diff --git a/CHANGELOG.md b/CHANGELOG.md index 29e692850..7bb44f665 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -205,15 +205,17 @@ If this is still not convincing enough for you and you want the best possible pe The updated playbook will automatically perform some migration tasks for you: -1. It will uninstall `matrix-nginx-proxy` for you and delete the `/matrix/nginx-proxy` directory and all files within it. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled: false` to your `vars.yml` configuration file. Doing so will leave an orphan (and unusable) `matrix-nginx-proxy` container and its data around. It will not let you continue using nginx for a while longer. You need to migrate - now! +1. It will stop and remove the `matrix-nginx-proxy` systemd service and container for you. This behavior cannot be disabled. It's essential that this service gets stopped, because it remaining running (and having container labels) may confuse Traefik as to where to route HTTP requests. -2. It will delete the `/matrix/ssl` directory and all files within it. You can disable this behavior by adding `matrix_playbook_migration_matrix_ssl_uninstallation_enabled: false` to your `vars.yml` configuration file. If you have some important certificates there for some reason, take them out or temporarily disable removal of these files until you do. +2. It will delete the `/matrix/nginx-proxy` directory and all files within it. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled: false` to your `vars.yml` configuration file. Doing so will leave its data around. -3. It will tell you about all variables (`matrix_nginx_proxy_*` and many others - even from other roles) that have changed during this large nginx-elimination upgrade. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_elimination_variable_transition_checks_enabled: false` to your `vars.yml` configuration file. +3. It will delete the `/matrix/ssl` directory and all files within it. You can disable this behavior by adding `matrix_playbook_migration_matrix_ssl_uninstallation_enabled: false` to your `vars.yml` configuration file. If you have some important certificates there for some reason, take them out or temporarily disable removal of these files until you do. -4. It will tell you about any leftover `matrix_nginx_proxy_*` variables in your `vars.yml` file. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks_enabled: false` to your `vars.yml` configuration file. +4. It will tell you about all variables (`matrix_nginx_proxy_*` and many others - even from other roles) that have changed during this large nginx-elimination upgrade. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_elimination_variable_transition_checks_enabled: false` to your `vars.yml` configuration file. -5. It will tell you about any leftover `matrix_ssl_*` variables in your `vars.yml` file. You can disable this behavior by adding `matrix_playbook_migration_matrix_ssl_leftover_variable_checks_enabled: false` to your `vars.yml` configuration file. +5. It will tell you about any leftover `matrix_nginx_proxy_*` variables in your `vars.yml` file. You can disable this behavior by adding `matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks_enabled: false` to your `vars.yml` configuration file. + +6. It will tell you about any leftover `matrix_ssl_*` variables in your `vars.yml` file. You can disable this behavior by adding `matrix_playbook_migration_matrix_ssl_leftover_variable_checks_enabled: false` to your `vars.yml` configuration file. We don't recommend changing these variables and suppressing warnings, unless you know what you're doing. diff --git a/examples/reverse-proxies/apache/matrix-domain.conf b/examples/reverse-proxies/apache/matrix-domain.conf index ba4af4f44..4c79558b2 100644 --- a/examples/reverse-proxies/apache/matrix-domain.conf +++ b/examples/reverse-proxies/apache/matrix-domain.conf @@ -29,7 +29,7 @@ RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} AllowEncodedSlashes NoDecode - ProxyPass / http://127.0.0.1:81 retry=0 nocanon + ProxyPass / http://127.0.0.1:81/ retry=0 nocanon ProxyPassReverse / http://127.0.0.1:81/ ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 092f390c8..b97da1813 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -471,18 +471,18 @@ matrix_homeserver_systemd_services_list: |- matrix_homeserver_container_client_api_endpoint: |- {{ { - 'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:'+ matrix_synapse_container_client_api_port|string), - 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port|string), - 'conduit': ('matrix-conduit:' + matrix_conduit_port_number|string), + 'synapse': ('matrix-synapse-reverse-proxy-companion:8008' if matrix_synapse_reverse_proxy_companion_enabled | default(false) else ('matrix-synapse:'+ matrix_synapse_container_client_api_port | default('8008') | string)), + 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), + 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), }[matrix_homeserver_implementation] }} matrix_homeserver_container_federation_api_endpoint: |- {{ { - 'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else 'matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string), - 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port|string), - 'conduit': ('matrix-conduit:' + matrix_conduit_port_number|string), + 'synapse': ('matrix-synapse-reverse-proxy-companion:8048' if matrix_synapse_reverse_proxy_companion_enabled else ('matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | default('8008') | string)), + 'dendrite': ('matrix-dendrite:' + matrix_dendrite_http_bind_port | default('8008') | string), + 'conduit': ('matrix-conduit:' + matrix_conduit_port_number | default('8008') | string), }[matrix_homeserver_implementation] }} @@ -2152,8 +2152,8 @@ matrix_bot_maubot_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }} matrix_bot_maubot_homeserver_secret: |- {{ { - 'synapse': matrix_synapse_registration_shared_secret, - 'dendrite': matrix_dendrite_client_api_registration_shared_secret, + 'synapse': matrix_synapse_registration_shared_secret | default(''), + 'dendrite': matrix_dendrite_client_api_registration_shared_secret | default(''), }[matrix_homeserver_implementation] }} @@ -2314,8 +2314,8 @@ matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in matrix_bot_postmoogle_ssl_path: |- {{ { - 'playbook-managed-traefik': devture_traefik_certs_dumper_dumped_certificates_dir_path, - 'other-traefik-container': devture_traefik_certs_dumper_dumped_certificates_dir_path, + 'playbook-managed-traefik': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2326,8 +2326,8 @@ matrix_playbook_bot_postmoogle_traefik_key: "{% for domain in matrix_bot_postmoo matrix_bot_postmoogle_tls_cert: |- {{ { - 'playbook-managed-traefik': matrix_playbook_bot_postmoogle_traefik_tls_cert, - 'other-traefik-container': matrix_playbook_bot_postmoogle_traefik_tls_cert, + 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2335,8 +2335,8 @@ matrix_bot_postmoogle_tls_cert: |- matrix_bot_postmoogle_tls_key: |- {{ { - 'playbook-managed-traefik': matrix_playbook_bot_postmoogle_traefik_key, - 'other-traefik-container': matrix_playbook_bot_postmoogle_traefik_key, + 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2724,8 +2724,8 @@ matrix_coturn_tls_enabled: "{{ matrix_playbook_ssl_enabled }}" matrix_coturn_tls_cert_path: |- {{ { - 'playbook-managed-traefik': '/certificate.crt', - 'other-traefik-container': '/certificate.crt', + 'playbook-managed-traefik': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2733,8 +2733,8 @@ matrix_coturn_tls_cert_path: |- matrix_coturn_tls_key_path: |- {{ { - 'playbook-managed-traefik': '/privatekey.key', - 'other-traefik-container': '/privatekey.key', + 'playbook-managed-traefik': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''), + 'other-traefik-container': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2753,7 +2753,7 @@ matrix_coturn_container_additional_volumes: | 'dst': '/privatekey.key', 'options': 'ro', }, - ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] + ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled and (matrix_coturn_tls_cert_path and matrix_coturn_tls_key_path)) else [] ) }} @@ -4490,8 +4490,8 @@ matrix_registration_riot_instance: "{{ ('https://' + matrix_server_fqn_element) matrix_registration_shared_secret: |- {{ { - 'synapse': matrix_synapse_registration_shared_secret, - 'dendrite': matrix_dendrite_client_api_registration_shared_secret, + 'synapse': matrix_synapse_registration_shared_secret | default (''), + 'dendrite': matrix_dendrite_client_api_registration_shared_secret | default (''), 'conduit': '', }[matrix_homeserver_implementation] }} diff --git a/requirements.yml b/requirements.yml index 258ace316..9b557b48c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -40,7 +40,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.1-4 + version: v16.1-5 name: postgres - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 7eadc992ca952fc29bf3fab5aa6335fa82ff01e5 diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index e2fef17bd..a4c31bfcd 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -291,7 +291,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition: # because addon services (e.g. bridges, bots) cannot properly pass a `Host` HTTP header when making # requests to the endpoint's address (e.g. `http://devture-traefik:8008/`). # This entrypoint only aims to handle a single "virtual host" - one dealing with the homeserver's Client-Server API. -matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: true +matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-internal-matrix-client-api matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port: 8008 matrix_playbook_internal_matrix_client_api_traefik_entrypoint_host_bind_port: '' diff --git a/roles/custom/matrix-bot-buscarron/templates/labels.j2 b/roles/custom/matrix-bot-buscarron/templates/labels.j2 index 9150a44bf..b5f020a17 100644 --- a/roles/custom/matrix-bot-buscarron/templates/labels.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_bot_buscarron_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% set middlewares_metrics = [] %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-bot-buscarron.tls={{ matrix_bot_buscarron_container_ {% if matrix_bot_buscarron_container_labels_traefik_tls %} traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080 {% endif %} diff --git a/roles/custom/matrix-bot-go-neb/templates/labels.j2 b/roles/custom/matrix-bot-go-neb/templates/labels.j2 index 54aa25835..1f0123add 100644 --- a/roles/custom/matrix-bot-go-neb/templates/labels.j2 +++ b/roles/custom/matrix-bot-go-neb/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_bot_go_neb_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-bot-go-neb.loadbalancer.server.port=4050 + {% set middlewares = [] %} {% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-bot-go-neb.tls={{ matrix_bot_go_neb_container_labels traefik.http.routers.matrix-bot-go-neb.tls.certResolver={{ matrix_bot_go_neb_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-bot-go-neb.loadbalancer.server.port=4050 {% endif %} {{ matrix_bot_go_neb_container_labels_additional_labels }} diff --git a/roles/custom/matrix-bot-honoroit/templates/labels.j2 b/roles/custom/matrix-bot-honoroit/templates/labels.j2 index 8e20ea459..ef210c49d 100644 --- a/roles/custom/matrix-bot-honoroit/templates/labels.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_bot_honoroit_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-bot-honoroit-metrics.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% set middlewares_metrics = [] %} @@ -43,7 +45,6 @@ traefik.http.routers.matrix-bot-honoroit-metrics.tls={{ matrix_bot_honoroit_cont {% if matrix_bot_honoroit_container_labels_traefik_tls %} traefik.http.routers.matrix-bot-honoroit-metrics.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-bot-honoroit-metrics.loadbalancer.server.port=8080 {% endif %} {% endif %} diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 6d9210245..e7f46a7cc 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -201,10 +201,9 @@ matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false # noqa var-naming # - fec0::/10 matrix_hookshot_widgets_disallowedIpRanges: '' # noqa var-naming matrix_hookshot_widgets_internal: "/widgetapi" -# Default value of matrix_hookshot_widgets_endpoint: "/hookshot/widgetapi" matrix_hookshot_widgets_hostname: "{{ matrix_hookshot_public_hostname }}" matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}" -matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" # noqa var-naming +matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static/" # noqa var-naming matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" # noqa var-naming diff --git a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 index 35d47b9fd..31c035300 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/labels.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/labels.j2 @@ -5,6 +5,12 @@ traefik.enable=true traefik.docker.network={{ matrix_hookshot_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-hookshot-webhooks.loadbalancer.server.port={{ matrix_hookshot_webhook_port }} +traefik.http.services.matrix-hookshot-appservice.loadbalancer.server.port={{ matrix_hookshot_appservice_port }} +traefik.http.services.matrix-hookshot-widgets.loadbalancer.server.port={{ matrix_hookshot_widgets_port }} +traefik.http.services.matrix-hookshot-provisioning.loadbalancer.server.port={{ matrix_hookshot_provisioning_port }} +traefik.http.services.matrix-hookshot-metrics.loadbalancer.server.port={{ matrix_hookshot_metrics_port }} + {% if matrix_hookshot_container_labels_webhooks_enabled %} ############################################################ # # @@ -12,8 +18,6 @@ traefik.docker.network={{ matrix_hookshot_container_labels_traefik_docker_networ # # ############################################################ -traefik.http.services.matrix-hookshot-webhooks.loadbalancer.server.port={{ matrix_hookshot_webhook_port }} - traefik.http.middlewares.matrix-hookshot-webhooks-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_webhook_endpoint }} traefik.http.routers.matrix-hookshot-webhooks.rule={{ matrix_hookshot_container_labels_webhooks_traefik_rule }} @@ -47,8 +51,6 @@ traefik.http.routers.matrix-hookshot-webhooks.tls.certResolver={{ matrix_hooksho # # ############################################################ -traefik.http.services.matrix-hookshot-appservice.loadbalancer.server.port={{ matrix_hookshot_appservice_port }} - traefik.http.middlewares.matrix-hookshot-appservice-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_appservice_endpoint }} traefik.http.routers.matrix-hookshot-appservice.rule={{ matrix_hookshot_container_labels_appservice_traefik_rule }} @@ -81,12 +83,15 @@ traefik.http.routers.matrix-hookshot-appservice.tls.certResolver={{ matrix_hooks # # ############################################################ -traefik.http.services.matrix-hookshot-widgets.loadbalancer.server.port={{ matrix_hookshot_widgets_port }} +# Redirect `{PREFIX}/widgetapi/v1/static` to `{PREFIX}/widgetapi/v1/static/`. +# Hookshot does it too, but does not obey the prefix, which leads people elsewhere. +traefik.http.middlewares.matrix-hookshot-widgets-slashless-redirect.redirectregex.regex=({{ matrix_hookshot_widgets_endpoint | quote }}/v1/static)$ +traefik.http.middlewares.matrix-hookshot-widgets-slashless-redirect.redirectregex.replacement=${1}/ -traefik.http.middlewares.matrix-hookshot-widgets-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_widgets_endpoint }} +traefik.http.middlewares.matrix-hookshot-widgets-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_public_endpoint }} traefik.http.routers.matrix-hookshot-widgets.rule={{ matrix_hookshot_container_labels_widgets_traefik_rule }} -traefik.http.routers.matrix-hookshot-widgets.middlewares=matrix-hookshot-widgets-strip-prefix +traefik.http.routers.matrix-hookshot-widgets.middlewares=matrix-hookshot-widgets-slashless-redirect,matrix-hookshot-widgets-strip-prefix {% if matrix_hookshot_container_labels_widgets_traefik_priority | int > 0 %} traefik.http.routers.matrix-hookshot-widgets.priority={{ matrix_hookshot_container_labels_widgets_traefik_priority }} @@ -114,8 +119,6 @@ traefik.http.routers.matrix-hookshot-widgets.tls.certResolver={{ matrix_hookshot # # ############################################################ -traefik.http.services.matrix-hookshot-provisioning.loadbalancer.server.port={{ matrix_hookshot_provisioning_port }} - traefik.http.middlewares.matrix-hookshot-provisioning-strip-prefix.stripprefix.prefixes={{ matrix_hookshot_provisioning_endpoint }} traefik.http.routers.matrix-hookshot-provisioning.rule={{ matrix_hookshot_container_labels_provisioning_traefik_rule }} @@ -148,8 +151,6 @@ traefik.http.routers.matrix-hookshot-provisioning.tls.certResolver={{ matrix_hoo # # ############################################################ -traefik.http.services.matrix-hookshot-metrics.loadbalancer.server.port={{ matrix_hookshot_metrics_port }} - {% set metricsMiddlewares = ['matrix-hookshot-metrics-replace-path'] %} traefik.http.middlewares.matrix-hookshot-metrics-replace-path.replacepath.path=/metrics diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/labels.j2 index a1cce4e45..d71e7eed2 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/labels.j2 @@ -5,6 +5,9 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_facebook_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-facebook-appservice.loadbalancer.server.port=29319 +traefik.http.services.matrix-mautrix-facebook-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_facebook_container_labels_public_endpoint_enabled %} ############################################################ # # @@ -12,8 +15,6 @@ traefik.docker.network={{ matrix_mautrix_facebook_container_labels_traefik_docke # # ############################################################ -traefik.http.services.matrix-mautrix-facebook-appservice.loadbalancer.server.port=29319 - traefik.http.routers.matrix-mautrix-facebook-public.rule={{ matrix_mautrix_facebook_container_labels_public_endpoint_traefik_rule }} {% if matrix_mautrix_facebook_container_labels_public_endpoint_traefik_priority | int > 0 %} @@ -43,8 +44,6 @@ traefik.http.routers.matrix-mautrix-facebook-public.tls.certResolver={{ matrix_m # # ############################################################ -traefik.http.services.matrix-mautrix-facebook-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-facebook-metrics-basic-auth.basicauth.users={{ matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-facebook-metrics.middlewares=matrix-mautrix-facebook-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2 index f960ef01e..1beea2c1c 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_gmessages_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-gmessages-metrics.loadbalancer.server.port=8001 + {% if matrix_mautrix_gmessages_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_gmessages_container_labels_traefik_dock # # ############################################################ -traefik.http.services.matrix-mautrix-gmessages-metrics.loadbalancer.server.port=8001 - {% if matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-gmessages-metrics-basic-auth.basicauth.users={{ matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-gmessages-metrics.middlewares=matrix-mautrix-gmessages-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/labels.j2 index d43bb1ad8..8f35f5c51 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/labels.j2 @@ -5,6 +5,9 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_googlechat_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-googlechat-public.loadbalancer.server.port=8080 +traefik.http.services.matrix-mautrix-googlechat-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_googlechat_container_labels_public_endpoint_enabled %} ############################################################ # # @@ -12,8 +15,6 @@ traefik.docker.network={{ matrix_mautrix_googlechat_container_labels_traefik_doc # # ############################################################ -traefik.http.services.matrix-mautrix-googlechat-public.loadbalancer.server.port=8080 - traefik.http.routers.matrix-mautrix-googlechat-public.rule={{ matrix_mautrix_googlechat_container_labels_public_endpoint_traefik_rule }} {% if matrix_mautrix_googlechat_container_labels_public_endpoint_traefik_priority | int > 0 %} @@ -43,8 +44,6 @@ traefik.http.routers.matrix-mautrix-googlechat-public.tls.certResolver={{ matrix # # ############################################################ -traefik.http.services.matrix-mautrix-googlechat-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_googlechat_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-googlechat-metrics-basic-auth.basicauth.users={{ matrix_mautrix_googlechat_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-googlechat-metrics.middlewares=matrix-mautrix-googlechat-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-hangouts/templates/labels.j2 index b5e561fdf..31dd03e2d 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-hangouts/templates/labels.j2 @@ -5,6 +5,9 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_hangouts_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-hangouts-public.loadbalancer.server.port=8080 +traefik.http.services.matrix-mautrix-hangouts-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_hangouts_container_labels_public_endpoint_enabled %} ############################################################ # # @@ -12,8 +15,6 @@ traefik.docker.network={{ matrix_mautrix_hangouts_container_labels_traefik_docke # # ############################################################ -traefik.http.services.matrix-mautrix-hangouts-public.loadbalancer.server.port=8080 - traefik.http.routers.matrix-mautrix-hangouts-public.rule={{ matrix_mautrix_hangouts_container_labels_public_endpoint_traefik_rule }} {% if matrix_mautrix_hangouts_container_labels_public_endpoint_traefik_priority | int > 0 %} @@ -43,8 +44,6 @@ traefik.http.routers.matrix-mautrix-hangouts-public.tls.certResolver={{ matrix_m # # ############################################################ -traefik.http.services.matrix-mautrix-hangouts-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_hangouts_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-hangouts-metrics-basic-auth.basicauth.users={{ matrix_mautrix_hangouts_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-hangouts-metrics.middlewares=matrix-mautrix-hangouts-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/labels.j2 index e05a2162b..c67f2264d 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_instagram_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-instagram-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_instagram_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_instagram_container_labels_traefik_dock # # ############################################################ -traefik.http.services.matrix-mautrix-instagram-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-instagram-metrics-basic-auth.basicauth.users={{ matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-instagram-metrics.middlewares=matrix-mautrix-instagram-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2 index cbc35ed36..fb912080a 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_signal_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-signal-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_signal_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_signal_container_labels_traefik_docker_ # # ############################################################ -traefik.http.services.matrix-mautrix-signal-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-signal-metrics-basic-auth.basicauth.users={{ matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-signal-metrics.middlewares=matrix-mautrix-signal-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2 index 15018362f..e54502e74 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_twitter_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-twitter-metrics.loadbalancer.server.port=8000 + {% if matrix_mautrix_twitter_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_twitter_container_labels_traefik_docker # # ############################################################ -traefik.http.services.matrix-mautrix-twitter-metrics.loadbalancer.server.port=8000 - {% if matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-twitter-metrics-basic-auth.basicauth.users={{ matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-twitter-metrics.middlewares=matrix-mautrix-twitter-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2 index 1483f9305..23f94361e 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mautrix_whatsapp_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mautrix-whatsapp-metrics.loadbalancer.server.port=8001 + {% if matrix_mautrix_whatsapp_container_labels_metrics_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mautrix_whatsapp_container_labels_traefik_docke # # ############################################################ -traefik.http.services.matrix-mautrix-whatsapp-metrics.loadbalancer.server.port=8001 - {% if matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled %} traefik.http.middlewares.matrix-mautrix-whatsapp-metrics-basic-auth.basicauth.users={{ matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users }} traefik.http.routers.matrix-mautrix-whatsapp-metrics.middlewares=matrix-mautrix-whatsapp-metrics-basic-auth diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 b/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 index 5f24230d3..0937c9d75 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-slack/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_mx_puppet_slack_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-mx-puppet-slack.loadbalancer.server.port={{ matrix_mx_puppet_slack_appservice_port }} + {% if matrix_mx_puppet_slack_container_labels_public_endpoint_enabled %} ############################################################ # # @@ -12,8 +14,6 @@ traefik.docker.network={{ matrix_mx_puppet_slack_container_labels_traefik_docker # # ############################################################ -traefik.http.services.matrix-mx-puppet-slack.loadbalancer.server.port={{ matrix_mx_puppet_slack_appservice_address }} - traefik.http.routers.matrix-mx-puppet-slack-public.rule={{ matrix_mx_puppet_slack_container_labels_public_endpoint_traefik_rule }} {% if matrix_mx_puppet_slack_container_labels_public_endpoint_traefik_priority | int > 0 %} diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/templates/labels.j2 b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/labels.j2 index 1c20ab174..9aef5fe0d 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/templates/labels.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/labels.j2 @@ -5,13 +5,14 @@ traefik.enable=true traefik.docker.network={{ matrix_mx_puppet_twitter_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.martix-mx-puppet-twitter.loadbalancer.server.port={{ matrix_mx_puppet_twitter_appservice_port }} + {% if matrix_mx_puppet_twitter_container_labels_public_endpoint_enabled %} ############################################################ # # # Public # # # ############################################################ -traefik.http.services.martix-mx-puppet-twitter.loadbalancer.server.port={{ matrix_mx_puppet_twitter_appservice_port }} traefik.http.routers.matrix-mx-puppet-twitter-public.rule={{ matrix_mx_puppet_twitter_container_labels_public_endpoint_traefik_rule }} diff --git a/roles/custom/matrix-cactus-comments-client/templates/labels.j2 b/roles/custom/matrix-cactus-comments-client/templates/labels.j2 index 83c140ca7..274ba9e07 100644 --- a/roles/custom/matrix-cactus-comments-client/templates/labels.j2 +++ b/roles/custom/matrix-cactus-comments-client/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_cactus_comments_client_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-cactus-comments-client.loadbalancer.server.port={{ matrix_cactus_comments_client_environment_variable_server_port }} + {% if matrix_cactus_comments_client_container_labels_public_enabled %} ############################################################ @@ -13,8 +15,6 @@ traefik.docker.network={{ matrix_cactus_comments_client_container_labels_traefik # # ############################################################ -traefik.http.services.matrix-cactus-comments-client.loadbalancer.server.port={{ matrix_cactus_comments_client_environment_variable_server_port }} - {% set public_middlewares = [] %} {% if matrix_cactus_comments_client_container_labels_public_traefik_path_prefix != '/' %} diff --git a/roles/custom/matrix-client-cinny/templates/labels.j2 b/roles/custom/matrix-client-cinny/templates/labels.j2 index f1c4f49ad..ede967226 100644 --- a/roles/custom/matrix-client-cinny/templates/labels.j2 +++ b/roles/custom/matrix-client-cinny/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_client_cinny_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-client-cinny.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% if matrix_client_cinny_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-client-cinny.tls={{ matrix_client_cinny_container_la traefik.http.routers.matrix-client-cinny.tls.certResolver={{ matrix_client_cinny_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-client-cinny.loadbalancer.server.port=8080 {% endif %} {{ matrix_client_cinny_container_labels_additional_labels }} diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 4fb7b2eeb..305deae19 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.54 +matrix_client_element_version: v1.11.55 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-client-element/templates/labels.j2 b/roles/custom/matrix-client-element/templates/labels.j2 index de67299e2..8de199918 100644 --- a/roles/custom/matrix-client-element/templates/labels.j2 +++ b/roles/custom/matrix-client-element/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_client_element_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-client-element.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% if matrix_client_element_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-client-element.tls={{ matrix_client_element_containe traefik.http.routers.matrix-client-element.tls.certResolver={{ matrix_client_element_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-client-element.loadbalancer.server.port=8080 {% endif %} {{ matrix_client_element_container_labels_additional_labels }} diff --git a/roles/custom/matrix-client-hydrogen/templates/labels.j2 b/roles/custom/matrix-client-hydrogen/templates/labels.j2 index 71c3ca59e..f5ccf8c97 100644 --- a/roles/custom/matrix-client-hydrogen/templates/labels.j2 +++ b/roles/custom/matrix-client-hydrogen/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_client_hydrogen_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-client-hydrogen.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% if matrix_client_hydrogen_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-client-hydrogen.tls={{ matrix_client_hydrogen_contai traefik.http.routers.matrix-client-hydrogen.tls.certResolver={{ matrix_client_hydrogen_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-client-hydrogen.loadbalancer.server.port=8080 {% endif %} {{ matrix_client_hydrogen_container_labels_additional_labels }} diff --git a/roles/custom/matrix-client-schildichat/templates/labels.j2 b/roles/custom/matrix-client-schildichat/templates/labels.j2 index 85e279821..25f19f6b4 100644 --- a/roles/custom/matrix-client-schildichat/templates/labels.j2 +++ b/roles/custom/matrix-client-schildichat/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_client_schildichat_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-client-schildichat.loadbalancer.server.port=8080 + {% set middlewares = [] %} {% if matrix_client_schildichat_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-client-schildichat.tls={{ matrix_client_schildichat_ traefik.http.routers.matrix-client-schildichat.tls.certResolver={{ matrix_client_schildichat_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-client-schildichat.loadbalancer.server.port=8080 {% endif %} {{ matrix_client_schildichat_container_labels_additional_labels }} diff --git a/roles/custom/matrix-corporal/templates/labels.j2 b/roles/custom/matrix-corporal/templates/labels.j2 index 7b650edee..e28fd7761 100644 --- a/roles/custom/matrix-corporal/templates/labels.j2 +++ b/roles/custom/matrix-corporal/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_corporal_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-corporal-api.loadbalancer.server.port=41081 +traefik.http.services.matrix-corporal-gateway.loadbalancer.server.port=41080 {% if matrix_corporal_container_labels_api_enabled %} ############################################################ @@ -13,8 +15,6 @@ traefik.docker.network={{ matrix_corporal_container_labels_traefik_docker_networ # # ############################################################ -traefik.http.services.matrix-corporal-api.loadbalancer.server.port=41081 - traefik.http.routers.matrix-corporal-api.rule={{ matrix_corporal_container_labels_api_traefik_rule }} {% if matrix_corporal_container_labels_api_traefik_priority | int > 0 %} @@ -44,8 +44,6 @@ traefik.http.routers.matrix-corporal-api.tls.certResolver={{ matrix_corporal_con # # ############################################################ -traefik.http.services.matrix-corporal-gateway.loadbalancer.server.port=41080 - traefik.http.routers.matrix-corporal-matrix-client-api.rule={{ matrix_corporal_container_labels_matrix_client_api_traefik_rule }} {% if matrix_corporal_container_labels_matrix_client_api_traefik_priority | int > 0 %} diff --git a/roles/custom/matrix-dimension/templates/labels.j2 b/roles/custom/matrix-dimension/templates/labels.j2 index 24b570cbb..09ad07b96 100644 --- a/roles/custom/matrix-dimension/templates/labels.j2 +++ b/roles/custom/matrix-dimension/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_dimension_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-dimension.loadbalancer.server.port=8184 + {% set middlewares = [] %} {% if matrix_dimension_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-dimension.tls={{ matrix_dimension_container_labels_t traefik.http.routers.matrix-dimension.tls.certResolver={{ matrix_dimension_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-dimension.loadbalancer.server.port=8184 {% endif %} {{ matrix_dimension_container_labels_additional_labels }} diff --git a/roles/custom/matrix-rageshake/templates/labels.j2 b/roles/custom/matrix-rageshake/templates/labels.j2 index cdaf5f6af..626c2fb7c 100644 --- a/roles/custom/matrix-rageshake/templates/labels.j2 +++ b/roles/custom/matrix-rageshake/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_rageshake_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-rageshake.loadbalancer.server.port=9110 + {% set middlewares = [] %} {% if matrix_rageshake_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-rageshake.tls={{ matrix_rageshake_container_labels_t traefik.http.routers.matrix-rageshake.tls.certResolver={{ matrix_rageshake_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-rageshake.loadbalancer.server.port=9110 {% endif %} {{ matrix_rageshake_container_labels_additional_labels }} diff --git a/roles/custom/matrix-sliding-sync/templates/labels.j2 b/roles/custom/matrix-sliding-sync/templates/labels.j2 index 665492499..aecc5a8a9 100644 --- a/roles/custom/matrix-sliding-sync/templates/labels.j2 +++ b/roles/custom/matrix-sliding-sync/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_sliding_sync_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008 + {% set middlewares = [] %} {% if matrix_sliding_sync_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-sliding-sync.tls={{ matrix_sliding_sync_container_la traefik.http.routers.matrix-sliding-sync.tls.certResolver={{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008 {% endif %} {{ matrix_sliding_sync_container_labels_additional_labels }} diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml index 966d04437..75c87494a 100644 --- a/roles/custom/matrix-static-files/defaults/main.yml +++ b/roles/custom/matrix-static-files/defaults/main.yml @@ -176,6 +176,12 @@ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_re # See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods: [] +# Controls the io.element.e2ee/force_disable property in the /.well-known/matrix/client file, +# which can be set to `true` to instruct Element whether to disable End-to-End Encryption by default +# and to not show encryption related-settings in room settings. +# See: https://github.com/element-hq/element-web/blob/develop/docs/e2ee.md +matrix_static_files_file_matrix_client_property_io_element_e2ee_force_disable: false + # Default /.well-known/matrix/client configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 index ca272fe35..5a3deb6a2 100644 --- a/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 +++ b/roles/custom/matrix-static-files/templates/public/.well-known/matrix/client.j2 @@ -39,7 +39,8 @@ "io.element.e2ee": { "default": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_default|to_json }}, "secure_backup_required": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required|to_json }}, - "secure_backup_setup_methods": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods|to_json }} + "secure_backup_setup_methods": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods|to_json }}, + "force_disable": {{ matrix_static_files_file_matrix_client_property_io_element_e2ee_force_disable|to_json }} } {% endif %} {% if matrix_static_files_file_matrix_client_property_io_element_e2ee_entries_enabled %}, diff --git a/roles/custom/matrix-sygnal/templates/labels.j2 b/roles/custom/matrix-sygnal/templates/labels.j2 index 964805894..3ef6731c3 100644 --- a/roles/custom/matrix-sygnal/templates/labels.j2 +++ b/roles/custom/matrix-sygnal/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_sygnal_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-sygnal.loadbalancer.server.port=6000 + {% set middlewares = [] %} {% if matrix_sygnal_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-sygnal.tls={{ matrix_sygnal_container_labels_traefik traefik.http.routers.matrix-sygnal.tls.certResolver={{ matrix_sygnal_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-sygnal.loadbalancer.server.port=6000 {% endif %} {{ matrix_sygnal_container_labels_additional_labels }} diff --git a/roles/custom/matrix-synapse-admin/templates/labels.j2 b/roles/custom/matrix-synapse-admin/templates/labels.j2 index 946fd6c98..b4e973e00 100644 --- a/roles/custom/matrix-synapse-admin/templates/labels.j2 +++ b/roles/custom/matrix-synapse-admin/templates/labels.j2 @@ -5,6 +5,8 @@ traefik.enable=true traefik.docker.network={{ matrix_synapse_admin_container_labels_traefik_docker_network }} {% endif %} +traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80 + {% set middlewares = [] %} {% if matrix_synapse_admin_container_labels_traefik_path_prefix != '/' %} @@ -39,7 +41,6 @@ traefik.http.routers.matrix-synapse-admin.tls={{ matrix_synapse_admin_container_ traefik.http.routers.matrix-synapse-admin.tls.certResolver={{ matrix_synapse_admin_container_labels_traefik_tls_certResolver }} {% endif %} -traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80 {% endif %} {{ matrix_synapse_admin_container_labels_additional_labels }} diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 index dcb6ebeea..b3b8165e8 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2 @@ -17,7 +17,7 @@ {% if workers | length > 0 %} upstream {{ name }} { {{ load_balance }} - keepalive {{ workers | length * 2 }}; + keepalive {{ ((workers | length) * 2) | string }}; {% for worker in workers %} server "{{ worker.name }}:{{ worker.port }}"; {% endfor %} diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml index b870309d5..0c797cb10 100644 --- a/roles/custom/matrix_playbook_migration/defaults/main.yml +++ b/roles/custom/matrix_playbook_migration/defaults/main.yml @@ -56,8 +56,8 @@ matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks # Controls if (`matrix_ssl_`) leftover variable checks will run. matrix_playbook_migration_matrix_ssl_leftover_variable_checks_enabled: true -# Controls whether this role will try to detect and clean up after the matrix-nginx-proxy role. -# When enabled, the systemd serivce will be stopped and removed, as well as all data in `/matrix/nginx-proxy +# Controls whether this role will delete old files left over from `matrix-nginx-proxy`. +# Regardless of this value, if discovered, a `matrix-nginx-proxy.service` systemd serivce will be stopped and removed. matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled: true # Controls whether this role will try to detect and clean up the /matrix/ssl files. diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index 552b0af29..bbee3000f 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -33,8 +33,7 @@ block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/cleanup_matrix_static_files_well_known.yml" -- when: matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled | bool - tags: +- tags: - setup-all - install-all block: diff --git a/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml b/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml index f1fa4f518..acfacddb0 100644 --- a/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml +++ b/roles/custom/matrix_playbook_migration/tasks/uninstall_matrix_nginx_proxy.yml @@ -19,7 +19,8 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" state: absent - - name: Ensure matrix-proxy-files files are deleted - ansible.builtin.file: - path: "{{ matrix_base_data_path }}/nginx-proxy" - state: absent +- name: Ensure matrix-proxy-files files are deleted + when: matrix_playbook_migration_matrix_nginx_proxy_uninstallation_enabled | bool + ansible.builtin.file: + path: "{{ matrix_base_data_path }}/nginx-proxy" + state: absent