Put all homeservers in the matrix-homeserver container network

2024-01-05 16:46:30 +02:00 · 2024-01-05 16:46:30 +02:00 · 9488e3857a
commit 9488e3857a
parent 1be90cf87d
7 changed files with 41 additions and 31 deletions
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -485,15 +485,6 @@ matrix_homeserver_container_federation_api_endpoint: |-
    }[matrix_homeserver_implementation]
  }}

-matrix_homeserver_container_network: |-
-  {{
-    {
-      'synapse': (matrix_synapse_reverse_proxy_companion_container_network if matrix_synapse_reverse_proxy_companion_enabled else matrix_synapse_container_network),
-      'dendrite': matrix_dendrite_container_network,
-      'conduit': matrix_conduit_container_network,
-    }[matrix_homeserver_implementation]
-  }}
-
 matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
 matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"

@ -3785,6 +3776,8 @@ matrix_synapse_container_metrics_api_host_bind_port: "{{ (matrix_playbook_servic
 # For exposing the Synapse Manhole port (plain HTTP) to the local host.
 matrix_synapse_container_manhole_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9000') if matrix_synapse_metrics_enabled and matrix_playbook_service_host_bind_interface_prefix else '' }}"

+matrix_synapse_container_network: "{{ matrix_homeserver_container_network }}"
+
 matrix_synapse_container_additional_networks: |
  {{
    (
@ -4414,16 +4407,20 @@ matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_gener

 matrix_dendrite_enabled: "{{ matrix_homeserver_implementation == 'dendrite' }}"

-# Normally, matrix-nginx-proxy is enabled and nginx can reach Dendrite over the container network.
-# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it,
-# you can expose Dendrite's ports to the host.
-#
-# For exposing Dendrite's plain HTTP server to the local host.
+matrix_dendrite_container_network: "{{ matrix_homeserver_container_network }}"
+
+matrix_dendrite_container_additional_networks: |
+  {{
+    (
+      ([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_container_network != matrix_dendrite_container_network and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
+    )
+  }}
+
 matrix_dendrite_container_http_host_bind_address: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_dendrite_http_bind_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
-#
-# For exposing Dendrite's HTTPS server to the local host.
 matrix_dendrite_container_https_host_bind_address: "{{ '' if not matrix_dendrite_https_bind_port or not matrix_playbook_service_host_bind_interface_prefix else (matrix_playbook_service_host_bind_interface_prefix + matrix_dendrite_https_bind_port | string) }}"

+matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
+
 matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}"

 matrix_dendrite_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
@ -4452,11 +4449,9 @@ matrix_dendrite_self_check_validate_certificates: "{{ false if matrix_playbook_s

 matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else ['matrix.org', 'vector.im'] }}"

-matrix_dendrite_systemd_required_services_list: |
+matrix_dendrite_systemd_required_services_list_auto: |
  {{
-    (['docker.service'])
-    +
-    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+    ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else [])
    +
    (['matrix-goofys.service'] if matrix_s3_media_store_enabled else [])
  }}
@ -4466,7 +4461,6 @@ matrix_dendrite_systemd_wanted_services_list: |
    (['matrix-coturn.service'] if matrix_coturn_enabled else [])
  }}

-matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}"
 matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}"

 ######################################################################
@ -4475,6 +4469,7 @@ matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service
 #
 ######################################################################

+
 ######################################################################
 #
 # matrix-conduit
@ -4483,10 +4478,7 @@ matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service

 matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}"

-matrix_conduit_systemd_required_services_list: |
-  {{
-    (['docker.service'])
-  }}
+matrix_conduit_container_network: "{{ matrix_homeserver_container_network }}"

 ######################################################################
 #
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@ -142,7 +142,7 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"

 # Specifies on which container network the homeserver is.
-matrix_homeserver_container_network: ""
+matrix_homeserver_container_network: "matrix-homeserver"

 # Specifies which systemd services are responsible for the homeserver
 matrix_homeserver_systemd_services_list: []
--- a/roles/custom/matrix-conduit/defaults/main.yml
+++ b/roles/custom/matrix-conduit/defaults/main.yml
@ -19,13 +19,16 @@ matrix_conduit_port_number: 6167
 matrix_conduit_tmp_directory_size_mb: 500

 # List of systemd services that matrix-conduit.service depends on
-matrix_conduit_systemd_required_services_list: ["docker.service"]
+matrix_conduit_systemd_required_services_list: "{{ matrix_conduit_systemd_required_services_list_default + matrix_conduit_systemd_required_services_list_auto + matrix_conduit_systemd_required_services_list_custom }}"
+matrix_conduit_systemd_required_services_list_default: ["docker.service"]
+matrix_conduit_systemd_required_services_list_auto: []
+matrix_conduit_systemd_required_services_list_custom: []

 # List of systemd services that matrix-conduit.service wants
 matrix_conduit_systemd_wanted_services_list: []

 # The base container network. It will be auto-created by this role if it doesn't exist already.
-matrix_conduit_container_network: "{{ matrix_docker_network }}"
+matrix_conduit_container_network: ""

 # A list of additional container networks that the container would be connected to.
 # The role does not create these networks, so make sure they already exist.
--- a/roles/custom/matrix-conduit/tasks/main.yml
+++ b/roles/custom/matrix-conduit/tasks/main.yml
@ -6,6 +6,9 @@
    - install-all
    - install-conduit
  block:
+    - when: matrix_conduit_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
    - when: matrix_conduit_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"

--- a/roles/custom/matrix-conduit/tasks/validate_config.yml
+++ b/roles/custom/matrix-conduit/tasks/validate_config.yml
@ -0,0 +1,9 @@
+---
+
+- name: Fail if required Conduit settings not defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item.name }}`).
+  when: "item.when | bool and vars[item.name] == ''"
+  with_items:
+    - {'name': 'matrix_conduit_container_network', when: true}
--- a/roles/custom/matrix-dendrite/defaults/main.yml
+++ b/roles/custom/matrix-dendrite/defaults/main.yml
@ -41,7 +41,7 @@ matrix_dendrite_http_bind_address: "{{ (':' + matrix_dendrite_http_bind_port | s
 matrix_dendrite_https_bind_address: "{{ (':' + matrix_dendrite_https_bind_port | string) if matrix_dendrite_https_bind_port else '' }}"

 # The base container network. It will be auto-created by this role if it doesn't exist already.
-matrix_dendrite_container_network: "{{ matrix_docker_network }}"
+matrix_dendrite_container_network: ""

 # A list of additional container networks that the container would be connected to.
 # The role does not create these networks, so make sure they already exist.
@ -80,7 +80,10 @@ matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_argumen
 matrix_dendrite_process_extra_arguments: []

 # List of systemd services that matrix-dendrite.service depends on
-matrix_dendrite_systemd_required_services_list: ["docker.service"]
+matrix_dendrite_systemd_required_services_list: "{{ matrix_dendrite_systemd_required_services_list_default + matrix_dendrite_systemd_required_services_list_auto + matrix_dendrite_systemd_required_services_list_custom }}"
+matrix_dendrite_systemd_required_services_list_default: ["docker.service"]
+matrix_dendrite_systemd_required_services_list_auto: []
+matrix_dendrite_systemd_required_services_list_custom: []

 # List of systemd services that matrix-dendrite.service wants
 matrix_dendrite_systemd_wanted_services_list: []
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@ -115,7 +115,7 @@ matrix_synapse_container_federation_api_tls_port: 8448
 matrix_synapse_container_federation_api_plain_port: 8048

 # The base container network. It will be auto-created by this role if it doesn't exist already.
-matrix_synapse_container_network: "{{ matrix_docker_network }}"
+matrix_synapse_container_network: ''

 # A list of additional container networks that the container would be connected to.
 # The role does not create these networks, so make sure they already exist.