From d8b867b6fb3a859ae30b18e3705d0bc0c0ea4c24 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 7 Jan 2024 08:58:21 +0200 Subject: [PATCH] Move matrix-bot-buscarron to its own container network --- group_vars/matrix_servers | 45 ++++++++----------- .../matrix-bot-buscarron/defaults/main.yml | 9 +++- 2 files changed, 26 insertions(+), 28 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index fa2f39fec..08d42a8c9 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1930,39 +1930,27 @@ matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ devture_traef # We don't enable bots by default. matrix_bot_buscarron_enabled: false -matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" - -matrix_bot_buscarron_systemd_required_services_list: | - {{ - ['docker.service'] - + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) - + - (['matrix-synapse.service'] if matrix_synapse_enabled else []) - + - (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) - }} - -# Postgres is the default, except if not using internal Postgres server -matrix_bot_buscarron_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_bot_buscarron_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" -matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}" - matrix_bot_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}" -matrix_bot_buscarron_container_network: "{{ matrix_docker_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-bot-buscarron' }}" +matrix_bot_buscarron_systemd_required_services_list_auto: | + {{ + matrix_addons_homeserver_systemd_services_list + + + ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname) else []) + }} -# For now, we attach this to the matrix-nginx-proxy network (unless that's the same network as the main one for us), -# because that's where the homeserver is expected to be accessed from. -# In the future, this will need to be redone. -matrix_bot_buscarron_container_additional_networks: | +matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + +matrix_bot_buscarron_container_network: "{{ matrix_addons_container_network }}" + +matrix_bot_buscarron_container_additional_networks_auto: |- {{ ( - ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_bot_buscarron_container_network != matrix_nginx_proxy_container_network else []) + ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname and matrix_bot_buscarron_container_network != devture_postgres_container_network) else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_bot_buscarron_container_network else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_buscarron_container_labels_traefik_enabled else []) ) | unique }} @@ -1971,6 +1959,11 @@ matrix_bot_buscarron_container_labels_traefik_docker_network: "{{ matrix_playboo matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +# Postgres is the default, except if not using internal Postgres server +matrix_bot_buscarron_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_bot_buscarron_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}" + ###################################################################### # # /matrix-bot-buscarron diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index d4844a8e5..40b968dcb 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -39,7 +39,9 @@ matrix_bot_buscarron_container_network: matrix-bot-buscarron # A list of additional container networks that the container would be connected to. # The role does not create these networks, so make sure they already exist. # Use this to expose this container to another reverse proxy, which runs in a different container network. -matrix_bot_buscarron_container_additional_networks: [] +matrix_bot_buscarron_container_additional_networks: "{{ matrix_bot_buscarron_container_additional_networks_auto + matrix_bot_buscarron_container_additional_networks_custom }}" +matrix_bot_buscarron_container_additional_networks_auto: [] +matrix_bot_buscarron_container_additional_networks_custom: [] # /metrics login matrix_bot_buscarron_metrics_login: '' @@ -85,7 +87,10 @@ matrix_bot_buscarron_container_labels_additional_labels: '' matrix_bot_buscarron_container_extra_arguments: [] # List of systemd services that matrix-bot-buscarron.service depends on -matrix_bot_buscarron_systemd_required_services_list: ['docker.service'] +matrix_bot_buscarron_systemd_required_services_list: "{{ matrix_bot_buscarron_systemd_required_services_list_default + matrix_bot_buscarron_systemd_required_services_list_auto + matrix_bot_buscarron_systemd_required_services_list_custom }}" +matrix_bot_buscarron_systemd_required_services_list_default: ['docker.service'] +matrix_bot_buscarron_systemd_required_services_list_auto: [] +matrix_bot_buscarron_systemd_required_services_list_custom: [] # List of systemd services that matrix-bot-buscarron.service wants matrix_bot_buscarron_systemd_wanted_services_list: []