Add support for more flexible container port exposing
Fixes #171 (Github Issue).
This commit is contained in:
parent
5bfd22d13b
commit
ab59cc50bd
35
CHANGELOG.md
35
CHANGELOG.md
@ -1,3 +1,38 @@
|
|||||||
|
# 2019-05-25
|
||||||
|
|
||||||
|
## Support for exposing container ports publicly (not just to the host)
|
||||||
|
|
||||||
|
Until now, various roles supported a `matrix_*_expose_port` variable, which would expose their container's port to the host. This was mostly useful for reverse-proxying manually (in case `matrix-nginx-proxy` was disabled). It could also be used for installing some playbook services (e.g. bridges, etc.) and wiring them to a separate (manual) Matrix setup.
|
||||||
|
|
||||||
|
`matrix_*_expose_port` variables were not granular enough - sometimes they would expose one port, other times multiple. They also didn't provide control over **where** to expose (to which port number and to which network interface), because they would usually hardcode something like `127.0.0.1:8080`.
|
||||||
|
|
||||||
|
All such variables have been superseded by a better (more flexible) way to do it.
|
||||||
|
|
||||||
|
**Most** people (including those not using `matrix-nginx-proxy`), **don't need** to bother with this.
|
||||||
|
|
||||||
|
Porting examples follow for people having more customized setups:
|
||||||
|
|
||||||
|
- **from** `matrix_synapse_container_expose_client_api_port: true` **to** `matrix_synapse_container_client_api_host_bind_port: '127.0.0.1:8008'`
|
||||||
|
|
||||||
|
- **from** `matrix_synapse_container_expose_federation_api_port: true` **to** `matrix_synapse_container_federation_api_plain_host_bind_port: '127.0.0.1:8048'` and possibly `matrix_synapse_container_federation_api_tls_host_bind_port: '8448'`
|
||||||
|
|
||||||
|
- **from** `matrix_synapse_container_expose_metrics_port: true` **to** `matrix_synapse_container_metrics_api_host_bind_port: '127.0.0.1:9100'`
|
||||||
|
|
||||||
|
- **from** `matrix_riot_web_container_expose_port: true` **to** `matrix_riot_web_container_http_host_bind_port: '127.0.0.1:8765'`
|
||||||
|
|
||||||
|
- **from** `matrix_mxisd_container_expose_port: true` **to** `matrix_mxisd_container_http_host_bind_port: '127.0.0.1:8090'`
|
||||||
|
|
||||||
|
- **from** `matrix_dimension_container_expose_port: true` **to** `matrix_dimension_container_http_host_bind_port: '127.0.0.1:8184'`
|
||||||
|
|
||||||
|
- **from** `matrix_corporal_container_expose_ports: true` **to** `matrix_corporal_container_http_gateway_host_bind_port: '127.0.0.1:41080'` and possibly `matrix_corporal_container_http_api_host_bind_port: '127.0.0.1:41081'`
|
||||||
|
|
||||||
|
- **from** `matrix_appservice_irc_container_expose_client_server_api_port: true` **to** `matrix_appservice_irc_container_http_host_bind_port: '127.0.0.1:9999'`
|
||||||
|
|
||||||
|
- **from** `matrix_appservice_discord_container_expose_client_server_api_port: true` **to** `matrix_appservice_discord_container_http_host_bind_port: '127.0.0.1:9005'`
|
||||||
|
|
||||||
|
As always, if you forget to remove usage of some outdated variable, the playbook will warn you.
|
||||||
|
|
||||||
|
|
||||||
# 2019-05-23
|
# 2019-05-23
|
||||||
|
|
||||||
## Ansible 2.8 compatibility
|
## Ansible 2.8 compatibility
|
||||||
|
@ -36,8 +36,8 @@ matrix_appservice_discord_enabled: false
|
|||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-discord over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-discord over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# matrix-appservice-discord's client-server port to the local host (`127.0.0.1:9005`).
|
# matrix-appservice-discord's client-server port to the local host.
|
||||||
matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
|
matrix_appservice_discord_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9005' }}"
|
||||||
|
|
||||||
matrix_appservice_discord_systemd_required_services_list: |
|
matrix_appservice_discord_systemd_required_services_list: |
|
||||||
{{
|
{{
|
||||||
@ -64,8 +64,8 @@ matrix_appservice_irc_enabled: false
|
|||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# matrix-appservice-irc's client-server port to the local host (`127.0.0.1:9999`).
|
# matrix-appservice-irc's client-server port to the local host.
|
||||||
matrix_appservice_irc_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
|
matrix_appservice_irc_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9999' }}"
|
||||||
|
|
||||||
matrix_appservice_irc_systemd_required_services_list: |
|
matrix_appservice_irc_systemd_required_services_list: |
|
||||||
{{
|
{{
|
||||||
@ -162,8 +162,9 @@ matrix_corporal_enabled: false
|
|||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# matrix-corporal's web-server ports to the local host (`127.0.0.1:41080` and `127.0.0.1:41081`).
|
# matrix-corporal's web-server ports to the local host.
|
||||||
matrix_corporal_container_expose_ports: "{{ not matrix_nginx_proxy_enabled }}"
|
matrix_corporal_container_http_gateway_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:41080' }}"
|
||||||
|
matrix_corporal_container_http_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:41081' }}"
|
||||||
|
|
||||||
matrix_corporal_systemd_required_services_list: |
|
matrix_corporal_systemd_required_services_list: |
|
||||||
{{
|
{{
|
||||||
@ -222,8 +223,8 @@ matrix_dimension_enabled: false
|
|||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# the Dimension HTTP port to the local host (`127.0.0.1:8184`).
|
# the Dimension HTTP port to the local host.
|
||||||
matrix_dimension_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}"
|
matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8184' }}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
@ -264,8 +265,8 @@ matrix_mxisd_enabled: true
|
|||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach mxisd over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach mxisd over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# mxisd's web-server port to the local host (`127.0.0.1:8090`).
|
# mxisd's web-server port.
|
||||||
matrix_mxisd_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}"
|
matrix_mxisd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8090' }}"
|
||||||
|
|
||||||
# We enable Synapse integration via its Postgres database by default.
|
# We enable Synapse integration via its Postgres database by default.
|
||||||
# When using another Identity store, you might wish to disable this and define
|
# When using another Identity store, you might wish to disable this and define
|
||||||
@ -408,8 +409,8 @@ matrix_riot_web_enabled: true
|
|||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# the riot-web HTTP port to the local host (`127.0.0.1:80`).
|
# the riot-web HTTP port to the local host.
|
||||||
matrix_riot_web_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}"
|
matrix_riot_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}"
|
||||||
|
|
||||||
matrix_riot_web_default_hs_url: "{{ matrix_homeserver_url }}"
|
matrix_riot_web_default_hs_url: "{{ matrix_homeserver_url }}"
|
||||||
matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
|
matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}"
|
||||||
@ -449,15 +450,20 @@ matrix_riot_web_enable_presence_by_hs_url: |
|
|||||||
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
|
||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it,
|
||||||
# to the local host.
|
# you can expose Synapse's ports to the host.
|
||||||
#
|
#
|
||||||
# For exposing the Matrix Client API's port (plain HTTP) to the local host (`127.0.0.1:8008`).
|
# For exposing the Matrix Client API's port (plain HTTP) to the local host.
|
||||||
matrix_synapse_container_expose_client_api_port: "{{ not matrix_nginx_proxy_enabled }}"
|
matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}"
|
||||||
# For exposing the Matrix Federation API's port (plain HTTP) to the local host (`127.0.0.1:8048`).
|
#
|
||||||
matrix_synapse_container_expose_federation_api_port: "{{ not matrix_nginx_proxy_enabled }}"
|
# For exposing the Matrix Federation API's plain port (plain HTTP) to the local host.
|
||||||
|
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
|
||||||
matrix_synapse_container_expose_metrics_port: "{{ not matrix_nginx_proxy_enabled }}"
|
#
|
||||||
|
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
|
||||||
|
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
||||||
|
#
|
||||||
|
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
|
||||||
|
matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}"
|
||||||
|
|
||||||
matrix_synapse_database_host: "{{ matrix_postgres_connection_hostname }}"
|
matrix_synapse_database_host: "{{ matrix_postgres_connection_hostname }}"
|
||||||
matrix_synapse_database_user: "{{ matrix_postgres_connection_username }}"
|
matrix_synapse_database_user: "{{ matrix_postgres_connection_username }}"
|
||||||
|
@ -11,8 +11,10 @@ matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-dis
|
|||||||
matrix_appservice_discord_client_id: ''
|
matrix_appservice_discord_client_id: ''
|
||||||
matrix_appservice_discord_bot_token: ''
|
matrix_appservice_discord_bot_token: ''
|
||||||
|
|
||||||
# Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005).
|
# Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9005 in the container).
|
||||||
matrix_appservice_discord_container_expose_client_server_api_port: false
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9005"), or empty string to not expose.
|
||||||
|
matrix_appservice_discord_container_http_host_bind_port: ''
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_appservice_discord_container_extra_arguments: []
|
matrix_appservice_discord_container_extra_arguments: []
|
||||||
|
@ -8,3 +8,12 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- "matrix_appservice_discord_client_id"
|
- "matrix_appservice_discord_client_id"
|
||||||
- "matrix_appservice_discord_bot_token"
|
- "matrix_appservice_discord_bot_token"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report renamed appservice-discord variables
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
Your configuration contains a variable, which now has a different name.
|
||||||
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
when: "item.old in vars"
|
||||||
|
with_items:
|
||||||
|
- {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
|
||||||
|
@ -19,8 +19,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
|
|||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
{% if matrix_appservice_discord_container_expose_client_server_api_port %}
|
{% if matrix_appservice_discord_container_http_host_bind_port %}
|
||||||
-p 127.0.0.1:9005:9005 \
|
-p {{ matrix_appservice_discord_container_http_host_bind_port }}:9005 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_appservice_discord_base_path }}:/data \
|
-v {{ matrix_appservice_discord_base_path }}:/data \
|
||||||
{% for arg in matrix_appservice_discord_container_extra_arguments %}
|
{% for arg in matrix_appservice_discord_container_extra_arguments %}
|
||||||
|
@ -7,8 +7,10 @@ matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
|
|||||||
|
|
||||||
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
||||||
|
|
||||||
# Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999).
|
# Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container).
|
||||||
matrix_appservice_irc_container_expose_client_server_api_port: false
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
|
||||||
|
matrix_appservice_irc_container_http_host_bind_port: ''
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_appservice_irc_container_extra_arguments: []
|
matrix_appservice_irc_container_extra_arguments: []
|
||||||
|
@ -14,3 +14,11 @@
|
|||||||
You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`.
|
You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`.
|
||||||
when: "matrix_appservice_irc_configuration.ircService|default(none) is none"
|
when: "matrix_appservice_irc_configuration.ircService|default(none) is none"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report renamed appservice-irc variables
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
Your configuration contains a variable, which now has a different name.
|
||||||
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
when: "item.old in vars"
|
||||||
|
with_items:
|
||||||
|
- {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
|
||||||
|
@ -19,8 +19,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
|||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
{% if matrix_appservice_irc_container_expose_client_server_api_port %}
|
{% if matrix_appservice_irc_container_http_host_bind_port %}
|
||||||
-p 127.0.0.1:9999:9999 \
|
-p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_appservice_irc_base_path }}:/data:z \
|
-v {{ matrix_appservice_irc_base_path }}:/data:z \
|
||||||
{% for arg in matrix_appservice_irc_container_extra_arguments %}
|
{% for arg in matrix_appservice_irc_container_extra_arguments %}
|
||||||
|
@ -3,8 +3,15 @@
|
|||||||
|
|
||||||
matrix_corporal_enabled: true
|
matrix_corporal_enabled: true
|
||||||
|
|
||||||
# Controls whether the matrix-corporal web server's ports (`41080` and `41081`) are exposed outside of the container.
|
# Controls whether the matrix-corporal container exposes its gateway HTTP port (tcp/41080 in the container).
|
||||||
matrix_corporal_container_expose_ports: false
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:41080"), or empty string to not expose.
|
||||||
|
matrix_corporal_container_http_gateway_host_bind_port: ''
|
||||||
|
|
||||||
|
# Controls whether the matrix-corporal container exposes its API HTTP port (tcp/41081 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:41081"), or empty string to not expose.
|
||||||
|
matrix_corporal_container_http_api_host_bind_port: ''
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_corporal_container_extra_arguments: []
|
matrix_corporal_container_extra_arguments: []
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
- name: Fail if required matrix-corporal settings not defined
|
- name: Fail if required matrix-corporal settings not defined
|
||||||
fail:
|
fail:
|
||||||
msg: >
|
msg: >-
|
||||||
You need to define a required configuration setting (`{{ item }}`) for using matrix-corporal.
|
You need to define a required configuration setting (`{{ item }}`) for using matrix-corporal.
|
||||||
when: "vars[item] == ''"
|
when: "vars[item] == ''"
|
||||||
with_items:
|
with_items:
|
||||||
@ -15,3 +15,13 @@
|
|||||||
fail:
|
fail:
|
||||||
msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`"
|
msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`"
|
||||||
when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''"
|
when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''"
|
||||||
|
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report renamed corporal variables
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
Your configuration contains a variable, which now has a different name.
|
||||||
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
when: "item.old in vars"
|
||||||
|
with_items:
|
||||||
|
- {'old': 'matrix_corporal_container_expose_ports', 'new': '<superseded by matrix_corporal_container_http_gateway_host_bind_port and matrix_corporal_container_http_api_host_bind_port>'}
|
||||||
|
@ -17,9 +17,11 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
|||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
--read-only \
|
--read-only \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
{% if matrix_corporal_container_expose_ports %}
|
{% if matrix_corporal_container_http_gateway_host_bind_port %}
|
||||||
-p 127.0.0.1:41080:41080 \
|
-p {{ matrix_corporal_container_http_gateway_host_bind_port }}:41080 \
|
||||||
-p 127.0.0.1:41081:41081 \
|
{% endif %}
|
||||||
|
{% if matrix_corporal_container_http_api_host_bind_port %}
|
||||||
|
-p {{ matrix_corporal_container_http_api_host_bind_port }}:41081 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \
|
-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \
|
||||||
-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \
|
-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
- name: Fail if required Coturn settings not defined
|
- name: Fail if required Coturn settings not defined
|
||||||
fail:
|
fail:
|
||||||
msg: >
|
msg: >-
|
||||||
You need to define a required configuration setting (`{{ item }}`) for using Coturn.
|
You need to define a required configuration setting (`{{ item }}`) for using Coturn.
|
||||||
when: "vars[item] == ''"
|
when: "vars[item] == ''"
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -18,7 +18,10 @@ matrix_dimension_docker_image: "turt2live/matrix-dimension:latest"
|
|||||||
matrix_dimension_user_uid: 1000
|
matrix_dimension_user_uid: 1000
|
||||||
matrix_dimension_user_gid: 1000
|
matrix_dimension_user_gid: 1000
|
||||||
|
|
||||||
matrix_dimension_container_expose_port: false
|
# Controls whether the matrix-dimension container exposes its HTTP port (tcp/8184 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8184"), or empty string to not expose.
|
||||||
|
matrix_dimension_container_http_host_bind_port: ''
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_dimension_container_extra_arguments: []
|
matrix_dimension_container_extra_arguments: []
|
||||||
|
@ -13,3 +13,12 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- "matrix_synapse_federation_enabled"
|
- "matrix_synapse_federation_enabled"
|
||||||
when: "matrix_dimension_enabled|bool and not matrix_synapse_federation_enabled|bool"
|
when: "matrix_dimension_enabled|bool and not matrix_synapse_federation_enabled|bool"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report renamed Dimension variables
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
Your configuration contains a variable, which now has a different name.
|
||||||
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
when: "item.old in vars"
|
||||||
|
with_items:
|
||||||
|
- {'old': 'matrix_dimension_container_expose_port', 'new': '<superseded by matrix_dimension_container_http_host_bind_port>'}
|
||||||
|
@ -17,8 +17,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
|
|||||||
{% if matrix_dimension_widgets_allow_self_signed_ssl_certificates %}
|
{% if matrix_dimension_widgets_allow_self_signed_ssl_certificates %}
|
||||||
-e NODE_TLS_REJECT_UNAUTHORIZED=0 \
|
-e NODE_TLS_REJECT_UNAUTHORIZED=0 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if matrix_dimension_container_expose_port %}
|
{% if matrix_dimension_container_http_host_bind_port %}
|
||||||
-p 127.0.0.1:8184:8184 \
|
-p {{ matrix_dimension_container_http_host_bind_port }}:8184 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_dimension_base_path }}:/data:rw \
|
-v {{ matrix_dimension_base_path }}:/data:rw \
|
||||||
{% for arg in matrix_dimension_container_extra_arguments %}
|
{% for arg in matrix_dimension_container_extra_arguments %}
|
||||||
|
@ -1,3 +1,6 @@
|
|||||||
|
# mxisd is a Federated Matrix Identity Server
|
||||||
|
# See: https://github.com/kamax-matrix/mxisd
|
||||||
|
|
||||||
matrix_mxisd_enabled: true
|
matrix_mxisd_enabled: true
|
||||||
|
|
||||||
matrix_mxisd_docker_image: "kamax/mxisd:1.4.3"
|
matrix_mxisd_docker_image: "kamax/mxisd:1.4.3"
|
||||||
@ -5,8 +8,10 @@ matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
|
|||||||
matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
|
matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
|
||||||
matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
|
matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
|
||||||
|
|
||||||
# Controls whether the mxisd web server's port (`8090`) is exposed outside of the container.
|
# Controls whether the matrix-mxisd container exposes its HTTP port (tcp/8090 in the container).
|
||||||
matrix_mxisd_container_expose_port: false
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
|
||||||
|
matrix_mxisd_container_http_host_bind_port: ''
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_mxisd_container_extra_arguments: []
|
matrix_mxisd_container_extra_arguments: []
|
||||||
|
@ -45,3 +45,13 @@
|
|||||||
when: "vars[item] == ''"
|
when: "vars[item] == ''"
|
||||||
with_items:
|
with_items:
|
||||||
- "matrix_mxisd_threepid_medium_email_connectors_smtp_host"
|
- "matrix_mxisd_threepid_medium_email_connectors_smtp_host"
|
||||||
|
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report renamed mxisd variables
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
Your configuration contains a variable, which now has a different name.
|
||||||
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
when: "item.old in vars"
|
||||||
|
with_items:
|
||||||
|
- {'old': 'matrix_mxisd_container_expose_port', 'new': '<superseded by matrix_mxisd_container_http_host_bind_port>'}
|
||||||
|
@ -23,8 +23,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mxisd \
|
|||||||
--read-only \
|
--read-only \
|
||||||
--tmpfs=/tmp:rw,exec,nosuid,size=10m \
|
--tmpfs=/tmp:rw,exec,nosuid,size=10m \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
{% if matrix_mxisd_container_expose_port %}
|
{% if matrix_mxisd_container_http_host_bind_port %}
|
||||||
-p 127.0.0.1:8090:8090 \
|
-p {{ matrix_mxisd_container_http_host_bind_port }}:8090 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \
|
-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \
|
||||||
-v {{ matrix_mxisd_data_path }}:/var/mxisd:rw \
|
-v {{ matrix_mxisd_data_path }}:/var/mxisd:rw \
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
- name: (Deprecation) Catch and report renamed settings
|
- name: (Deprecation) Catch and report renamed settings
|
||||||
fail:
|
fail:
|
||||||
msg: >
|
msg: >-
|
||||||
Your configuration contains a variable, which now has a different name.
|
Your configuration contains a variable, which now has a different name.
|
||||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
when: "item.old in vars"
|
when: "item.old in vars"
|
||||||
|
@ -4,7 +4,10 @@ matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.2"
|
|||||||
|
|
||||||
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
||||||
|
|
||||||
matrix_riot_web_container_expose_port: false
|
# Controls whether the matrix-riot-web container exposes its HTTP port (tcp/8080 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
|
||||||
|
matrix_riot_web_container_http_host_bind_port: ''
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_riot_web_container_extra_arguments: []
|
matrix_riot_web_container_extra_arguments: []
|
||||||
|
@ -8,9 +8,9 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- "matrix_riot_web_default_hs_url"
|
- "matrix_riot_web_default_hs_url"
|
||||||
|
|
||||||
- name: (Deprecation) Catch and report renamed settings
|
- name: (Deprecation) Catch and report renamed riot-web variables
|
||||||
fail:
|
fail:
|
||||||
msg: >
|
msg: >-
|
||||||
Your configuration contains a variable, which now has a different name.
|
Your configuration contains a variable, which now has a different name.
|
||||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
when: "item.old in vars"
|
when: "item.old in vars"
|
||||||
@ -20,3 +20,4 @@
|
|||||||
- {'old': 'matrix_riot_web_homepage_template_technical', 'new': '<removed>'}
|
- {'old': 'matrix_riot_web_homepage_template_technical', 'new': '<removed>'}
|
||||||
- {'old': 'matrix_riot_web_homepage_template_building', 'new': '<removed>'}
|
- {'old': 'matrix_riot_web_homepage_template_building', 'new': '<removed>'}
|
||||||
- {'old': 'matrix_riot_web_homepage_template_contributing', 'new': '<removed>'}
|
- {'old': 'matrix_riot_web_homepage_template_contributing', 'new': '<removed>'}
|
||||||
|
- {'old': 'matrix_riot_web_container_expose_port', 'new': '<superseded by matrix_riot_web_container_http_host_bind_port>'}
|
||||||
|
@ -17,8 +17,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
|||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
--read-only \
|
--read-only \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
{% if matrix_riot_web_container_expose_port %}
|
{% if matrix_riot_web_container_http_host_bind_port %}
|
||||||
-p 127.0.0.1:8765:8080 \
|
-p {{ matrix_riot_web_container_http_host_bind_port }}:8080 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
||||||
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
matrix_riot_web_embedded_pages_home_url: "{{ (none if matrix_riot_web_embedded_pages_home_path is none else 'home.html') }}"
|
matrix_riot_web_embedded_pages_home_url: "{{ ('' if matrix_riot_web_embedded_pages_home_path is none else 'home.html') }}"
|
||||||
|
@ -12,16 +12,32 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
|
|||||||
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
||||||
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
|
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
|
||||||
|
|
||||||
# Controls whether the Synapse container exposes the Client/Server API port (tcp/8008).
|
# Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container).
|
||||||
matrix_synapse_container_expose_client_api_port: false
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose.
|
||||||
|
matrix_synapse_container_client_api_host_bind_port: ''
|
||||||
|
|
||||||
# Controls whether the Synapse container exposes the Server/Server (Federation) API port (tcp/8048).
|
# Controls whether the matrix-synapse container exposes the plain (unencrypted) Server/Server (Federation) API port (tcp/8048 in the container).
|
||||||
# This is for the plain HTTP API. If you need Synapse to handle TLS encryption,
|
#
|
||||||
# that would be on another port (tcp/8448) controlled by `matrix_synapse_tls_federation_listener_enabled`.
|
# Takes effect only if federation is enabled (matrix_synapse_federation_enabled).
|
||||||
matrix_synapse_container_expose_federation_api_port: false
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose.
|
||||||
|
matrix_synapse_container_federation_api_plain_host_bind_port: ''
|
||||||
|
|
||||||
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100).
|
# Controls whether the matrix-synapse container exposes the tls (encrypted) Server/Server (Federation) API port (tcp/8448 in the container).
|
||||||
matrix_synapse_container_expose_metrics_port: false
|
#
|
||||||
|
# Takes effect only if federation is enabled (matrix_synapse_federation_enabled)
|
||||||
|
# and TLS support is enabled (matrix_synapse_tls_federation_listener_enabled).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "8448"), or empty string to not expose.
|
||||||
|
matrix_synapse_container_federation_api_tls_host_bind_port: ''
|
||||||
|
|
||||||
|
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100 in the container).
|
||||||
|
#
|
||||||
|
# Takes effect only if metrics are enabled (matrix_synapse_metrics_enabled).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.
|
||||||
|
matrix_synapse_container_metrics_api_host_bind_port: ''
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_synapse_container_extra_arguments: []
|
matrix_synapse_container_extra_arguments: []
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
when: "item.old in vars"
|
when: "item.old in vars"
|
||||||
with_items:
|
with_items:
|
||||||
- {'old': 'matrix_synapse_container_expose_api_port', 'new': 'matrix_synapse_container_expose_client_api_port'}
|
- {'old': 'matrix_synapse_container_expose_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
||||||
- {'old': 'matrix_synapse_no_tls', 'new': '<removed>'}
|
- {'old': 'matrix_synapse_no_tls', 'new': '<removed>'}
|
||||||
- {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'}
|
- {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'}
|
||||||
- {'old': 'matrix_alias_creation_rules', 'new': 'matrix_synapse_alias_creation_rules'}
|
- {'old': 'matrix_alias_creation_rules', 'new': 'matrix_synapse_alias_creation_rules'}
|
||||||
@ -27,3 +27,6 @@
|
|||||||
- {'old': 'matrix_synapse_federation_rc_sleep_delay', 'new': '<sleep_delay subkey of matrix_synapse_rc_federation>'}
|
- {'old': 'matrix_synapse_federation_rc_sleep_delay', 'new': '<sleep_delay subkey of matrix_synapse_rc_federation>'}
|
||||||
- {'old': 'matrix_synapse_federation_rc_reject_limit', 'new': '<reject_limit subkey of matrix_synapse_rc_federation>'}
|
- {'old': 'matrix_synapse_federation_rc_reject_limit', 'new': '<reject_limit subkey of matrix_synapse_rc_federation>'}
|
||||||
- {'old': 'matrix_synapse_federation_rc_concurrent', 'new': '<concurrent subkey of matrix_synapse_rc_federation>'}
|
- {'old': 'matrix_synapse_federation_rc_concurrent', 'new': '<concurrent subkey of matrix_synapse_rc_federation>'}
|
||||||
|
- {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}
|
||||||
|
- {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
||||||
|
- {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}
|
||||||
|
@ -29,17 +29,17 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
|||||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
-e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \
|
-e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \
|
||||||
{% if matrix_synapse_container_expose_client_api_port %}
|
{% if matrix_synapse_container_client_api_host_bind_port %}
|
||||||
-p 127.0.0.1:8008:8008 \
|
-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled %}
|
{% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %}
|
||||||
-p 8448:8448 \
|
-p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:8448 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if matrix_synapse_federation_enabled and matrix_synapse_container_expose_federation_api_port %}
|
{% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %}
|
||||||
-p 127.0.0.1:8048:8048 \
|
-p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:8048 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if matrix_synapse_container_expose_metrics_port %}
|
{% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %}
|
||||||
-p 127.0.0.1:{{ matrix_synapse_metrics_port }}:{{ matrix_synapse_metrics_port }} \
|
-p {{ matrix_synapse_container_metrics_api_host_bind_port }}:{{ matrix_synapse_metrics_port }} \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_synapse_config_dir_path }}:/data:ro \
|
-v {{ matrix_synapse_config_dir_path }}:/data:ro \
|
||||||
-v {{ matrix_synapse_run_path }}:/matrix-run:rw \
|
-v {{ matrix_synapse_run_path }}:/matrix-run:rw \
|
||||||
|
Loading…
Reference in New Issue
Block a user