diff --git a/CHANGELOG.md b/CHANGELOG.md index e6f58107b..d48395acd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -118,7 +118,7 @@ If you're using the playbook's Traefik instance to reverse-proxy to some other s If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp). -If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand. +If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand. ### HTTP/3 is enabled by default @@ -135,7 +135,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a To **disable HTTP/3**, you can use the following configuration: ```yml -devture_traefik_config_entrypoint_web_secure_http3_enabled: false +traefik_config_entrypoint_web_secure_http3_enabled: false # Disabling HTTP/3 for the web-secure entrypoint (above), # automatically disables it for the Matrix Federation entrypoint as well, @@ -457,9 +457,9 @@ Because [Traefik has an extra job now](#traefik-now-has-an-extra-job), you need ### People fronting Traefik with another reverse proxy need to do minor changes -We've already previously mentioned that you need to do some minor [configuration changes related to `devture_traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy). +We've already previously mentioned that you need to do some minor [configuration changes related to `traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy). -If you don't do these changes (switching from `devture_traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job). +If you don't do these changes (switching from `traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job). ### Supported reverse proxy types are now fewer @@ -572,17 +572,17 @@ I don't actively use all the ~100 components offered by the playbook (no one doe If you're on the default setup (using the Traefik reverse-proxy as installed by the playbook), you don't need to do anything. -People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `devture_traefik_additional_entrypoints_auto` in their `vars.yml` configuration. +People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `traefik_additional_entrypoints_auto` in their `vars.yml` configuration. Such a full variable redefinion is intrustive, because it prevents the playbook from injecting additional entrypoints into the Traefik webserver. In the future, the playbook may have a need to do so. -For this reason, we no longer recommend completely redefining `devture_traefik_additional_entrypoints_auto`. -The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `devture_traefik_additional_entrypoints_auto`. +For this reason, we no longer recommend completely redefining `traefik_additional_entrypoints_auto`. +The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `traefik_additional_entrypoints_auto`. Adapt your configuration as seen below: ```diff --devture_traefik_additional_entrypoints_auto: +-traefik_additional_entrypoints_auto: - - name: matrix-federation - port: 8449 - host_bind_port: '127.0.0.1:8449' @@ -1070,7 +1070,7 @@ Unless we have some regression, **existing `matrix-nginx-proxy` users should be ```yaml matrix_playbook_reverse_proxy_type: playbook-managed-traefik -devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS +traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS ``` You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed. @@ -1097,7 +1097,7 @@ As mentioned above, Traefik still reverse-proxies to some (most) services by goi As Traefik support becomes complete and proves to be stable for a while, especially as a playbook default, we will **most likely remove `matrix-nginx-proxy` completely**. It will likely be some months before this happens though. Keeping support for both Traefik and nginx in the playbook will be a burden, especially with most of us running Traefik in the future. The Traefik role should do everything nginx does in a better and cleaner way. Users who use their own `nginx` server on the Matrix server will be inconvenienced, as nothing will generate ready-to-include nginx configuration for them. Still, we hope it won't be too hard to migrate their setup to another way of doing things, like: - not using nginx anymore. A common reason for using nginx until now was that you were running other containers and you need your own nginx to reverse-proxy to all of them. Just switch them to Traefik as well. -- running Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`). +- running Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`). ### How do I help? @@ -1107,7 +1107,7 @@ You can help by: - **adding native Traefik support to a role** (requires adding Traefik labels, etc.) - for inspiration, see these roles ([prometheus_node_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter), [prometheus_postgres_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter)) and how they're hooked into the playbook via [group_vars/matrix_servers](group_vars/matrix_servers). -- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server +- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server # 2023-02-10 diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 7b4bd9cb7..df923c467 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -227,20 +227,20 @@ To make Traefik reverse-proxy to these additional JVBs (living on other hosts), # Traefik proxying for additional JVBs. These can't be configured using Docker # labels, like the first JVB is, because they run on different hosts, so we add # the necessary configuration to the file provider. -devture_traefik_provider_configuration_extension_yaml: | +traefik_provider_configuration_extension_yaml: | http: routers: {% for host in groups['jitsi_jvb_servers'] %} additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: entryPoints: - - "{{ devture_traefik_entrypoint_primary }}" + - "{{ traefik_entrypoint_primary }}" rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service - {% if devture_traefik_entrypoint_primary != 'web' %} + {% if traefik_entrypoint_primary != 'web' %} tls: - certResolver: "{{ devture_traefik_certResolver_primary }}" + certResolver: "{{ traefik_certResolver_primary }}" {% endif %} diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 399d8a9f1..98a89ba1d 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -21,7 +21,7 @@ To have the playbook install and use Traefik, use configuration like this (as se ```yaml matrix_playbook_reverse_proxy_type: playbook-managed-traefik -devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS +traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS ``` Traefik will manage SSL certificates for all services seamlessly. @@ -38,7 +38,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container # Adjust to point to your Traefik container matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container -devture_traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory" +traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory" # Uncomment and tweak the variable below if the name of your federation entrypoint is different # than the default value (matrix-federation). @@ -148,18 +148,18 @@ matrix_playbook_ssl_enabled: true # Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval. # This has the side-effect of also automatically disabling TLS for the matrix-federation entrypoint # (by toggling `matrix_federation_traefik_entrypoint_tls`). -devture_traefik_config_entrypoint_web_secure_enabled: false +traefik_config_entrypoint_web_secure_enabled: false # If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81` -devture_traefik_container_web_host_bind_port: '127.0.0.1:81' +traefik_container_web_host_bind_port: '127.0.0.1:81' # We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from # a reverse-proxy running on the local machine is safe enough. -# If you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interface: -# - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below -# - uncomment and adjust the `devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below -devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true -# devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY'] +# If you're publishing the port (`traefik_container_web_host_bind_port` above) to a public network interface: +# - remove the `traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below +# - uncomment and adjust the `traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below +traefik_config_entrypoint_web_forwardedHeaders_insecure: true +# traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY'] # Expose the federation entrypoint on a custom port (other than port 8448, which is normally used publicly). # diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 4d086eeb9..935af7d51 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -12,7 +12,7 @@ For testing purposes, you may wish to use staging certificates provide by Let's You can do this with the following configuration: ```yaml -devture_traefik_config_certificatesResolvers_acme_use_staging: true +traefik_config_certificatesResolvers_acme_use_staging: true ``` @@ -23,7 +23,7 @@ For testing or other purposes, you may wish to install services without SSL term You can do this with the following configuration: ```yaml -devture_traefik_config_entrypoint_web_secure_enabled: false +traefik_config_entrypoint_web_secure_enabled: false ``` @@ -46,16 +46,16 @@ To use your own SSL certificates with Traefik, you need to: ```yaml # Disable ACME / Let's Encrypt support. -devture_traefik_config_certificatesResolvers_acme_enabled: false +traefik_config_certificatesResolvers_acme_enabled: false # Disabling ACME support (above) automatically disables the creation of the SSL directory. # Force-enable it here, because we'll add our certificate files there. -devture_traefik_ssl_dir_enabled: true +traefik_ssl_dir_enabled: true # Tell Traefik to load our custom configuration file (certificates.yml). # The file is created below, in `aux_file_definitions`. # The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it! -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | providers: file: filename: /config/certificates.yml @@ -66,7 +66,7 @@ devture_traefik_configuration_extension_yaml: | aux_file_definitions: # Create the privkey.pem file on the server by # uploading a file from the computer where Ansible is running. - - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem" + - dest: "{{ traefik_ssl_dir_path }}/privkey.pem" src: /path/on/your/Ansible/computer/to/privkey.pem # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. # Note the indentation level. @@ -76,7 +76,7 @@ aux_file_definitions: # Create the cert.pem file on the server # uploading a file from the computer where Ansible is running. - - dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem" + - dest: "{{ traefik_ssl_dir_path }}/cert.pem" src: /path/on/your/Ansible/computer/to/cert.pem # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. # Note the indentation level. @@ -86,7 +86,7 @@ aux_file_definitions: # Create the custom Traefik configuration. # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them! - - dest: "{{ devture_traefik_config_dir_path }}/certificates.yml" + - dest: "{{ traefik_config_dir_path }}/certificates.yml" content: | tls: certificates: @@ -109,12 +109,12 @@ You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt This is an example for how to edit the `vars.yml` file if you're using Cloudflare: ```yaml -devture_traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true -devture_traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare" -devture_traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60 -devture_traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers: +traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true +traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare" +traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60 +traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers: - "1.1.1.1:53" -devture_traefik_environment_variables_additional_variables: | +traefik_environment_variables_additional_variables: | CF_API_EMAIL=redacted CF_ZONE_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted diff --git a/docs/configuring-playbook-traefik.md b/docs/configuring-playbook-traefik.md index dc4d88cf6..eaee8bf52 100644 --- a/docs/configuring-playbook-traefik.md +++ b/docs/configuring-playbook-traefik.md @@ -12,7 +12,7 @@ See the dedicated [Adjusting SSL certificate retrieval](configuring-playbook-ssl ## Increase logging verbosity ```yaml -devture_traefik_config_log_level: DEBUG +traefik_config_log_level: DEBUG ``` ## Disable access logs @@ -20,7 +20,7 @@ devture_traefik_config_log_level: DEBUG This will disable access logging. ```yaml -devture_traefik_config_accessLog_enabled: false +traefik_config_accessLog_enabled: false ``` ## Enable Traefik Dashboard @@ -28,23 +28,23 @@ devture_traefik_config_accessLog_enabled: false This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.DOMAIN/dashboard/` (note the trailing `/`). ```yaml -devture_traefik_dashboard_enabled: true -devture_traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}" -devture_traefik_dashboard_basicauth_enabled: true -devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE -devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE +traefik_dashboard_enabled: true +traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}" +traefik_dashboard_basicauth_enabled: true +traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE +traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE ``` **WARNING**: Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts. ## Additional configuration -Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists. +Use the `traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists. ```yaml # This is a contrived example. # You can enable and secure the Dashboard using dedicated variables. See above. -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | api: dashboard: true ``` @@ -66,8 +66,8 @@ First, we have to adjust the static configuration of Traefik, so that we can add ```yaml # We enable all config files in the /config/ folder to be loaded. # `/config` is the path as it appears in the Traefik container. -# On the host, it's actually `/matrix/traefik/config` (as defined in `devture_traefik_config_dir_path`). -devture_traefik_configuration_extension_yaml: | +# On the host, it's actually `/matrix/traefik/config` (as defined in `traefik_config_dir_path`). +traefik_configuration_extension_yaml: | providers: file: directory: /config/ @@ -79,7 +79,7 @@ If you are using a self-signed certificate on your webserver, you can tell Traef ```yaml # We enable all config files in the /config/ folder to be loaded and -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | providers: file: directory: /config/ @@ -90,11 +90,11 @@ devture_traefik_configuration_extension_yaml: | ``` -Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates. +Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates. ```yaml aux_file_definitions: - - dest: "{{ devture_traefik_config_dir_path }}/provider_my_fancy_website.yml" + - dest: "{{ traefik_config_dir_path }}/provider_my_fancy_website.yml" content: | http: routers: @@ -117,7 +117,7 @@ If you do not want to terminate SSL at the Traefik instance (for example, becaus ```yaml aux_file_definitions: - - dest: "{{ devture_traefik_config_dir_path }}/providers_my_fancy_website.yml" + - dest: "{{ traefik_config_dir_path }}/providers_my_fancy_website.yml" content: | tcp: routers: @@ -134,9 +134,9 @@ aux_file_definitions: ``` Changing the `url` to one with an `http://` prefix would allow to connect to the server via HTTP. -With these changes, all TCP traffic will be reverse-proxied to the target system. +With these changes, all TCP traffic will be reverse-proxied to the target system. -**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```. +**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```. ## Traefik behind a `proxy_protocol` reverse-proxy @@ -144,7 +144,7 @@ With these changes, all TCP traffic will be reverse-proxied to the target system If you run a reverse-proxy which speaks `proxy_protocol`, add the following to your configuration file: ```yaml -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | entryPoints: web-secure: proxyProtocol: diff --git a/docs/howto-srv-server-delegation.md b/docs/howto-srv-server-delegation.md index ba45a1c09..8e293ad87 100644 --- a/docs/howto-srv-server-delegation.md +++ b/docs/howto-srv-server-delegation.md @@ -58,29 +58,29 @@ We cannot just disable the default resolver as that would disable SSL in quite a ```yaml # 1. Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | certificatesResolvers: dns: acme: # To use a staging endpoint for testing purposes, uncomment the line below. # caServer: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }} + email: {{ traefik_config_certificatesResolvers_acme_email | to_json }} dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "8.8.8.8:53" - storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }} + storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }} # 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare) -devture_traefik_environment_variables: | +traefik_environment_variables: | CF_API_EMAIL=redacted CF_ZONE_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted LEGO_DISABLE_CNAME_SUPPORT=true # 3. Instruct the playbook to use the new ACME configuration -devture_traefik_certResolver_primary: dns +traefik_certResolver_primary: dns ``` ## Adjust Coturn's configuration @@ -105,16 +105,16 @@ matrix_coturn_container_additional_volumes: | ( [ { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), 'dst': '/certificate.crt', 'options': 'ro', }, { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), 'dst': '/privatekey.key', 'options': 'ro', }, - ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] + ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] ) }} ``` @@ -124,7 +124,7 @@ matrix_coturn_container_additional_volumes: | ```yaml # Choosing the reverse proxy implementation matrix_playbook_reverse_proxy_type: playbook-managed-traefik -devture_traefik_config_certificatesResolvers_acme_email: redacted@example.com +traefik_config_certificatesResolvers_acme_email: redacted@example.com # To serve the federation from any domain, as long as the path matches matrix_synapse_container_labels_public_federation_api_traefik_rule: PathPrefix(`/_matrix/federation`) @@ -135,25 +135,25 @@ matrix_synapse_container_labels_additional_labels: | traefik.http.routers.matrix-synapse-federation-api.tls.domains.sans="*.example.com" # Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | certificatesResolvers: dns: acme: # To use a staging endpoint for testing purposes, uncomment the line below. # caServer: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }} + email: {{ traefik_config_certificatesResolvers_acme_email | to_json }} dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "8.8.8.8:53" - storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }} + storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }} # Instruct thep laybook to use the new ACME configuration -devture_traefik_certResolver_primary: "dns" +traefik_certResolver_primary: "dns" # Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare) -devture_traefik_environment_variables: | +traefik_environment_variables: | CF_API_EMAIL=redacted CF_ZONE_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted @@ -168,16 +168,16 @@ matrix_coturn_container_additional_volumes: | ( [ { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), 'dst': '/certificate.crt', 'options': 'ro', }, { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), 'dst': '/privatekey.key', 'options': 'ro', }, - ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] + ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] ) }} ``` diff --git a/examples/vars.yml b/examples/vars.yml index 7141319e7..3eaf20de4 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -34,7 +34,7 @@ matrix_playbook_reverse_proxy_type: playbook-managed-traefik # you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`). # # Example value: someone@example.com -devture_traefik_config_certificatesResolvers_acme_email: '' +traefik_config_certificatesResolvers_acme_email: '' # A Postgres password to use for the superuser Postgres user (called `matrix` by default). # diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 40b099064..32d2799cf 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -28,23 +28,23 @@ matrix_playbook_docker_installation_daemon_options_auto: matrix_playbook_docker_installation_daemon_options_custom: {} # Controls whether to attach Traefik labels to services. -# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook, +# This is separate from `traefik_enabled`, because you may wish to disable Traefik installation by the playbook, # yet still use Traefik installed in another way. matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" -matrix_playbook_reverse_proxy_container_network: "{{ devture_traefik_container_network if devture_traefik_enabled else 'traefik' }}" -matrix_playbook_reverse_proxy_hostname: "{{ devture_traefik_identifier if devture_traefik_enabled else 'traefik' }}" +matrix_playbook_reverse_proxy_container_network: "{{ traefik_container_network if traefik_enabled else 'traefik' }}" +matrix_playbook_reverse_proxy_hostname: "{{ traefik_identifier if traefik_enabled else 'traefik' }}" # A separate Matrix Federation entrypoint is always enabled, unless the federation port matches one of the ports for existing (default) entrypoints -matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [devture_traefik_config_entrypoint_web_port, devture_traefik_config_entrypoint_web_secure_port] }}" +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [traefik_config_entrypoint_web_port, traefik_config_entrypoint_web_secure_port] }}" # We only enable HTTP/3 on the federation entrypoint if the main web-secure entrypoint has it enabled. -matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ devture_traefik_config_entrypoint_web_secure_http3_enabled }}" +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ traefik_config_entrypoint_web_secure_http3_enabled }}" -# `devture_traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not. +# `traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not. # `matrix_playbook_ssl_enabled` is merely an indicator if (when looked at it publicly), the server supports SSL or not, # and affects how services configure their public URLs. -matrix_federation_traefik_entrypoint_tls: "{{ devture_traefik_config_entrypoint_web_secure_enabled }}" +matrix_federation_traefik_entrypoint_tls: "{{ traefik_config_entrypoint_web_secure_enabled }}" ######################################################################## # # @@ -226,7 +226,7 @@ matrix_homeserver_app_service_config_files_auto: | matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}" matrix_addons_homeserver_client_api_url: "{{ ('http://' + matrix_playbook_reverse_proxy_hostname + ':' + matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port | string) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_url }}" -matrix_addons_homeserver_systemd_services_list: "{{ ([devture_traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}" +matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}" # Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit'] else '') }}" @@ -457,9 +457,9 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 200, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else []) + - ([{'name': (devture_traefik_identifier + '.service'), 'priority': 250, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else []) + ([{'name': (traefik_identifier + '.service'), 'priority': 250, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if traefik_enabled else []) + - ([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 300, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else []) + ([{'name': (traefik_certs_dumper_identifier + '.service'), 'priority': 300, 'groups': ['matrix', 'traefik-certs-dumper']}] if traefik_certs_dumper_enabled else []) }} ######################################################################## @@ -592,8 +592,8 @@ matrix_alertmanager_receiver_container_additional_networks_auto: |- matrix_alertmanager_receiver_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_alertmanager_receiver_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_alertmanager_receiver_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_alertmanager_receiver_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -698,8 +698,8 @@ matrix_appservice_webhooks_container_additional_networks_auto: |- matrix_appservice_webhooks_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_appservice_webhooks_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_appservice_webhooks_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_appservice_webhooks_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_appservice_webhooks_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_appservice_webhooks_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}" @@ -752,8 +752,8 @@ matrix_appservice_slack_container_additional_networks_auto: |- matrix_appservice_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_appservice_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_appservice_slack_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_appservice_slack_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_appservice_slack_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_appservice_slack_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}" @@ -1128,8 +1128,8 @@ matrix_mautrix_facebook_container_additional_networks_auto: |- matrix_mautrix_facebook_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_facebook_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_facebook_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_facebook_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_facebook_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_facebook_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1202,8 +1202,8 @@ matrix_mautrix_googlechat_container_additional_networks_auto: |- matrix_mautrix_googlechat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_googlechat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_googlechat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_googlechat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_googlechat_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_googlechat_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_googlechat_container_labels_public_endpoint_hostname: "{{ matrix_server_fqn_matrix }}" @@ -1279,8 +1279,8 @@ matrix_mautrix_hangouts_container_additional_networks_auto: |- matrix_mautrix_hangouts_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_hangouts_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_hangouts_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_hangouts_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_hangouts_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_hangouts_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_hangouts_container_labels_public_endpoint_hostname: "{{ matrix_server_fqn_matrix }}" @@ -1345,8 +1345,8 @@ matrix_mautrix_instagram_container_additional_networks_auto: |- matrix_mautrix_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_instagram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_instagram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_instagram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_instagram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1411,8 +1411,8 @@ matrix_mautrix_signal_container_additional_networks_auto: |- matrix_mautrix_signal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_signal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_signal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_signal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_signal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_signal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1485,8 +1485,8 @@ matrix_mautrix_meta_messenger_container_additional_networks_auto: |- matrix_mautrix_meta_messenger_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_meta_messenger_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1559,8 +1559,8 @@ matrix_mautrix_meta_instagram_container_additional_networks_auto: |- matrix_mautrix_meta_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_meta_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1640,8 +1640,8 @@ matrix_mautrix_telegram_container_additional_networks_auto: |- matrix_mautrix_telegram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_telegram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_telegram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_telegram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_telegram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_telegram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1715,8 +1715,8 @@ matrix_mautrix_twitter_container_additional_networks_auto: |- matrix_mautrix_twitter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_twitter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_twitter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_twitter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_twitter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_twitter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1787,8 +1787,8 @@ matrix_mautrix_gmessages_container_additional_networks_auto: |- matrix_mautrix_gmessages_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_gmessages_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_gmessages_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_gmessages_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1862,8 +1862,8 @@ matrix_mautrix_wsproxy_container_additional_networks: | matrix_mautrix_wsproxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_wsproxy_syncproxy_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_wsproxy_syncproxy_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wsproxy.db', rounds=655555) | to_uuid }}" @@ -1951,8 +1951,8 @@ matrix_mautrix_whatsapp_container_additional_networks_auto: |- matrix_mautrix_whatsapp_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_whatsapp_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_whatsapp_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_whatsapp_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -2063,8 +2063,8 @@ matrix_heisenbridge_container_additional_networks_auto: |- matrix_heisenbridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_heisenbridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_heisenbridge_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_heisenbridge_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_heisenbridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_heisenbridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}" @@ -2134,8 +2134,8 @@ matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_ht matrix_hookshot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_hookshot_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" @@ -2192,8 +2192,8 @@ matrix_mx_puppet_slack_container_additional_networks_auto: |- matrix_mx_puppet_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mx_puppet_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mx_puppet_slack_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mx_puppet_slack_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mx_puppet_slack_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mx_puppet_slack_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}" @@ -2252,8 +2252,8 @@ matrix_mx_puppet_twitter_container_additional_networks_auto: |- matrix_mx_puppet_twitter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mx_puppet_twitter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mx_puppet_twitter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mx_puppet_twitter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mx_puppet_twitter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mx_puppet_twitter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}" @@ -2599,8 +2599,8 @@ matrix_bot_maubot_container_additional_networks_auto: |- matrix_bot_maubot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_bot_maubot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_maubot_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_maubot_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_maubot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_maubot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_bot_maubot_container_labels_management_hostname: "{{ matrix_server_fqn_matrix }}" @@ -2651,8 +2651,8 @@ matrix_bot_honoroit_container_additional_networks: | matrix_bot_honoroit_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_honoroit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_honoroit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # For consistency with other things hosted at the matrix FQN, we adjust the metrics endpoint # so that metrics would be served at something like `/metrics/SERVICE_NAME`, and not at the default path for the role (`PREFIX/metrics`). @@ -2707,8 +2707,8 @@ matrix_bot_buscarron_container_additional_networks_auto: |- matrix_bot_buscarron_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_bot_buscarron_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_bot_buscarron_homeserver: "{{ matrix_addons_homeserver_client_api_url }}" @@ -2772,8 +2772,8 @@ matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in matrix_bot_postmoogle_ssl_path: |- {{ { - 'playbook-managed-traefik': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2784,8 +2784,8 @@ matrix_playbook_bot_postmoogle_traefik_key: "{% for domain in matrix_bot_postmoo matrix_bot_postmoogle_tls_cert: |- {{ { - 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_tls_cert if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_tls_cert if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2793,13 +2793,13 @@ matrix_bot_postmoogle_tls_cert: |- matrix_bot_postmoogle_tls_key: |- {{ { - 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_key if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_key if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} -matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services: "{% for domain in matrix_bot_postmoogle_domains %}{{ devture_traefik_certs_dumper_identifier }}-wait-for-domain@{{ domain }}.service {% endfor %}" +matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services: "{% for domain in matrix_bot_postmoogle_domains %}{{ traefik_certs_dumper_identifier }}-wait-for-domain@{{ domain }}.service {% endfor %}" matrix_bot_postmoogle_systemd_required_services_list_auto: | {{ @@ -2807,7 +2807,7 @@ matrix_bot_postmoogle_systemd_required_services_list_auto: | + ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_bot_postmoogle_database_hostname == matrix_bot_postmoogle_database_hostname else []) + - (matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled else []) + (matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled else []) }} # Postgres is the default, except if not using internal Postgres server @@ -2893,8 +2893,8 @@ matrix_bot_go_neb_container_additional_networks: | matrix_bot_go_neb_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -2977,8 +2977,8 @@ matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_ matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -3182,8 +3182,8 @@ matrix_cactus_comments_client_container_additional_networks_auto: |- matrix_cactus_comments_client_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_cactus_comments_client_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_cactus_comments_client_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_cactus_comments_client_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_cactus_comments_client_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_cactus_comments_client_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -3222,8 +3222,8 @@ matrix_corporal_container_additional_networks: | matrix_corporal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_corporal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_corporal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_corporal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_corporal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_corporal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_corporal_matrix_homeserver_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" @@ -3264,8 +3264,8 @@ matrix_rageshake_container_http_host_bind_port: "{{ (matrix_playbook_service_hos matrix_rageshake_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_rageshake_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_rageshake_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_rageshake_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -3298,8 +3298,8 @@ matrix_coturn_tls_enabled: "{{ matrix_playbook_ssl_enabled }}" matrix_coturn_tls_cert_path: |- {{ { - 'playbook-managed-traefik': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': ('/certificate.crt' if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': ('/certificate.crt' if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -3307,8 +3307,8 @@ matrix_coturn_tls_cert_path: |- matrix_coturn_tls_key_path: |- {{ { - 'playbook-managed-traefik': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': ('/privatekey.key' if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': ('/privatekey.key' if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -3318,16 +3318,16 @@ matrix_coturn_container_additional_volumes: | ( [ { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'), 'dst': '/certificate.crt', 'options': 'ro', }, { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'), 'dst': '/privatekey.key', 'options': 'ro', }, - ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled and (matrix_coturn_tls_cert_path and matrix_coturn_tls_key_path)) else [] + ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled and (matrix_coturn_tls_cert_path and matrix_coturn_tls_key_path)) else [] ) }} @@ -3335,7 +3335,7 @@ matrix_coturn_systemd_required_services_list: | {{ [devture_systemd_docker_base_docker_service_name] + - ([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []) + ([traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []) }} ###################################################################### @@ -3379,8 +3379,8 @@ matrix_dimension_container_http_host_bind_port: "{{ (matrix_playbook_service_hos matrix_dimension_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_dimension_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_dimension_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_dimension_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_dimension_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_dimension_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_dimension_homeserver_clientServerUrl: "{{ matrix_addons_homeserver_client_api_url }}" matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}" @@ -3446,8 +3446,8 @@ etherpad_container_additional_networks: | etherpad_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" etherpad_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -etherpad_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -etherpad_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +etherpad_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +etherpad_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" etherpad_systemd_required_services_list: | {{ @@ -3555,8 +3555,8 @@ jitsi_prosody_container_additional_networks_auto: | jitsi_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" jitsi_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +jitsi_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +jitsi_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}" jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}" @@ -3639,8 +3639,8 @@ matrix_ldap_registration_proxy_container_additional_networks_auto: |- matrix_ldap_registration_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_ldap_registration_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -3720,8 +3720,8 @@ matrix_ma1sd_container_additional_networks_auto: | matrix_ma1sd_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_ma1sd_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_ma1sd_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_ma1sd_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_ma1sd_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_ma1sd_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # We enable Synapse integration via its Postgres database by default. # When using another Identity store, you might wish to disable this and define @@ -3788,8 +3788,8 @@ matrix_media_repo_container_additional_networks: | matrix_media_repo_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_media_repo_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_media_repo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_media_repo_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_media_repo_container_labels_traefik_internal_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" @@ -4241,8 +4241,8 @@ matrix_sygnal_container_http_host_bind_port: "{{ (matrix_playbook_service_host_b matrix_sygnal_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_sygnal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_sygnal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_sygnal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_sygnal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_sygnal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -4273,8 +4273,8 @@ ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_inter ntfy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" ntfy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -ntfy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -ntfy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +ntfy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +ntfy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: | {{ @@ -4360,8 +4360,8 @@ matrix_client_element_container_additional_networks: "{{ [matrix_playbook_revers matrix_client_element_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_client_element_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_client_element_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_client_element_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_element_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_client_element_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}" matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}" @@ -4409,8 +4409,8 @@ matrix_client_hydrogen_container_additional_networks: "{{ [matrix_playbook_rever matrix_client_hydrogen_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_client_hydrogen_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" @@ -4442,8 +4442,8 @@ matrix_client_cinny_container_additional_networks: "{{ [matrix_playbook_reverse_ matrix_client_cinny_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_client_cinny_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_cinny_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_client_cinny_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" @@ -4477,8 +4477,8 @@ matrix_client_schildichat_container_additional_networks: "{{ [matrix_playbook_re matrix_client_schildichat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}" matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}" @@ -4559,8 +4559,8 @@ matrix_synapse_container_additional_networks_auto: | matrix_synapse_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_synapse_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_synapse_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_synapse_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_synapse_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_synapse_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_synapse_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_workers_enabled }}" @@ -4731,8 +4731,8 @@ matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_synapse_reverse_proxy_companion_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}" @@ -4788,8 +4788,8 @@ matrix_synapse_admin_container_additional_networks: "{{ [matrix_playbook_reverse matrix_synapse_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_synapse_admin_config_asManagedUsers_auto: | {{ @@ -4996,8 +4996,8 @@ matrix_synapse_usage_exporter_container_additional_networks: "{{ [matrix_playboo matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}" matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -5028,8 +5028,8 @@ prometheus_node_exporter_container_additional_networks: "{{ [matrix_playbook_rev prometheus_node_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}" prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -5069,8 +5069,8 @@ prometheus_postgres_exporter_container_additional_networks: | prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}" prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -5113,8 +5113,8 @@ matrix_prometheus_nginxlog_exporter_container_additional_networks_auto: |- matrix_prometheus_nginxlog_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}" matrix_prometheus_nginxlog_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -5268,8 +5268,8 @@ grafana_container_additional_networks_auto: | grafana_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" grafana_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +grafana_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +grafana_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" grafana_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '3000') if matrix_playbook_service_host_bind_interface_prefix else '' }}" @@ -5361,8 +5361,8 @@ matrix_registration_container_additional_networks_auto: |- matrix_registration_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_registration_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_registration_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_registration_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_registration_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}" @@ -5423,8 +5423,8 @@ matrix_sliding_sync_container_additional_networks: | matrix_sliding_sync_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -5483,8 +5483,8 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if not matrix_dendrite matrix_dendrite_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}" matrix_dendrite_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_dendrite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_dendrite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_dendrite_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_dendrite_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}" @@ -5579,8 +5579,8 @@ matrix_conduit_container_additional_networks_auto: | matrix_conduit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}" matrix_conduit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_conduit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_conduit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_conduit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_conduit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_conduit_container_labels_public_client_root_redirection_enabled: "{{ matrix_conduit_container_labels_public_client_root_redirection_url != '' }}" matrix_conduit_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" @@ -5741,8 +5741,8 @@ matrix_static_files_container_network: "{{ (matrix_static_files_identifier if ma matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_static_files_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_static_files_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_static_files_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_static_files_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: "{{ matrix_server_fqn_matrix }}" @@ -5806,30 +5806,30 @@ devture_container_socket_proxy_api_containers_enabled: true # # ######################################################################## -devture_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" +traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" -devture_traefik_identifier: matrix-traefik +traefik_identifier: matrix-traefik -devture_traefik_base_path: "{{ matrix_base_data_path }}/traefik" +traefik_base_path: "{{ matrix_base_data_path }}/traefik" -devture_traefik_uid: "{{ matrix_user_uid }}" -devture_traefik_gid: "{{ matrix_user_gid }}" +traefik_uid: "{{ matrix_user_uid }}" +traefik_gid: "{{ matrix_user_gid }}" -devture_traefik_additional_entrypoints_auto: | +traefik_additional_entrypoints_auto: | {{ ([matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition] if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled else []) + ([matrix_playbook_internal_matrix_client_api_traefik_entrypoint_definition] if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else []) }} -devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" +traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" -devture_traefik_container_additional_networks_auto: | +traefik_container_additional_networks_auto: | {{ ([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else []) }} -devture_traefik_systemd_required_services_list: | +traefik_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name]) + @@ -5849,16 +5849,16 @@ devture_traefik_systemd_required_services_list: | # # ######################################################################## -devture_traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled and devture_traefik_config_certificatesResolvers_acme_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}" +traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and traefik_config_entrypoint_web_secure_enabled and traefik_config_certificatesResolvers_acme_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}" -devture_traefik_certs_dumper_identifier: matrix-traefik-certs-dumper +traefik_certs_dumper_identifier: matrix-traefik-certs-dumper -devture_traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumper" +traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumper" -devture_traefik_certs_dumper_uid: "{{ matrix_user_uid }}" -devture_traefik_certs_dumper_gid: "{{ matrix_user_gid }}" +traefik_certs_dumper_uid: "{{ matrix_user_uid }}" +traefik_certs_dumper_gid: "{{ matrix_user_gid }}" -devture_traefik_certs_dumper_ssl_dir_path: "{{ devture_traefik_ssl_dir_path if devture_traefik_enabled else '' }}" +traefik_certs_dumper_ssl_dir_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}" ######################################################################## # # diff --git a/requirements.yml b/requirements.yml index 63bca6ab0..8a47182f1 100644 --- a/requirements.yml +++ b/requirements.yml @@ -69,9 +69,9 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 name: timesync -- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v3.1.3-1 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git + version: v3.1.3-2 name: traefik -- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git - version: v2.8.3-4 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git + version: v2.8.3-5 name: traefik_certs_dumper diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 36b248b1f..3c108be35 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -216,15 +216,15 @@ matrix_metrics_exposure_http_basic_auth_users: '' # # - `playbook-managed-traefik` # - the playbook will run a managed Traefik instance (matrix-traefik) -# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`) -# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email` +# - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`) +# - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email` # # - `other-traefik-container` # - this playbook will not install Traefik # - nevertheless, the playbook expects that you would install Traefik yourself via other means # - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) # - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network -# - Traefik certs dumper will be enabled by default (`devture_traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`) +# - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_dir_path`) # # - `none` # - no reverse-proxy will be installed @@ -244,7 +244,7 @@ matrix_playbook_reverse_proxyable_services_additional_network: "{{ matrix_playbo # Controls if various services think if SSL is enabled or not. # Disabling this does not actually disable Treafik's web-secure entrypoint and TLS termination settings. -# For that, you'd need to use another variable (`devture_traefik_config_entrypoint_web_secure_enabled`). +# For that, you'd need to use another variable (`traefik_config_entrypoint_web_secure_enabled`). # This variable merely serves as an indicator if SSL is used or not. matrix_playbook_ssl_enabled: true diff --git a/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml b/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml index 413c1385c..0b299279f 100644 --- a/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml +++ b/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml @@ -1,20 +1,20 @@ --- -# This migrates Traefik from the old path (`/devture-traefik`) to the new path (`/matrix/traefik`, controlled by `devture_traefik_base_path`), -# and from the old hardcoded systemd service name (`devture-traefik.service`) to the new one (`matrix-traefik.service`, controlled by `devture_traefik_identifier`). +# This migrates Traefik from the old path (`/devture-traefik`) to the new path (`/matrix/traefik`, controlled by `traefik_base_path`), +# and from the old hardcoded systemd service name (`devture-traefik.service`) to the new one (`matrix-traefik.service`, controlled by `traefik_identifier`). # # Here, we merely disable (and stop) the old systemd service and relocate the data (`/devture-traefik` directory). # The Traefik role itself (running later) will then ensure this data is up-to-date and will set up the new systemd service. # It only makes sense to migrate if the identifier or path are different than the default (what we were using before). -- when: "devture_traefik_identifier != 'devture-traefik' or devture_traefik_base_path != '/devture-traefik'" +- when: "traefik_identifier != 'devture-traefik' or traefik_base_path != '/devture-traefik'" block: - name: Check existence of devture-traefik.service systemd service ansible.builtin.stat: path: "{{ devture_systemd_docker_base_systemd_path }}/devture-traefik.service" - register: devture_traefik_service_stat + register: traefik_service_stat - - when: devture_traefik_service_stat.stat.exists | bool + - when: traefik_service_stat.stat.exists | bool block: - name: Ensure devture-traefik.service systemd service is stopped ansible.builtin.systemd: @@ -25,8 +25,8 @@ - name: Ensure Traefik directory relocated ansible.builtin.command: - cmd: "mv /devture-traefik {{ devture_traefik_base_path }}" - creates: "{{ devture_traefik_base_path }}" + cmd: "mv /devture-traefik {{ traefik_base_path }}" + creates: "{{ traefik_base_path }}" removes: "/devture-traefik" - name: Ensure Traefik systemd service doesn't exist diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index 0064d0627..f72e2b03c 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -61,7 +61,7 @@ block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_matrix_mailer.yml" -- when: devture_traefik_enabled | bool +- when: traefik_enabled | bool tags: - setup-all - install-all diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index da4af110e..f7bf73ee3 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -36,8 +36,8 @@ - {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'} - {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': ''} - {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': ''} - - {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'devture_traefik_certs_dumper_enabled'} - - {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'devture_traefik_enabled'} + - {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'traefik_certs_dumper_enabled'} + - {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'traefik_enabled'} # Most important variables from the old Prometheus role here, for people who miss the changelog entry - {'old': 'matrix_prometheus_enabled', 'new': 'prometheus_enabled'} @@ -300,7 +300,7 @@ - {'old': 'matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks', 'new': ''} - - {'old': 'matrix_nginx_proxy_access_log_enabled', 'new': 'devture_traefik_config_accessLog_enabled'} + - {'old': 'matrix_nginx_proxy_access_log_enabled', 'new': 'traefik_config_accessLog_enabled'} - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname', 'new': 'matrix_server_fqn_matrix_federation'} - {'old': 'etherpad_nginx_proxy_dimension_integration_enabled', 'new': ''} - {'old': 'etherpad_nginx_proxy_dimension_integration_path_prefix', 'new': ''} @@ -310,7 +310,7 @@ - {'old': 'matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host', 'new': ''} - {'old': 'matrix_docker_network', 'new': ''} - {'old': 'matrix_playbook_ssl_retrieval_method', 'new': ''} - - {'old': 'matrix_ssl_lets_encrypt_support_email', 'new': 'devture_traefik_config_certificatesResolvers_acme_email'} + - {'old': 'matrix_ssl_lets_encrypt_support_email', 'new': 'traefik_config_certificatesResolvers_acme_email'} - {'old': 'matrix_federation_traefik_entrypoint', 'new': 'matrix_federation_traefik_entrypoint_name'} - when: matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks_enabled | bool @@ -384,3 +384,25 @@ The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | map (attribute='key') | join(', ') }} when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | list | items2dict" + +- name: (Deprecation) Catch and report traefik_certs_dumper variables + ansible.builtin.fail: + msg: |- + The traefik-certs-dumper role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_traefik_certs_dumper_`-prefixed variables (`devture_traefik_certs_dumper_*` -> `traefik_certs_dumper_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | list | items2dict" + +- name: (Deprecation) Catch and report devture_traefik variables + ansible.builtin.fail: + msg: |- + The traefik role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_traefik_`-prefixed variables (`devture_traefik_*` -> `traefik_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | list | items2dict"