Move exim-relay service to its own network and connect Synapse & ma1sd to it automatically

This commit is contained in:
Slavi Pantaleev 2024-01-05 18:10:24 +02:00
parent 0bb40d1337
commit d116d863e6
5 changed files with 29 additions and 14 deletions

View File

@ -21,7 +21,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl
- `matrix-corporal` - `matrix-corporal`
- `matrix-dimension` - `matrix-dimension`
- `matrix-ma1sd` - `matrix-ma1sd`
- `matrix-mailer` - `exim-relay`
- `matrix-bridge-hookshot` - `matrix-bridge-hookshot`
- `matrix-bridge-appservice-irc` - `matrix-bridge-appservice-irc`
- `matrix-bridge-appservice-slack` - `matrix-bridge-appservice-slack`

View File

@ -2623,8 +2623,6 @@ exim_relay_base_path: "{{ matrix_base_data_path }}/exim-relay"
exim_relay_uid: "{{ matrix_user_uid }}" exim_relay_uid: "{{ matrix_user_uid }}"
exim_relay_gid: "{{ matrix_user_gid }}" exim_relay_gid: "{{ matrix_user_gid }}"
exim_relay_container_network: "{{ matrix_docker_network }}"
exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
exim_relay_hostname: "{{ matrix_server_fqn_matrix }}" exim_relay_hostname: "{{ matrix_server_fqn_matrix }}"
@ -2662,6 +2660,12 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# ma1sd's web-server port. # ma1sd's web-server port.
matrix_ma1sd_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_ma1sd_container_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}" matrix_ma1sd_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_ma1sd_container_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_ma1sd_container_additional_networks: |
{{
(
([exim_relay_container_network] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier and matrix_ma1sd_container_network != exim_relay_container_network) else [])
) | unique
}}
# We enable Synapse integration via its Postgres database by default. # We enable Synapse integration via its Postgres database by default.
# When using another Identity store, you might wish to disable this and define # When using another Identity store, you might wish to disable this and define
@ -2684,18 +2688,16 @@ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 0
matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}" matrix_ma1sd_self_check_validate_certificates: "{{ false if matrix_playbook_ssl_retrieval_method == 'self-signed' else true }}"
matrix_ma1sd_systemd_required_services_list: | matrix_ma1sd_systemd_required_services_list_auto: |
{{ {{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname) else [])
}} }}
matrix_ma1sd_systemd_wanted_services_list: | matrix_ma1sd_systemd_wanted_services_list_auto: |
{{ {{
(['matrix-corporal.service'] if matrix_corporal_enabled else ['matrix-' + matrix_homeserver_implementation + '.service']) (['matrix-corporal.service'] if matrix_corporal_enabled else ['matrix-' + matrix_homeserver_implementation + '.service'])
+ +
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) ([exim_relay_identifier ~ '.service'] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier) else [])
+
([exim_relay_identifier ~ '.service'] if exim_relay_enabled else [])
}} }}
# Postgres is the default, except if not using internal Postgres server # Postgres is the default, except if not using internal Postgres server
@ -3625,7 +3627,11 @@ matrix_synapse_container_manhole_api_host_bind_port: "{{ (matrix_playbook_servic
matrix_synapse_container_additional_networks: | matrix_synapse_container_additional_networks: |
{{ {{
(
([redis_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else []) ([redis_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else [])
+
([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
) | unique
}} }}
# For exposing the Synapse worker (and metrics) ports to the local host. # For exposing the Synapse worker (and metrics) ports to the local host.

View File

@ -19,7 +19,7 @@
version: v1.9.6-0 version: v1.9.6-0
name: etherpad name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.97-r0-0-0 version: v4.97-r0-0-1
name: exim_relay name: exim_relay
- src: git+https://gitlab.com/etke.cc/roles/grafana.git - src: git+https://gitlab.com/etke.cc/roles/grafana.git
version: v10.2.3-0 version: v10.2.3-0

View File

@ -31,10 +31,19 @@ matrix_ma1sd_container_http_host_bind_port: ''
matrix_ma1sd_container_extra_arguments: [] matrix_ma1sd_container_extra_arguments: []
# List of systemd services that matrix-ma1sd.service depends on # List of systemd services that matrix-ma1sd.service depends on
matrix_ma1sd_systemd_required_services_list: ['docker.service'] matrix_ma1sd_systemd_required_services_list: "{{ matrix_ma1sd_systemd_required_services_list_default + matrix_ma1sd_systemd_required_services_list_auto + matrix_ma1sd_systemd_required_services_list_custom }}"
matrix_ma1sd_systemd_required_services_list_default: ['docker.service']
matrix_ma1sd_systemd_required_services_list_auto: []
matrix_ma1sd_systemd_required_services_list_custom: []
# List of systemd services that matrix-ma1sd.service wants # List of systemd services that matrix-ma1sd.service wants
matrix_ma1sd_systemd_wanted_services_list: [] matrix_ma1sd_systemd_wanted_services_list: "{{ matrix_ma1sd_systemd_wanted_services_list_default + matrix_ma1sd_systemd_wanted_services_list_auto + matrix_ma1sd_systemd_wanted_services_list_custom }}"
matrix_ma1sd_systemd_wanted_services_list_default: []
matrix_ma1sd_systemd_wanted_services_list_auto: []
matrix_ma1sd_systemd_wanted_services_list_custom: []
# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_ma1sd_container_network: "{{ matrix_docker_network }}"
# A list of additional container networks that matrix-ma1sd would be connected to. # A list of additional container networks that matrix-ma1sd would be connected to.
# The playbook does not create these networks, so make sure they already exist. # The playbook does not create these networks, so make sure they already exist.

View File

@ -26,7 +26,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--cap-drop=ALL \ --cap-drop=ALL \
--read-only \ --read-only \
--tmpfs=/tmp:rw,exec,nosuid,size=10m \ --tmpfs=/tmp:rw,exec,nosuid,size=10m \
--network={{ matrix_docker_network }} \ --network={{ matrix_ma1sd_container_network }} \
{% if matrix_ma1sd_container_http_host_bind_port %} {% if matrix_ma1sd_container_http_host_bind_port %}
-p {{ matrix_ma1sd_container_http_host_bind_port }}:{{ matrix_ma1sd_container_port }} \ -p {{ matrix_ma1sd_container_http_host_bind_port }}:{{ matrix_ma1sd_container_port }} \
{% endif %} {% endif %}