Merge branch 'master' into irc
This commit is contained in:
Panagiotis Georgiadis
GitHub
@ -48,7 +48,16 @@ matrix_base_data_path_mode: "750"
|
||||
|
||||
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
|
||||
matrix_systemd_path: "/etc/systemd/system"
|
||||
|
||||
# Specifies the path to use for the `HOME` environment variable for systemd unit files.
|
||||
# Docker 20.10 complains with `WARNING: Error loading config file: .dockercfg: $HOME is not defined`
|
||||
# if `$HOME` is not defined, so we define something to make it happy.
|
||||
matrix_systemd_unit_home_path: /root
|
||||
|
||||
# This is now unused. We keep it so that cleanup tasks can use it.
|
||||
# To be removed in the future.
|
||||
matrix_cron_path: "/etc/cron.d"
|
||||
|
||||
matrix_local_bin_path: "/usr/local/bin"
|
||||
|
||||
matrix_host_command_docker: "/usr/bin/env docker"
|
||||
|
||||
@ -20,8 +20,6 @@ else
|
||||
rm -f {{ matrix_systemd_path }}/$s
|
||||
done
|
||||
systemctl daemon-reload
|
||||
echo "Remove matrix cronjobs"
|
||||
find /etc/cron.d/ -name "matrix-*" -delete
|
||||
echo "Remove matrix scripts"
|
||||
find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete
|
||||
echo "Remove unused Docker images and resources"
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}"
|
||||
when: matrix_bot_matrix_reminder_bot_enabled|bool
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord.service'] }}"
|
||||
when: matrix_appservice_discord_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc.service'] }}"
|
||||
when: matrix_appservice_irc_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
|
||||
|
||||
|
||||
@ -3,6 +3,10 @@
|
||||
|
||||
matrix_appservice_slack_enabled: true
|
||||
|
||||
matrix_appservice_slack_container_self_build: false
|
||||
matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
|
||||
matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
|
||||
|
||||
matrix_appservice_slack_docker_image: "docker.io/matrixdotorg/matrix-appservice-slack:release-1.5.0"
|
||||
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
when: "matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-slack.service'] }}"
|
||||
when: matrix_appservice_slack_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -8,9 +8,11 @@
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_appservice_slack_base_path }}"
|
||||
- "{{ matrix_appservice_slack_config_path }}"
|
||||
- "{{ matrix_appservice_slack_data_path }}"
|
||||
- { path: "{{ matrix_appservice_slack_base_path }}", when: true }
|
||||
- { path: "{{ matrix_appservice_slack_config_path }}", when: true }
|
||||
- { path: "{{ matrix_appservice_slack_data_path }}", when: true }
|
||||
- { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_self_build }}" }
|
||||
when: item.when|bool
|
||||
|
||||
- set_fact:
|
||||
matrix_appservice_slack_requires_restart: false
|
||||
@ -35,6 +37,26 @@
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}"
|
||||
when: "not matrix_appservice_slack_container_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-appservice-slack repository is present when self-building
|
||||
git:
|
||||
repo: "{{ matrix_appservice_slack_docker_repo }}"
|
||||
dest: "{{ matrix_appservice_slack_docker_src_files_path }}"
|
||||
force: "yes"
|
||||
register: matrix_appservice_slack_git_pull_results
|
||||
when: "matrix_appservice_slack_container_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-appservice-slack Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_appservice_slack_docker_image }}"
|
||||
source: build
|
||||
force_source: yes
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_appservice_slack_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_appservice_slack_container_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
|
||||
|
||||
- name: Ensure Matrix Appservice Slack config installed
|
||||
copy:
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
when: "matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks.service'] }}"
|
||||
when: matrix_appservice_webhooks_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
|
||||
|
||||
|
||||
@ -35,12 +35,15 @@ matrix_mautrix_facebook_homeserver_token: ''
|
||||
|
||||
# Database-related configuration fields.
|
||||
#
|
||||
# To use SQLite, stick to these defaults.
|
||||
# To use SQLite:
|
||||
# - change the engine (`matrix_mautrix_facebook_database_engine: 'sqlite'`)
|
||||
# - change to the last bridge version that supported SQLite:
|
||||
# `matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:da1b4ec596e334325a1589e70829dea46e73064b"`
|
||||
# - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future).
|
||||
#
|
||||
# To use Postgres:
|
||||
# - change the engine (`matrix_mautrix_facebook_database_engine: 'postgres'`)
|
||||
# - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables
|
||||
matrix_mautrix_facebook_database_engine: 'sqlite'
|
||||
matrix_mautrix_facebook_database_engine: 'postgres'
|
||||
|
||||
matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"
|
||||
matrix_mautrix_facebook_sqlite_database_path_in_container: "/data/mautrix-facebook.db"
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook.service'] }}"
|
||||
when: matrix_mautrix_facebook_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -8,3 +8,24 @@
|
||||
with_items:
|
||||
- "matrix_mautrix_facebook_appservice_token"
|
||||
- "matrix_mautrix_facebook_homeserver_token"
|
||||
|
||||
- block:
|
||||
- name: Fail if on SQLite, unless on the last version supporting SQLite
|
||||
fail:
|
||||
msg: >-
|
||||
You're trying to use the mautrix-facebook bridge with an SQLite database.
|
||||
Going forward, this bridge only supports Postgres.
|
||||
To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database
|
||||
when: "not matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"
|
||||
|
||||
- name: Inject warning if still on SQLite
|
||||
set_fact:
|
||||
matrix_playbook_runtime_results: |
|
||||
{{
|
||||
matrix_playbook_runtime_results|default([])
|
||||
+
|
||||
[
|
||||
"NOTE: Your mautrix-facebook bridge setup is still on SQLite. Your bridge is not getting any updates and will likely stop working at some point. To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database"
|
||||
]
|
||||
}}
|
||||
when: "matrix_mautrix_facebook_database_engine == 'sqlite'"
|
||||
|
||||
@ -8,6 +8,10 @@ homeserver:
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
# Whether or not the homeserver supports asmux-specific endpoints,
|
||||
# such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically
|
||||
# updating m.direct.
|
||||
asmux: false
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
@ -22,11 +26,7 @@ appservice:
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
# The full URI to the database. Only Postgres is currently supported.
|
||||
database: {{ matrix_mautrix_facebook_appservice_database|to_json }}
|
||||
|
||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||
@ -38,6 +38,10 @@ appservice:
|
||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||
# implicitly.
|
||||
external: https://example.com/public
|
||||
# Shared secret for integration managers such as mautrix-manager.
|
||||
# If set to "generate", a random string will be generated on the next startup.
|
||||
# If null, integration manager access to the API will not be possible.
|
||||
shared_secret: generate
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: facebook
|
||||
@ -46,12 +50,17 @@ appservice:
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Facebook bridge bot
|
||||
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
|
||||
bot_avatar: mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak
|
||||
|
||||
# Authentication tokens for AS <-> HS communication.
|
||||
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
|
||||
|
||||
# Prometheus telemetry config. Requires prometheus-client to be installed.
|
||||
metrics:
|
||||
enabled: false
|
||||
listen_port: 8000
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Facebook users.
|
||||
@ -76,6 +85,7 @@ bridge:
|
||||
# "own_nickname" (user-specific!)
|
||||
displayname_preference:
|
||||
- name
|
||||
- first_name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!fb"
|
||||
@ -120,6 +130,18 @@ bridge:
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
# Options for automatic key sharing.
|
||||
key_sharing:
|
||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||
# You must use a client that supports requesting keys from other users to use this feature.
|
||||
allow: false
|
||||
# Require the requesting device to have a valid cross-signing signature?
|
||||
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
||||
# Not yet implemented.
|
||||
require_cross_signing: false
|
||||
# Require devices to be verified by the bridge?
|
||||
# Verification by the bridge is not yet implemented.
|
||||
require_verification: true
|
||||
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
|
||||
# been sent to Facebook.
|
||||
delivery_receipts: false
|
||||
@ -161,6 +183,10 @@ bridge:
|
||||
# Whether or not the bridge should try to "refresh" the connection if a normal reconnection
|
||||
# attempt fails.
|
||||
refresh_on_reconnection_fail: false
|
||||
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
|
||||
# This field will automatically be changed back to false after it,
|
||||
# except if the config file is not writable.
|
||||
resend_bridge_info: false
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
@ -192,9 +218,7 @@ logging:
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
fbchat:
|
||||
level: DEBUG
|
||||
hbmqtt:
|
||||
paho:
|
||||
level: INFO
|
||||
aiohttp:
|
||||
level: INFO
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts.service'] }}"
|
||||
when: matrix_mautrix_hangouts_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal', 'matrix-mautrix-signal-daemon'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-signal.service', 'matrix-mautrix-signal-daemon.service'] }}"
|
||||
when: matrix_mautrix_signal_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -35,6 +35,9 @@
|
||||
- "{{ matrix_mautrix_signal_base_path }}"
|
||||
- "{{ matrix_mautrix_signal_config_path }}"
|
||||
- "{{ matrix_mautrix_signal_daemon_path }}"
|
||||
- "{{ matrix_mautrix_signal_daemon_path }}/avatars"
|
||||
- "{{ matrix_mautrix_signal_daemon_path }}/attachments"
|
||||
- "{{ matrix_mautrix_signal_daemon_path }}/data"
|
||||
|
||||
- name: Ensure mautrix-signal config.yaml installed
|
||||
copy:
|
||||
|
||||
@ -13,6 +13,7 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon
|
||||
@ -20,9 +21,11 @@ ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
# We can't use `--read-only` for this bridge.
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--network={{ matrix_docker_network }} \
|
||||
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
|
||||
{{ matrix_mautrix_signal_daemon_docker_image }}
|
||||
|
||||
@ -13,6 +13,7 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal
|
||||
|
||||
@ -22,16 +23,19 @@ ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal \
|
||||
--log-driver=none \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
{% if matrix_mautrix_signal_container_http_host_bind_port %}
|
||||
-p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \
|
||||
{% endif %}
|
||||
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
|
||||
-v {{ matrix_mautrix_signal_config_path }}:/data:z \
|
||||
-v {{ matrix_mautrix_signal_config_path }}:/config:z \
|
||||
{% for arg in matrix_mautrix_signal_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_mautrix_signal_docker_image }} \
|
||||
python3 -m mautrix_signal -c /data/config.yaml
|
||||
python3 -m mautrix_signal -c /config/config.yaml
|
||||
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}"
|
||||
when: matrix_mautrix_telegram_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
|
||||
- name: Ensure Mautrix Telegram paths exist
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp.service'] }}"
|
||||
when: matrix_mautrix_whatsapp_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -26,6 +26,7 @@
|
||||
engine_variable_name: 'matrix_mautrix_whatsapp_database_engine'
|
||||
engine_old: 'sqlite'
|
||||
systemd_services_to_stop: ['matrix-mautrix-whatsapp.service']
|
||||
pgloader_options: ['--with "quote identifiers"']
|
||||
|
||||
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
|
||||
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord.service'] }}"
|
||||
when: matrix_mx_puppet_discord_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -122,20 +122,4 @@ logging:
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
files: []
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram.service'] }}"
|
||||
when: matrix_mx_puppet_instagram_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -66,20 +66,4 @@ logging:
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
files: []
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-skype.service'] }}"
|
||||
when: matrix_mx_puppet_skype_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -42,30 +42,7 @@ logging:
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
# Optionally enable/disable logging for certain modules
|
||||
#disabled:
|
||||
# - PresenceHandler
|
||||
# - module: bot-sdk-MatrixLiteClient
|
||||
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
|
||||
#enabled:
|
||||
# - Store
|
||||
files: []
|
||||
|
||||
database:
|
||||
{% if matrix_mx_puppet_skype_database_engine == 'postgres' %}
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack.service'] }}"
|
||||
when: matrix_mx_puppet_slack_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -80,20 +80,4 @@ logging:
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
files: []
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam.service'] }}"
|
||||
when: matrix_mx_puppet_steam_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -83,20 +83,4 @@ logging:
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
files: []
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter.service'] }}"
|
||||
when: matrix_mx_puppet_twitter_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -76,20 +76,4 @@ logging:
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
files: []
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge.service'] }}"
|
||||
when: matrix_sms_bridge_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ matrix_client_element_enabled: true
|
||||
matrix_client_element_container_image_self_build: false
|
||||
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
|
||||
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.16"
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.17"
|
||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-client-element.service'] }}"
|
||||
when: matrix_client_element_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
|
||||
@ -9,6 +9,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-client-element
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-client-element
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
|
||||
- name: Deterimne whether we should make services autostart
|
||||
- name: Determine whether we should make services autostart
|
||||
set_fact:
|
||||
matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled|default('') == '' else matrix_services_autostart_enabled|bool }}"
|
||||
|
||||
@ -46,7 +46,7 @@
|
||||
Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate.
|
||||
with_items: "{{ matrix_systemd_services_list }}"
|
||||
when:
|
||||
- "ansible_facts.services[item + '.service']|default(none) is none or ansible_facts.services[item + '.service'].state != 'running'"
|
||||
- "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')"
|
||||
when: " ansible_distribution != 'Archlinux'"
|
||||
|
||||
- block:
|
||||
|
||||
@ -24,7 +24,7 @@ matrix_corporal_systemd_required_services_list: ['docker.service']
|
||||
|
||||
matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
|
||||
matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_corporal_docker_image_tag: "1.11.0"
|
||||
matrix_corporal_docker_image_tag: "2.1.0"
|
||||
matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
|
||||
@ -50,10 +50,16 @@ matrix_corporal_matrix_registration_shared_secret: ""
|
||||
matrix_corporal_matrix_timeout_milliseconds: 45000
|
||||
|
||||
matrix_corporal_reconciliation_retry_interval_milliseconds: 30000
|
||||
matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal"
|
||||
matrix_corporal_corporal_user_id_local_part: "matrix-corporal"
|
||||
|
||||
matrix_corporal_http_gateway_timeout_milliseconds: 60000
|
||||
|
||||
# If enabled, matrix-corporal exposes a `POST /_matrix/corporal/_matrix-internal/identity/v1/check_credentials` API
|
||||
# on the gateway (Client-Server API) server.
|
||||
# This API can then be used together with the REST Auth password provider by pointing it to matrix-corporal (e.g. `http://matrix-corporal:41080/_matrix/corporal`).
|
||||
# Doing so allows Interactive Authentication to work.
|
||||
matrix_corporal_http_gateway_internal_rest_auth_enabled: false
|
||||
|
||||
matrix_corporal_http_api_enabled: false
|
||||
matrix_corporal_http_api_auth_token: ""
|
||||
matrix_corporal_http_api_timeout_milliseconds: 15000
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal.service'] }}"
|
||||
when: matrix_corporal_enabled|bool
|
||||
|
||||
@ -16,7 +16,6 @@
|
||||
msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`"
|
||||
when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''"
|
||||
|
||||
|
||||
- name: (Deprecation) Catch and report renamed corporal variables
|
||||
fail:
|
||||
msg: >-
|
||||
@ -25,3 +24,4 @@
|
||||
when: "item.old in vars"
|
||||
with_items:
|
||||
- {'old': 'matrix_corporal_container_expose_ports', 'new': '<superseded by matrix_corporal_container_http_gateway_host_bind_port and matrix_corporal_container_http_api_host_bind_port>'}
|
||||
- {'old': 'matrix_corporal_reconciliation_user_id_local_part', 'new': 'matrix_corporal_corporal_user_id_local_part'}
|
||||
|
||||
@ -7,14 +7,20 @@
|
||||
"TimeoutMilliseconds": {{ matrix_corporal_matrix_timeout_milliseconds }}
|
||||
},
|
||||
|
||||
"Corporal": {
|
||||
"UserID": "@{{ matrix_corporal_corporal_user_id_local_part }}:{{ matrix_domain }}"
|
||||
},
|
||||
|
||||
"Reconciliation": {
|
||||
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ matrix_domain }}",
|
||||
"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
|
||||
},
|
||||
|
||||
"HttpGateway": {
|
||||
"ListenAddress": "0.0.0.0:41080",
|
||||
"TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }}
|
||||
"TimeoutMilliseconds": {{ matrix_corporal_http_gateway_timeout_milliseconds }},
|
||||
"InternalRESTAuth": {
|
||||
"Enabled": {{ matrix_corporal_http_gateway_internal_rest_auth_enabled|to_json }}
|
||||
}
|
||||
},
|
||||
|
||||
"HttpApi": {
|
||||
|
||||
@ -9,6 +9,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ matrix_coturn_enabled: true
|
||||
matrix_coturn_container_image_self_build: false
|
||||
matrix_coturn_container_image_self_build_repo: "https://github.com/instrumentisto/coturn-docker-image.git"
|
||||
|
||||
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:4.5.1.3"
|
||||
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:4.5.2"
|
||||
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
||||
@ -1,7 +1,11 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn.service'] }}"
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn-reload.timer'] }}"
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self buildig it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
|
||||
@ -8,8 +8,14 @@
|
||||
- setup-all
|
||||
- setup-coturn
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_coturn.yml"
|
||||
when: run_setup|bool
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: "run_setup|bool and matrix_coturn_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-coturn
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: "run_setup|bool and not matrix_coturn_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-coturn
|
||||
|
||||
@ -1,137 +0,0 @@
|
||||
---
|
||||
|
||||
#
|
||||
# Tasks related to setting up Coturn
|
||||
#
|
||||
|
||||
- name: Ensure Matrix Coturn path exists
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"}
|
||||
when: matrix_coturn_enabled|bool and item.when
|
||||
|
||||
- name: Ensure Coturn image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}"
|
||||
when: matrix_coturn_enabled|bool and not matrix_coturn_container_image_self_build
|
||||
|
||||
- name: Ensure Coturn repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
register: matrix_coturn_git_pull_results
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build"
|
||||
|
||||
- name: Ensure Coturn Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: build
|
||||
force_source: "{{ matrix_coturn_git_pull_results.changed }}"
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure Coturn configuration path exists
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- name: Ensure turnserver.conf installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/turnserver.conf.j2"
|
||||
dest: "{{ matrix_coturn_config_path }}"
|
||||
mode: 0644
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- name: Ensure Coturn network is created in Docker
|
||||
docker_network:
|
||||
name: "{{ matrix_coturn_docker_network }}"
|
||||
driver: bridge
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- name: Ensure matrix-coturn.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
mode: 0644
|
||||
register: matrix_coturn_systemd_service_result
|
||||
when: matrix_coturn_enabled|bool
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-coturn.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_systemd_service_result.changed"
|
||||
|
||||
# This may be unnecessary when more long-lived certificates are used.
|
||||
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
|
||||
# Reloading doesn't hurt anyway, so there's no need to make this more flexible.
|
||||
- name: Ensure periodic reloading of matrix-coturn is configured for SSL renewal (matrix-coturn-reload)
|
||||
template:
|
||||
src: "{{ role_path }}/templates/cron.d/matrix-coturn-ssl-reload.j2"
|
||||
dest: /etc/cron.d/matrix-coturn-ssl-reload
|
||||
mode: 0644
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
||||
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of Coturn (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Ensure matrix-coturn-ssl-reload cronjob removed
|
||||
file:
|
||||
path: /etc/cron.d/matrix-coturn-ssl-reload
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool"
|
||||
|
||||
- name: Check existence of matrix-coturn service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
register: matrix_coturn_service_stat
|
||||
when: "not matrix_coturn_enabled|bool"
|
||||
|
||||
- name: Ensure matrix-coturn is stopped
|
||||
service:
|
||||
name: matrix-coturn
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-coturn.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-coturn.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure Matrix coturn paths don't exist
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool"
|
||||
|
||||
- name: Ensure coturn Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
state: absent
|
||||
when: "not matrix_coturn_enabled|bool"
|
||||
104
roles/matrix-coturn/tasks/setup_install.yml
Normal file
104
roles/matrix-coturn/tasks/setup_install.yml
Normal file
@ -0,0 +1,104 @@
|
||||
---
|
||||
|
||||
# This is a cleanup/migration task. It can be removed some time in the future.
|
||||
- name: (Migration) Remove deprecated cronjob
|
||||
file:
|
||||
path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload"
|
||||
state: absent
|
||||
|
||||
- name: Ensure Matrix Coturn path exists
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"}
|
||||
when: "item.when|bool"
|
||||
|
||||
- name: Ensure Coturn image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}"
|
||||
when: "not matrix_coturn_container_image_self_build|bool"
|
||||
|
||||
- block:
|
||||
- name: Ensure Coturn repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
register: matrix_coturn_git_pull_results
|
||||
|
||||
- name: Ensure Coturn Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: build
|
||||
force_source: "{{ matrix_coturn_git_pull_results.changed }}"
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_coturn_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure Coturn configuration path exists
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure turnserver.conf installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/turnserver.conf.j2"
|
||||
dest: "{{ matrix_coturn_config_path }}"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure Coturn network is created in Docker
|
||||
docker_network:
|
||||
name: "{{ matrix_coturn_docker_network }}"
|
||||
driver: bridge
|
||||
|
||||
- name: Ensure matrix-coturn.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
mode: 0644
|
||||
register: matrix_coturn_systemd_service_change_results
|
||||
|
||||
# This may be unnecessary when more long-lived certificates are used.
|
||||
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
|
||||
# Reloading doesn't hurt anyway, so there's no need to make this more flexible.
|
||||
- name: Ensure reloading systemd units installed, if necessary
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/{{ item }}.j2"
|
||||
dest: "{{ matrix_systemd_path }}/{{ item }}"
|
||||
mode: 0644
|
||||
register: "matrix_coturn_systemd_service_change_results"
|
||||
when: "matrix_coturn_tls_enabled|bool"
|
||||
with_items:
|
||||
- matrix-coturn-reload.service
|
||||
- matrix-coturn-reload.timer
|
||||
|
||||
# A similar task exists in `setup_uninstall.yml`
|
||||
- name: Ensure reloading systemd units uninstalled, if unnecessary
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
register: "matrix_coturn_systemd_service_change_results"
|
||||
when: "not matrix_coturn_tls_enabled|bool"
|
||||
with_items:
|
||||
- matrix-coturn-reload.service
|
||||
- matrix-coturn-reload.timer
|
||||
|
||||
- name: Ensure systemd reloaded if systemd units changed
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_coturn_systemd_service_change_results.changed"
|
||||
47
roles/matrix-coturn/tasks/setup_uninstall.yml
Normal file
47
roles/matrix-coturn/tasks/setup_uninstall.yml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
|
||||
- name: Check existence of matrix-coturn service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-coturn.service"
|
||||
register: matrix_coturn_service_stat
|
||||
when: "not matrix_coturn_enabled|bool"
|
||||
|
||||
- name: Ensure matrix-coturn is stopped
|
||||
service:
|
||||
name: matrix-coturn
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
when: "matrix_coturn_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure matrix-coturn-reload.timer is stopped
|
||||
service:
|
||||
name: matrix-coturn
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
failed_when: false
|
||||
when: "matrix_coturn_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure systemd units don't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/{{ item }}"
|
||||
state: absent
|
||||
register: matrix_coturn_systemd_unit_uninstallation_result
|
||||
with_items:
|
||||
- matrix-coturn.service
|
||||
- matrix-coturn-reload.service
|
||||
- matrix-coturn-reload.timer
|
||||
|
||||
- name: Ensure systemd reloaded after unit removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_coturn_systemd_unit_uninstallation_result.changed|bool"
|
||||
|
||||
- name: Ensure Matrix coturn paths don't exist
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Ensure coturn Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
state: absent
|
||||
@ -1 +0,0 @@
|
||||
20 4 */5 * * root {{ matrix_host_command_systemctl }} reload matrix-coturn.service
|
||||
@ -0,0 +1,6 @@
|
||||
[Unit]
|
||||
Description=Reloads matrix-coturn so that new SSL certificates can kick in
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ matrix_host_command_systemctl }} reload matrix-coturn.service
|
||||
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=Reloads matrix-coturn periodically so that new SSL certificates can kick in
|
||||
|
||||
[Timer]
|
||||
Unit=matrix-coturn-reload.service
|
||||
OnCalendar=Sunday *-*-* 13:00:00
|
||||
RandomizedDelaySec=3h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
@ -9,6 +9,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn
|
||||
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension.service'] }}"
|
||||
when: matrix_dimension_enabled|bool
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension
|
||||
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns.service'] }}"
|
||||
when: "matrix_dynamic_dns_enabled|bool"
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dynamic-dns
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dynamic-dns
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix.service'] }}"
|
||||
when: matrix_email2matrix_enabled|bool
|
||||
|
||||
@ -7,6 +7,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix
|
||||
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web', 'matrix-jitsi-prosody', 'matrix-jitsi-jicofo', 'matrix-jitsi-jvb'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}"
|
||||
when: matrix_jitsi_enabled|bool
|
||||
|
||||
@ -9,6 +9,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
|
||||
|
||||
|
||||
@ -9,6 +9,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
|
||||
|
||||
|
||||
@ -9,6 +9,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
|
||||
|
||||
|
||||
@ -9,6 +9,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
|
||||
|
||||
|
||||
@ -5,10 +5,13 @@ matrix_ma1sd_enabled: true
|
||||
|
||||
matrix_ma1sd_container_image_self_build: false
|
||||
matrix_ma1sd_container_image_self_build_repo: "https://github.com/ma1uta/ma1sd.git"
|
||||
matrix_ma1sd_container_image_self_build_branch: "{{ matrix_ma1sd_version }}"
|
||||
|
||||
matrix_ma1sd_architecture: "amd64"
|
||||
|
||||
matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}"
|
||||
matrix_ma1sd_version: "2.4.0"
|
||||
|
||||
matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:{{ matrix_ma1sd_version }}-{{ matrix_ma1sd_architecture }}"
|
||||
matrix_ma1sd_docker_image_name_prefix: "{{ 'localhost/' if matrix_ma1sd_container_image_self_build else 'docker.io/' }}"
|
||||
matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ma1sd.service'] }}"
|
||||
when: matrix_ma1sd_enabled|bool
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
|
||||
@ -79,26 +79,27 @@
|
||||
git:
|
||||
repo: "{{ matrix_ma1sd_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_ma1sd_docker_src_files_path }}"
|
||||
version: "{{ matrix_ma1sd_docker_image.split(':')[1].split('-')[0] }}"
|
||||
version: "{{ matrix_ma1sd_container_image_self_build_branch }}"
|
||||
force: "yes"
|
||||
register: matrix_ma1sd_git_pull_results
|
||||
|
||||
- name: Ensure ma1sd Docker image is built
|
||||
shell: "./gradlew dockerBuild"
|
||||
shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild"
|
||||
args:
|
||||
chdir: "{{ matrix_ma1sd_docker_src_files_path }}"
|
||||
when: "matrix_ma1sd_git_pull_results.changed|bool"
|
||||
|
||||
- name: Ensure ma1sd Docker image is tagged correctly
|
||||
docker_image:
|
||||
# The build script always tags the image with something like `ma1uta/ma1sd:2.4.0`.
|
||||
# Remove the `-{{ matrix_ma1sd_architecture }}` suffix and our `localhost/` prefix (applied when self-building)
|
||||
# to get to what has actually been built, so we can retag it as `{{ matrix_ma1sd_docker_image }}`.
|
||||
name: "{{ matrix_ma1sd_docker_image.split('-')[0].replace('localhost/', '') }}"
|
||||
# The build script always tags the image with 2 tags:
|
||||
# - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`)
|
||||
# or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release)
|
||||
# - generic one: `ma1uta/ma1sd:latest-dev`
|
||||
#
|
||||
# It's hard to predict the first one, so we'll use the latter.
|
||||
name: "ma1uta/ma1sd:latest-dev"
|
||||
repository: "{{ matrix_ma1sd_docker_image }}"
|
||||
force_tag: yes
|
||||
source: local
|
||||
when: "matrix_ma1sd_git_pull_results.changed|bool"
|
||||
when: "matrix_ma1sd_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure ma1sd config installed
|
||||
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd
|
||||
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer.service'] }}"
|
||||
when: matrix_mailer_enabled|bool
|
||||
|
||||
@ -7,6 +7,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer
|
||||
|
||||
|
||||
@ -215,10 +215,6 @@ matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: []
|
||||
# A list of strings containing additional configuration blocks to add to the base domain server configuration.
|
||||
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
||||
|
||||
# Specifies when to reload the matrix-nginx-proxy service so that
|
||||
# a new SSL certificate could go into effect.
|
||||
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
||||
|
||||
# Specifies the SSL configuration that should be used for the SSL protocols and ciphers
|
||||
# This is based on the Mozilla Server Side TLS Recommended configurations.
|
||||
#
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy'] }}"
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + [item.name] }}"
|
||||
when: "item.applicable|bool and item.enableable|bool"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
|
||||
@ -10,71 +10,56 @@
|
||||
- "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew"
|
||||
- "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal"
|
||||
- "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter"
|
||||
|
||||
- "/etc/cron.d/matrix-ssl-lets-encrypt"
|
||||
- "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
|
||||
#
|
||||
# Tasks related to setting up Let's Encrypt's management of certificates
|
||||
#
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
with_items:
|
||||
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item.old in vars"
|
||||
- block:
|
||||
- name: Ensure certbot Docker image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ssl_lets_encrypt_certbot_docker_image_force_pull }}"
|
||||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "Detected an undefined required variable"
|
||||
with_items:
|
||||
- "matrix_ssl_lets_encrypt_support_email"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and vars[item] is none"
|
||||
- name: Obtain Let's Encrypt certificates
|
||||
include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
|
||||
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
|
||||
loop_control:
|
||||
loop_var: domain_name
|
||||
|
||||
- name: Ensure certbot Docker image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ssl_lets_encrypt_certbot_docker_image_force_pull }}"
|
||||
- name: Ensure Let's Encrypt SSL renewal script installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
|
||||
dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
mode: 0750
|
||||
|
||||
- name: Ensure SSL renewal systemd units installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/{{ item.name }}.j2"
|
||||
dest: "{{ matrix_systemd_path }}/{{ item.name }}"
|
||||
mode: 0644
|
||||
when: "item.applicable|bool"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
- name: Obtain Let's Encrypt certificates
|
||||
include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
|
||||
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
|
||||
loop_control:
|
||||
loop_var: domain_name
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
- name: Ensure Let's Encrypt SSL renewal script installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
|
||||
dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
mode: 0750
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
- name: Ensure periodic SSL renewal cronjob configured
|
||||
template:
|
||||
src: "{{ role_path }}/templates/cron.d/matrix-ssl-lets-encrypt.j2"
|
||||
dest: /etc/cron.d/matrix-ssl-lets-encrypt
|
||||
mode: 0644
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of Let's Encrypt's management of certificates
|
||||
#
|
||||
|
||||
- name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
|
||||
file:
|
||||
path: /etc/cron.d/matrix-ssl-lets-encrypt
|
||||
state: absent
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
- block:
|
||||
- name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/{{ item.name }}"
|
||||
state: absent
|
||||
when: "{{ not item.applicable }}"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
|
||||
- name: Ensure Let's Encrypt SSL renewal script removed
|
||||
file:
|
||||
path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
state: absent
|
||||
- name: Ensure Let's Encrypt SSL renewal script removed
|
||||
file:
|
||||
path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
|
||||
state: absent
|
||||
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|
||||
|
||||
@ -12,6 +12,8 @@
|
||||
# People who configured this to disable Riot, would now wish to be disabling Element.
|
||||
# We now also have `matrix_nginx_proxy_proxy_riot_compat_redirect_`, but that's something else and is disabled by default.
|
||||
- {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}
|
||||
- {'old': 'matrix_ssl_lets_encrypt_renew_cron_time_definition', 'new': '<not configurable anymore>'}
|
||||
- {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': '<not configurable anymore>'}
|
||||
|
||||
- name: Fail on unknown matrix_ssl_retrieval_method
|
||||
fail:
|
||||
@ -24,3 +26,22 @@
|
||||
msg: >-
|
||||
`matrix_nginx_proxy_ssl_preset` needs to be set to a known value.
|
||||
when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']"
|
||||
|
||||
- block:
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
with_items:
|
||||
- {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
- {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}
|
||||
when: "item.old in vars"
|
||||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "Detected an undefined required variable"
|
||||
with_items:
|
||||
- "matrix_ssl_lets_encrypt_support_email"
|
||||
when: "vars[item] is none"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
@ -1,5 +0,0 @@
|
||||
MAILTO="{{ matrix_ssl_lets_encrypt_support_email }}"
|
||||
15 4 * * * root {{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
20 5 * * * root {{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service
|
||||
{% endif %}
|
||||
@ -12,6 +12,7 @@ DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
|
||||
|
||||
|
||||
@ -0,0 +1,7 @@
|
||||
[Unit]
|
||||
Description=Renews Let's Encrypt SSL certificates
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
|
||||
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=Renews Let's Encrypt SSL certificates periodically
|
||||
|
||||
[Timer]
|
||||
Unit=matrix-ssl-lets-encrypt-certificates-renew.service
|
||||
OnCalendar=Sunday *-*-* 05:00:00
|
||||
RandomizedDelaySec=3h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
@ -0,0 +1,6 @@
|
||||
[Unit]
|
||||
Description=Reloads matrix-nginx-proxy so that new SSL certificates can kick in
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service
|
||||
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=Reloads matrix-nginx-proxy periodically so that new SSL certificates can kick in
|
||||
|
||||
[Timer]
|
||||
Unit=matrix-ssl-nginx-proxy-reload.service
|
||||
OnCalendar=Sunday *-*-* 13:00:00
|
||||
RandomizedDelaySec=3h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
@ -24,8 +24,8 @@ docker run \
|
||||
{% if matrix_ssl_lets_encrypt_staging %}
|
||||
--staging \
|
||||
{% endif %}
|
||||
--quiet \
|
||||
--standalone \
|
||||
--preferred-challenges http \
|
||||
--agree-tos \
|
||||
--email={{ matrix_ssl_lets_encrypt_support_email }}
|
||||
--email={{ matrix_ssl_lets_encrypt_support_email }} \
|
||||
--no-random-sleep-on-renew
|
||||
|
||||
@ -1,4 +1,18 @@
|
||||
---
|
||||
|
||||
# Tells whether this role had executed or not. Toggled to `true` during runtime.
|
||||
matrix_nginx_proxy_role_executed: false
|
||||
matrix_nginx_proxy_role_executed: false
|
||||
|
||||
matrix_ssl_renewal_systemd_units_list:
|
||||
- name: matrix-ssl-lets-encrypt-certificates-renew.service
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
|
||||
enableable: false
|
||||
- name: matrix-ssl-lets-encrypt-certificates-renew.timer
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
|
||||
enableable: true
|
||||
- name: matrix-ssl-nginx-proxy-reload.service
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled|bool }}"
|
||||
enableable: false
|
||||
- name: matrix-ssl-nginx-proxy-reload.timer
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled|bool }}"
|
||||
enableable: true
|
||||
|
||||
@ -1,18 +1,27 @@
|
||||
matrix_postgres_enabled: true
|
||||
|
||||
matrix_postgres_connection_hostname: ""
|
||||
matrix_postgres_connection_username: ""
|
||||
matrix_postgres_connection_hostname: "matrix-postgres"
|
||||
matrix_postgres_connection_port: 5432
|
||||
matrix_postgres_connection_username: "matrix"
|
||||
matrix_postgres_connection_password: ""
|
||||
matrix_postgres_db_name: ""
|
||||
matrix_postgres_db_name: "matrix"
|
||||
|
||||
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
|
||||
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
|
||||
|
||||
matrix_postgres_docker_image_v9: "docker.io/postgres:9.6.20-alpine"
|
||||
matrix_postgres_docker_image_v10: "docker.io/postgres:10.15-alpine"
|
||||
matrix_postgres_docker_image_v11: "docker.io/postgres:11.10-alpine"
|
||||
matrix_postgres_docker_image_v12: "docker.io/postgres:12.5-alpine"
|
||||
matrix_postgres_docker_image_v13: "docker.io/postgres:13.1-alpine"
|
||||
matrix_postgres_architecture: amd64
|
||||
|
||||
# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images.
|
||||
# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7).
|
||||
# On ARM32, `-alpine` images fail with the following error:
|
||||
# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault
|
||||
matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
|
||||
|
||||
matrix_postgres_docker_image_v9: "docker.io/postgres:9.6.20{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v10: "docker.io/postgres:10.15{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v11: "docker.io/postgres:11.10{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v12: "docker.io/postgres:12.5{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_v13: "docker.io/postgres:13.1{{ matrix_postgres_docker_image_suffix }}"
|
||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
|
||||
|
||||
# This variable is assigned at runtime. Overriding its value has no effect.
|
||||
@ -63,7 +72,10 @@ matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_post
|
||||
# and before trying to run queries for creating additional databases/users against it.
|
||||
#
|
||||
# For most (subsequent) runs, Postgres would already be running, so no waiting will be happening at all.
|
||||
matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: 15
|
||||
#
|
||||
# On ARM, we wait some more. ARM32 devices are especially known for being slow.
|
||||
# ARM64 likely don't need such a long delay, but it doesn't hurt too much having it.
|
||||
matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: "{{ 45 if matrix_postgres_architecture in ['arm32', 'arm64'] else 15 }}"
|
||||
|
||||
|
||||
matrix_postgres_pgloader_container_image_self_build: false
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user