finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: finallycoffee:24967b937215ba5298f3cd37900c6ff211141d44
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram
...
compare: finallycoffee:1f31491f49dde5be180703c295dbe8895c18749c
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram

13 Commits
24967b9372 ... 1f31491f49

Author SHA1 Message Date
transcaffeine
1f31491f49
feat: add automatic creation of reverse-proxy routing 2021-06-15 20:30:26 +02:00
transcaffeine
2b16d4de8c
meta: move inventory structure to be more usable 2021-06-15 20:30:25 +02:00
jdreichmann
4660d2f567
meta: add own inventory, add vault-unlock with GPG 2021-06-15 20:30:24 +02:00
Slavi Pantaleev
3dd32d2512 Update worker endpoints 
Should have been part of 9daeb39710
 2021-06-15 19:28:21 +03:00
Slavi Pantaleev
9daeb39710 Upgrade Synapse (1.35.1 -> 1.36.0) 2021-06-15 19:25:41 +03:00
Slavi Pantaleev
1e46785a0d
Merge pull request #1124 from N07070/patch-1 
Update configuring-playbook-synapse.md
 2021-06-15 15:58:58 +03:00
N07070
1da3531a3d
Update configuring-playbook-synapse.md 
Added an example for configuring the variables for the OpenID, that might fails because the variables are not defined for the playbook parsing, but Synapse's own config file parsing.
 2021-06-15 14:56:23 +02:00
Slavi Pantaleev
e545869454
Merge pull request #1123 from GoMatrixHosting/master 
GoMatrixHosting v0.5.0
 2021-06-14 18:19:31 +03:00
Michael-GMH
4fb1134ad1 GoMatrixHosting v0.5.0 2021-06-14 22:36:49 +08:00
Slavi Pantaleev
a7fcb7c04d
Merge pull request #1122 from sakkiii/patch-2 
update hydrogen v0.1.56 -> v0.1.57
 2021-06-14 17:26:30 +03:00
Slavi Pantaleev
68f91660d3
Merge pull request #1121 from sakkiii/patch-1 
Update grafana 8.0.0 -> 8.0.2
 2021-06-14 17:26:05 +03:00
sakkiii
4cd5835e11
update hydrogen v0.1.56 -> v0.1.57 
https://github.com/vector-im/hydrogen-web/releases/tag/v0.1.57
 2021-06-14 19:46:08 +05:30
sakkiii
08d1a5c2e7
Update grafana 8.0.0 -> 8.0.2 2021-06-14 19:41:23 +05:30
28 changed files with 732 additions and 47 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,7 +1,3 @@
/inventory/*
!/inventory/.gitkeep
!/inventory/host_vars/.gitkeep
!/inventory/scripts
/roles/*/files/scratchpad /roles/*/files/scratchpad
.DS_Store .DS_Store
.python-version .python-version

5
ansible.cfg
View File

@ -1,6 +1,11 @@
[defaults] [defaults]
vault_password_file = gpg/open_vault.sh
retry_files_enabled = False retry_files_enabled = False
stdout_callback = yaml stdout_callback = yaml
inventory = inventory/hosts
[connection] [connection]
pipelining = True pipelining = True

19
docs/configuring-playbook-synapse.md
View File

@ -55,3 +55,22 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
## Synapse + OpenID Connect for Single-Sign-On ## Synapse + OpenID Connect for Single-Sign-On
If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)). If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ;
```
- idp_id: keycloak
idp_name: "Keycloak"
issuer: "https://url.ix/auth/realms/x"
client_id: "matrix"
client_secret: "{{ vault_synapse_keycloak }}"
scopes: ["openid", "profile"]
authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth"
token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token"
userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
user_mapping_provider:
config:
display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}"
email_template: "{%raw}{{ user.email }}{% endraw %}"
```

5
gpg/open_vault.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -e -u
gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

18
gpg/vault_passphrase.gpg Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
+rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
=Cecg
-----END PGP MESSAGE-----

336
inventory/host_vars/matrix.finallycoffee.eu/vars.yml Normal file
View File

@ -0,0 +1,336 @@
#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_enabled: false
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.32.0rc1"
#
# General Synapse config
#
matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
matrix_synapse_macaroon_secret_key: "{{ vault_matrix_synapse_macaroon_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 100
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_enable_group_creation: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
- "turns:voip.matrix.finallycoffee.eu?transport=udp"
- "turns:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
- "#welcome:finallycoffee.eu"
- "#announcements:finallycoffee.eu"
## Synapse rate limits
matrix_synapse_rc_federation:
window_size: 1000
sleep_limit: 25
sleep_delay: 500
reject_limit: 50
concurrent: 5
matrix_synapse_rc_message:
per_second: 0.5
burst_count: 25
## Synapse cache tuning
matrix_synapse_caches_global_factor: 0.7
matrix_synapse_event_cache_size: "200K"
## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_worker_client_server_count: 0
matrix_synapse_workers_media_repository_workers_count: 0
matrix_synapse_workers_federation_sender_workers_count: 1
matrix_synapse_workers_pusher_workers_count: 0
matrix_synapse_workers_appservice_workers_count: 1
# Static secret auth for matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
matrix_synapse_ext_password_provider_rest_auth_enabled: true
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
# Enable experimental spaces support
matrix_synapse_configuration_extension_yaml: |
experimental_features:
spaces_enabled: true
#
# synapse-admin tool
#
matrix_synapse_admin_enabled: true
matrix_synapse_admin_container_http_host_bind_port: 8985
#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false
#
# dimension (integration manager) config
#
matrix_dimension_enabled: true
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
matrix_dimension_configuration_extension_yaml: |
telegram:
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
bridge:
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
max_connection_attempts: 5
connection_timeout: 30
contact_wait_delay: 5
private_chat_portal_meta: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
logging:
print_level: info
metrics:
enabled: true
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
whatsapp:
os_name: Linux mautrix-whatsapp
browser_name: Chrome
#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Telegram)"
parallel_file_transfer: false
inline_images: false
image_as_file_size: 20
delivery_receipts: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
animated_sticker:
target: webm
encryption:
allow: true
default: true
permissions:
"@transcaffeine:finallycoffee.eu": "admin"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Signal)"
community_id: "+signal:finallycoffee.eu"
encryption:
allow: true
default: true
key_sharing:
allow: true
require_verification: false
delivery_receipts: true
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
matrix_mx_puppet_instagram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_instagram_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
metrics:
enabled: true
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
path: /metrics
presence:
enabled: true
interval: 3000
#
# mx-puppet-skype configuration
#
matrix_mx_puppet_skype_enabled: true
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
matrix_mx_puppet_skype_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_skype_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
metrics:
enabled: true
port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
path: /metrics
#
# mx-puppet-discord configuration
#
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
matrix_mx_puppet_discord_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_discord_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
metrics:
enabled: true
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# mx-puppet-slack configuration
#
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
matrix_mx_puppet_slack_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
matrix_mx_puppet_slack_configuration_extension_yaml: |
bridge:
enableGroupSync: true
metrics:
enabled: true
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
Decentralised, encrypted chat &amp; collaboration,<br />
hosted on finallycoffee.eu, powered by element.io &amp;
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
</a>
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
- "https://{{ matrix_server_fqn_dimension }}/widgets"
- "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_roomdir_servers:
- "matrix.org"
- "finallycoffee.eu"
- "entropia.de"
matrix_client_element_enable_presence_by_hs_url:
https://matrix.org: false
# Matrix ma1sd extended configuration
matrix_ma1sd_configuration_extension_yaml: |
hashing:
enabled: true
pepperLength: 20
rotationPolicy: per_requests
requests: 10
hashStorageType: sql
algorithms:
- none
- sha256
# Matrix mail notification relay setup
matrix_mailer_enabled: true
matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
matrix_mailer_relay_use: true
matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: true
matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

100
inventory/host_vars/matrix.finallycoffee.eu/vault.yml Normal file
View File

@ -0,0 +1,100 @@
$ANSIBLE_VAULT;1.1;AES256
64343261653838626666353837393238353033353632393763363634303466613033376235386235
6333386536323034643139656232636133386463393264300a663333333237656337343562366336
66663064393930656566396636333430373233373362346339383866623066316133323366663961
3732666162363238300a636230346163656334393063343030333064393962663431326461653239
36653030393234623335313335383832646463663835653035303765633064666435373464653336
31323433373734633531353562333065623039623633633163376235353737343935623133326663
65333761383130336165356439623066363964313033666433316231663533393532333738333430
36633463343335366364343565353862363531376539626237613263303331323631333366363830
33613937346531323139343166613839366233383663363732353561643238383362353964373135
61633430353037316266343962376238383238366562323764373135646365383030626130383433
32313263663165656366313633653431663332636532656465623465353062643934343738633434
63346333326331633830363663666631326466353138646233383235313532383864633233613134
39363734353165653065343938643861646630376334303832613163663265373839323765396234
38633336393739666565346565343865346233373639363530383533386533616337373033613865
66353434653262663263326237626265636430646630313866383532376264383933343933326264
65316337323863343935306138343462336666313332396439656234613831356262663630663038
31376539653638333263333933633134303734656662343039396563343636366433396130653830
33326539636432646438613236356430343435623539333062666630373265306635343233646333
39653934323738303239643834663463396165656235393437396635623131316532333465316231
65373130393463383932383837383830656637653963666638653665356437303239376262613062
34613830613164323365636461303035616136636330323531383164376334363862383762366665
62643839333662373461363038326436616639326264633735316139346536373839666236653634
30376536386137636336363562376339393261373739333162373461656364353139626339346637
30366431336534663037653438376330346238636562383932653561306134626566333861333630
39633536653233393161333136316564623631313839633461333438633166363064303238663464
65353338353464313635333934623833303965393462373530303666643537336662376266613434
37356664616539323631373535316434383361323935376638666437646538316537613030653231
62636263663935646466383663306535626465633239366562373038356366366331333537333663
64363130386535306362646533393161643737366662313631623132356465636565313530353363
35366165383837326564623363636632616331393834313130303937303664353436363266323033
61373532383962393937666261626263666631346235646237656337363831633734623733633835
39613736373031633263396530626566303665343039663866333632636565633034376366356635
35383633336465636331306232353434653739653339396437363163313630393035366665383263
34353238656563306366336466376363316430636666353965356535653334343630633532313034
64626436643030656335616337653564653331326463383461643739333163613361333133633639
66656137313937356134646362623536363065633564633166343766356436313130373663663334
63626138356562303761323336646332383761646663383032386261623936633661653735343637
35326137343532333635353436376665326633633135656537623631326336353138346136636239
37396135326362613039663136333964626237353562343966383764613231363061333534316233
38636130313261643061613138656235396530656366313132346362383430333734663866383666
61633631353830643565313437306664636262666135353133656531623563616335643737373438
63633235363566616466663262333466383939373336383139643362376365623763386137666332
39353363636437393236303764343337633233386236303563636634353836363537383632306434
33653632373064646361616364323133343138363437373436636232373261663639616330666465
37333130393435613134366437396361363830656137663963643132303334633331633661363061
38356439666161643431356532353334383539353566386333666461663562613231383331623063
33336435636239343663663937353864306363363264663033303539616434333436353134383034
64663533366134306462366565333236383235373233656132396538663437616333343534333166
66646566623734636532666230326530633538656639353262343665316235386534376534386634
65663032303930353661363162373533363762353237393030346238306532326264303636383264
63363063326265396166313533663362346539333532386665316466386131623161313738623239
66386236656561396539356634636234393436323239396330366237333539343761393431336138
66396230656435356365356530343132373861376336346532653063666331343366393761373131
66313864373362326139316461666232386132306535616561663566623963353034313961666266
34373534363834626334386139653532656564333863323363343165643538336430386434613235
64386564643564636530313565326433623365303738386433323463396437653066636134313564
33383035393436393163373864353331376163653137316136376564643066636335313735396664
33623735353438643237333734353766363863313763653737633135353332363066336232363131
33333532653737633033666336326331376561636330643935323636626562303439346338633135
33663035366461336339666665663835373235633338613664636439393837303932643363643830
63333862643430383235663836653161376637373265646463313538386531666362376532663738
62333536383537613562336235666431393164616263303863323834343735326133646131303063
62623836313730363832313764363562306666383337396561633865336561396632303539333166
35623063336534653531303134653630666264333133393864626665623564313466363731316339
36646666653062326665346332373963376439396538396663656130616333316533623331346461
39643862356663316338333662646464353233356635303931626366323831303136366462366133
34303234343064393265303866636137646461336530653733623264383261653864633332346435
62383065353662303564633239326664356364366365626466666266326466333834316437383134
35383261373437643261623533623533326335393932356632653634326432376235393038333464
33626361366565316533663537343237316563343730363632663639623930313963316665663965
33386435663462626435383733383336343064333935356364623436626632356535333430343262
62363136353562633631613965353062363231343037626166363035376530646537646136363730
35303530343361616230383662333139333533333138613834323437636238656538656436623433
38353363336665346637643631663934633061626532376330633731316565336166313936393533
35323535376539633937376532333536323234376632306362633438626565376234353235353836
37663735366165393963313536356437653361306232313736356164656635616333306332356637
39353465633536313539366264646364343231653466346165313863623365333465623336376635
37396663333638356565306439636365653438623935363361356464316663613465303933346537
61303863323631343264613665323866363935383265323562326364346364343133393965333135
33306434646533333662613930666337646330303439333938326433376161613836663237303534
63636139636338656664333034356635653330666362633563366663616661303266326135643036
34383939613035323331366261356531343961303239626365383332313633393561623963643134
30353239356234336635616663313830396133643035663838653837613262616364623637616237
37363662663466396330323830343963366262643339316162643164353430663763613634346233
62303539336433313066346339363163336236373334613938613061613038613466636632336335
35326133373061323164623436623338316466396261393630623466313164393736353566356237
34396530383361613464643461313336663331643438313136353039386263633134616534666464
33373536326637316635326461656130383333613832386662643431666435663565343565616266
35303738656362663266653735373833613765356366626436336437326665396635636335616566
32663733396432656430356335383262613133623066636238623166613839393833616436653936
34306536343664643732356262663435623834313732373564613337373765373130653734386632
35623038623639346564393466393463613238363231663965633037353337353332663464336539
33616131353734663463336436303866306334336339316364313962346430383338306161636462
64303064313135346236346434316333346434303764356237636530663239633631383561393537
66383836326634666362613661353533363432303437663235393336396331356465633031326430
35333263633731626564326430613937343136633562386432396537363663653438333333366135
33333339376165303736643661343535356561353938346131653662363966643839653262363537
38373331353539313463363236383633326138366534313064303739626337343962653830653663
626263633730663932376165333438323835

22
inventory/hosts Normal file
View File

@ -0,0 +1,22 @@
$ANSIBLE_VAULT;1.1;AES256
31336566376336626265653165306635633033376662656164383037383834653239656136333734
3833666339393037323035343565343235396163636166370a643933333933386133366564396465
30393637613164356564393337633361653432333232383664303739363736633435363764343530
3532313739363963660a343434356534316230623133636366386334323465376139363162616238
39396638366262313531653635326361616537396338363533303961623165343931373939306239
31336632643166633662653765333231393461643933306464303165633037343061323636313034
34376631656563646665373566633431366638383863666130323264316337663237343135306236
66323536346164663239343139623430303230333466633437643337343930363530653964626163
38336363633730393136333637383631636266396636646533356262376630646139303636666538
32366437353163663865623234643061313639646162643965393535353938313133326237313265
66646163333535396539646461356334633532313530653834623263386265383765356130333466
30373531306137393935363030313739666536363138363962646565306439393239303030643162
33333166663430393866666439653532623034396130313066383035396535646633366237303264
36356665366461323664373038366364623937386233313039323837666333653764616462333365
31326264633236373937313537633961633164323138356135633765663639323537656263633766
38653836323263386333376131333330326237393666363064326463663961633839393039323835
61306265333232623037356465393133323733363634646364336261326333366239346565366338
61646132333033373866623739343830336164316461646366666237313565626639323537623732
38323830656136323137323530343764666433633432366136643538323832653130376363653135
64376261386635636533353961613335663962306337353866616464613636303735336230623962
3336

28
roles/matrix-awx/tasks/backup_server.yml
View File

@ -54,10 +54,6 @@
validate_certs: yes validate_certs: yes
tags: use-survey tags: use-survey
- name: Run export.sh if this job template is run by the client
command: /bin/sh /root/export.sh
tags: use-survey
- name: Include vars in matrix_vars.yml - name: Include vars in matrix_vars.yml
include_vars: include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
@ -70,8 +66,28 @@
mode: '0660' mode: '0660'
tags: use-survey tags: use-survey
- name: Perform the borg backup - name: Run initial backup of /matrix/ and snapshot the database simultaneously
command: borgmatic command: "{{ item }}"
with_items:
- borgmatic -c /root/.config/borgmatic/config_1.yaml
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
register: _create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
when: matrix_awx_backup_enabled|bool
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: _jobs
until: _jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
when: matrix_awx_backup_enabled|bool
- name: Perform borg backup of postgres dump
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
when: matrix_awx_backup_enabled|bool when: matrix_awx_backup_enabled|bool
- name: Set boolean value to exit playbook - name: Set boolean value to exit playbook

33
roles/matrix-awx/tasks/export_server.yml Normal file
View File

@ -0,0 +1,33 @@
- name: Run export of /matrix/ and snapshot the database simultaneously
command: "{{ item }}"
with_items:
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
- /bin/sh /usr/local/bin/awx-export-service.sh 0 1
register: _create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: _jobs
until: _jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
- name: Schedule deletion of the export in 24 hours
at:
command: rm /chroot/export/matrix*
count: 1
units: days
unique: yes
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

11
roles/matrix-awx/tasks/import_awx.yml
View File

@ -1,15 +1,4 @@
- name: Ensure /matrix/awx is empty
shell: rm -r /matrix/awx/*
ignore_errors: yes
- name: Ensure /matrix/synapse is empty
shell: rm -r /matrix/synapse/*
ignore_errors: yes
- name: Extract from /chroot/export
shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
- name: Ensure correct ownership of /matrix/awx - name: Ensure correct ownership of /matrix/awx
shell: chown -R matrix:matrix /matrix/awx shell: chown -R matrix:matrix /matrix/awx

9
roles/matrix-awx/tasks/main.yml
View File

@ -26,6 +26,15 @@
tags: tags:
- backup-server - backup-server
# Perform a export of the server
- include_tasks:
file: "export_server.yml"
apply:
tags: export-server
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- export-server
# Create a user account if called # Create a user account if called
- include_tasks: - include_tasks:
file: "create_user.yml" file: "create_user.yml"

4
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -104,6 +104,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`. # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}" matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
matrix_mautrix_telegram_sender_localpart: "telegrambot"
matrix_mautrix_telegram_registration_yaml: | matrix_mautrix_telegram_registration_yaml: |
id: telegram id: telegram
as_token: "{{ matrix_mautrix_telegram_appservice_token }}" as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
@ -118,8 +120,8 @@ matrix_mautrix_telegram_registration_yaml: |
- exclusive: true - exclusive: true
regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
# See https://github.com/tulir/mautrix-signal/issues/43 # See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
url: {{ matrix_mautrix_telegram_appservice_address }} url: {{ matrix_mautrix_telegram_appservice_address }}
sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
rate_limited: false rate_limited: false
de.sorunome.msc2409.push_ephemeral: true de.sorunome.msc2409.push_ephemeral: true

8
roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
View File

@ -25,7 +25,7 @@ presence:
# Bridge Discord online/offline status # Bridge Discord online/offline status
enabled: true enabled: true
# How often to send status to the homeserver in milliseconds # How often to send status to the homeserver in milliseconds
interval: 500 interval: 10000
provisioning: provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge # Regex of Matrix IDs allowed to use the puppet bridge
@ -70,7 +70,7 @@ namePatterns:
# #
# name: username of the user # name: username of the user
# discriminator: hashtag of the user (ex. #1234) # discriminator: hashtag of the user (ex. #1234)
user: :name user: ":name (#:discriminator) (via Discord)"
# A user's guild-specific displayname - if they've set a custom nick in # A user's guild-specific displayname - if they've set a custom nick in
# a guild # a guild
@ -82,7 +82,7 @@ namePatterns:
# displayname: the user's custom group-specific nick # displayname: the user's custom group-specific nick
# channel: the name of the channel # channel: the name of the channel
# guild: the name of the guild # guild: the name of the guild
userOverride: :name userOverride: ":displayname (:name#:discriminator) (via Discord)"
# Room names for bridged Discord channels # Room names for bridged Discord channels
# #
@ -90,7 +90,7 @@ namePatterns:
# #
# name: name of the channel # name: name of the channel
# guild: name of the guild # guild: name of the guild
room: :name room: "#:name (:guild on Discord)"
# Group names for bridged Discord servers # Group names for bridged Discord servers
# #

BIN
roles/matrix-client-element/files/antifa_coffee_cups.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 188 KiB

BIN
roles/matrix-client-element/files/background.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 MiB

BIN
roles/matrix-client-element/files/background_small.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 747 KiB

12
roles/matrix-client-element/tasks/setup.yml
View File

@ -67,6 +67,18 @@
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"} - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "matrix_client_element_enabled|bool and item.src is not none" when: "matrix_client_element_enabled|bool and item.src is not none"
- name: Copy Element costum files
copy:
src: "{{ item.src }}"
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
- {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
when: "matrix_client_element_enabled|bool and item.src is not none"
- name: Ensure Element config files removed - name: Ensure Element config files removed
file: file:
path: "{{ matrix_client_element_data_path }}/{{ item.name }}" path: "{{ matrix_client_element_data_path }}/{{ item.name }}"

2
roles/matrix-client-element/templates/welcome.html.j2
View File

@ -33,7 +33,7 @@ h1::after {
} }
.mx_Logo { .mx_Logo {
height: 54px; height: 92px;
margin-top: 2px; margin-top: 2px;
} }

2
roles/matrix-client-hydrogen/defaults/main.yml
View File

@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build: true
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
matrix_client_hydrogen_version: v0.1.56 matrix_client_hydrogen_version: v0.1.57
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

2
roles/matrix-grafana/defaults/main.yml
View File

@ -3,7 +3,7 @@
matrix_grafana_enabled: false matrix_grafana_enabled: false
matrix_grafana_version: 8.0.0 matrix_grafana_version: 8.0.2
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

BIN
roles/matrix-riot-web/files/antifa_coffee_cups.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 188 KiB

BIN
roles/matrix-riot-web/files/background.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 MiB

4
roles/matrix-synapse/defaults/main.yml
View File

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first. # amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately. # arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available. # arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.35.1 matrix_synapse_version: v1.36.0
matrix_synapse_version_arm64: v1.35.1 matrix_synapse_version_arm64: v1.36.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

15
roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@ -2977,19 +2977,4 @@ redis:
password: {{ matrix_synapse_redis_password }} password: {{ matrix_synapse_redis_password }}
# Enable experimental features in Synapse.
#
# Experimental features might break or be removed without a deprecation
# period.
#
experimental_features:
# Support for Spaces (MSC1772), it enables the following:
#
# * The Spaces Summary API (MSC2946).
# * Restricting room membership based on space membership (MSC3083).
#
# Uncomment to disable support for Spaces.
#spaces_enabled: false
# vim:ft=yaml # vim:ft=yaml

3
roles/matrix-synapse/vars/workers.yml
View File

@ -51,6 +51,9 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$ - ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
- ^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
- ^/_matrix/client/(api/v1|r0|unstable)/search$
# Registration/login requests # Registration/login requests
- ^/_matrix/client/(api/v1|r0|unstable)/login$ - ^/_matrix/client/(api/v1|r0|unstable)/login$

25
setup.yml
View File

@ -56,3 +56,28 @@
- matrix-postgres-backup - matrix-postgres-backup
- matrix-prometheus-postgres-exporter - matrix-prometheus-postgres-exporter
- matrix-common-after - matrix-common-after
tasks:
- name: Ensure web-user is present
user:
name: "{{ web_user }}"
state: present
system: yes
register: web_user_res
tags: [ setup-caddy, setup-all, start ]
- name: Ensure directory for revproxy config is present
file:
path: "{{ revproxy_autoload_dir }}/matrix"
state: directory
owner: "{{ web_user_res.uid }}"
group: "{{ web_user_res.group }}"
mode: 0750
tags: [ setup-caddy, setup-all, start ]
- name: Template reverse proxy configuration
template:
src: Caddyfile.j2
dest: "{{ revproxy_autoload_dir }}/matrix/Caddyfile"
owner: "{{ web_user_res.uid }}"
group: "{{ web_user_res.group }}"
mode: 0640
tags: [ setup-caddy, setup-all, start ]

110
templates/Caddyfile.j2 Normal file
View File

@ -0,0 +1,110 @@
https://{{ matrix_server_fqn_matrix }} {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
encode zstd gzip
header {
Strict-Transport-Security "max-age=31536000;"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
}
# matrix-ma1sd
reverse_proxy /_matrix/identity/* {{ matrix_ma1sd_container_http_host_bind_port }} {
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
reverse_proxy /_matrix/client/r0/user_directory/search/* {{ matrix_ma1sd_container_http_host_bind_port }} {
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
reverse_proxy /_matrix/federation/* http://{{ matrix_synapse_container_federation_api_plain_host_bind_port }}
reverse_proxy /_matrix/key/* http://{{ matrix_synapse_container_federation_api_plain_host_bind_port }}
reverse_proxy /_matrix/* {{ matrix_synapse_container_client_api_host_bind_port }} {
import proxyheaders
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
route /synapse-admin/* {
uri strip_prefix /synapse-admin
reverse_proxy http://127.0.0.1{{ matrix_synapse_admin_container_http_host_bind_port }}
}
reverse_proxy /_synapse/* http://{{ matrix_synapse_container_client_api_host_bind_port }}
basicauth /metrics/* bcrypt monitoring {
monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
}
route /metrics/synapse {
uri replace /metrics/synapse /_synapse/metrics
reverse_proxy http://{{ matrix_synapse_container_metrics_api_host_bind_port }}
}
route /metrics/synapse/worker/appservice {
uri replace /metrics/synapse/worker/appservice /_synapse/metrics
reverse_proxy http://127.0.0.1:{{ matrix_synapse_workers_appservice_workers_metrics_range_start }}
}
route /metrics/synapse/worker/federation-sender {
uri replace /metrics/synapse/worker/federation-sender /_synapse/metrics
reverse_proxy http://127.0.0.1:{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start }}
}
route /metrics/bridge/* {
uri strip_prefix /metrics/bridge
route /mautrix-telegram {
uri replace /mautrix-telegram /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
}
route /mautrix-whatsapp {
uri replace /mautrix-whatsapp /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
}
route /mautrix-signal {
uri replace /mautrix-signal /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-instagram {
uri replace /mx-puppet-instagram /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-discord {
uri replace /mx-puppet-discord /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-skype {
uri replace /mx-puppet-skype /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-slack {
uri replace /mx-puppet-slack /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
}
}
reverse_proxy /bridge/telegram/* http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}
reverse_proxy /bridge/slack/* http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}
}
https://{{ matrix_server_fqn_dimension }} {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
encode zstd gzip
reverse_proxy http://{{ matrix_dimension_container_http_host_bind_port }} {
#header_up X-Forwarded-For {remote}
import proxyheaders
#header_up Host {host}
}
}
https://{{ matrix_server_fqn_element }} {
tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
encode zstd gzip
reverse_proxy http://{{ matrix_client_element_container_http_host_bind_port }}
}
https://{{ matrix_domain }}/.well-known/matrix/* {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
route {
uri strip_prefix /.well-known/matrix
root * /matrix_static
file_server
}
header {
Content-Type "application/json"
X-Content-Type-Options "nosniff"
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
}