finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Do not run matrix-nginx-proxy config injection tasks unless necessary

Browse Source 
These `init.yml` (now `inject_into_nginx_proxy.yml`) tasks do not need
to `always` run. They only need to run for `setup-all` and
`setup-nginx-proxy`. Unless we're dealing with these 2 tags, we can
spare ourselves a lot of work.

This patch also moves the `when` statement from `init.yml` into
`main.yml` in an effort to further optimize things by potentially
avoiding the extra file include.
This commit is contained in:
Slavi Pantaleev
2022-11-23 15:52:58 +02:00
parent d829884642
commit 735bacca89
53 changed files with 813 additions and 821 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/configuring-playbook-bridge-hookshot.md
View File

@@ -54,7 +54,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |
See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml).
See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml).
The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.

0
roles/custom/matrix-bot-maubot/tasks/init.yml → roles/custom/matrix-bot-maubot/tasks/inject_into_nginx_proxy.yml
View File

6
roles/custom/matrix-bot-maubot/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_bot_maubot_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_bot_maubot_enabled|bool"

48
roles/custom/matrix-bridge-appservice-slack/tasks/init.yml
View File

@@ -1,48 +0,0 @@
---
- when: matrix_appservice_slack_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_appservice_slack_matrix_nginx_proxy_configuration: |
location {{ matrix_appservice_slack_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }};
{% endif %}
}
- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_appservice_slack_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
URL endpoint to the matrix-appservice-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-appservice-slack/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix Appservice Slack proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_appservice_slack_matrix_nginx_proxy_configuration: |
location {{ matrix_appservice_slack_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_appservice_slack_slack_port }};
{% endif %}
}
- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_appservice_slack_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}`
URL endpoint to the matrix-appservice-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_appservice_slack_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_appservice_slack_enabled | bool"

50
roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml
View File

@@ -1,50 +0,0 @@
---
- when: matrix_appservice_webhooks_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
resolver 127.0.0.11 valid=5s;
set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
proxy_pass http://$backend/$1;
}
{% else %}
{# Generic configuration for use outside of our container setup #}
location {{ matrix_appservice_webhooks_public_endpoint }}/ {
proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
}
{% endif %}
- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
URL endpoint to the matrix-appservice-webhooks container.
You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

46
roles/custom/matrix-bridge-appservice-webhooks/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,46 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
resolver 127.0.0.11 valid=5s;
set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
proxy_pass http://$backend/$1;
}
{% else %}
{# Generic configuration for use outside of our container setup #}
location {{ matrix_appservice_webhooks_public_endpoint }}/ {
proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
}
{% endif %}
- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
URL endpoint to the matrix-appservice-webhooks container.
You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
when: "matrix_appservice_webhooks_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_appservice_webhooks_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_appservice_webhooks_enabled | bool"

113
roles/custom/matrix-bridge-hookshot/tasks/init.yml
View File

@@ -1,113 +0,0 @@
---
- when: matrix_hookshot_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_configuration: |
location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
{% endif %}
proxy_set_header Host $host;
}
{% if matrix_hookshot_provisioning_enabled %}
location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
proxy_pass http://$backend/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
- name: Register hookshot proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_configuration]
}}
- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
location /metrics/hookshot {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
proxy_pass http://$backend/metrics;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
{% endif %}
}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
}}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
URL endpoint to the matrix-hookshot container.
You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

111
roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,111 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_configuration: |
location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
{% endif %}
proxy_set_header Host $host;
}
{% if matrix_hookshot_provisioning_enabled %}
location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
proxy_pass http://$backend/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
- name: Register hookshot proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_configuration]
}}
- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
location /metrics/hookshot {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
proxy_pass http://$backend/metrics;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
{% endif %}
}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
}}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
URL endpoint to the matrix-hookshot container.
You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-bridge-hookshot/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_hookshot_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_hookshot_enabled | bool"

48
roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml
View File

@@ -1,48 +0,0 @@
---
- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_facebook_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_facebook_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-facebook:29319";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9008;
{% endif %}
}
- name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_facebook_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}`
URL endpoint to the matrix-mautrix-facebook container.
You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_facebook_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_facebook_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-facebook:29319";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9008;
{% endif %}
}
- name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_facebook_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}`
URL endpoint to the matrix-mautrix-facebook container.
You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_facebook_enabled | bool"

47
roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml
View File

@@ -1,47 +0,0 @@
---
- when: matrix_mautrix_googlechat_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_googlechat_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-googlechat:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
URL endpoint to the matrix-mautrix-googlechat container.
You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

43
roles/custom/matrix-bridge-mautrix-googlechat/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,43 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix googlechat proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_googlechat_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_googlechat_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-googlechat:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix googlechat proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix googlechat bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}`
URL endpoint to the matrix-mautrix-googlechat container.
You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable.
when: "matrix_mautrix_googlechat_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_mautrix_googlechat_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_googlechat_enabled | bool"

47
roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml
View File

@@ -1,47 +0,0 @@
---
- when: matrix_mautrix_hangouts_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_hangouts_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-hangouts:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
URL endpoint to the matrix-mautrix-hangouts container.
You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-mautrix-hangouts/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_hangouts_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-hangouts:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9007;
{% endif %}
}
- name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
URL endpoint to the matrix-mautrix-hangouts container.
You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
when: "matrix_mautrix_hangouts_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_mautrix_hangouts_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_hangouts_enabled | bool"

47
roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml
View File

@@ -1,47 +0,0 @@
---
- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_telegram_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_telegram_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-telegram:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9006;
{% endif %}
}
- name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
URL endpoint to the matrix-mautrix-telegram container.
You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-mautrix-telegram/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mautrix_telegram_matrix_nginx_proxy_configuration: |
location {{ matrix_mautrix_telegram_public_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-telegram:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9006;
{% endif %}
}
- name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
URL endpoint to the matrix-mautrix-telegram container.
You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

7
roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml
View File

@@ -1,7 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_telegram_enabled | bool"

48
roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml
View File

@@ -1,48 +0,0 @@
---
- when: matrix_mx_puppet_slack_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: |
location {{ matrix_mx_puppet_slack_redirect_path }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_mx_puppet_slack_appservice_address }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }};
{% endif %}
}
- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
URL endpoint to the matrix-mx-puppet-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_mx_puppet_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-mx-puppet-slack/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: |
location {{ matrix_mx_puppet_slack_redirect_path }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_mx_puppet_slack_appservice_address }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }};
{% endif %}
}
- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
URL endpoint to the matrix-mx-puppet-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_mx_puppet_slack_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mx_puppet_slack_enabled | bool"

48
roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml
View File

@@ -1,48 +0,0 @@
---
- when: matrix_mx_puppet_twitter_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
location {{ matrix_mx_puppet_twitter_webhook_path }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
{% endif %}
}
- name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
URL endpoint to the matrix-mx-puppet-twitter container.
You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
when: "matrix_mx_puppet_twitter_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-bridge-mx-puppet-twitter/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
location {{ matrix_mx_puppet_twitter_webhook_path }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
{% endif %}
}
- name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
URL endpoint to the matrix-mx-puppet-twitter container.
You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_mx_puppet_twitter_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mx_puppet_twitter_enabled | bool"

5
roles/custom/matrix-cactus-comments/tasks/init.yml → roles/custom/matrix-cactus-comments/tasks/inject_into_nginx_proxy.yml
View File

@@ -1,9 +1,6 @@
---
- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
tags:
- always
block:
- block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-

6
roles/custom/matrix-cactus-comments/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_cactus_comments_enabled | bool"

50
roles/custom/matrix-etherpad/tasks/init.yml
View File

@@ -1,50 +0,0 @@
---
- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-etherpad role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Etherpad proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_etherpad_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;
location {{ matrix_etherpad_public_endpoint }}/ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
proxy_pass http://matrix-etherpad:9001/;
{# These are proxy directives needed specifically by Etherpad #}
proxy_buffering off;
proxy_http_version 1.1; # recommended with keepalive connections
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% else %}
{# Generic configuration for use outside of our container setup #}
# A good guide for setting up your Etherpad behind nginx:
# https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html
proxy_pass http://127.0.0.1:9001/;
{% endif %}
}
- name: Register Etherpad proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([])
+
[matrix_etherpad_matrix_nginx_proxy_configuration]
}}

46
roles/custom/matrix-etherpad/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,46 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-etherpad role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Etherpad proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_etherpad_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;
location {{ matrix_etherpad_public_endpoint }}/ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
proxy_pass http://matrix-etherpad:9001/;
{# These are proxy directives needed specifically by Etherpad #}
proxy_buffering off;
proxy_http_version 1.1; # recommended with keepalive connections
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% else %}
{# Generic configuration for use outside of our container setup #}
# A good guide for setting up your Etherpad behind nginx:
# https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html
proxy_pass http://127.0.0.1:9001/;
{% endif %}
}
- name: Register Etherpad proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks | default([])
+
[matrix_etherpad_matrix_nginx_proxy_configuration]
}}

6
roles/custom/matrix-etherpad/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension'
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: run_setup | bool and matrix_etherpad_enabled | bool

47
roles/custom/matrix-ldap-registration-proxy/tasks/init.yml
View File

@@ -1,47 +0,0 @@
---
- when: matrix_ldap_registration_proxy_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: |
location {{ matrix_ldap_registration_proxy_registration_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}";
proxy_pass http://$backend/register;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register;
{% endif %}
}
- name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}`
URL endpoint to the matrix-ldap-proxy container.
You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

44
roles/custom/matrix-ldap-registration-proxy/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,44 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: |
location {{ matrix_ldap_registration_proxy_registration_endpoint }} {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}";
proxy_pass http://$backend/register;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register;
{% endif %}
}
- name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}`
URL endpoint to the matrix-ldap-proxy container.
You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-ldap-registration-proxy/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_ldap_registration_proxy_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool"

37
roles/custom/matrix-prometheus-node-exporter/tasks/init.yml
View File

@@ -1,37 +0,0 @@
---
- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
ansible.builtin.set_fact:
matrix_prometheus_node_exporter_nginx_metrics_configuration_block: |
location /metrics/node-exporter {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-prometheus-node-exporter:9100";
proxy_pass http://$backend/metrics;
{% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
}}

35
roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,35 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
ansible.builtin.set_fact:
matrix_prometheus_node_exporter_nginx_metrics_configuration_block: |
location /metrics/node-exporter {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-prometheus-node-exporter:9100";
proxy_pass http://$backend/metrics;
{% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
}}

6
roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
tags:

37
roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml
View File

@@ -1,37 +0,0 @@
---
- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
ansible.builtin.set_fact:
matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: |
location /metrics/postgres-exporter {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-prometheus-postgres-exporter:9187";
proxy_pass http://$backend/metrics;
{% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
}}

35
roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,35 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
ansible.builtin.set_fact:
matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: |
location /metrics/postgres-exporter {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-prometheus-postgres-exporter:9187";
proxy_pass http://$backend/metrics;
{% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
}}

6
roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
tags:

59
roles/custom/matrix-registration/tasks/init.yml
View File

@@ -1,59 +0,0 @@
---
- when: matrix_registration_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-registration role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_registration_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect;
location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-registration:5000";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:8767/$1;
{% endif %}
{#
Workaround matrix-registration serving the background image at /static
(see https://github.com/ZerataX/matrix-registration/issues/47)
#}
sub_filter_once off;
sub_filter_types text/css;
sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/";
}
- name: Register matrix-registration proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_registration_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}`
URL endpoint to the matrix-registration container.
You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable.
when: "matrix_registration_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

55
roles/custom/matrix-registration/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,55 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-registration role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_registration_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect;
location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-registration:5000";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:8767/$1;
{% endif %}
{#
Workaround matrix-registration serving the background image at /static
(see https://github.com/ZerataX/matrix-registration/issues/47)
#}
sub_filter_once off;
sub_filter_types text/css;
sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/";
}
- name: Register matrix-registration proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_registration_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}`
URL endpoint to the matrix-registration container.
You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-registration/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_registration_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_registration_enabled | bool"

50
roles/custom/matrix-synapse-admin/tasks/init.yml
View File

@@ -1,50 +0,0 @@
---
- when: matrix_synapse_admin_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_synapse_admin_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-synapse-admin:80";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:8766/$1;
{% endif %}
}
- name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_synapse_admin_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
URL endpoint to the matrix-synapse-admin container.
You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
when: "matrix_synapse_admin_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

46
roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml Normal file
View File

@@ -0,0 +1,46 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append Synapse Admin's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-synapse-admin role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_synapse_admin_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-synapse-admin:80";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:8766/$1;
{% endif %}
}
- name: Register Synapse Admin proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_synapse_admin_matrix_nginx_proxy_configuration]
}}
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the Synapse Admin tool but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}`
URL endpoint to the matrix-synapse-admin container.
You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"

6
roles/custom/matrix-synapse-admin/tasks/main.yml
View File

@@ -1,8 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_synapse_admin_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-nginx-proxy
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: run_setup | bool

8
roles/custom/matrix-synapse/tasks/init.yml → roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml
View File

@@ -2,17 +2,17 @@
# Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
# we'll generate it dynamically.
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml"
when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0"
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/inject_into_nginx_proxy.yml"
when: "matrix_synapse_workers_enabled | bool and matrix_synapse_workers_enabled_list | length == 0"
- name: Ensure workers are injected into various places
ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml"
with_items: "{{ matrix_synapse_workers_enabled_list }}"
loop_control:
loop_var: matrix_synapse_worker_details
when: matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool
when: matrix_synapse_workers_enabled | bool
- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool
- when: matrix_synapse_metrics_proxying_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:

15
roles/custom/matrix-synapse/tasks/main.yml
View File

@@ -1,8 +1,19 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
- when: matrix_synapse_enabled | bool
ansible.builtin.import_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- always
- setup-all
- setup-synapse
- start
- start-all
- start-group
- restart
- restart-all
- restart-group
- stop
- stop-all
- stop-group
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: run_setup | bool and matrix_synapse_enabled | bool

0
roles/custom/matrix-synapse/tasks/synapse/workers/init.yml → roles/custom/matrix-synapse/tasks/synapse/workers/inject_into_nginx_proxy.yml
View File