runtime_messages_list: | - {{ - devture_playbook_runtime_messages_list | default([]) - + - [ - "NOTE: Your {{ matrix_postgres_db_migration_request.engine_old }} database file has been imported into Postgres. The original database file has been moved from `{{ matrix_postgres_db_migration_request.src }}` to `{{ matrix_postgres_db_migration_request.src }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file." - ] - }} diff --git a/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml deleted file mode 100644 index 062a05c4a..000000000 --- a/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- - -# We used to store Postgres data directly under `/matrix/postgres` (what is now considered `matrix_postgres_base_path`). -# -# From now on, we expect to store Postgres data one directory below now (`/matrix/postgres/data` - `matrix_postgres_data_path`). -# We wish to use the base directory for other purposes (storing environment variable files, etc.). -# Mixing those with the Postgres data is no good and it leads to Postgres's `initdb` complaining to initialize -# a database in a non-empty directory. -# -# For this reason, we store the Postgres data in `/matrix/postgres/data` and need to relocate any installations -# which still store it in the parent directory (`/matrix/postgres`). -# -# This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible -# to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html - -- name: Check if old Postgres data directory is used - ansible.builtin.stat: - path: "{{ matrix_postgres_base_path }}/PG_VERSION" - register: result_pg_old_data_dir_stat - -- name: Warn if old Postgres data directory detected - ansible.builtin.debug: - msg: > - Found that you have Postgres data in `{{ matrix_postgres_base_path }}`. - From now on, Postgres data is supposed to be stored in `{{ matrix_postgres_data_path }}` instead. - We'll stop Postgres and relocate the files there for you. - when: "result_pg_old_data_dir_stat.stat.exists" - -# We should stop Postgres first, before building a list of files, -# as to ignore any `postmaster.pid` files, etc. -- name: Ensure matrix-postgres is stopped - ansible.builtin.service: - name: matrix-postgres - state: stopped - daemon_reload: true - when: "result_pg_old_data_dir_stat.stat.exists" - -- name: Find files and directories in old Postgres data path - ansible.builtin.find: - paths: "{{ matrix_postgres_base_path }}" - file_type: any - excludes: ["data"] - register: "result_pg_old_data_dir_find" - when: "result_pg_old_data_dir_stat.stat.exists" - -- name: Ensure new Postgres data path exists - ansible.builtin.file: - path: "{{ matrix_postgres_data_path }}" - state: directory - mode: 0700 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - when: "result_pg_old_data_dir_stat.stat.exists" - -- when: "result_pg_old_data_dir_stat.stat.exists" - block: - - name: Relocate Postgres data files from old directory to new - ansible.builtin.command: - cmd: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}" - with_items: "{{ result_pg_old_data_dir_find.files }}" - register: matrix_postgres_migrate_postgres_data_directory_move_result - changed_when: matrix_postgres_migrate_postgres_data_directory_move_result.rc == 0 - -# Intentionally not starting matrix-postgres here. -# It likely needs to be updated to point to the new directory. -# In fact, let's even get rid of the outdated service, to ensure no one will start it -# and have it initialize a new database. - -- name: Ensure outdated matrix-postgres.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" - state: absent - when: "result_pg_old_data_dir_stat.stat.exists" - -- name: Ensure systemd reloaded after getting rid of outdated matrix-postgres.service - ansible.builtin.service: - daemon_reload: true - when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/custom/matrix-postgres/tasks/run_vacuum.yml b/roles/custom/matrix-postgres/tasks/run_vacuum.yml deleted file mode 100644 index dfa4be7a3..000000000 --- a/roles/custom/matrix-postgres/tasks/run_vacuum.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- - -# Pre-checks - -- name: Fail if Postgres not enabled - ansible.builtin.fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot run vacuum." - when: "not matrix_postgres_enabled | bool" - - -# Defaults - -- name: Set postgres_start_wait_time, if not provided - ansible.builtin.set_fact: - postgres_start_wait_time: 15 - when: "postgres_start_wait_time | default('') == ''" - -- name: Set postgres_vacuum_wait_time, if not provided - ansible.builtin.set_fact: - postgres_vacuum_wait_time: "{{ 7 * 86400 }}" - when: "postgres_vacuum_wait_time | default('') == ''" - - -# Actual vacuuming work - -- name: Ensure matrix-postgres is started - ansible.builtin.service: - name: matrix-postgres - state: started - daemon_reload: true - register: matrix_postgres_vacuum_start_result - -- name: Wait a bit, so that Postgres can start - when: matrix_postgres_vacuum_start_result.changed | bool - ansible.builtin.wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - -- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml - -- name: Abort, if no existing Postgres version detected - ansible.builtin.fail: - msg: "Could not find existing Postgres installation" - when: "not matrix_postgres_detected_existing | bool" - -- name: Generate Postgres database vacuum command - ansible.builtin.set_fact: - matrix_postgres_vacuum_command: >- - {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - {{ matrix_postgres_docker_image_latest }} - psql -v ON_ERROR_STOP=1 -h matrix-postgres {{ matrix_synapse_database_database }} -c 'VACUUM FULL VERBOSE' - -- name: Note about Postgres vacuum alternative - ansible.builtin.debug: - msg: >- - Running vacuum with the following Postgres ansible.builtin.command: `{{ matrix_postgres_vacuum_command }}`. - If this crashes, you can stop all processes (`systemctl stop matrix-*`), - start Postgres only (`systemctl start matrix-postgres`) - and manually run the above command directly on the server. - -- name: Populate service facts - ansible.builtin.service_facts: - -- ansible.builtin.set_fact: - matrix_postgres_synapse_was_running: "{{ ansible_facts.services['matrix-synapse.service'] | default(none) is not none and ansible_facts.services['matrix-synapse.service'].state == 'running' }}" - -- name: Ensure services are stopped - ansible.builtin.service: - name: "{{ item }}" - state: stopped - daemon_reload: true - with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - -- name: Run Postgres vacuum command - ansible.builtin.command: "{{ matrix_postgres_vacuum_command }}" - async: "{{ postgres_vacuum_wait_time }}" - poll: 10 - register: matrix_postgres_synapse_vacuum_result - failed_when: not matrix_postgres_synapse_vacuum_result.finished or matrix_postgres_synapse_vacuum_result.rc != 0 - changed_when: matrix_postgres_synapse_vacuum_result.finished and matrix_postgres_synapse_vacuum_result.rc == 0 - -# Intentionally show the results -- ansible.builtin.debug: - var: "matrix_postgres_synapse_vacuum_result" - -- name: Ensure services are started - ansible.builtin.service: - name: "{{ item }}" - state: started - daemon_reload: true - with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" diff --git a/roles/custom/matrix-postgres/tasks/setup_postgres.yml b/roles/custom/matrix-postgres/tasks/setup_postgres.yml deleted file mode 100644 index bba0d7989..000000000 --- a/roles/custom/matrix-postgres/tasks/setup_postgres.yml +++ /dev/null @@ -1,215 +0,0 @@ ---- - -# -# Tasks related to setting up an internal postgres server -# - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_postgres_data_directory.yml" - when: matrix_postgres_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/detect_existing_postgres_version.yml" - when: matrix_postgres_enabled | bool - -# If we have found an existing version (installed from before), we use its corresponding Docker image. -# If not, we install using the latest Postgres. -# -# Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). -- ansible.builtin.set_fact: - matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" - when: matrix_postgres_enabled | bool - -- name: Abort if on an unsupported Postgres version - ansible.builtin.fail: - msg: "You're on Postgres {{ matrix_postgres_detected_version }}, which is no longer supported. To upgrade, see docs/maintenance-postgres.md" - when: "matrix_postgres_enabled | bool and matrix_postgres_detected_version.startswith('9.')" - -- name: Inject warning if on an old version of Postgres - ansible.builtin.set_fact: - devture_playbook_runtime_messages_list: | - {{ - devture_playbook_runtime_messages_list | default([]) - + - [ - "NOTE: Your setup is on an old Postgres version ({{ matrix_postgres_docker_image_to_use }}), while {{ matrix_postgres_docker_image_latest }} is supported. You can upgrade using --tags=upgrade-postgres" - ] - }} - when: "matrix_postgres_enabled | bool and matrix_postgres_docker_image_to_use != matrix_postgres_docker_image_latest" - -# Even if we don't run the internal server, we still need this for running the CLI -- name: Ensure postgres Docker image is pulled - community.docker.docker_image: - name: "{{ matrix_postgres_docker_image_to_use }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" - when: matrix_postgres_enabled | bool - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure Postgres paths exist - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: 0700 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_postgres_base_path }}" - - "{{ matrix_postgres_data_path }}" - when: matrix_postgres_enabled | bool - -# We do this as a separate task, because: -# - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is) -# - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true -- name: Ensure Postgres data path ownership is correct - ansible.builtin.file: - path: "{{ matrix_postgres_data_path }}" - state: directory - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - recurse: true - when: matrix_postgres_enabled | bool - -- name: Ensure Postgres environment variables file created - ansible.builtin.template: - src: "{{ role_path }}/templates/{{ item }}.j2" - dest: "{{ matrix_postgres_base_path }}/{{ item }}" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0640 - with_items: - - "env-postgres-psql" - - "env-postgres-server" - when: matrix_postgres_enabled | bool - -- name: Ensure matrix-postgres-cli script created - ansible.builtin.template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2" - dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli" - mode: 0755 - when: matrix_postgres_enabled | bool - -- name: Ensure matrix-postgres-cli-non-interactive script created - ansible.builtin.template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2" - dest: "{{ matrix_local_bin_path }}/matrix-postgres-cli-non-interactive" - mode: 0755 - when: matrix_postgres_enabled | bool - -- name: Ensure matrix-change-user-admin-status script created - ansible.builtin.template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2" - dest: "{{ matrix_local_bin_path }}/matrix-change-user-admin-status" - mode: 0755 - when: matrix_postgres_enabled | bool - -- name: (Migration) Ensure old matrix-make-user-admin script deleted - ansible.builtin.file: - path: "{{ matrix_local_bin_path }}/matrix-make-user-admin" - state: absent - when: matrix_postgres_enabled | bool - -- name: Ensure matrix-postgres-update-user-password-hash script created - ansible.builtin.template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2" - dest: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash" - mode: 0755 - when: matrix_postgres_enabled | bool - -- name: Ensure matrix-postgres.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" - mode: 0644 - register: matrix_postgres_systemd_service_result - when: matrix_postgres_enabled | bool - -- name: Ensure systemd reloaded after matrix-postgres.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_postgres_enabled | bool and matrix_postgres_systemd_service_result.changed" - -- ansible.builtin.include_tasks: - file: "{{ role_path }}/tasks/util/create_additional_databases.yml" - apply: - tags: - - always - when: "matrix_postgres_enabled | bool and matrix_postgres_additional_databases|length > 0" - -- name: Check existence of matrix-postgres backup data path - ansible.builtin.stat: - path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup" - register: matrix_postgres_data_backup_path_stat - when: "matrix_postgres_enabled | bool" - -- name: Inject warning if backup data remains - ansible.builtin.set_fact: - devture_playbook_runtime_messages_list: | - {{ - devture_playbook_runtime_messages_list | default([]) - + - [ - "NOTE: You have some Postgres backup data in `{{ matrix_postgres_data_path }}-auto-upgrade-backup`, which was created during the last major Postgres update you ran. If your setup works well after this upgrade, feel free to delete this whole directory." - ] - }} - when: "matrix_postgres_enabled | bool and matrix_postgres_data_backup_path_stat.stat.exists" - - -# -# Tasks related to getting rid of the internal postgres server (if it was previously enabled) -# - -- name: Check existence of matrix-postgres service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" - register: matrix_postgres_service_stat - when: "not matrix_postgres_enabled | bool" - -- name: Ensure matrix-postgres is stopped - ansible.builtin.service: - name: matrix-postgres - state: stopped - daemon_reload: true - when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists" - -- name: Ensure matrix-postgres.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" - state: absent - when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-postgres.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists" - -- name: Check existence of matrix-postgres local data path - ansible.builtin.stat: - path: "{{ matrix_postgres_data_path }}" - register: matrix_postgres_data_path_stat - when: "not matrix_postgres_enabled | bool" - -# We just want to notify the user. Deleting data is too destructive. -- name: Inject warning if matrix-postgres local data remains - ansible.builtin.set_fact: - devture_playbook_runtime_messages_list: | - {{ - devture_playbook_runtime_messages_list | default([]) - + - [ - "NOTE: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it." - ] - }} - when: "not matrix_postgres_enabled | bool and matrix_postgres_data_path_stat.stat.exists" - -- name: Remove Postgres scripts - ansible.builtin.file: - path: "{{ matrix_local_bin_path }}/{{ item }}" - state: absent - with_items: - - matrix-postgres-cli - - matrix-change-user-admin-status - - matrix-postgres-update-user-password-hash - when: "not matrix_postgres_enabled | bool" diff --git a/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml b/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml deleted file mode 100644 index d5f7e6c37..000000000 --- a/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml +++ /dev/null @@ -1,188 +0,0 @@ ---- - -- name: Set default postgres_dump_dir, if not provided - ansible.builtin.set_fact: - postgres_dump_dir: "/tmp" - when: "postgres_dump_dir | default('') == ''" - -- name: Set postgres_dump_name, if not provided - ansible.builtin.set_fact: - postgres_dump_name: "matrix-postgres-dump.sql.gz" - when: "postgres_dump_name | default('') == ''" - -- name: Set postgres_auto_upgrade_backup_data_path, if not provided - ansible.builtin.set_fact: - postgres_auto_upgrade_backup_data_path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup" - when: "postgres_auto_upgrade_backup_data_path | default('') == ''" - -- name: Set postgres_start_wait_time, if not provided - ansible.builtin.set_fact: - postgres_start_wait_time: 15 - when: "postgres_start_wait_time | default('') == ''" - -- name: Set postgres_force_upgrade, if not provided - ansible.builtin.set_fact: - postgres_force_upgrade: false - when: "postgres_force_upgrade | default('') == ''" - -- name: Fail, if trying to upgrade external Postgres database - ansible.builtin.fail: - msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade." - when: "not matrix_postgres_enabled | bool" - -- name: Check Postgres auto-upgrade backup data directory - ansible.builtin.stat: - path: "{{ postgres_auto_upgrade_backup_data_path }}" - register: result_auto_upgrade_path - -- name: Abort, if existing Postgres auto-upgrade data path detected - ansible.builtin.fail: - msg: "Detected that a left-over {{ postgres_auto_upgrade_backup_data_path }} exists. You should rename it to {{ matrix_postgres_data_path }} if the previous upgrade went wrong, or delete it if it went well." - when: "result_auto_upgrade_path.stat.exists" - -- ansible.builtin.import_tasks: tasks/detect_existing_postgres_version.yml - -- name: Abort, if no existing Postgres version detected - ansible.builtin.fail: - msg: "Could not find existing Postgres installation" - when: "not matrix_postgres_detected_existing | bool" - -- name: Abort, if already at latest Postgres version - ansible.builtin.fail: - msg: "You are already running the latest Postgres version supported ({{ matrix_postgres_docker_image_latest }}). Nothing to do" - when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest and not postgres_force_upgrade" - -- ansible.builtin.debug: - msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}" - -- name: Ensure services are stopped - ansible.builtin.service: - name: "{{ item }}" - state: stopped - daemon_reload: true - with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - -- name: Ensure matrix-postgres is started - ansible.builtin.service: - name: matrix-postgres - state: started - daemon_reload: true - -- name: Wait a bit, so that Postgres can start - ansible.builtin.wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - -# We dump all databases, roles, etc. -# -# Because we'll be importing into a new container which initializes the default -# role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`) by itself on startup, -# we need to remove these from the dump, or we'll get errors saying these already exist. -- name: Perform Postgres database dump - ansible.builtin.command: - cmd: >- - {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-dump - --log-driver=none - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --network={{ matrix_docker_network }} - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - --entrypoint=/bin/sh - --mount type=bind,src={{ postgres_dump_dir }},dst=/out - {{ matrix_postgres_detected_version_corresponding_docker_image }} - -c "pg_dumpall -h matrix-postgres - {{ '| gzip -c ' if postgres_dump_name.endswith('.gz') else '' }} - > /out/{{ postgres_dump_name }}" - register: matrix_postgres_upgrade_postgres_dump_command_result - changed_when: matrix_postgres_upgrade_postgres_dump_command_result.rc == 0 - tags: - - skip_ansible_lint - -- name: Ensure matrix-postgres is stopped - ansible.builtin.service: - name: matrix-postgres - state: stopped - -- name: Rename existing Postgres data directory - ansible.builtin.command: - cmd: "mv {{ matrix_postgres_data_path }} {{ postgres_auto_upgrade_backup_data_path }}" - register: matrix_postgres_upgrade_postgres_move_command_result - changed_when: matrix_postgres_upgrade_postgres_move_command_result.rc == 0 - -- ansible.builtin.debug: - msg: "NOTE: Your Postgres data directory has been moved from `{{ matrix_postgres_data_path }}` to `{{ postgres_auto_upgrade_backup_data_path }}`. In the event of failure, you can move it back and run the playbook with --tags=setup-postgres to restore operation." - -- ansible.builtin.import_tasks: tasks/setup_postgres.yml - -- name: Ensure matrix-postgres autoruns and is restarted - ansible.builtin.service: - name: matrix-postgres - enabled: true - state: restarted - daemon_reload: true - -- name: Wait a bit, so that Postgres can start - ansible.builtin.wait_for: - timeout: "{{ postgres_start_wait_time }}" - delegate_to: 127.0.0.1 - become: false - -# Starting the database container had automatically created the default -# role (`matrix_postgres_connection_username`) and database (`matrix_postgres_db_name`). -# The dump most likely contains those same entries and would try to re-create them, leading to errors. -# We need to skip over those lines. -- name: Generate Postgres database import command - ansible.builtin.set_fact: - matrix_postgres_import_command: >- - {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-import - --log-driver=none - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - --entrypoint=/bin/sh - --mount type=bind,src={{ postgres_dump_dir }},dst=/in,ro - {{ matrix_postgres_docker_image_latest }} - -c "cat /in/{{ postgres_dump_name }} | - {{ 'gunzip |' if postgres_dump_name.endswith('.gz') else '' }} - grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' | - grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' | - psql -v ON_ERROR_STOP=1 -h matrix-postgres" - tags: - - skip_ansible_lint - -# This is a hack. -# See: https://ansibledaily.com/print-to-standard-output-without-escaping/ -# -# We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it, -# which ruins the command (`matrix_postgres_import_command`) -- name: Note about Postgres importing - ansible.builtin.set_fact: - dummy: true - with_items: - - >- - Importing Postgres database using the following command: `{{ matrix_postgres_import_command }}`. - If this crashes, you can stop Postgres (`systemctl stop matrix-postgres`), - delete the new database data (`rm -rf {{ matrix_postgres_data_path }}`) - and restore the automatically-made backup (`mv {{ postgres_auto_upgrade_backup_data_path }} {{ matrix_postgres_data_path }}`). - -- name: Perform Postgres database import - ansible.builtin.command: - cmd: "{{ matrix_postgres_import_command }}" - register: matrix_postgres_upgrade_postgres_import_command_result - changed_when: matrix_postgres_upgrade_postgres_import_command_result.rc == 0 - -- name: Delete Postgres database dump file - ansible.builtin.file: - path: "{{ postgres_dump_dir }}/{{ postgres_dump_name }}" - state: absent - -- name: Ensure services are started - ansible.builtin.service: - name: "{{ item }}" - state: started - daemon_reload: true - with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - -- ansible.builtin.debug: - msg: "NOTE: Your old Postgres data directory is preserved at `{{ postgres_auto_upgrade_backup_data_path }}`. You might want to get rid of it once you've confirmed that all is well." diff --git a/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml b/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml deleted file mode 100644 index ce441ee13..000000000 --- a/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -# It'd be better if this is belonged to `validate_config.yml`, but it would have to be some loop-within-a-loop there, -# and that's ugly. We also don't expect this to catch errors often. It's more of a defensive last-minute check. -- name: Fail if additional database data appears invalid - ansible.builtin.fail: - msg: "Additional database definition ({{ additional_db }} lacks a required key: {{ item }}" - when: "item not in additional_db" - with_items: "{{ ['name', 'username', 'password'] }}" - -# The SQL statements that we'll run against Postgres are stored in a file that others can't read. -# This file will be mounted into the container and fed to Postgres. -# This way, we avoid passing sensitive data around in CLI commands that other users on the system can see. -- name: Create additional database initialization SQL file for {{ additional_db.name }} - ansible.builtin.template: - src: "{{ role_path }}/templates/sql/init-additional-db-user-and-role.sql.j2" - dest: "/tmp/matrix-postgres-init-additional-db-user-and-role.sql" - mode: 0600 - owner: "{{ matrix_user_uid }}" - group: "{{ matrix_user_gid }}" - -- name: Execute Postgres additional database initialization SQL file for {{ additional_db.name }} - ansible.builtin.command: - cmd: >- - {{ devture_systemd_docker_base_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - --network {{ matrix_docker_network }} - --mount type=bind,src=/tmp/matrix-postgres-init-additional-db-user-and-role.sql,dst=/matrix-postgres-init-additional-db-user-and-role.sql,ro - --entrypoint=/bin/sh - {{ matrix_postgres_docker_image_to_use }} - -c - 'psql -h {{ matrix_postgres_connection_hostname }} --file=/matrix-postgres-init-additional-db-user-and-role.sql' - changed_when: true - -- name: Delete additional database initialization SQL file for {{ additional_db.name }} - ansible.builtin.file: - path: /tmp/matrix-postgres-init-additional-db-user-and-role.sql - state: absent diff --git a/roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml deleted file mode 100644 index 7fe5713e1..000000000 --- a/roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -- name: Ensure matrix-postgres is started - ansible.builtin.service: - name: matrix-postgres - state: started - daemon_reload: true - register: matrix_postgres_service_start_result - -- name: Wait a bit, so that Postgres can start - ansible.builtin.wait_for: - timeout: "{{ matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds }}" - delegate_to: 127.0.0.1 - become: false - when: "matrix_postgres_service_start_result.changed | bool" - -- name: Create additional Postgres user and database - ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/create_additional_database.yml" - with_items: "{{ matrix_postgres_additional_databases }}" - loop_control: - loop_var: additional_db - # Suppress logging to avoid dumping the credentials to the shell - no_log: true diff --git a/roles/custom/matrix-postgres/tasks/validate_config.yml b/roles/custom/matrix-postgres/tasks/validate_config.yml deleted file mode 100644 index a6225632c..000000000 --- a/roles/custom/matrix-postgres/tasks/validate_config.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- - -- name: (Deprecation) Warn about matrix_postgres_use_external usage - ansible.builtin.fail: - msg: > - The `matrix_postgres_use_external` variable defined in your configuration is not used by this playbook anymore! - You'll need to adapt to the new way of using an external Postgres server. - It's a combination of `matrix_postgres_enabled: false` and specifying Postgres connection - details in a few `matrix_postgres_connection_` variables. - See the "Using an external PostgreSQL server (optional)" documentation page. - when: "'matrix_postgres_use_external' in vars" - -# This is separate (from the other required variables below), -# because we'd like to have a friendlier message for our existing users. -- name: Fail if matrix_postgres_connection_password not defined - ansible.builtin.fail: - msg: >- - The playbook no longer has a default Postgres password defined in the `matrix_postgres_connection_password` variable, among lots of other Postgres changes. - You need to perform multiple manual steps to resolve this. - See our changelog for more details: - https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-postgres-changes-that-require-manual-intervention - when: "matrix_postgres_connection_password == ''" - -- name: Fail if required Postgres settings not defined - ansible.builtin.fail: - msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_postgres_connection_hostname" - - "matrix_postgres_connection_port" - - "matrix_postgres_connection_username" - - "matrix_postgres_connection_password" - - "matrix_postgres_db_name" - -- name: Fail if Postgres password length exceeded - ansible.builtin.fail: - msg: "The maximum `matrix_postgres_connection_password` length is 99 characters" - when: "matrix_postgres_connection_password | length > 99" diff --git a/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 b/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 deleted file mode 100644 index 220589874..000000000 --- a/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 +++ /dev/null @@ -1,8 +0,0 @@ -#jinja2: lstrip_blocks: "True" -PGUSER={{ matrix_postgres_connection_username }} -PGPASSWORD={{ matrix_postgres_connection_password }} -PGDATABASE={{ matrix_postgres_db_name }} -# Prevent errors like this: -# > could not save history to file "//.psql_history": Permission denied -# .. due to Postgres not being able to write to the filesystem. -PSQL_HISTORY=/dev/null diff --git a/roles/custom/matrix-postgres/templates/env-postgres-server.j2 b/roles/custom/matrix-postgres/templates/env-postgres-server.j2 deleted file mode 100644 index 06feb82a6..000000000 --- a/roles/custom/matrix-postgres/templates/env-postgres-server.j2 +++ /dev/null @@ -1,7 +0,0 @@ -#jinja2: lstrip_blocks: "True" -POSTGRES_USER={{ matrix_postgres_connection_username }} -POSTGRES_PASSWORD={{ matrix_postgres_connection_password }} -POSTGRES_DB={{ matrix_postgres_db_name }} -# Synapse refuses to run if collation is not C. -# See https://github.com/matrix-org/synapse/issues/6722 -POSTGRES_INITDB_ARGS=--lc-collate C --lc-ctype C --encoding UTF8 diff --git a/roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 b/roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 deleted file mode 100644 index a5a3385b6..000000000 --- a/roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 +++ /dev/null @@ -1,19 +0,0 @@ --- `CREATE USER` does not support `IF NOT EXISTS`, so we use this workaround to prevent an error and raise a notice instead. --- Seen here: https://stackoverflow.com/a/49858797 -DO $$ -BEGIN - CREATE USER "{{ additional_db.username }}"; - EXCEPTION WHEN DUPLICATE_OBJECT THEN - RAISE NOTICE 'not creating user "{{ additional_db.username }}", since it already exists'; -END -$$; - --- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes --- TODO - we should escape quotes in the password. -ALTER ROLE "{{ additional_db.username }}" PASSWORD '{{ additional_db.password }}'; - --- This will generate an error on subsequent execution -CREATE DATABASE "{{ additional_db.name }}" WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER "{{ additional_db.username }}"; - --- This is useful for changing the database owner subsequently -ALTER DATABASE "{{ additional_db.name }}" OWNER TO "{{ additional_db.username }}"; diff --git a/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 deleted file mode 100644 index e63267a3e..000000000 --- a/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ /dev/null @@ -1,46 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Postgres server -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-postgres 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres 2>/dev/null || true' - -# We need /dev/shm to be larger than the default to allow VACUUM to work. -# See: -# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1362 -# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1268 -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ - --tmpfs=/run/postgresql:rw,noexec,nosuid,size=100m \ - --shm-size=256m \ - --network={{ matrix_docker_network }} \ - {% if matrix_postgres_container_postgres_bind_port %} - -p {{ matrix_postgres_container_postgres_bind_port }}:5432 \ - {% endif %} - --env-file={{ matrix_postgres_base_path }}/env-postgres-server \ - --mount type=bind,src={{ matrix_postgres_data_path }},dst=/var/lib/postgresql/data \ - --mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \ - {% for arg in matrix_postgres_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_postgres_docker_image_to_use }} \ - postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} - -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-postgres 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-postgres - -[Install] -WantedBy=multi-user.target diff --git a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 deleted file mode 100644 index f378a10f5..000000000 --- a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 +++ /dev/null @@ -1,19 +0,0 @@ -#jinja2: lstrip_blocks: "True" -#!/bin/bash - -if [ $# -ne 2 ]; then - echo "Usage: "$0" <0/1>" - echo "Usage: 0 = non-admin" - echo "Usage: 1 = admin" - exit 1 -fi - -docker run \ - -i \ - --rm \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ - --network {{ matrix_docker_network }} \ - {{ matrix_postgres_docker_image_to_use }} \ - psql -h {{ matrix_postgres_connection_hostname }} --dbname={{ matrix_synapse_database_database }} -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'" diff --git a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 deleted file mode 100644 index 012bb327f..000000000 --- a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 +++ /dev/null @@ -1,12 +0,0 @@ -#jinja2: lstrip_blocks: "True" -#!/bin/bash - -docker run \ - --rm \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ - --network {{ matrix_docker_network }} \ - {{ matrix_postgres_docker_image_to_use }} \ - psql -h {{ matrix_postgres_connection_hostname }} \ - "$@" diff --git a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 deleted file mode 100644 index de09a4eb2..000000000 --- a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 +++ /dev/null @@ -1,13 +0,0 @@ -#jinja2: lstrip_blocks: "True" -#!/bin/bash - -docker run \ - -it \ - --rm \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ - --network {{ matrix_docker_network }} \ - {{ matrix_postgres_docker_image_to_use }} \ - psql -h {{ matrix_postgres_connection_hostname }} \ - "$@" diff --git a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 deleted file mode 100644 index 0fbf4f21b..000000000 --- a/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 +++ /dev/null @@ -1,16 +0,0 @@ -#jinja2: lstrip_blocks: "True" -#!/bin/bash - -if [ $# -ne 2 ]; then - echo "Usage: "$0" " - exit 1 -fi - -docker run \ - --rm \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ - --network {{ matrix_docker_network }} \ - {{ matrix_postgres_docker_image_to_use }} \ - psql -h {{ matrix_postgres_connection_hostname }} --dbname={{ matrix_synapse_database_database }} -c "UPDATE users set password_hash='$2' WHERE name = '@$1:{{ matrix_domain }}'" diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml new file mode 100644 index 000000000..2e85d6298 --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml @@ -0,0 +1,49 @@ +--- +# prometheus-nginxlog-exporter exports nginx logs in a prometheus usable format on a `/metrics/ endpoint +# See: https://github.com/martin-helmich/prometheus-nginxlog-exporter/ + +matrix_prometheus_nginxlog_exporter_enabled: true +matrix_prometheus_nginxlog_exporter_version: v1.10.0 + +matrix_prometheus_nginxlog_exporter_container_hostname: 'matrix-prometheus-nginxlog-exporter' +matrix_prometheus_nginxlog_exporter_container_metrics_port: '4040' +matrix_prometheus_nginxlog_exporter_container_syslog_port: '6514' + +matrix_prometheus_nginxlog_exporter_docker_image_arch: ['amd64', 'arm64'] +matrix_prometheus_nginxlog_exporter_docker_image_name_prefix: "{{ 'ghcr.io/martin-helmich/' }}" +matrix_prometheus_nginxlog_exporter_docker_image_tag: "{{ 'latest' if matrix_prometheus_nginxlog_exporter_version == 'master' else matrix_prometheus_nginxlog_exporter_version }}-{{ matrix_architecture }}" +matrix_prometheus_nginxlog_exporter_docker_image: "{{ matrix_prometheus_nginxlog_exporter_docker_image_name_prefix }}prometheus-nginxlog-exporter/exporter:{{ matrix_prometheus_nginxlog_exporter_docker_image_tag }}" +matrix_prometheus_nginxlog_exporter_docker_image_force_pull: "{{ matrix_prometheus_nginxlog_exporter_docker_image.endswith(':latest') }}" +matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: true + +# Controls whether prometheus-nginxlog-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/nginxlog`. +# This will only take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled: false + +# matrix_prometheus_nginxlog_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions. +# If the Grafana role is enabled, these dashboards will be downloaded. +matrix_prometheus_nginxlog_exporter_dashboard_urls: [] + +matrix_prometheus_nginxlog_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-nginxlog-exporter" +matrix_prometheus_nginxlog_exporter_config_path: "{{ matrix_prometheus_nginxlog_exporter_base_path }}/config" + +# A list of extra docker arguments to pass to the container +matrix_prometheus_nginxlog_exporter_container_extra_arguments: [] + +# List of systemd services that matrix-prometheus_nginxlog_exporter.service depends on +matrix_prometheus_nginxlog_exporter_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-prometheus_nginxlog_exporter.service wants +matrix_prometheus_nginxlog_exporter_systemd_wanted_services_list: [] + +# Controls whether the matrix-prometheus_nginxlog_exporter container exposes its HTTP port (tcp/4040 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:4040"), or empty string to not expose. +matrix_prometheus_nginxlog_exporter_container_http_host_bind_port: '' + +# Controls whether the matrix-prometheus_nginxlog_exporter container exposes its SYSLOG port (udp/6514 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:6514"), or empty string to not expose. +# NOTE: is an UDP connection! +matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port: '' diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/examples/grafana.png b/roles/custom/matrix-prometheus-nginxlog-exporter/examples/grafana.png new file mode 100644 index 000000000..49fa02113 Binary files /dev/null and b/roles/custom/matrix-prometheus-nginxlog-exporter/examples/grafana.png differ diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/examples/metrics.png b/roles/custom/matrix-prometheus-nginxlog-exporter/examples/metrics.png new file mode 100644 index 000000000..b81265268 Binary files /dev/null and b/roles/custom/matrix-prometheus-nginxlog-exporter/examples/metrics.png differ diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..15317de09 --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,31 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append prometheus-nginxlog-exporter's configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role is already executed. + To fix this, please change the order of roles in your playbook to make sure that + the matrix-nginx-proxy role is run after the prometheus-nginxlog-exporter role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate prometheus-nginxlog-exporter's metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/nginxlog) + ansible.builtin.set_fact: + matrix_prometheus_nginxlog_exporter_matrix_nginx_proxy_metrics_configuration_matrix_domain: | + location /metrics/nginxlog { + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_prometheus_nginxlog_exporter_container_hostname }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port }}"; + proxy_pass http://$backend/metrics; + } + when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool and matrix_nginx_proxy_enabled | bool + +- name: Register prometheus-nginxlog-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/nginxlog) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_prometheus_nginxlog_exporter_matrix_nginx_proxy_metrics_configuration_matrix_domain] + }} + when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/main.yml new file mode 100644 index 000000000..b205dec36 --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- block: + - when: matrix_prometheus_nginxlog_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + tags: + - setup-all + - setup-prometheus-nginxlog-exporter + - install-all + - install-prometheus-nginxlog-exporter + +- block: + - when: matrix_prometheus_nginxlog_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_prometheus_nginxlog_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-prometheus-nginxlog-exporter + - install-all + - install-prometheus-nginxlog-exporter + +- block: + - when: not matrix_prometheus_nginxlog_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + tags: + - setup-all + - setup-prometheus-nginxlog-exporter diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml new file mode 100644 index 000000000..9b2ac3e60 --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_install.yml @@ -0,0 +1,47 @@ +--- + +- name: Ensure matrix-prometheus-nginxlog-exporter image is pulled + community.docker.docker_image: + name: "{{ matrix_prometheus_nginxlog_exporter_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_prometheus_nginxlog_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_nginxlog_exporter_docker_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure prometheus-nginxlog-exporter paths exists + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_prometheus_nginxlog_exporter_base_path }}" + - "{{ matrix_prometheus_nginxlog_exporter_config_path }}" + +- name: Ensure prometheus-nginxlog-exporter.yaml present + ansible.builtin.template: + src: "{{ role_path }}/templates/prometheus-nginxlog-exporter.yaml.j2" + dest: "{{ matrix_prometheus_nginxlog_exporter_config_path }}/prometheus-nginxlog-exporter.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure grafana dashboard is installed + ansible.builtin.template: + src: "{{ role_path }}/templates/nginx-proxy.json" + dest: "{{ matrix_grafana_config_path }}/dashboards/" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + when: matrix_grafana_enabled + +- name: Ensure matrix-prometheus-nginxlog-exporter.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service" + mode: 0644 + register: matrix_prometheus_nginxlog_exporter_systemd_service_result diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml new file mode 100644 index 000000000..c0d0a8338 --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/setup_uninstall.yml @@ -0,0 +1,39 @@ +--- + +- name: Check existence of matrix-prometheus-nginxlog-exporter service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service" + register: matrix_prometheus_nginxlog_exporter_service_stat + +- when: matrix_prometheus_nginxlog_exporter_service_stat.stat.exists | bool + block: + - name: Fail when not cleaning up nginx and prometheus configs + ansible.builtin.fail: + msg: > + This role has added to configs in 'matrix-nginx-proxy', 'matrix-synapse-reverse-proxy-companion' and 'matrix-prometheus'. + Running 'setup-synapse-reverse-proxy-companion' WILL NOT remove those settings from those roles. + Run the playbook again with the `setup-all` tag or all three 'setup-nginx-proxy,setup-synapse-reverse-proxy-companion,setup-prometheus' tags while + 'matrix_prometheus_enabled: false' to rebuild their configs. + when: not ('setup-all' in ansible_run_tags or ('setup-nginx-proxy' in ansible_run_tags and 'setup-synapse-reverse-proxy-companion' in ansible_run_tags and 'setup-prometheus' in ansible_run_tags)) + + - name: Ensure matrix-prometheus-nginxlog-exporter is stopped + ansible.builtin.service: + name: matrix-prometheus-nginxlog-exporter + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-prometheus-nginxlog-exporter.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-nginxlog-exporter.service" + state: absent + + - name: Ensure matrix-prometheus-nginxlog-exporter paths don't exist + ansible.builtin.file: + path: "{{ matrix_prometheus_nginxlog_exporter_base_path }}" + state: absent + + - name: Ensure matrix-prometheus-nginxlog-exporter grafana dashboard doesn't exist + ansible.builtin.file: + path: "{{ matrix_grafana_config_path }}/dashboards/nginx-proxy.json" + state: absent diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml new file mode 100644 index 000000000..a8eccaeed --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml @@ -0,0 +1,32 @@ +--- + +- name: Fail if Prometheus not enabled + ansible.builtin.fail: + msg: > + You need to set `matrix_prometheus_enabled: true` or configure an external Prometheus database + as this roles requires Prometheus for data storage. + when: not matrix_prometheus_enabled and not matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled + +- name: Fail if docker image not availble for arch + ansible.builtin.fail: + msg: > + 'prometheus-nginxlog-exporter' docker image is not available for your arch '{{ matrix_architecture }}'. + + We currently do not support building an image using this playbook. + + You can use a custom-build image by setting + 'matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false' + 'matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag' + + or disable 'prometheus-nginxlog-exporter' by setting + 'matrix_prometheus_nginxlog_exporter: false' + + in vars.yml + when: matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled and matrix_architecture not in matrix_prometheus_nginxlog_exporter_docker_image_arch + + +- name: Fail if nginx-proxy is not set to proxy metrics while prometheus-nginxlog-exporter is + ansible.builtin.fail: + msg: > + 'matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled' is set but 'matrix_nginx_proxy_proxy_matrix_metrics_enabled' is not + when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool and not matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json new file mode 100644 index 000000000..395314fd7 --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json @@ -0,0 +1,1705 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.3.1" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 5, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 23, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 20, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"1.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "1xx by upstream addr[$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 21, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"1.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": true, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "1xx by uri [$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 18, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"2.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "2xx by upstream addr[$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 19, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"2.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": true, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "2xx by uri [$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 17 + }, + "id": 16, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"3.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "3xx by upstream addr[$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 17 + }, + "id": 17, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"3.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": true, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "3xx by uri [$request_host]", + "type": "timeseries" + } + ], + "title": "1xx - 2xx - 3xx Status Code .....................................................", + "type": "row" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 2, + "panels": [], + "title": "4xx Status Code ......................................................................", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 2 + }, + "id": 9, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"404\", request_host=~\"$request_host\"}[$__rate_interval]))", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "404 by upstream addr[$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 2 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"404\", request_host=~\"$request_host\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": true, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "404 by uri [$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 10 + }, + "id": 14, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"4.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "4xx by upstream addr[$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 10 + }, + "id": 15, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"4.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": true, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "4xx by uri [$request_host]", + "type": "timeseries" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 8, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 3 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "expr": "sum by(http_x_forwarded_for, status) (rate(http_response_count_total{status=~\"504|502\", request_host=~\"$request_host\"}[$__rate_interval]))", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "502-504 by upstream addr[$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 3 + }, + "id": 11, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum by(request_host, status) (rate(http_response_count_total{status=~\"504|502\", request_host=~\"$request_host\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": true, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "502-504 by host [$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 12, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"5.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "5xx by upstream addr[$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 13, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum by(request_host) (rate(http_response_count_total{status=~\"5.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": true, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "5xx by uri [$request_host]", + "type": "timeseries" + } + ], + "title": "5xx Status Code ......................................................................", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 27, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 4 + }, + "id": 24, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"[6-9]{1}.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "6xx > by upstream addr[$request_host]", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 4 + }, + "id": 25, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum by(request_uri) (rate(http_response_count_total{status=~\"[6-9]{1}.*\", request_host=~\"$request_host\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": true, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "6xx > by uri [$request_host]", + "type": "timeseries" + } + ], + "title": "6xx > Status Code ...................................................................", + "type": "row" + } + ], + "refresh": "30s", + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(http_response_count_total, request_host)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "request_host", + "options": [], + "query": { + "query": "label_values(http_response_count_total, request_host)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "NGINX PROXY", + "uid": "x2_jWNF4k", + "version": 12, + "weekStart": "" +} \ No newline at end of file diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2 b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2 new file mode 100644 index 000000000..38db07eb8 --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2 @@ -0,0 +1,57 @@ +listen: + port: {{ matrix_prometheus_nginxlog_exporter_container_metrics_port }} + address: "0.0.0.0" + metrics_endpoint: "/metrics" + +namespaces: + - name: matrix + metrics_override: + preffix: "myprefix" + namespace_label: "namespace" + format: "$log_source $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] $host \"$request\" $status \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"" + # enable to print to console + # print_log: true + source: + syslog: + listen_address: "udp://0.0.0.0:{{ matrix_prometheus_nginxlog_exporter_container_syslog_port }}" + # format options: "rfc3164" ,"rfc5424", "rfc6587", "auto" + format: auto + tags: ["matrix_nginx_proxy", "matrix_nginx_proxy_companion"] + relabel_configs: + - target_label: request_uri + from: request + split: 2 + separator: ' ' + matches: + - regexp: "^([^\\?]+)/(public|bundles|fonts|img|themes|vector-icons|element-icons|d|media).*" + replacement: "$1/$2/" + - regexp: "^([^\\?]+).*/rooms/.*/(event|read_markers|messages|receipt|state|typing|members).*" + replacement: "$1/rooms/:roomid:/$2" + - regexp: "^([^\\?]+).*/(r0|v3)/(sync|pushers|keys|devices|download|sendtodevice).*" + replacement: "$1/:v:/$3" + - regexp: "^([^\\?]+).*/rooms/(.*)/send/(.*)" + replacement: "$1/rooms/:roomid:/send/:command:/:id:" + - regexp: "^([^\\?]+).*/client/unstable/.*" + replacement: "$1/client/unstable/:matrixspec:" + - regexp: "^([^\\?]+).*/presence/.*" + replacement: "$1/presence/:userid:" + - regexp: "^([^\\?]+).*/user/.*" + replacement: "$1/user/:userid:" + - regexp: "^([^\\?]+).*/profile/.*" + replacement: "$1/profile/:userid:" + - regexp: "^([^\\?]+).*/directory/room/.*" + replacement: "$1/directory/room/:roomid:" + - regexp: "^([^\\?]+).*/thumbnail/.*" + replacement: "$1/thumbnail/:domain:/:mxid:" + - regexp: "^([^\\?]+)(.*)" + replacement: "$1" + - target_label: remote_addr + from: remote_addr + - target_label: server_name + from: server_name + - target_label: http_x_forwarded_for + from: http_x_forwarded_for + - target_label: request_host + from: host + - target_label: log_source + from: log_source \ No newline at end of file diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2 b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2 new file mode 100644 index 000000000..e799380e3 --- /dev/null +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/templates/systemd/matrix-prometheus-nginxlog-exporter.service.j2 @@ -0,0 +1,46 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description={{ matrix_prometheus_nginxlog_exporter_container_hostname }} +{% for service in matrix_prometheus_nginxlog_exporter_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_prometheus_nginxlog_exporter_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' + + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_prometheus_nginxlog_exporter_container_hostname }} \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + {% if matrix_prometheus_nginxlog_exporter_container_http_host_bind_port %} + -p {{ matrix_prometheus_nginxlog_exporter_container_http_host_bind_port }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port }} \ + {% endif %} + {% if matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port %} + -p {{ matrix_prometheus_nginxlog_exporter_container_syslog_host_bind_port }}:{{ matrix_prometheus_nginxlog_exporter_container_syslog_port }}/udp \ + {% endif %} + -v {{ matrix_prometheus_nginxlog_exporter_config_path }}:/etc/prometheus-nginxlog-exporter:z \ + {% for arg in matrix_prometheus_nginxlog_exporter_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_prometheus_nginxlog_exporter_docker_image }} \ + -config-file /etc/prometheus-nginxlog-exporter/prometheus-nginxlog-exporter.yaml + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_prometheus_nginxlog_exporter_container_hostname }} 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier={{ matrix_prometheus_nginxlog_exporter_container_hostname }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml index 9b89519c5..070e86164 100644 --- a/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_node_exporter_enabled: false -matrix_prometheus_node_exporter_version: v1.4.0 +matrix_prometheus_node_exporter_version: v1.5.0 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml deleted file mode 100644 index 460ab1373..000000000 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" - when: matrix_prometheus_node_exporter_enabled | bool - -- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) - ansible.builtin.set_fact: - matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | - location /metrics/node-exporter { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-prometheus-node-exporter:9100"; - proxy_pass http://$backend/metrics; - {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} - proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } - - - name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] - }} diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..24e05ed8d --- /dev/null +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,35 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + ansible.builtin.set_fact: + matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | + location /metrics/node-exporter { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-node-exporter:9100"; + proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + +- name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml index 81b0c7022..6a0cd8307 100644 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml @@ -1,10 +1,26 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" +- block: + - when: matrix_prometheus_node_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-prometheus-node-exporter + - install-all + - install-prometheus-node-exporter + +- block: + - when: not matrix_prometheus_node_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-prometheus-node-exporter diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml deleted file mode 100644 index 0b0c5704a..000000000 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- - -# -# Tasks related to setting up matrix-prometheus-node-exporter -# - -- name: Ensure matrix-prometheus-node-exporter image is pulled - community.docker.docker_image: - name: "{{ matrix_prometheus_node_exporter_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" - when: "matrix_prometheus_node_exporter_enabled | bool" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure matrix-prometheus-node-exporter.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" - mode: 0644 - register: matrix_prometheus_node_exporter_systemd_service_result - when: matrix_prometheus_node_exporter_enabled | bool - -- name: Ensure systemd reloaded after matrix-prometheus.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-prometheus-node-exporter (if it was previously enabled) -# - -- name: Check existence of matrix-prometheus-node-exporter service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" - register: matrix_prometheus_node_exporter_service_stat - -- name: Ensure matrix-prometheus-node-exporter is stopped - ansible.builtin.service: - name: matrix-prometheus-node-exporter - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - -- name: Ensure matrix-prometheus-node-exporter.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" - state: absent - when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-prometheus-node-exporter.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml new file mode 100644 index 000000000..3c0af96b9 --- /dev/null +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml @@ -0,0 +1,19 @@ +--- + +- name: Ensure matrix-prometheus-node-exporter image is pulled + community.docker.docker_image: + name: "{{ matrix_prometheus_node_exporter_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-prometheus-node-exporter.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" + mode: 0644 + register: matrix_prometheus_node_exporter_systemd_service_result diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml new file mode 100644 index 000000000..b5ef4f0f7 --- /dev/null +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml @@ -0,0 +1,20 @@ +--- + +- name: Check existence of matrix-prometheus-node-exporter service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" + register: matrix_prometheus_node_exporter_service_stat + +- when: matrix_prometheus_node_exporter_service_stat.stat.exists | bool + block: + - name: Ensure matrix-prometheus-node-exporter is stopped + ansible.builtin.service: + name: matrix-prometheus-node-exporter + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-prometheus-node-exporter.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" + state: absent diff --git a/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml index f0cbfede9..5fc8e9196 100644 --- a/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -24,7 +24,7 @@ matrix_prometheus_postgres_exporter_systemd_wanted_services_list: [] # details for connecting to the database matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter' matrix_prometheus_postgres_exporter_database_password: 'some-password' -matrix_prometheus_postgres_exporter_database_hostname: 'matrix-postgres' +matrix_prometheus_postgres_exporter_database_hostname: '' matrix_prometheus_postgres_exporter_database_port: 5432 matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml deleted file mode 100644 index 20333dce6..000000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" - when: matrix_prometheus_postgres_exporter_enabled | bool - -- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) - ansible.builtin.set_fact: - matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | - location /metrics/postgres-exporter { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-prometheus-postgres-exporter:9187"; - proxy_pass http://$backend/metrics; - {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} - proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } - - - name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] - }} diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..121efc17b --- /dev/null +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,35 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + ansible.builtin.set_fact: + matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | + location /metrics/postgres-exporter { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-prometheus-postgres-exporter:9187"; + proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + +- name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml index 434735877..7ff6d15ae 100644 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml @@ -1,10 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_metrics_proxying_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" +- block: + - when: matrix_prometheus_postgres_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_prometheus_postgres_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-prometheus-postgres-exporter + - install-all + - install-prometheus-postgres-exporter + +- block: + - when: not matrix_prometheus_postgres_exporter_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-prometheus-postgres-exporter diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml deleted file mode 100644 index 1ab157994..000000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- - -# -# Tasks related to setting up matrix-prometheus-postgres-exporter -# - -- name: Ensure matrix-prometheus-postgres-exporter image is pulled - community.docker.docker_image: - name: "{{ matrix_prometheus_postgres_exporter_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" - when: "matrix_prometheus_postgres_exporter_enabled | bool" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure matrix-prometheus-postgres-exporter.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" - mode: 0644 - register: matrix_prometheus_postgres_exporter_systemd_service_result - when: matrix_prometheus_postgres_exporter_enabled | bool - -- name: Ensure systemd reloaded after matrix-prometheus.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-prometheus-postgres-exporter (if it was previously enabled) -# - -- name: Check existence of matrix-prometheus-postgres-exporter service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" - register: matrix_prometheus_postgres_exporter_service_stat - -- name: Ensure matrix-prometheus-postgres-exporter is stopped - ansible.builtin.service: - name: matrix-prometheus-postgres-exporter - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" - -- name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" - state: absent - when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-prometheus-postgres-exporter.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml new file mode 100644 index 000000000..ee0f9bef7 --- /dev/null +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml @@ -0,0 +1,19 @@ +--- + +- name: Ensure matrix-prometheus-postgres-exporter image is pulled + community.docker.docker_image: + name: "{{ matrix_prometheus_postgres_exporter_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-prometheus-postgres-exporter.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" + mode: 0644 + register: matrix_prometheus_postgres_exporter_systemd_service_result diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml new file mode 100644 index 000000000..bdf720428 --- /dev/null +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml @@ -0,0 +1,20 @@ +--- + +- name: Check existence of matrix-prometheus-postgres-exporter service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" + register: matrix_prometheus_postgres_exporter_service_stat + +- when: matrix_prometheus_postgres_exporter_service_stat.stat.exists | bool + block: + - name: Ensure matrix-prometheus-postgres-exporter is stopped + ansible.builtin.service: + name: matrix-prometheus-postgres-exporter + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" + state: absent diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml new file mode 100644 index 000000000..6acf784f2 --- /dev/null +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required prometheus-postgres-exporter settings not defined + ansible.builtin.fail: + msg: > + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - matrix_prometheus_postgres_exporter_database_hostname diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml index adc903872..5216ccd74 100644 --- a/roles/custom/matrix-prometheus/defaults/main.yml +++ b/roles/custom/matrix-prometheus/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.40.1 +matrix_prometheus_version: v2.41.0 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-prometheus/tasks/init.yml b/roles/custom/matrix-prometheus/tasks/init.yml deleted file mode 100644 index 298536730..000000000 --- a/roles/custom/matrix-prometheus/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus.service'] }}" - when: matrix_prometheus_enabled | bool diff --git a/roles/custom/matrix-prometheus/tasks/main.yml b/roles/custom/matrix-prometheus/tasks/main.yml index 1a5a37089..59371d4d4 100644 --- a/roles/custom/matrix-prometheus/tasks/main.yml +++ b/roles/custom/matrix-prometheus/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_prometheus_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_prometheus_enabled | bool" + - when: matrix_prometheus_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-prometheus + - install-all + - install-prometheus -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_prometheus_enabled | bool" - tags: - - setup-all - - setup-prometheus - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_prometheus_enabled | bool" +- block: + - when: not matrix_prometheus_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-prometheus diff --git a/roles/custom/matrix-prometheus/tasks/setup_install.yml b/roles/custom/matrix-prometheus/tasks/setup_install.yml index 8c18ce664..1d3d66694 100644 --- a/roles/custom/matrix-prometheus/tasks/setup_install.yml +++ b/roles/custom/matrix-prometheus/tasks/setup_install.yml @@ -50,9 +50,3 @@ src: "{{ role_path }}/templates/systemd/matrix-prometheus.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" mode: 0644 - register: matrix_prometheus_systemd_service_result - -- name: Ensure systemd reloaded after matrix-prometheus.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_prometheus_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml index 5fe145fc3..9d13d2160 100644 --- a/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml @@ -5,22 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" register: matrix_prometheus_service_stat -- name: Ensure matrix-prometheus is stopped - ansible.builtin.service: - name: matrix-prometheus - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_prometheus_service_stat.stat.exists | bool" +- when: matrix_prometheus_service_stat.stat.exists | bool + block: + - name: Ensure matrix-prometheus is stopped + ansible.builtin.service: + name: matrix-prometheus + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-prometheus.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" - state: absent - when: "matrix_prometheus_service_stat.stat.exists | bool" - -- name: Ensure systemd reloaded after matrix-prometheus.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_prometheus_service_stat.stat.exists | bool" + - name: Ensure matrix-prometheus.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" + state: absent diff --git a/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 b/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 index 83ae8a9a1..6ed7cd922 100644 --- a/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 +++ b/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 @@ -64,3 +64,10 @@ scrape_configs: static_configs: - targets: {{ matrix_prometheus_scraper_hookshot_targets|to_json }} {% endif %} + + {% if matrix_prometheus_scraper_nginxlog_enabled %} + - job_name: nginxlog + static_configs: + - targets: + - {{ matrix_prometheus_scraper_nginxlog_server_port}} + {% endif %} diff --git a/roles/custom/matrix-redis/defaults/main.yml b/roles/custom/matrix-redis/defaults/main.yml index 4eefbce4c..779ec3a30 100644 --- a/roles/custom/matrix-redis/defaults/main.yml +++ b/roles/custom/matrix-redis/defaults/main.yml @@ -8,7 +8,7 @@ matrix_redis_connection_password: "" matrix_redis_base_path: "{{ matrix_base_data_path }}/redis" matrix_redis_data_path: "{{ matrix_redis_base_path }}/data" -matrix_redis_version: 7.0.4-alpine +matrix_redis_version: 7.0.7-alpine matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}" matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}" matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}' diff --git a/roles/custom/matrix-redis/tasks/init.yml b/roles/custom/matrix-redis/tasks/init.yml deleted file mode 100644 index 00154b336..000000000 --- a/roles/custom/matrix-redis/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-redis'] }}" - when: matrix_redis_enabled | bool diff --git a/roles/custom/matrix-redis/tasks/main.yml b/roles/custom/matrix-redis/tasks/main.yml index 1bcac7d6a..296400059 100644 --- a/roles/custom/matrix-redis/tasks/main.yml +++ b/roles/custom/matrix-redis/tasks/main.yml @@ -1,11 +1,17 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_redis.yml" - when: run_setup | bool +- block: + - when: matrix_redis_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-redis + - install-all + - install-redis + +- block: + - when: not matrix_redis_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-redis diff --git a/roles/custom/matrix-redis/tasks/setup_install.yml b/roles/custom/matrix-redis/tasks/setup_install.yml new file mode 100644 index 000000000..1384c042c --- /dev/null +++ b/roles/custom/matrix-redis/tasks/setup_install.yml @@ -0,0 +1,49 @@ +--- + +- name: Ensure redis Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_redis_docker_image_to_use }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure redis paths exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: 0700 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_redis_base_path }}" + - "{{ matrix_redis_data_path }}" + +# We do this as a separate task, because: +# - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is) +# - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true +- name: Ensure redis data path ownership is correct + ansible.builtin.file: + path: "{{ matrix_redis_data_path }}" + state: directory + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + recurse: true + +- name: Ensure redis environment variables file created + ansible.builtin.template: + src: "{{ role_path }}/templates/{{ item }}.j2" + dest: "{{ matrix_redis_base_path }}/{{ item }}" + mode: 0644 + with_items: + - "redis.conf" + +- name: Ensure matrix-redis.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" + mode: 0644 + register: matrix_redis_systemd_service_result diff --git a/roles/custom/matrix-redis/tasks/setup_redis.yml b/roles/custom/matrix-redis/tasks/setup_redis.yml deleted file mode 100644 index b1b4c0b5c..000000000 --- a/roles/custom/matrix-redis/tasks/setup_redis.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- - -# -# Tasks related to setting up an internal redis server -# - -- name: Ensure redis Docker image is pulled - community.docker.docker_image: - name: "{{ matrix_redis_docker_image_to_use }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" - when: matrix_redis_enabled | bool - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure redis paths exist - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: 0700 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_username }}" - with_items: - - "{{ matrix_redis_base_path }}" - - "{{ matrix_redis_data_path }}" - when: matrix_redis_enabled | bool - -# We do this as a separate task, because: -# - we'd like to do it for the data path only, not for the base path (which contains root-owned environment variable files we'd like to leave as-is) -# - we need to do it without `mode`, or we risk making certain `.conf` and other files's executable bit to flip to true -- name: Ensure redis data path ownership is correct - ansible.builtin.file: - path: "{{ matrix_redis_data_path }}" - state: directory - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_username }}" - recurse: true - when: matrix_redis_enabled | bool - -- name: Ensure redis environment variables file created - ansible.builtin.template: - src: "{{ role_path }}/templates/{{ item }}.j2" - dest: "{{ matrix_redis_base_path }}/{{ item }}" - mode: 0644 - with_items: - - "redis.conf" - when: matrix_redis_enabled | bool - -- name: Ensure matrix-redis.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" - mode: 0644 - register: matrix_redis_systemd_service_result - when: matrix_redis_enabled | bool - -- name: Ensure systemd reloaded after matrix-redis.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_redis_enabled | bool and matrix_redis_systemd_service_result.changed" - -# -# Tasks related to getting rid of the internal redis server (if it was previously enabled) -# - -- name: Check existence of matrix-redis service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" - register: matrix_redis_service_stat - when: "not matrix_redis_enabled | bool" - -- name: Ensure matrix-redis is stopped - ansible.builtin.service: - name: matrix-redis - state: stopped - enabled: false - daemon_reload: true - when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists" - -- name: Ensure matrix-redis.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" - state: absent - when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-redis.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists" - -- name: Check existence of matrix-redis local data path - ansible.builtin.stat: - path: "{{ matrix_redis_data_path }}" - register: matrix_redis_data_path_stat - when: "not matrix_redis_enabled | bool" - -# We just want to notify the user. Deleting data is too destructive. -- name: Notify if matrix-redis local data remains - ansible.builtin.debug: - msg: "Note: You are not using a local redis instance, but some old data remains from before in `{{ matrix_redis_data_path }}`. Feel free to delete it." - when: "not matrix_redis_enabled | bool and matrix_redis_data_path_stat.stat.exists" diff --git a/roles/custom/matrix-redis/tasks/setup_uninstall.yml b/roles/custom/matrix-redis/tasks/setup_uninstall.yml new file mode 100644 index 000000000..e2bbc9e44 --- /dev/null +++ b/roles/custom/matrix-redis/tasks/setup_uninstall.yml @@ -0,0 +1,31 @@ +--- + +- name: Check existence of matrix-redis service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" + register: matrix_redis_service_stat + +- when: matrix_redis_service_stat.stat.exists | bool + block: + - name: Ensure matrix-redis is stopped + ansible.builtin.service: + name: matrix-redis + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-redis.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" + state: absent + +- name: Check existence of matrix-redis local data path + ansible.builtin.stat: + path: "{{ matrix_redis_data_path }}" + register: matrix_redis_data_path_stat + +# We just want to notify the user. Deleting data is too destructive. +- name: Notify if matrix-redis local data remains + ansible.builtin.debug: + msg: "Note: You are not using a local redis instance, but some old data remains from before in `{{ matrix_redis_data_path }}`. Feel free to delete it." + when: matrix_redis_data_path_stat.stat.exists | bool diff --git a/roles/custom/matrix-registration/defaults/main.yml b/roles/custom/matrix-registration/defaults/main.yml index 1e53ae982..c7a45fad0 100644 --- a/roles/custom/matrix-registration/defaults/main.yml +++ b/roles/custom/matrix-registration/defaults/main.yml @@ -52,7 +52,7 @@ matrix_registration_sqlite_database_path_in_container: "/data/db.sqlite3" matrix_registration_database_username: 'matrix_registration' matrix_registration_database_password: 'some-password' -matrix_registration_database_hostname: 'matrix-postgres' +matrix_registration_database_hostname: '' matrix_registration_database_port: 5432 matrix_registration_database_name: 'matrix_registration' diff --git a/roles/custom/matrix-registration/tasks/init.yml b/roles/custom/matrix-registration/tasks/init.yml deleted file mode 100644 index 2b43dffdf..000000000 --- a/roles/custom/matrix-registration/tasks/init.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Matrix Registration image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_registration_container_image_self_build and matrix_registration_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}" - when: matrix_registration_enabled | bool - -- when: matrix_registration_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-registration role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate matrix-registration proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_registration_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; - rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; - - location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-registration:5000"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8767/$1; - {% endif %} - - {# - Workaround matrix-registration serving the background image at /static - (see https://github.com/ZerataX/matrix-registration/issues/47) - #} - sub_filter_once off; - sub_filter_types text/css; - sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; - } - - - name: Register matrix-registration proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_registration_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}` - URL endpoint to the matrix-registration container. - You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable. - when: "matrix_registration_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..ac8f4c96a --- /dev/null +++ b/roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,55 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-registration role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate matrix-registration proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_registration_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent; + rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect; + + location ~ ^{{ matrix_registration_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-registration:5000"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8767/$1; + {% endif %} + + {# + Workaround matrix-registration serving the background image at /static + (see https://github.com/ZerataX/matrix-registration/issues/47) + #} + sub_filter_once off; + sub_filter_types text/css; + sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/"; + } + +- name: Register matrix-registration proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_registration_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}` + URL endpoint to the matrix-registration container. + You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-registration/tasks/main.yml b/roles/custom/matrix-registration/tasks/main.yml index 99b89e3da..bebcebc0b 100644 --- a/roles/custom/matrix-registration/tasks/main.yml +++ b/roles/custom/matrix-registration/tasks/main.yml @@ -1,33 +1,41 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_registration_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_registration_enabled | bool" +- block: + - when: matrix_registration_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_registration_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-matrix-registration + - install-all + - install-matrix-registration + +- block: + - when: not matrix_registration_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-matrix-registration -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup | bool and matrix_registration_enabled | bool" - tags: - - setup-all - - setup-matrix-registration - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup | bool and not matrix_registration_enabled | bool" - tags: - - setup-all - - setup-matrix-registration - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/generate_token.yml" - when: "run_setup | bool and matrix_registration_enabled | bool" +- block: + - when: matrix_registration_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/generate_token.yml" tags: - generate-matrix-registration-token -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/list_tokens.yml" - when: "run_setup | bool and matrix_registration_enabled | bool" +- block: + - when: matrix_registration_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/list_tokens.yml" tags: - list-matrix-registration-tokens diff --git a/roles/custom/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml index 04b2db3ef..9278f2ef8 100644 --- a/roles/custom/matrix-registration/tasks/setup_install.yml +++ b/roles/custom/matrix-registration/tasks/setup_install.yml @@ -12,8 +12,11 @@ - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_registration_sqlite_database_path_local }}" dst: "{{ matrix_registration_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -26,10 +29,6 @@ - ALTER TABLE tokens ALTER COLUMN ex_date TYPE TIMESTAMP WITHOUT TIME ZONE; additional_psql_statements_db_name: "{{ matrix_registration_database_name }}" - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_registration_requires_restart: true @@ -103,15 +102,10 @@ src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" mode: 0644 - register: matrix_registration_systemd_service_result - -- name: Ensure systemd reloaded after matrix-registration.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_registration_systemd_service_result.changed | bool" - name: Ensure matrix-registration.service restarted, if necessary ansible.builtin.service: name: "matrix-registration.service" state: restarted + daemon_reload: true when: "matrix_registration_requires_restart | bool" diff --git a/roles/custom/matrix-registration/tasks/setup_uninstall.yml b/roles/custom/matrix-registration/tasks/setup_uninstall.yml index 623db421e..97c144358 100644 --- a/roles/custom/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-registration/tasks/setup_uninstall.yml @@ -5,27 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" register: matrix_registration_service_stat -- name: Ensure matrix-registration is stopped - ansible.builtin.service: - name: matrix-registration - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_registration_service_stat.stat.exists | bool" +- when: matrix_registration_service_stat.stat.exists | bool + block: + - name: Ensure matrix-registration is stopped + ansible.builtin.service: + name: matrix-registration + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-registration.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" - state: absent - when: "matrix_registration_service_stat.stat.exists | bool" - -- name: Ensure systemd reloaded after matrix-registration.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_registration_service_stat.stat.exists | bool" - -- name: Ensure matrix-registration Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_registration_docker_image }}" - state: absent + - name: Ensure matrix-registration.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" + state: absent diff --git a/roles/custom/matrix-registration/tasks/validate_config.yml b/roles/custom/matrix-registration/tasks/validate_config.yml index eb140d31e..167c7c5c7 100644 --- a/roles/custom/matrix-registration/tasks/validate_config.yml +++ b/roles/custom/matrix-registration/tasks/validate_config.yml @@ -3,12 +3,13 @@ - name: Fail if required matrix-registration settings not defined ansible.builtin.fail: msg: > - You need to define a required configuration setting (`{{ item }}`) for using matrix-registration. - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_registration_shared_secret" - - "matrix_registration_admin_secret" - - "matrix_registration_server_location" + - {'name': 'matrix_registration_shared_secret', when: true} + - {'name': 'matrix_registration_admin_secret', when: true} + - {'name': 'matrix_registration_server_location', when: true} + - {'name': 'matrix_registration_database_hostname', when: "{{ matrix_registration_database_engine == 'postgres' }}"} - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: diff --git a/roles/custom/matrix-sygnal/tasks/init.yml b/roles/custom/matrix-sygnal/tasks/init.yml deleted file mode 100644 index dae7a299c..000000000 --- a/roles/custom/matrix-sygnal/tasks/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sygnal.service'] }}" - when: matrix_sygnal_enabled | bool diff --git a/roles/custom/matrix-sygnal/tasks/main.yml b/roles/custom/matrix-sygnal/tasks/main.yml index b001bb825..ed8015262 100644 --- a/roles/custom/matrix-sygnal/tasks/main.yml +++ b/roles/custom/matrix-sygnal/tasks/main.yml @@ -1,23 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always +- block: + - when: matrix_sygnal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup | bool + - when: matrix_sygnal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-sygnal + - install-all + - install-sygnal -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: run_setup | bool and matrix_sygnal_enabled | bool - tags: - - setup-all - - setup-sygnal - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup | bool and not matrix_sygnal_enabled | bool +- block: + - when: not matrix_sygnal_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-sygnal diff --git a/roles/custom/matrix-sygnal/tasks/setup_install.yml b/roles/custom/matrix-sygnal/tasks/setup_install.yml index 27424314f..7c9caf38e 100644 --- a/roles/custom/matrix-sygnal/tasks/setup_install.yml +++ b/roles/custom/matrix-sygnal/tasks/setup_install.yml @@ -36,9 +36,3 @@ src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" mode: 0644 - register: matrix_sygnal_systemd_service_result - -- name: Ensure systemd reloaded after matrix-sygnal.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_sygnal_systemd_service_result.changed | bool" diff --git a/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml b/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml index e398f7a99..5f01daf1f 100644 --- a/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" register: matrix_sygnal_service_stat -- name: Ensure matrix-sygnal is stopped - ansible.builtin.service: - name: matrix-sygnal - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_sygnal_service_stat.stat.exists | bool" +- when: matrix_sygnal_service_stat.stat.exists | bool + block: + - name: Ensure matrix-sygnal is stopped + ansible.builtin.service: + name: matrix-sygnal + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-sygnal.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" - state: absent - when: "matrix_sygnal_service_stat.stat.exists | bool" + - name: Ensure matrix-sygnal.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" + state: absent -- name: Ensure systemd reloaded after matrix-sygnal.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_sygnal_service_stat.stat.exists | bool" - -- name: Ensure Sygnal base directory doesn't exist - ansible.builtin.file: - path: "{{ matrix_sygnal_base_path }}" - state: absent - -- name: Ensure Sygnal Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_sygnal_docker_image }}" - state: absent + - name: Ensure Sygnal base directory doesn't exist + ansible.builtin.file: + path: "{{ matrix_sygnal_base_path }}" + state: absent diff --git a/roles/custom/matrix-synapse-admin/tasks/init.yml b/roles/custom/matrix-synapse-admin/tasks/init.yml deleted file mode 100644 index c2b2d05f2..000000000 --- a/roles/custom/matrix-synapse-admin/tasks/init.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Synapse Admin image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_admin_container_image_self_build and matrix_synapse_admin_enabled" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}" - when: matrix_synapse_admin_enabled | bool - -- when: matrix_synapse_admin_enabled | bool - tags: - - always - block: - - name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - - name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_synapse_admin_matrix_nginx_proxy_configuration: | - rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; - - location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-admin:80"; - proxy_pass http://$backend/$1; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:8766/$1; - {% endif %} - } - - - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) - + - [matrix_synapse_admin_matrix_nginx_proxy_configuration] - }} - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` - URL endpoint to the matrix-synapse-admin container. - You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. - when: "matrix_synapse_admin_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 000000000..6a4af859c --- /dev/null +++ b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,46 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_synapse_admin_matrix_nginx_proxy_configuration: | + rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent; + + location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-synapse-admin:80"; + proxy_pass http://$backend/$1; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8766/$1; + {% endif %} + } + +- name: Register Synapse Admin proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_synapse_admin_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` + URL endpoint to the matrix-synapse-admin container. + You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-synapse-admin/tasks/main.yml b/roles/custom/matrix-synapse-admin/tasks/main.yml index 0c6bd942c..0b1664cf1 100644 --- a/roles/custom/matrix-synapse-admin/tasks/main.yml +++ b/roles/custom/matrix-synapse-admin/tasks/main.yml @@ -1,16 +1,29 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_synapse_admin_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" tags: - - always + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup | bool +- block: + - when: matrix_synapse_admin_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_synapse_admin_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-synapse-admin + - install-all + - install-synapse-admin -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" +- block: + - when: not matrix_synapse_admin_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-synapse-admin diff --git a/roles/custom/matrix-synapse-admin/tasks/setup.yml b/roles/custom/matrix-synapse-admin/tasks/setup_install.yml similarity index 50% rename from roles/custom/matrix-synapse-admin/tasks/setup.yml rename to roles/custom/matrix-synapse-admin/tasks/setup_install.yml index 56cee4987..57e591486 100644 --- a/roles/custom/matrix-synapse-admin/tasks/setup.yml +++ b/roles/custom/matrix-synapse-admin/tasks/setup_install.yml @@ -1,16 +1,12 @@ --- -# -# Tasks related to setting up matrix-synapse-admin -# - - name: Ensure matrix-synapse-admin image is pulled community.docker.docker_image: name: "{{ matrix_synapse_admin_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" - when: "matrix_synapse_admin_enabled | bool and not matrix_synapse_admin_container_image_self_build | bool" + when: not matrix_synapse_admin_container_image_self_build | bool register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" @@ -25,7 +21,7 @@ become: true become_user: "{{ matrix_user_username }}" register: matrix_synapse_admin_git_pull_results - when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_container_image_self_build | bool" + when: matrix_synapse_admin_container_image_self_build | bool - name: Ensure matrix-synapse-admin Docker image is built community.docker.docker_image: @@ -37,7 +33,7 @@ dockerfile: Dockerfile path: "{{ matrix_synapse_admin_docker_src_files_path }}" pull: true - when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_container_image_self_build | bool" + when: matrix_synapse_admin_container_image_self_build | bool - name: Ensure matrix-synapse-admin.service installed ansible.builtin.template: @@ -45,44 +41,3 @@ dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" mode: 0644 register: matrix_synapse_admin_systemd_service_result - when: matrix_synapse_admin_enabled | bool - -- name: Ensure systemd reloaded after matrix-synapse-admin.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-synapse-admin (if it was previously enabled) -# - -- name: Check existence of matrix-synapse-admin service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" - register: matrix_synapse_admin_service_stat - -- name: Ensure matrix-synapse-admin is stopped - ansible.builtin.service: - name: matrix-synapse-admin - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" - -- name: Ensure matrix-synapse-admin.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" - state: absent - when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-synapse-admin.service removal - ansible.builtin.service: - daemon_reload: true - when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" - -- name: Ensure matrix-synapse-admin Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_synapse_admin_docker_image }}" - state: absent - when: "not matrix_synapse_admin_enabled | bool" diff --git a/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml new file mode 100644 index 000000000..3828b7359 --- /dev/null +++ b/roles/custom/matrix-synapse-admin/tasks/setup_uninstall.yml @@ -0,0 +1,20 @@ +--- + +- name: Check existence of matrix-synapse-admin service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" + register: matrix_synapse_admin_service_stat + +- when: matrix_synapse_admin_service_stat.stat.exists | bool + block: + - name: Ensure matrix-synapse-admin is stopped + ansible.builtin.service: + name: matrix-synapse-admin + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-synapse-admin.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" + state: absent diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml new file mode 100644 index 000000000..364cf2c7e --- /dev/null +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -0,0 +1,164 @@ +--- + +# matrix-synapse-reverse-proxy companion is a role which brings up a containerized nginx webserver which helps with reverse-proxying to Synapse. +# +# When Synapse is NOT running in worker-mode, reverse-proxying is relatively simple (everything goes to `matrix-synapse:XXXX`). +# +# When Synapse workers are enabled, however, the reverse-proxying configuration is much more complicated. +# Certain requests need to go to certain workers, etc. +# In the past, the main reverse proxy (`matrix-synapse-reverse-proxy-companion`) was handling request routing to the appropriate workers, +# but that only worked well for external requests (from outside of the Matrix server itself). +# +# Without the help of `matrix-synapse-reverse-proxy-companion`, internal services (like Dimension) that would like to talk to Synapse over the container network +# did not have an endpoint for Synapse that they could be pointed to and have it just work. +# If `matrix-synapse-reverse-proxy-companion` was enabled, Dimension could be pointed to its vhost handling Synapse and routing to the appropriate workers, +# but when `matrix-synapse-reverse-proxy-companion` was disabled, this helpful functionality was not available and the best we could do +# is point Dimension to the main Synapse process at `matrix-synapse:XXXX` itself. +# Doing that breaks requests that need to go to specific workers. +# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090 +# +# What this role does is, it extracts all the Synapse request routing out of the `matrix-synapse-reverse-proxy-companion` role here, +# and makes the `matrix-synapse-reverse-proxy-companion` container service represent Synapse and route appropriately, +# regardless of whether workers are enabled or disabled. +# All other playbook services can then forget about `matrix-synapse` or `matrix-synapse-whatever-worker`, etc., +# and just use `matrix-synapse-reverse-proxy-companion` as their request destination. + +matrix_synapse_reverse_proxy_companion_enabled: true + +matrix_synapse_reverse_proxy_companion_version: 1.23.3-alpine + +matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion" +matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d" + +# List of systemd services that matrix-synapse-reverse-proxy-companion.service depends on +matrix_synapse_reverse_proxy_companion_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-synapse-reverse-proxy-companion.service wants +matrix_synapse_reverse_proxy_companion_systemd_wanted_services_list: ['matrix-synapse.service'] + +# We use an official nginx image, which we fix-up to run unprivileged. +# An alternative would be an `nginxinc/nginx-unprivileged` image, but +# that is frequently out of date. +matrix_synapse_reverse_proxy_companion_container_image: "{{ matrix_container_global_registry_prefix }}nginx:{{ matrix_synapse_reverse_proxy_companion_version }}" +matrix_synapse_reverse_proxy_companion_container_image_force_pull: "{{ matrix_synapse_reverse_proxy_companion_container_image.endswith(':latest') }}" + +matrix_synapse_reverse_proxy_companion_container_network: "{{ matrix_docker_network }}" + +# A list of additional container networks that matrix-synapse-reverse-proxy-companion would be connected to. +# The playbook does not create these networks, so make sure they already exist. +# +# Use this to expose matrix-synapse-reverse-proxy-companion to another reverse proxy, which runs in a different container network, +# without exposing all other Matrix services to that other reverse-proxy. +# +# For background, see: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1498 +matrix_synapse_reverse_proxy_companion_container_additional_networks: [] + +# Controls whether the matrix-synapse-reverse-proxy-companion container exposes its HTTP Client-Server API port (tcp/8008 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8008"), or empty string to not expose. +matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port: '' + +# Controls whether the matrix-synapse-reverse-proxy-companion container exposes its HTTP Federation (Server-Server) API port (tcp/8048 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8048"), or empty string to not expose. +matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: '' + +# The amount of worker processes and connections +# Consider increasing these when you are expecting high amounts of traffic +# http://nginx.org/en/docs/ngx_core_module.html#worker_connections +matrix_synapse_reverse_proxy_companion_worker_processes: auto +matrix_synapse_reverse_proxy_companion_worker_connections: 1024 + +# Option to disable the access log +matrix_synapse_reverse_proxy_companion_access_log_enabled: true + +# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. +matrix_synapse_reverse_proxy_companion_tmp_directory_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb | int) * 50 }}" +matrix_synapse_reverse_proxy_companion_tmp_cache_directory_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb | int) * 2 }}" + +# A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf). +# for big matrixservers to enlarge the number of open files to prevent timeouts +# matrix_synapse_reverse_proxy_companion_additional_configuration_blocks: +# - 'worker_rlimit_nofile 30000;' +matrix_synapse_reverse_proxy_companion_additional_configuration_blocks: [] + +# A list of strings containing additional configuration blocks to add to the nginx event server configuration (nginx.conf). +matrix_synapse_reverse_proxy_companion_event_additional_configuration_blocks: [] + +# A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf). +matrix_synapse_reverse_proxy_companion_http_additional_server_configuration_blocks: [] + +# To increase request timeout in NGINX using proxy_read_timeout, proxy_connect_timeout, proxy_send_timeout, send_timeout directives +# Nginx Default: proxy_connect_timeout 60s; #Defines a timeout for establishing a connection with a proxied server +# Nginx Default: proxy_send_timeout 60s; #Sets a timeout for transmitting a request to the proxied server. +# Nginx Default: proxy_read_timeout 60s; #Defines a timeout for reading a response from the proxied server. +# Nginx Default: send_timeout 60s; #Sets a timeout for transmitting a response to the client. +# +# For more information visit: +# http://nginx.org/en/docs/http/ngx_http_proxy_module.html +# http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout +# https://www.nginx.com/resources/wiki/start/topics/examples/fullexample2/ +# +# Here we are sticking with nginx default values change this value carefully. +matrix_synapse_reverse_proxy_companion_proxy_connect_timeout: 60 +matrix_synapse_reverse_proxy_companion_proxy_send_timeout: 60 +matrix_synapse_reverse_proxy_companion_proxy_read_timeout: 60 +matrix_synapse_reverse_proxy_companion_send_timeout: 60 + +# For OCSP purposes, we need to define a resolver at the `server{}` level or `http{}` level (we do the latter). +# +# Otherwise, we get warnings like this: +# > [warn] 22#22: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/matrix/ssl/config/live/.../fullchain.pem" +# +# We point it to the internal Docker resolver, which likely delegates to nameservers defined in `/etc/resolv.conf`. +matrix_synapse_reverse_proxy_companion_http_level_resolver: 127.0.0.11 + +matrix_synapse_reverse_proxy_companion_hostname: "matrix-synapse-reverse-proxy-companion" + +# matrix_synapse_reverse_proxy_companion_client_api_addr specifies the address where the Client-Server API is +matrix_synapse_reverse_proxy_companion_client_api_addr: 'matrix-synapse:{{ matrix_synapse_container_client_api_port }}' +# This needs to be equal or higher than the maximum upload size accepted by Synapse. +matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb: 50 + +# matrix_synapse_reverse_proxy_companion_federation_api_enabled specifies whether reverse proxying for the Federation (Server-Server) API should be done +matrix_synapse_reverse_proxy_companion_federation_api_enabled: true +# matrix_synapse_reverse_proxy_companion_federation_api_addr specifies the address where the Federation (Server-Server) API is +matrix_synapse_reverse_proxy_companion_federation_api_addr: 'matrix-synapse:{{ matrix_synapse_container_federation_api_plain_port }}' +matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb: "{{ (matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb | int) * 3 }}" + +# A list of strings containing additional configuration blocks to add to the nginx vhost handling the Synapse Client-Server API +matrix_synapse_reverse_proxy_companion_synapse_client_api_additional_server_configuration_blocks: [] + +# A list of strings containing additional configuration blocks to add to the nginx vhost handling the Synapse Federation (Server-Server) API +matrix_synapse_reverse_proxy_companion_synapse_federation_api_additional_server_configuration_blocks: [] + + +# synapse worker activation and endpoint mappings +matrix_synapse_reverse_proxy_companion_synapse_workers_enabled: false +matrix_synapse_reverse_proxy_companion_synapse_workers_list: [] +matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations: [] +matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations: [] +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations: [] +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations: [] +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations: [] +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations: [] +matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations: [] +matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: [] +matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: [] + + +# synapse content caching +matrix_synapse_reverse_proxy_companion_synapse_cache_enabled: false +matrix_synapse_reverse_proxy_companion_synapse_cache_path: /tmp/synapse-cache +matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name: "STATIC" +matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_size: "10m" +matrix_synapse_reverse_proxy_companion_synapse_cache_inactive_time: "48h" +matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb: 1024 +matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time: "24h" + + +# Controls whether matrix-synapse-reverse-proxy-companion trusts an upstream server's X-Forwarded-Proto header. +# The `matrix-synapse-reverse-proxy-companion` does not terminate SSL and always expects to be fronted by another reverse-proxy server (`matrix-nginx-proxy`, etc.). +# As such, it trusts the protocol scheme forwarded by the upstream proxy. +matrix_synapse_reverse_proxy_companion_trust_forwarded_proto: true +matrix_synapse_reverse_proxy_companion_x_forwarded_proto_value: "{{ '$http_x_forwarded_proto' if matrix_synapse_reverse_proxy_companion_trust_forwarded_proto else '$scheme' }}" diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml new file mode 100644 index 000000000..0dba0b9c7 --- /dev/null +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- block: + - when: matrix_synapse_reverse_proxy_companion_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-synapse-reverse-proxy-companion + - setup-synapse + - install-all + - install-synapse-reverse-proxy-companion + - install-synapse + +- block: + - when: not matrix_synapse_reverse_proxy_companion_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse-reverse-proxy-companion + - setup-synapse diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml new file mode 100644 index 000000000..83c1e5e3c --- /dev/null +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_install.yml @@ -0,0 +1,44 @@ +--- + +- name: Ensure matrix-synapse-reverse-proxy-companion paths exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_synapse_reverse_proxy_companion_base_path }}" + - "{{ matrix_synapse_reverse_proxy_companion_confd_path }}" + +- name: Ensure matrix-synapse-reverse-proxy-companion configured + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + with_items: + - src: "{{ role_path }}/templates/nginx/nginx.conf.j2" + dest: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/nginx.conf" + - src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2" + dest: "{{ matrix_synapse_reverse_proxy_companion_confd_path }}/nginx-http.conf" + - src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2" + dest: "{{ matrix_synapse_reverse_proxy_companion_confd_path }}/matrix-synapse-reverse-proxy-companion.conf" + +- name: Ensure matrix-synapse-reverse-proxy-companion nginx container image is pulled + community.docker.docker_image: + name: "{{ matrix_synapse_reverse_proxy_companion_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_synapse_reverse_proxy_companion_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_reverse_proxy_companion_container_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-synapse-reverse-proxy-companion.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service" + mode: 0644 diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml new file mode 100644 index 000000000..bb1b534cf --- /dev/null +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-synapse-reverse-proxy-companion service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service" + register: matrix_synapse_reverse_proxy_companion_service_stat + +- when: matrix_synapse_reverse_proxy_companion_service_stat.stat.exists | bool + block: + - name: Ensure matrix-synapse-reverse-proxy-companion.service is stopped + ansible.builtin.service: + name: matrix_synapse_reverse_proxy_companion_service_stat + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-synapse-reverse-proxy-companion.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-reverse-proxy-companion.service" + state: absent + + - name: Ensure matrix-synapse-reverse-proxy-companion data deleted + ansible.builtin.file: + path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}" + state: absent diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 new file mode 100644 index 000000000..77f782285 --- /dev/null +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 @@ -0,0 +1,208 @@ +#jinja2: lstrip_blocks: "True" + +{% set generic_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} +{% set stream_writer_typing_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %} +{% set stream_writer_to_device_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %} +{% set stream_writer_account_data_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %} +{% set stream_writer_receipts_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %} +{% set stream_writer_presence_stream_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %} +{% set media_repository_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} +{% set user_dir_workers = matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} + +{% macro render_worker_upstream(name, workers) %} +{% if workers | length > 0 %} + upstream {{ name }} { + {% for worker in workers %} + server "{{ worker.name }}:{{ worker.port }}"; + {% endfor %} + } +{% endif %} +{% endmacro %} + +{% macro render_locations_to_upstream(locations, upstream_name) %} + {% for location in locations %} + location ~ {{ location }} { + proxy_pass http://{{ upstream_name }}$request_uri; + proxy_set_header Host $host; + } + {% endfor %} +{% endmacro %} + +{% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %} + {% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %} + proxy_cache_path {{ matrix_synapse_reverse_proxy_companion_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }}:{{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_size }} inactive={{ matrix_synapse_reverse_proxy_companion_synapse_cache_inactive_time }} max_size={{ matrix_synapse_reverse_proxy_companion_synapse_cache_max_size_mb }}m; + {% endif %} + # Round Robin "upstream" pools for workers + + {% if generic_workers |length > 0 %} + upstream generic_workers_upstream { + # ensures that requests from the same client will always be passed + # to the same server (except when this server is unavailable) + hash $http_x_forwarded_for; + + {% for worker in generic_workers %} + server "{{ worker.name }}:{{ worker.port }}"; + {% endfor %} + } + {% endif %} + + {{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers) }} + {{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers) }} + {{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers) }} + {{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers) }} + {{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers) }} + + {{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers) }} + + {{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers) }} +{% endif %} + +server { + listen 8008; + server_name {{ matrix_synapse_reverse_proxy_companion_hostname }}; + + server_tokens off; + root /dev/null; + + gzip on; + gzip_types text/plain application/json; + + {% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %} + {# Workers redirects BEGIN #} + + {% if generic_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + {{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }} + {% endif %} + + {% if stream_writer_typing_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + {{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_to_device_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + {{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_account_data_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + {{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_receipts_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + {{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_presence_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + {{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }} + {% endif %} + + {% if media_repository_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + {% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %} + location ~ {{ location }} { + proxy_pass http://media_repository_workers_upstream$request_uri; + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + + {% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} + } + {% endfor %} + {% endif %} + + {% if user_dir_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory + {{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations, 'user_dir_workers_upstream') }} + {% endif %} + {# Workers redirects END #} + {% endif %} + + {% for configuration_block in matrix_synapse_reverse_proxy_companion_synapse_client_api_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + {# Everything else just goes to the API server ##} + location / { + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }} valid=5s; + set $backend "{{ matrix_synapse_reverse_proxy_companion_client_api_addr }}"; + proxy_pass http://$backend; + + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_synapse_reverse_proxy_companion_client_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + } +} + +{% if matrix_synapse_reverse_proxy_companion_federation_api_enabled %} +server { + listen 8048; + server_name {{ matrix_synapse_reverse_proxy_companion_hostname }}; + + server_tokens off; + + root /dev/null; + + gzip on; + gzip_types text/plain application/json; + + {% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %} + {% if generic_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + {{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }} + {% endif %} + {% if media_repository_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + {% for location in matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations %} + location ~ {{ location }} { + proxy_pass http://media_repository_workers_upstream$request_uri; + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + + {% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_synapse_reverse_proxy_companion_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_synapse_reverse_proxy_companion_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} + } + {% endfor %} + {% endif %} + {% endif %} + + {% for configuration_block in matrix_synapse_reverse_proxy_companion_synapse_federation_api_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + location / { + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }} valid=5s; + set $backend "{{ matrix_synapse_reverse_proxy_companion_federation_api_addr }}"; + proxy_pass http://$backend; + + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_synapse_reverse_proxy_companion_federation_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + } +} +{% endif %} diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/nginx-http.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/nginx-http.conf.j2 new file mode 100644 index 000000000..d53f172dc --- /dev/null +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/nginx-http.conf.j2 @@ -0,0 +1,13 @@ +#jinja2: lstrip_blocks: "True" +# The default is aligned to the CPU's cache size, +# which can sometimes be too low. +# Thus, we ensure a larger bucket size value is used. +server_names_hash_bucket_size 64; + +{% if matrix_synapse_reverse_proxy_companion_http_level_resolver %} +resolver {{ matrix_synapse_reverse_proxy_companion_http_level_resolver }}; +{% endif %} + +{% for configuration_block in matrix_synapse_reverse_proxy_companion_http_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2 new file mode 100644 index 000000000..309bb5301 --- /dev/null +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2 @@ -0,0 +1,77 @@ +#jinja2: lstrip_blocks: "True" +# This is a custom nginx configuration file that we use in the container (instead of the default one), +# because it allows us to run nginx with a non-root user. +# +# For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed. +# +# The following changes have been done compared to a default nginx configuration file: +# - various temp paths are changed to `/tmp`, so that a non-root user can write to them +# - the `user` directive was removed, as we don't want nginx to switch users + +worker_processes {{ matrix_synapse_reverse_proxy_companion_worker_processes }}; +error_log /var/log/nginx/error.log warn; +pid /tmp/nginx.pid; +{% for configuration_block in matrix_synapse_reverse_proxy_companion_additional_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + +events { + worker_connections {{ matrix_synapse_reverse_proxy_companion_worker_connections }}; +{% for configuration_block in matrix_synapse_reverse_proxy_companion_event_additional_configuration_blocks %} + {{- configuration_block }} +{% endfor %} +} + + +http { + proxy_temp_path /tmp/proxy_temp; + client_body_temp_path /tmp/client_temp; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + {% if matrix_synapse_reverse_proxy_companion_access_log_enabled %} + access_log /var/log/nginx/access.log main; + {% endif %} + + {% if matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled %} + log_format prometheus_fmt 'matrix-synapse-reverse-proxy-companion $server_name - $upstream_addr - $remote_addr - $remote_user [$time_local] ' + '$host "$request" ' + '$status "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log syslog:server={{ matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port }},tag=matrix_nginx_proxy_companion prometheus_fmt; + {% endif %} + + {% if not matrix_synapse_reverse_proxy_companion_access_log_enabled and not matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled %} + access_log off; + {% endif %} + + proxy_connect_timeout {{ matrix_synapse_reverse_proxy_companion_proxy_connect_timeout }}; + proxy_send_timeout {{ matrix_synapse_reverse_proxy_companion_proxy_send_timeout }}; + proxy_read_timeout {{ matrix_synapse_reverse_proxy_companion_proxy_read_timeout }}; + send_timeout {{ matrix_synapse_reverse_proxy_companion_send_timeout }}; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + server_tokens off; + + #gzip on; + {# Map directive needed for proxied WebSocket upgrades #} + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + include /etc/nginx/conf.d/*.conf; +} diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 new file mode 100755 index 000000000..2b548ef8c --- /dev/null +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 @@ -0,0 +1,53 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Synapse reverse-proxy companion +{% for service in matrix_synapse_reverse_proxy_companion_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_synapse_reverse_proxy_companion_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ + --rm \ + --name=matrix-synapse-reverse-proxy-companion \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_reverse_proxy_companion_tmp_directory_size_mb }}m \ + {% if matrix_synapse_reverse_proxy_companion_synapse_cache_enabled %} + --tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_synapse_reverse_proxy_companion_tmp_cache_directory_size_mb }}m\ + {% endif %} + --network={{ matrix_synapse_reverse_proxy_companion_container_network }} \ + {% if matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port %} + -p {{ matrix_synapse_reverse_proxy_companion_container_client_api_host_bind_port }}:8008 \ + {% endif %} + {% if matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port %} + -p {{ matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port }}:8048 \ + {% endif %} + --mount type=bind,src={{ matrix_synapse_reverse_proxy_companion_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \ + --mount type=bind,src={{ matrix_synapse_reverse_proxy_companion_confd_path }},dst=/etc/nginx/conf.d,ro \ + {{ matrix_synapse_reverse_proxy_companion_container_image }} + +{% for network in matrix_synapse_reverse_proxy_companion_container_additional_networks %} +ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-synapse-reverse-proxy-companion; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name' +{% endfor %} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse-reverse-proxy-companion /usr/sbin/nginx -s reload +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-synapse-reverse-proxy-companion + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 372ed1cf5..4da590a5e 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: '' matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.71.0 +matrix_synapse_version: v1.74.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -49,13 +49,19 @@ matrix_synapse_docker_image_customized: "localhost/matrixdotorg/synapse:{{ matri matrix_synapse_docker_image_final: "{{ matrix_synapse_docker_image_customized if matrix_synapse_container_image_customizations_enabled else matrix_synapse_docker_image }} " matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" + matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src" matrix_synapse_customized_docker_src_files_path: "{{ matrix_synapse_base_path }}/customized-docker-src" matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" +matrix_synapse_bin_path: "{{ matrix_synapse_base_path }}/bin" + matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" -matrix_synapse_ext_s3_storage_provider_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider" + +matrix_synapse_ext_s3_storage_provider_base_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider" +matrix_synapse_ext_s3_storage_provider_bin_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/bin" +matrix_synapse_ext_s3_storage_provider_data_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/data" matrix_synapse_container_client_api_port: 8008 @@ -101,15 +107,15 @@ matrix_synapse_container_manhole_api_host_bind_port: '' # Also see `matrix_synapse_container_arguments` matrix_synapse_container_extra_arguments: [] -# matrix_synapse_container_runtime_injected_arguments is a list of extra arguments to pass to the container. -# This list is built during runtime. You're not meant to override this variable. +# matrix_synapse_container_extra_arguments_auto is a list of extra arguments to pass to the container. +# This list is managed by the playbook. You're not meant to override this variable. # If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`. -matrix_synapse_container_runtime_injected_arguments: [] +matrix_synapse_container_extra_arguments_auto: [] # matrix_synapse_container_arguments holds the final list of extra arguments to pass to the container. # You're not meant to override this variable. # If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`. -matrix_synapse_container_arguments: "{{ matrix_synapse_container_extra_arguments + matrix_synapse_container_runtime_injected_arguments }}" +matrix_synapse_container_arguments: "{{ matrix_synapse_container_extra_arguments + matrix_synapse_container_extra_arguments_auto }}" # List of systemd services that matrix-synapse.service depends on matrix_synapse_systemd_required_services_list: ['docker.service'] @@ -371,15 +377,15 @@ matrix_synapse_additional_loggers: [] # Also see `matrix_synapse_app_service_config_files_final` matrix_synapse_app_service_config_files: [] -# matrix_synapse_app_service_runtime_injected_config_files is a list of appservice config files. -# This list is built during runtime. You're not meant to override this variable. +# matrix_synapse_app_service_config_files_auto is a list of appservice config files. +# This list is managed by the playbook. You're not meant to override this variable. # If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`. -matrix_synapse_app_service_runtime_injected_config_files: [] +matrix_synapse_app_service_config_files_auto: [] # matrix_synapse_app_service_config_files_final holds the final list of config files to pass to the container. # You're not meant to override this variable. # If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`. -matrix_synapse_app_service_config_files_final: "{{ matrix_synapse_app_service_config_files + matrix_synapse_app_service_runtime_injected_config_files }}" +matrix_synapse_app_service_config_files_final: "{{ matrix_synapse_app_service_config_files + matrix_synapse_app_service_config_files_auto }}" # This is set dynamically during execution depending on whether # any password providers have been enabled or not. @@ -548,11 +554,6 @@ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 # Adjusting this value manually is generally not necessary. matrix_synapse_federation_pusher_instances: [] -# matrix_synapse_start_pushers controls if the main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`). -# This is enabled if workers are disabled, or if they are enabled, but there are no pusher workers. -# Adjusting this value manually is generally not necessary. -matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length == 0) }}" - # matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn. # See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}" @@ -563,11 +564,6 @@ matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 # Adjusting this value manually is generally not necessary. matrix_synapse_federation_sender_instances: [] -# matrix_synapse_send_federation controls if the main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`). -# This is allowed if workers are disabled, or they are enabled, but there are no federation sender workers. -# Adjusting this value manually is generally not necessary. -matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length == 0) }}" - matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}" matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 @@ -681,7 +677,7 @@ matrix_synapse_sentry_dsn: "" # Postgres database information matrix_synapse_database_txn_limit: 0 -matrix_synapse_database_host: "matrix-postgres" +matrix_synapse_database_host: '' matrix_synapse_database_port: 5432 matrix_synapse_database_user: "synapse" matrix_synapse_database_password: "" diff --git a/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml deleted file mode 100644 index e0e61df8e..000000000 --- a/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" - when: matrix_synapse_ext_encryption_disabler_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml" - when: "not matrix_synapse_ext_encryption_disabler_enabled | bool" diff --git a/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml similarity index 79% rename from roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml index 5d648c848..c13a04044 100644 --- a/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml @@ -9,4 +9,3 @@ + [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} - when: matrix_synapse_ext_password_provider_ldap_enabled | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml deleted file mode 100644 index 1a3e097dc..000000000 --- a/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml" - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml" - when: "not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool" diff --git a/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml deleted file mode 100644 index 6df360ce9..000000000 --- a/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" - when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml" - when: "not matrix_synapse_ext_password_provider_rest_auth_enabled | bool" diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml deleted file mode 100644 index 008161cb1..000000000 --- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-s3-storage-provider-migrate.timer'] }}" - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml deleted file mode 100644 index aefa49fe4..000000000 --- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml" - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml" - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml" - when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml index 684fb2c99..c892e0b6f 100644 --- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml @@ -7,34 +7,37 @@ # # Below are additional tasks for setting up various helper scripts, etc. -- name: Ensure s3-storage-provider env file installed - ansible.builtin.template: - src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2" - dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/env" - mode: 0640 - -- name: Ensure s3-storage-provider data path exists +- name: Ensure s3-storage-provider paths exists ansible.builtin.file: - path: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data" + path: "{{ item }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_synapse_ext_s3_storage_provider_base_path }}" + - "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}" + +- name: Ensure s3-storage-provider env file installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2" + dest: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/env" + mode: 0640 - name: Ensure s3-storage-provider database.yaml file installed ansible.builtin.template: src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/database.yaml.j2" - dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data/database.yaml" + dest: "{{ matrix_synapse_ext_s3_storage_provider_data_path }}/database.yaml" mode: 0640 - name: Ensure s3-storage-provider scripts installed ansible.builtin.template: - src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/usr-local-bin/{{ item }}.j2" - dest: "{{ matrix_local_bin_path }}/{{ item }}" + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/bin/{{ item }}.j2" + dest: "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}/{{ item }}" mode: 0750 with_items: - - matrix-synapse-s3-storage-provider-shell - - matrix-synapse-s3-storage-provider-migrate + - shell + - migrate - name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer are installed ansible.builtin.template: @@ -45,8 +48,3 @@ - matrix-synapse-s3-storage-provider-migrate.service - matrix-synapse-s3-storage-provider-migrate.timer register: matrix_synapse_s3_storage_provider_systemd_service_result - -- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service installation - ansible.builtin.service: - daemon_reload: true - when: matrix_synapse_s3_storage_provider_systemd_service_result.changed | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml index a828070c9..83e8a0f7d 100644 --- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml @@ -9,16 +9,7 @@ - matrix-synapse-s3-storage-provider-migrate.service register: matrix_synapse_s3_storage_provider_migrate_sevice_removal -- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service removal - ansible.builtin.service: - daemon_reload: true - when: matrix_synapse_s3_storage_provider_migrate_sevice_removal.changed | bool - - name: Ensure s3-storage-provider files don't exist ansible.builtin.file: - path: "{{ item }}" + path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}" state: absent - with_items: - - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-shell" - - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate" - - "{{ matrix_synapse_ext_s3_storage_provider_path }}" diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml index d71809fe5..317269b3c 100644 --- a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml @@ -10,9 +10,10 @@ - "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name" - "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id" - "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key" + - "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url" - name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid ansible.builtin.fail: msg: >- `matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url` needs to look like a URL (`http://` or `https://` prefix). - when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url != '' and not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')" + when: "not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')" diff --git a/roles/custom/matrix-synapse/tasks/ext/setup.yml b/roles/custom/matrix-synapse/tasks/ext/setup.yml deleted file mode 100644 index 6cf1afaa4..000000000 --- a/roles/custom/matrix-synapse/tasks/ext/setup.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup.yml" diff --git a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml new file mode 100644 index 000000000..a24138038 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml @@ -0,0 +1,60 @@ +--- + +# encryption-disabler +- block: + - when: matrix_synapse_ext_encryption_disabler_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" + tags: + - setup-all + - setup-synapse + +# rest-auth +- block: + - when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" + tags: + - setup-all + - setup-synapse + +# shared-secret-auth +- block: + - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" + tags: + - setup-all + - setup-synapse + +# ldap-auth +- block: + - when: matrix_synapse_ext_password_provider_ldap_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup_install.yml" + tags: + - setup-all + - setup-synapse + +# synapse-simple-antispam +- block: + - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml" + tags: + - setup-all + - setup-synapse + +# mjolnir-antispam +- block: + - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml" + tags: + - setup-all + - setup-synapse + +# s3-storage-provider +- block: + - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml" + + - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml" + tags: + - setup-all + - setup-synapse diff --git a/roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml new file mode 100644 index 000000000..cca6c1b8a --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml @@ -0,0 +1,52 @@ +--- + +# encryption-disabler +- block: + - when: not matrix_synapse_ext_encryption_disabler_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +# rest-auth +- block: + - when: not matrix_synapse_ext_password_provider_rest_auth_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +# shared-secret-auth +- block: + - when: not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +# ldap-auth has no uninstall tasks + + +# synapse-simple-antispam +- block: + - when: not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +# mjolnir-antispam +- block: + - when: not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +# s3-storage-provider +- block: + - when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse diff --git a/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml deleted file mode 100644 index 6dc385d37..000000000 --- a/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml" - when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool" diff --git a/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml deleted file mode 100644 index 038eea749..000000000 --- a/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml" - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml" - when: "not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool" diff --git a/roles/custom/matrix-synapse/tasks/goofys/setup.yml b/roles/custom/matrix-synapse/tasks/goofys/setup.yml deleted file mode 100644 index 2f9eaa870..000000000 --- a/roles/custom/matrix-synapse/tasks/goofys/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" - when: matrix_s3_media_store_enabled | bool - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml" - when: "not matrix_s3_media_store_enabled | bool" diff --git a/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml index 7649beb4c..7fd4659d7 100644 --- a/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,6 +1,6 @@ --- -- ansible.builtin.import_role: +- ansible.builtin.include_role: name: custom/matrix-base tasks_from: ensure_fuse_installed @@ -43,9 +43,3 @@ src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" mode: 0644 - register: matrix_goofys_systemd_service_result - -- name: Ensure systemd reloaded after matrix-goofys.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_goofys_systemd_service_result.changed" diff --git a/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml index ddfa5cf60..252877dee 100644 --- a/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -5,32 +5,21 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" register: matrix_goofys_service_stat -- name: Ensure matrix-goofys is stopped - ansible.builtin.service: - name: matrix-goofys - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_goofys_service_stat.stat.exists" +- when: matrix_goofys_service_stat.stat.exists | bool + block: + - name: Ensure matrix-goofys is stopped + ansible.builtin.service: + name: matrix-goofys + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-goofys.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" - state: absent - when: "matrix_goofys_service_stat.stat.exists" + - name: Ensure matrix-goofys.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" + state: absent -- name: Ensure systemd reloaded after matrix-goofys.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_goofys_service_stat.stat.exists" - -- name: Ensure goofys environment variables file doesn't exist - ansible.builtin.file: - path: "{{ matrix_synapse_config_dir_path }}/env-goofys" - state: absent - -- name: Ensure Goofys Docker image doesn't exist - community.docker.docker_image: - name: "{{ matrix_s3_goofys_docker_image }}" - state: absent + - name: Ensure goofys environment variables file doesn't exist + ansible.builtin.file: + path: "{{ matrix_synapse_config_dir_path }}/env-goofys" + state: absent diff --git a/roles/custom/matrix-synapse/tasks/init.yml b/roles/custom/matrix-synapse/tasks/init.yml index 9146936a0..0b1273c16 100644 --- a/roles/custom/matrix-synapse/tasks/init.yml +++ b/roles/custom/matrix-synapse/tasks/init.yml @@ -1,35 +1,18 @@ --- -# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 -# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 -- name: Fail if trying to self-build on Ansible < 2.8 - ansible.builtin.fail: - msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md" - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled" # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # we'll generate it dynamically. - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" - when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}" - when: matrix_synapse_enabled | bool + when: "matrix_synapse_workers_enabled | bool and matrix_synapse_workers_enabled_list | length == 0" - name: Ensure workers are injected into various places ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml" with_items: "{{ matrix_synapse_workers_enabled_list }}" loop_control: loop_var: matrix_synapse_worker_details - when: matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool + when: matrix_synapse_workers_enabled | bool -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" - when: matrix_s3_media_store_enabled | bool - -- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/init.yml" - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool - -- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool +- when: matrix_synapse_metrics_proxying_enabled | bool block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml index 7068dcefc..d00c1808c 100644 --- a/roles/custom/matrix-synapse/tasks/main.yml +++ b/roles/custom/matrix-synapse/tasks/main.yml @@ -1,57 +1,73 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" +- block: + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/init.yml" tags: - - always + - setup-all + - setup-synapse + - install-all + - install-synapse + - setup-synapse-reverse-proxy-companion + - install-synapse-reverse-proxy-companion + - start + - start-all + - start-group + - restart + - restart-all + - restart-group + - stop + - stop-all + - stop-group -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup | bool and matrix_synapse_enabled | bool +- block: + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-synapse + - install-all + - install-synapse + +- block: + - when: not matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-synapse -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_synapse.yml" - when: run_setup | bool - tags: - - setup-all - - setup-synapse - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_media_store.yml" - when: run_synapse_import_media_store | bool +- block: + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/import_media_store.yml" tags: - import-synapse-media-store -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/register_user.yml" - when: run_synapse_register_user | bool and matrix_synapse_enabled | bool +- block: + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/register_user.yml" tags: - register-user -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" - delegate_to: 127.0.0.1 - become: false - when: run_self_check | bool - tags: - - self-check - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" - delegate_to: 127.0.0.1 - become: false - when: run_self_check | bool - tags: - - self-check - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/update_user_password.yml" - when: run_synapse_update_user_password | bool and matrix_synapse_enabled | bool +- block: + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/update_user_password.yml" tags: - update-user-password -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml" - when: run_synapse_rust_synapse_compress_state | bool +- block: + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml" tags: - rust-synapse-compress-state -- name: Mark matrix-synapse role as executed - ansible.builtin.set_fact: - matrix_synapse_role_executed: true +- block: + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" + + - when: matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" tags: - - always + - self-check diff --git a/roles/custom/matrix-synapse/tasks/register_user.yml b/roles/custom/matrix-synapse/tasks/register_user.yml index 817484495..215409593 100644 --- a/roles/custom/matrix-synapse/tasks/register_user.yml +++ b/roles/custom/matrix-synapse/tasks/register_user.yml @@ -28,6 +28,7 @@ when: "start_result.changed" - name: Register user - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}" + ansible.builtin.command: + cmd: "{{ matrix_synapse_bin_path }}/register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}" register: matrix_synapse_register_user_result changed_when: matrix_synapse_register_user_result.rc == 0 diff --git a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index e5cf8e8ec..4eafad1fb 100644 --- a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -31,15 +31,15 @@ ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_psql_import_command: >- {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --user={{ devture_postgres_uid }}:{{ devture_postgres_gid }} --cap-drop=ALL - --network={{ matrix_docker_network }} - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql + --network={{ devture_postgres_container_network }} + --env-file={{ devture_postgres_base_path }}/env-postgres-psql --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work,ro --entrypoint=/bin/sh - {{ matrix_postgres_docker_image_latest }} + {{ devture_postgres_container_image_latest }} -c "cat /work/state-compressor.sql | - psql -v ON_ERROR_STOP=1 -h matrix-postgres -d {{ matrix_synapse_database_database }}" + psql -v ON_ERROR_STOP=1 -h {{ devture_postgres_connection_hostname }} -d {{ matrix_synapse_database_database }}" - name: Import compression SQL into Postgres ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}" diff --git a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 17124e251..45716ef03 100644 --- a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -3,8 +3,8 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: - msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot use rust-synapse-compress-state." - when: "not matrix_postgres_enabled | bool" + msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot use rust-synapse-compress-state." + when: "not devture_postgres_enabled | bool" # Defaults @@ -53,17 +53,11 @@ delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- name: Generate rust-synapse-compress-state room find command + +- name: Generate rust-synapse-compress-state room find SQL command ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_find_rooms_command: >- - {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network={{ matrix_docker_network }} - --env-file={{ matrix_postgres_base_path }}/env-postgres-psql - {{ matrix_postgres_docker_image_latest }} - psql -v ON_ERROR_STOP=1 -h matrix-postgres {{ matrix_synapse_database_database }} -c - 'SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;' + {{ devture_postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;" - name: Find rooms eligible for compression with rust-synapse-compress-state ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}" diff --git a/roles/custom/matrix-synapse/tasks/self_check_client_api.yml b/roles/custom/matrix-synapse/tasks/self_check_client_api.yml index 1c03ba5b0..7ec3fb09b 100644 --- a/roles/custom/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/custom/matrix-synapse/tasks/self_check_client_api.yml @@ -9,6 +9,8 @@ ignore_errors: true check_mode: false when: matrix_synapse_enabled | bool + delegate_to: 127.0.0.1 + become: false - name: Fail if Matrix Client API not working ansible.builtin.fail: diff --git a/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml b/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml index 80ec4fc21..fde73dae0 100644 --- a/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml @@ -9,6 +9,8 @@ ignore_errors: true check_mode: false when: matrix_synapse_enabled | bool + delegate_to: 127.0.0.1 + become: false - name: Fail if Matrix Federation API not working ansible.builtin.fail: diff --git a/roles/custom/matrix-synapse/tasks/setup_install.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml new file mode 100644 index 000000000..921df753e --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/setup_install.yml @@ -0,0 +1,55 @@ +--- + +- name: Ensure Synapse paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_synapse_config_dir_path }}", when: true} + - {path: "{{ matrix_synapse_ext_path }}", when: true} + - {path: "{{ matrix_synapse_bin_path }}", when: true} + - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"} + - {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"} + + - {path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"} + - {path: "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"} + - {path: "{{ matrix_synapse_ext_s3_storage_provider_data_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"} + + # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), + # because if it's using Goofys and it's already mounted (from before), + # trying to chown/chmod it here will cause trouble. + when: item.when | bool + +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_install.yml" + + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +- block: + - when: matrix_synapse_workers_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml" + tags: + - setup-all + - setup-synapse + +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" + tags: + - setup-all + - setup-synapse + +- block: + - when: matrix_s3_media_store_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" + + - when: not matrix_s3_media_store_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse diff --git a/roles/custom/matrix-synapse/tasks/setup_synapse.yml b/roles/custom/matrix-synapse/tasks/setup_synapse.yml deleted file mode 100644 index 13a5819e1..000000000 --- a/roles/custom/matrix-synapse/tasks/setup_synapse.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Ensure Synapse paths exist - ansible.builtin.file: - path: "{{ item.path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - {path: "{{ matrix_synapse_config_dir_path }}", when: true} - - {path: "{{ matrix_synapse_ext_path }}", when: true} - - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"} - - {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"} - - {path: "{{ matrix_synapse_ext_s3_storage_provider_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"} - # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), - # because if it's using Goofys and it's already mounted (from before), - # trying to chown/chmod it here will cause trouble. - when: "(matrix_synapse_enabled | bool or matrix_s3_media_store_enabled | bool) and item.when" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/workers/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/setup.yml" - -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup.yml" diff --git a/roles/custom/matrix-synapse/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/setup_uninstall.yml new file mode 100644 index 000000000..72b64c879 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/setup_uninstall.yml @@ -0,0 +1,27 @@ +--- + +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +- block: + - when: not matrix_synapse_workers_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse + +- block: + - when: not matrix_s3_media_store_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml" + tags: + - setup-all + - setup-synapse diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml index 429179de4..2c6f05b7f 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml @@ -127,17 +127,11 @@ src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" mode: 0644 - register: matrix_synapse_systemd_service_result -- name: Ensure systemd reloaded after matrix-synapse.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_synapse_systemd_service_result.changed" - -- name: Ensure matrix-synapse-register-user script created +- name: Ensure register-user script created ansible.builtin.template: - src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" - dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user" + src: "{{ role_path }}/templates/synapse/bin/register-user.j2" + dest: "{{ matrix_synapse_bin_path }}/register-user" mode: 0755 - name: Generate sample prometheus.yml for external scraping diff --git a/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml index 17fa8a4fa..6b8ae5a01 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -5,36 +5,25 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" register: matrix_synapse_service_stat -- name: Ensure matrix-synapse is stopped - ansible.builtin.service: - name: matrix-synapse - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "matrix_synapse_service_stat.stat.exists" +- when: matrix_synapse_service_stat.stat.exists | bool + block: + - name: Ensure matrix-synapse is stopped + ansible.builtin.service: + name: matrix-synapse + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-synapse.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" - state: absent - when: "matrix_synapse_service_stat.stat.exists" + - name: Ensure Synapse paths don't exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" + - "{{ matrix_synapse_bin_path }}" -- name: Ensure systemd reloaded after matrix-synapse.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_synapse_service_stat.stat.exists" - -- name: Ensure Synapse Docker image doesn't exist - community.docker.docker_image: - name: "{{ item }}" - state: absent - with_items: - - "{{ matrix_synapse_docker_image_final }}" - - "{{ matrix_synapse_docker_image }}" - -- name: Ensure sample prometheus.yml for external scraping is deleted - ansible.builtin.file: - path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" - state: absent - when: "not matrix_synapse_metrics_proxying_enabled | bool" + - name: Ensure sample prometheus.yml for external scraping is deleted + ansible.builtin.file: + path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example" + state: absent + when: "not matrix_synapse_metrics_proxying_enabled | bool" diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml deleted file mode 100644 index 1458cc0a2..000000000 --- a/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -# A previous version of the worker setup used this. -# This is a temporary cleanup for people who ran that version. -- name: Ensure old matrix-synapse.service.wants directory is gone - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service.wants" - state: absent - -# Same. This was part of a previous version of the worker setup. -# No longer necessary. -- name: Ensure matrix-synapse-worker-write-pid script is removed - ansible.builtin.file: - path: "{{ matrix_local_bin_path }}/matrix-synapse-worker-write-pid" - state: absent - -- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml" - when: "matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool" - -- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml" - when: "not matrix_synapse_workers_enabled | bool" diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml index 74ca6c358..85ddf3b94 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml @@ -7,12 +7,16 @@ use_regex: true register: matrix_synapse_workers_current_config_files +- ansible.builtin.set_fact: + matrix_synapse_enabled_worker_names: "{{ matrix_synapse_workers_enabled_list | map(attribute='name') }}" + # This also deletes some things which we need. They will be recreated below. -- name: Ensure previous worker configs are cleaned +- name: Ensure unnecessary worker configs are cleaned ansible.builtin.file: path: "{{ item.path }}" state: absent with_items: "{{ matrix_synapse_workers_current_config_files.files }}" + when: "not ansible_check_mode and (item.path | basename | replace ('worker.', '') | replace('.yaml', '')) not in matrix_synapse_enabled_worker_names" - name: Determine current worker systemd services ansible.builtin.find: @@ -27,13 +31,14 @@ state: stopped enabled: false with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}" - when: "not ansible_check_mode and item.path | basename not in matrix_systemd_services_list" + when: "not ansible_check_mode and (item.path | basename | replace('.service', '')) not in matrix_synapse_enabled_worker_names" - name: Ensure unnecessary worker systemd services are cleaned ansible.builtin.file: path: "{{ item.path }}" state: absent with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}" + when: "not ansible_check_mode and (item.path | basename | replace('.service', '')) not in matrix_synapse_enabled_worker_names" - name: Ensure creation of worker systemd service files and configuration files ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/setup_files_for_worker.yml" diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml index 4542f19c1..9765be6fc 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml @@ -53,7 +53,7 @@ when: "'replication_port' not in matrix_synapse_worker_details" - ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" + devture_systemd_service_manager_services_list_auto: "{{ devture_systemd_service_manager_services_list_auto + [{'name': (matrix_synapse_worker_details.name + '.service'), 'priority': 1100, 'groups': ['matrix', 'homeservers', 'synapse']}] }}" - ansible.builtin.set_fact: matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" diff --git a/roles/custom/matrix-synapse/tasks/update_user_password.yml b/roles/custom/matrix-synapse/tasks/update_user_password.yml index 3ddc4b8de..799c15a81 100644 --- a/roles/custom/matrix-synapse/tasks/update_user_password.yml +++ b/roles/custom/matrix-synapse/tasks/update_user_password.yml @@ -10,37 +10,43 @@ msg: "The `password` variable needs to be provided to this playbook, via --extra-vars" when: "password is not defined or password == ''" -- name: Fail if not using matrix-postgres container +- name: Fail if not using integrated Postgres database ansible.builtin.fail: - msg: "This command is working only when matrix-postgres container is being used" - when: "not matrix_postgres_enabled | bool" + msg: "This command is working only when Postgres is installed via the the integrated com.devture.ansible.role.postgres role" + when: "not devture_postgres_enabled | bool" -- name: Ensure matrix-synapse is started +- name: Ensure Postgres is started ansible.builtin.service: - name: matrix-synapse - state: started - daemon_reload: true - register: start_result - -- name: Ensure matrix-postgres is started - ansible.builtin.service: - name: matrix-postgres + name: "{{ devture_postgres_identifier }}" state: started daemon_reload: true register: postgres_start_result +- name: Ensure Synapse is started + ansible.builtin.service: + name: matrix-synapse + state: started + daemon_reload: true + register: synapse_start_result -- name: Wait a while, so that Matrix Synapse can manage to start +- name: Wait a while, so that Synapse and/or Postgres can manage to start ansible.builtin.pause: seconds: 7 - when: "start_result.changed or postgres_start_result.changed" + when: "synapse_start_result.changed or postgres_start_result.changed" -- name: Generate password hash +- name: Generate user password hash ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password | quote }}" register: password_hash changed_when: false +- name: Generate user password-change SQL command + ansible.builtin.set_fact: + matrix_synapse_user_password_change_command: >- + {{ devture_postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "UPDATE users SET password_hash='{{ password_hash.stdout }}' WHERE name = '@{{ username }}:{{ matrix_domain }}'" + - name: Update user password hash - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username | quote }} {{ password_hash.stdout | quote }}" + ansible.builtin.command: + cmd: "{{ matrix_synapse_user_password_change_command }}" register: matrix_synapse_update_user_password_result changed_when: matrix_synapse_update_user_password_result.rc == 0 + failed_when: "matrix_synapse_update_user_password_result.rc != 0 or matrix_synapse_update_user_password_result.stdout != 'UPDATE 1'" diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml index 0758c88fb..56f12bf67 100644 --- a/roles/custom/matrix-synapse/tasks/validate_config.yml +++ b/roles/custom/matrix-synapse/tasks/validate_config.yml @@ -59,6 +59,10 @@ - {'old': 'matrix_synapse_workers_frontend_proxy_workers_count', 'new': ''} - {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': ''} - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': ''} + - {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'} + - {'old': 'matrix_synapse_send_federation', 'new': ''} + - {'old': 'matrix_synapse_start_pushers', 'new': ''} + - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml ansible.builtin.fail: diff --git a/roles/custom/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 b/roles/custom/matrix-synapse/templates/synapse/bin/register-user.j2 similarity index 100% rename from roles/custom/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 rename to roles/custom/matrix-synapse/templates/synapse/bin/register-user.j2 diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2 similarity index 89% rename from roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 rename to roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2 index 2f0cd0e50..0f47b6155 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2 @@ -3,9 +3,9 @@ {{ devture_systemd_docker_base_host_command_docker }} run \ --rm \ - --env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \ + --env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \ --mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ - --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \ + --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \ --workdir=/data \ --network={{ matrix_docker_network }} \ --entrypoint=/bin/bash \ diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2 similarity index 81% rename from roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 rename to roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2 index b46e89b73..a54948826 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/shell.j2 @@ -4,9 +4,9 @@ {{ devture_systemd_docker_base_host_command_docker }} run \ -it \ --rm \ - --env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \ + --env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \ --mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ - --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \ + --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \ --workdir=/data \ --network={{ matrix_docker_network }} \ --entrypoint=/bin/bash \ diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 index 159681a0e..626c83857 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 @@ -4,4 +4,4 @@ Description=Migrates locally-stored Synapse media store files to S3 [Service] Type=oneshot Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStart={{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate +ExecStart={{ matrix_synapse_ext_s3_storage_provider_bin_path }}/migrate diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 9b02346cf..d2dd1c743 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2532,6 +2532,8 @@ password_providers: ## Push ## push: + # enabled: false + # Clients requesting push notifications can either have the body of # the message sent in the notification poke along with other details # like the sender, or just the event ID and room ID (`event_id_only`). @@ -2836,12 +2838,6 @@ opentracing: ## Workers ## -# Disables sending of outbound federation transactions on the main process. -# Uncomment if using a federation sender worker. -# -#send_federation: false -send_federation: {{ matrix_synapse_send_federation | to_json }} - # It is possible to run multiple federation sender workers, in which case the # work is balanced across them. # @@ -2859,7 +2855,6 @@ federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_ {% if matrix_synapse_federation_pusher_instances | length > 0 %} pusher_instances: {{ matrix_synapse_federation_pusher_instances | to_json }} {% endif %} -start_pushers: {{ matrix_synapse_start_pushers | to_json }} # When using workers this should be a map from `worker_name` to the # HTTP replication listener of the worker, if configured. diff --git a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 index 2b0df98dd..f0e6fe90a 100644 --- a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -10,10 +10,6 @@ worker_replication_host: matrix-synapse worker_replication_http_port: {{ matrix_synapse_replication_http_port }} {% endif %} -{% if matrix_synapse_worker_details.type == 'generic_worker' %} -worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} -{% endif %} - {% set http_resources = [] %} {% if matrix_synapse_worker_details.type == 'user_dir' %} diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index 4da284106..46277c872 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -3,9 +3,6 @@ matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" -# Tells whether this role had executed or not. Toggled to `true` during runtime. -matrix_synapse_role_executed: false - matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" # A Synapse generic worker can handle both federation and client-server API endpoints. @@ -137,6 +134,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/(v1|v2)/send_leave/ - ^/_matrix/federation/(v1|v2)/invite/ - ^/_matrix/federation/v1/event_auth/ + - ^/_matrix/federation/v1/timestamp_to_event/ - ^/_matrix/federation/v1/exchange_third_party_invite/ - ^/_matrix/federation/v1/user/devices/ - ^/_matrix/key/v2/query @@ -164,6 +162,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ + - ^/_matrix/client/v1/rooms/.*/timestamp_to_event$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ # Encryption requests diff --git a/roles/custom/matrix-user-creator/tasks/main.yml b/roles/custom/matrix-user-creator/tasks/main.yml index ba20504f7..2198b3ebf 100644 --- a/roles/custom/matrix-user-creator/tasks/main.yml +++ b/roles/custom/matrix-user-creator/tasks/main.yml @@ -1,7 +1,8 @@ --- -- when: matrix_user_creator_users | length > 0 - ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" +- block: + - when: matrix_user_creator_users | length > 0 + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml" tags: # This role intentionally doesn't do work on a `setup-all` tag. # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data, diff --git a/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml b/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml new file mode 100644 index 000000000..586b5c47e --- /dev/null +++ b/roles/custom/matrix_playbook_migration/tasks/cleanup_usr_local_bin.yml @@ -0,0 +1,26 @@ +--- + +- name: Find leftover matrix scripts in /usr/local/bin + ansible.builtin.find: + path: "/usr/local/bin" + patterns: + - matrix-change-user-admin-status + - matrix-dendrite-create-account + - matrix-make-user-admin + - matrix-postgres-cli + - matrix-postgres-cli-non-interactive + - matrix-postgres-update-user-password-hash + - matrix-remove-all + - matrix-ssl-certificates-renew + - matrix-ssl-lets-encrypt-certificates-renew + - matrix-synapse-register-user + - matrix-synapse-s3-storage-provider-migrate + - matrix-synapse-s3-storage-provider-shell + - matrix-synapse-worker-write-pid + register: matrix_usr_local_bin_files_result + +- name: Ensure /usr/local/bin does not contain matrix scripts + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + with_items: "{{ matrix_usr_local_bin_files_result.files }}" diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index c346a759b..96b68b60d 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -1,5 +1,13 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" tags: - setup-all + - install-all + +- block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/cleanup_usr_local_bin.yml" + tags: + - setup-all + - install-all diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index 0b738a57a..f4ce2bdca 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -24,3 +24,27 @@ - {'old': 'matrix_container_retries_delay', 'new': 'devture_playbook_help_container_retries_delay'} - {'old': 'matrix_geturl_retries_count', 'new': 'devture_playbook_help_geturl_retries_count'} - {'old': 'matrix_geturl_retries_delay', 'new': 'devture_playbook_help_geturl_retries_delay'} + + - {'old': 'matrix_nginx_proxy_synapse_cache_path', 'new': 'matrix_synapse_reverse_proxy_companion_synapse_cache_path'} + - {'old': 'matrix_nginx_proxy_synapse_cache_enabled', 'new': 'matrix_synapse_reverse_proxy_companion_synapse_cache_enabled'} + + - {'old': 'matrix_docker_installation_enabled', 'new': 'matrix_playbook_docker_installation_enabled'} + - {'old': 'matrix_docker_package_name', 'new': ''} + + - {'old': 'matrix_systemd_services_list', 'new': 'devture_systemd_service_manager_services_list_additional'} + - {'old': 'matrix_common_after_systemd_service_start_wait_for_timeout_seconds', 'new': 'devture_systemd_service_manager_up_verification_delay_seconds'} + - {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'} + +- name: (Deprecation) Catch and report matrix_postgres variables + ansible.builtin.fail: + msg: |- + The matrix-postgres role in the playbook has been replaced with the com.devture.ansible.role.postgres role (https://github.com/devture/com.devture.ansible.role.postgres). + The new role is pretty much the same, but uses differently named variables. + + The matrix-postgres-backup role in the playbook has been replaced with the com.devture.ansible.role.postgres_backup role (https://github.com/devture/com.devture.ansible.role.postgres_backup). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `matrix_postgres`-prefixed variables (`matrix_postgres_*` -> `devture_postgres_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | list | items2dict" diff --git a/setup.yml b/setup.yml deleted file mode 100755 index 2e648732a..000000000 --- a/setup.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -- name: "Set up a Matrix server" - hosts: "{{ target if target is defined else 'matrix_servers' }}" - become: true - - roles: - # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`). - - role: galaxy/com.devture.ansible.role.playbook_help - - - role: galaxy/com.devture.ansible.role.systemd_docker_base - - - role: custom/matrix_playbook_migration - - - when: devture_timesync_installation_enabled | bool - role: galaxy/com.devture.ansible.role.timesync - tags: - - setup-timesync - - setup-all - - - custom/matrix-base - - custom/matrix-dynamic-dns - - custom/matrix-mailer - - custom/matrix-postgres - - custom/matrix-redis - - custom/matrix-corporal - - custom/matrix-bridge-appservice-discord - - custom/matrix-bridge-appservice-slack - - custom/matrix-bridge-appservice-webhooks - - custom/matrix-bridge-appservice-irc - - custom/matrix-bridge-appservice-kakaotalk - - custom/matrix-bridge-beeper-linkedin - - custom/matrix-bridge-go-skype-bridge - - custom/matrix-bridge-mautrix-facebook - - custom/matrix-bridge-mautrix-twitter - - custom/matrix-bridge-mautrix-hangouts - - custom/matrix-bridge-mautrix-googlechat - - custom/matrix-bridge-mautrix-instagram - - custom/matrix-bridge-mautrix-signal - - custom/matrix-bridge-mautrix-telegram - - custom/matrix-bridge-mautrix-whatsapp - - custom/matrix-bridge-mautrix-discord - - custom/matrix-bridge-mx-puppet-discord - - custom/matrix-bridge-mx-puppet-groupme - - custom/matrix-bridge-mx-puppet-steam - - custom/matrix-bridge-mx-puppet-slack - - custom/matrix-bridge-mx-puppet-twitter - - custom/matrix-bridge-mx-puppet-instagram - - custom/matrix-bridge-sms - - custom/matrix-bridge-heisenbridge - - custom/matrix-bridge-hookshot - - custom/matrix-bot-matrix-reminder-bot - - custom/matrix-bot-matrix-registration-bot - - custom/matrix-bot-maubot - - custom/matrix-bot-buscarron - - custom/matrix-bot-honoroit - - custom/matrix-bot-postmoogle - - custom/matrix-bot-go-neb - - custom/matrix-bot-mjolnir - - custom/matrix-cactus-comments - - custom/matrix-synapse - - custom/matrix-dendrite - - custom/matrix-conduit - - custom/matrix-synapse-admin - - custom/matrix-prometheus-node-exporter - - custom/matrix-prometheus-postgres-exporter - - custom/matrix-prometheus - - custom/matrix-grafana - - custom/matrix-registration - - custom/matrix-client-element - - custom/matrix-client-hydrogen - - custom/matrix-client-cinny - - custom/matrix-jitsi - - custom/matrix-ldap-registration-proxy - - custom/matrix-ma1sd - - custom/matrix-dimension - - custom/matrix-etherpad - - custom/matrix-email2matrix - - custom/matrix-sygnal - - custom/matrix-ntfy - - custom/matrix-nginx-proxy - - custom/matrix-coturn - - custom/matrix-aux - - custom/matrix-postgres-backup - - custom/matrix-backup-borg - - custom/matrix-user-creator - - custom/matrix-common-after - - # This is pretty much last, because we want it to better serve as a "last known good configuration". - # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 - - when: devture_playbook_state_preserver_enabled | bool - role: galaxy/com.devture.ansible.role.playbook_state_preserver - tags: - - setup-all - - - role: galaxy/com.devture.ansible.role.playbook_runtime_messages diff --git a/setup.yml b/setup.yml new file mode 120000 index 000000000..7acc4c4c9 --- /dev/null +++ b/setup.yml @@ -0,0 +1 @@ +playbooks/matrix.yml \ No newline at end of file