Compare commits

..

46 Commits

Author SHA1 Message Date
aa952d1f1c
feat: add automatic creation of reverse-proxy routing 2021-11-08 08:48:24 +01:00
fbb482fd4e
meta: move inventory structure to be more usable 2021-11-08 08:48:23 +01:00
dc413ca366
meta: add own inventory, add vault-unlock with GPG 2021-11-08 08:48:22 +01:00
Slavi Pantaleev
9af010657d
Merge pull request #1380 from borisrunakov/workers_with_own_webserver
add server_name to matrix-synapse.conf only if matrix_nginx_proxy_enabled
2021-11-05 15:38:28 +02:00
b
6eaa8ac65a add server_name to matrix-synapsel.conf only if matrix_nginx_proxy_enabled 2021-11-05 15:31:10 +02:00
Slavi Pantaleev
60bf8bef9c
Merge pull request #1379 from hifi/feature/heisenbridge-1.5.0
Upgrade Heisenbridge (1.4.1 -> 1.5.0)
2021-11-05 10:35:48 +02:00
Toni Spets
09ac6a0e8c Upgrade Heisenbridge (1.4.1 -> 1.5.0) 2021-11-05 10:31:31 +02:00
Slavi Pantaleev
94777d5f0e
Merge pull request #1376 from ldicarlo/patch-1
chore: adding some explanations about setting prometheus password
2021-11-04 00:29:13 +02:00
Slavi Pantaleev
12be1033e5
Add missing space 2021-11-04 00:28:58 +02:00
Luca Di Carlo
967e5d6f37
chore: adding some explanations about setting prometheus password 2021-11-03 21:12:06 +01:00
Slavi Pantaleev
7b8b595e81 Upgrade Synapse (1.45.1 -> 1.46.0) 2021-11-02 17:42:13 +02:00
Slavi Pantaleev
dae117c91b Bump Hydrogen (0.2.7 -> 0.2.19) 2021-11-02 15:57:18 +02:00
borisrunakov
9688d071a8
fix matrix_synapse_account_threepid_delegates_email and matrix_synapse_account_threepid_delegates_msisdn (#1370)
* fix for string concatenation on matrix_synapse_account_threepid_delegates_email and matrix_synapse_account_threepid_delegates_msisdn

* .editorconfig should not be ignored

* Restore .gitignore

Co-authored-by: b <b@b>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2021-11-01 12:02:02 +02:00
Slavi Pantaleev
4586efebd7
Merge pull request #1369 from borisrunakov/configurable-ma1sd-port
change port 8090 to matrix_ma1sd_default_port
2021-11-01 10:50:14 +02:00
Slavi Pantaleev
ff3bd12015 Upgrade devture/ansible (2.9.14-r0 -> 2.10.7-r0) 2021-11-01 10:48:17 +02:00
Slavi Pantaleev
0434e3bf8f Allow force-patching webpack.config.js when self-building Element
We were applying the low-memory system patch to webpack.config.js
on systems with < 4GB memory.

From now on, we also let people force-enable patching by toggling the
`matrix_client_element_container_image_self_build_low_memory_system_patch_enabled`
variable.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
2021-11-01 09:08:18 +02:00
b
dcda17595a change port 8090 to matrix_ma1sd_default_port 2021-10-31 21:06:22 +02:00
Slavi Pantaleev
add313c7be
Merge pull request #1368 from hifi/patch-2
Upgrade Heisenbridge (1.4.0 -> 1.4.1)
2021-10-31 19:09:31 +02:00
Toni Spets
17fc055d53
Upgrade Heisenbridge (1.4.0 -> 1.4.1) 2021-10-31 18:31:31 +02:00
Slavi Pantaleev
8f70f0f877
Merge pull request #1367 from GoMatrixHosting/gomatrixhosting-testing
GoMatrixHosting v0.6.4
2021-10-31 16:06:42 +02:00
PC-Admin
c6c68e00a4 merge upstream 2021-10-31 08:56:48 +08:00
Slavi Pantaleev
439c3fddc2
Merge pull request #1366 from pcfe/pcfe-do-not-use-quotes-for-shm-flag
fixes #1365
2021-10-30 15:34:10 +03:00
Patrick C. F. Ernzer
65182ea0f2 fixes #1365
docker-ce does not like quotes around the shm-size value
2021-10-30 13:13:30 +02:00
Slavi Pantaleev
fc593bc8ab Increase shm-size for Postgres container to fix VACUUM
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1268

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1364

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1362
2021-10-30 09:53:56 +03:00
Slavi Pantaleev
c8a8035de4 Make it possible to self-build Element on low-memory devices (<4G RAM)
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
2021-10-29 11:13:01 +03:00
Slavi Pantaleev
39fa852ed6 Remove unnecessary if checks
Should have been done in 63f5a88fa0.
2021-10-29 10:41:11 +03:00
Slavi Pantaleev
63f5a88fa0 Separate install/uninstall tasks for Element and Hydrogen 2021-10-29 10:29:54 +03:00
Slavi Pantaleev
76745342f4
Merge pull request #1361 from hifi/feature/heisenbridge-1.4.0
Upgrade Heisenbridge (1.3.0 -> 1.4.0)
2021-10-29 09:40:12 +03:00
Toni Spets
124b9608fc Upgrade Heisenbridge (1.3.0 -> 1.4.0) 2021-10-28 21:07:11 +03:00
Slavi Pantaleev
e80cf7d92c
Merge pull request #1360 from thomwiggers/patch-6
update IRC appservice
2021-10-28 16:28:24 +03:00
Thom Wiggers
32f15e9bf0
update IRC appservice
https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.32.1
2021-10-28 15:21:58 +02:00
Slavi Pantaleev
28fe9ffed4
Merge pull request #1359 from jariz/patch-1
caddy example fixes
2021-10-28 14:33:13 +03:00
jariz
0a10077c63
caddy example fixes
- caddy v1 requires a path in the header directive
- msisd has been replaced in favour of ma1sd
2021-10-28 11:16:43 +02:00
Slavi Pantaleev
c81ac90a05
Merge pull request #1358 from sakkiii/patch-2
Prometheus & Grafana Update
2021-10-27 21:23:29 +03:00
sakkiii
0231302db9
Upgrade grafana (8.1.4 -> 8.2.2) 2021-10-27 23:14:14 +05:30
sakkiii
d09609b3bd
Update prometheus (2.29.2 -> 2.30.3) 2021-10-27 23:11:01 +05:30
Slavi Pantaleev
feda83abf0 Mention that Hydrogen always undergoes self-building 2021-10-27 14:00:40 +03:00
Slavi Pantaleev
be17792466
Merge pull request #1352 from throwawayay/patch-1
Upgrade Element (v1.9.3)
2021-10-25 20:40:01 +03:00
throwawayay
d31cdb071a
Upgrade Element (v1.9.3)
https://github.com/vector-im/element-web/releases/tag/v1.9.3
2021-10-25 12:44:58 -04:00
Slavi Pantaleev
06bcdcf9d2
Merge pull request #1311 from HarHarLinks/master
add auto proxy synapse worker metrics
2021-10-25 09:21:11 +03:00
Kim Brose
5f6bbafa17
fix space before tab in indent 2021-10-24 16:00:42 +02:00
HarHarLinks
7b33fc8e19 fixup! auto-generate prometheus.yml for workers metrics 2021-10-20 13:30:38 +02:00
HarHarLinks
ce41674e61 auto-generate prometheus.yml for workers metrics 2021-10-20 12:51:00 +02:00
HarHarLinks
dd4dc22619 add worker metrics documentation 2021-10-20 12:51:00 +02:00
HarHarLinks
4209c4208c add own variable for worker metrics
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1311#issuecomment-945718866
2021-10-20 12:51:00 +02:00
HarHarLinks
d9fa2f7ed4 add auto proxy synapse worker metrics
when matrix_nginx_proxy_proxy_synapse_metrics is enabled
2021-10-04 21:44:50 +02:00
28 changed files with 310 additions and 184 deletions

View File

@ -21,6 +21,6 @@ matrix_architecture: "arm32"
## Implementation details ## Implementation details
For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used everywhere, because all images are available for this architecture. For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used for all components (except [Hydrogen](configuring-playbook-client-hydrogen.md), which goes through self-building).
For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary. For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.

View File

@ -51,7 +51,7 @@ docker run -it --rm \
-v `pwd`:/work \ -v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \ --entrypoint=/bin/sh \
docker.io/devture/ansible:2.9.14-r0 docker.io/devture/ansible:2.10.7-r0
``` ```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

View File

@ -55,9 +55,41 @@ Name | Description
`matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network) `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network)
`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics` `matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics`
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`) `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`)
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable) `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable). Do not write the password in plain text. See `man 1 htpasswd` or use `htpasswd -c mypass.htpasswd prometheus` to generate the expected hash for nginx.
`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`) `matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`)
### Collecting worker metrics to an external Prometheus server
If you are using workers (`matrix_synapse_workers_enabled`) and have enabled `matrix_nginx_proxy_proxy_synapse_metrics` as described above, the playbook will also automatically proxy the all worker threads's metrics to `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`.
The playbook also generates an exemplary prometheus.yml config file (`matrix_base_data_path/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs, especially edit the specified `password_file` path and contents and path to your `synapse-v2.rules`.
It will look a bit like this:
```yaml
scrape_configs:
- job_name: 'synapse'
metrics_path: /_synapse/metrics
scheme: https
basic_auth:
username: prometheus
password_file: /etc/prometheus/password.pwd
static_configs:
- targets: ['matrix.DOMAIN:443']
labels:
job: "master"
index: 1
- job_name: 'synapse-generic_worker-1'
metrics_path: /_synapse-worker-generic_worker-18111/metrics
scheme: https
basic_auth:
username: prometheus
password_file: /etc/prometheus/password.pwd
static_configs:
- targets: ['matrix.DOMAIN:443']
labels:
job: "generic_worker"
index: 18111
```
### Collecting system and Postgres metrics to an external Prometheus server (advanced) ### Collecting system and Postgres metrics to an external Prometheus server (advanced)
When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats. When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats.

View File

@ -5,7 +5,7 @@ https://matrix.DOMAIN {
root /matrix/static-files root /matrix/static-files
header { header / {
Access-Control-Allow-Origin * Access-Control-Allow-Origin *
Strict-Transport-Security "mag=age=31536000;" Strict-Transport-Security "mag=age=31536000;"
X-Frame-Options "DENY" X-Frame-Options "DENY"
@ -13,10 +13,10 @@ https://matrix.DOMAIN {
} }
# Identity server traffic # Identity server traffic
proxy /_matrix/identity matrix-msisd:8090 { proxy /_matrix/identity matrix-ma1sd:8090 {
transparent transparent
} }
proxy /_matrix/client/r0/user_directory/search matrix-msisd:8090 { proxy /_matrix/client/r0/user_directory/search matrix-ma1sd:8090 {
transparent transparent
} }

View File

@ -1212,7 +1212,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# ma1sd's web-server port. # ma1sd's web-server port.
matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8090' }}" matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_default_port|string }}"
# We enable Synapse integration via its Postgres database by default. # We enable Synapse integration via its Postgres database by default.
# When using another Identity store, you might wish to disable this and define # When using another Identity store, you might wish to disable this and define
@ -1294,8 +1294,8 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corpor
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081"
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled }}" matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled }}"
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:8090" matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}"
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:8090" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}"
# By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy. # By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy.
# Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy. # Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy.
@ -1339,6 +1339,8 @@ matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers
matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}"
matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}"
matrix_nginx_proxy_proxy_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_nginx_proxy_systemd_wanted_services_list: | matrix_nginx_proxy_systemd_wanted_services_list: |
{{ {{
(['matrix-synapse.service'] if matrix_synapse_enabled else []) (['matrix-synapse.service'] if matrix_synapse_enabled else [])
@ -1707,8 +1709,8 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6
# When ma1sd is enabled, we can use it to validate email addresses and phone numbers. # When ma1sd is enabled, we can use it to validate email addresses and phone numbers.
# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. # Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server.
matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:8090' if matrix_ma1sd_enabled else '' }}" matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_default_port|string if matrix_ma1sd_enabled else '' }}"
matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:8090' if matrix_ma1sd_enabled else '' }}" matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_default_port|string if matrix_ma1sd_enabled else '' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it,

View File

@ -15,7 +15,7 @@
"type": "multiplechoice" "type": "multiplechoice"
}, },
{ {
"question_name": "Discord Client ID", "question_name": "Discord OAuth2 Client ID",
"question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications", "question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications",
"required": true, "required": true,
"min": 0, "min": 0,

View File

@ -30,7 +30,7 @@
insertafter: '# Synapse Extension Start' insertafter: '# Synapse Extension Start'
with_dict: with_dict:
'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true' 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true'
'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"' 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_default_port }}"'
when: awx_matrix_ma1sd_auth_store == 'LDAP/AD' when: awx_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Remove entire ma1sd configuration extension - name: Remove entire ma1sd configuration extension

View File

@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
matrix_appservice_irc_version: release-0.31.0 matrix_appservice_irc_version: release-0.32.1
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

View File

@ -3,7 +3,7 @@
matrix_heisenbridge_enabled: true matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.3.0 matrix_heisenbridge_version: 1.5.0
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

View File

@ -2,8 +2,12 @@ matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build: false
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
# Controls whether to patch webpack.config.js when self-building, so that building can pass on low-memory systems (< 4 GB RAM):
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.9.2 matrix_client_element_version: v1.9.3
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

View File

@ -20,8 +20,14 @@
- setup-all - setup-all
- setup-client-element - setup-client-element
- import_tasks: "{{ role_path }}/tasks/setup.yml" - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: run_setup|bool when: "run_setup|bool and matrix_client_element_enabled|bool"
tags:
- setup-all
- setup-client-element
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_client_element_enabled|bool"
tags: tags:
- setup-all - setup-all
- setup-client-element - setup-client-element

View File

@ -1,9 +1,5 @@
--- ---
#
# Tasks related to setting up Element
#
- name: Ensure Element paths exists - name: Ensure Element paths exists
file: file:
path: "{{ item.path }}" path: "{{ item.path }}"
@ -14,7 +10,7 @@
with_items: with_items:
- { path: "{{ matrix_client_element_data_path }}", when: true } - { path: "{{ matrix_client_element_data_path }}", when: true }
- { path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}" } - { path: "{{ matrix_client_element_docker_src_files_path }}", when: "{{ matrix_client_element_container_image_self_build }}" }
when: matrix_client_element_enabled|bool and item.when when: "item.when|bool"
- name: Ensure Element Docker image is pulled - name: Ensure Element Docker image is pulled
docker_image: docker_image:
@ -22,7 +18,7 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}"
when: matrix_client_element_enabled|bool and not matrix_client_element_container_image_self_build when: "not matrix_client_element_container_image_self_build|bool"
- name: Ensure Element repository is present on self-build - name: Ensure Element repository is present on self-build
git: git:
@ -31,7 +27,21 @@
version: "{{ matrix_client_element_docker_image.split(':')[1] }}" version: "{{ matrix_client_element_docker_image.split(':')[1] }}"
force: "yes" force: "yes"
register: matrix_client_element_git_pull_results register: matrix_client_element_git_pull_results
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build|bool" when: "matrix_client_element_container_image_self_build|bool"
# See:
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1357
# - https://github.com/vector-im/element-web/issues/19544
- name: Patch webpack.config.js to support building on low-memory (<4G RAM) devices
lineinfile:
path: "{{ matrix_client_element_docker_src_files_path }}/webpack.config.js"
regexp: '(\s+)splitChunks: \{'
line: '\1splitChunks: { maxSize: 100000,'
backrefs: yes
owner: root
group: root
mode: '0644'
when: "matrix_client_element_container_image_self_build|bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled|bool"
- name: Ensure Element Docker image is built - name: Ensure Element Docker image is built
docker_image: docker_image:
@ -43,7 +53,7 @@
dockerfile: Dockerfile dockerfile: Dockerfile
path: "{{ matrix_client_element_docker_src_files_path }}" path: "{{ matrix_client_element_docker_src_files_path }}"
pull: yes pull: yes
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build|bool" when: "matrix_client_element_container_image_self_build|bool"
- name: Ensure Element configuration installed - name: Ensure Element configuration installed
copy: copy:
@ -52,7 +62,6 @@
mode: 0644 mode: 0644
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
when: matrix_client_element_enabled|bool
- name: Ensure Element config files installed - name: Ensure Element config files installed
template: template:
@ -65,7 +74,7 @@
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
- {src: "{{ matrix_client_element_page_template_welcome_path }}", name: "welcome.html"} - {src: "{{ matrix_client_element_page_template_welcome_path }}", name: "welcome.html"}
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"} - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "matrix_client_element_enabled|bool and item.src is not none" when: "item.src is not none"
- name: Copy Element costum files - name: Copy Element costum files
copy: copy:
@ -85,7 +94,7 @@
state: absent state: absent
with_items: with_items:
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"} - {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "matrix_client_element_enabled|bool and item.src is none" when: "item.src is none"
- name: Ensure matrix-client-element.service installed - name: Ensure matrix-client-element.service installed
template: template:
@ -93,50 +102,8 @@
dest: "{{ matrix_systemd_path }}/matrix-client-element.service" dest: "{{ matrix_systemd_path }}/matrix-client-element.service"
mode: 0644 mode: 0644
register: matrix_client_element_systemd_service_result register: matrix_client_element_systemd_service_result
when: matrix_client_element_enabled|bool
- name: Ensure systemd reloaded after matrix-client-element.service installation - name: Ensure systemd reloaded after matrix-client-element.service installation
service: service:
daemon_reload: yes daemon_reload: yes
when: "matrix_client_element_enabled and matrix_client_element_systemd_service_result.changed" when: "matrix_client_element_systemd_service_result.changed|bool"
#
# Tasks related to getting rid of Element (if it was previously enabled)
#
- name: Check existence of matrix-client-element.service
stat:
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
register: matrix_client_element_service_stat
when: "not matrix_client_element_enabled|bool"
- name: Ensure matrix-client-element is stopped
service:
name: matrix-client-element
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
- name: Ensure matrix-client-element.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
state: absent
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-client-element.service removal
service:
daemon_reload: yes
when: "not matrix_client_element_enabled|bool and matrix_client_element_service_stat.stat.exists"
- name: Ensure Element paths doesn't exist
file:
path: "{{ matrix_client_element_data_path }}"
state: absent
when: "not matrix_client_element_enabled|bool"
- name: Ensure Element Docker image doesn't exist
docker_image:
name: "{{ matrix_client_element_docker_image }}"
state: absent
when: "not matrix_client_element_enabled|bool"

View File

@ -0,0 +1,35 @@
---
- name: Check existence of matrix-client-element.service
stat:
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
register: matrix_client_element_service_stat
- name: Ensure matrix-client-element is stopped
service:
name: matrix-client-element
state: stopped
daemon_reload: yes
register: stopping_result
when: "matrix_client_element_service_stat.stat.exists|bool"
- name: Ensure matrix-client-element.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-client-element.service"
state: absent
when: "matrix_client_element_service_stat.stat.exists|bool"
- name: Ensure systemd reloaded after matrix-client-element.service removal
service:
daemon_reload: yes
when: "matrix_client_element_service_stat.stat.exists|bool"
- name: Ensure Element paths doesn't exist
file:
path: "{{ matrix_client_element_data_path }}"
state: absent
- name: Ensure Element Docker image doesn't exist
docker_image:
name: "{{ matrix_client_element_docker_image }}"
state: absent

View File

@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build: true
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
matrix_client_hydrogen_version: v0.2.7 matrix_client_hydrogen_version: v0.2.19
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

View File

@ -8,8 +8,14 @@
- setup-all - setup-all
- setup-client-hydrogen - setup-client-hydrogen
- import_tasks: "{{ role_path }}/tasks/setup.yml" - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: run_setup|bool when: "run_setup|bool and matrix_client_hydrogen_enabled|bool"
tags:
- setup-all
- setup-client-hydrogen
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_client_hydrogen_enabled|bool"
tags: tags:
- setup-all - setup-all
- setup-client-hydrogen - setup-client-hydrogen

View File

@ -1,9 +1,5 @@
--- ---
#
# Tasks related to setting up Hydrogen
#
- name: Ensure Hydrogen paths exists - name: Ensure Hydrogen paths exists
file: file:
path: "{{ item.path }}" path: "{{ item.path }}"
@ -14,7 +10,7 @@
with_items: with_items:
- { path: "{{ matrix_client_hydrogen_data_path }}", when: true } - { path: "{{ matrix_client_hydrogen_data_path }}", when: true }
- { path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}" } - { path: "{{ matrix_client_hydrogen_docker_src_files_path }}", when: "{{ matrix_client_hydrogen_container_image_self_build }}" }
when: matrix_client_hydrogen_enabled|bool and item.when when: "item.when|bool"
- name: Ensure Hydrogen Docker image is pulled - name: Ensure Hydrogen Docker image is pulled
docker_image: docker_image:
@ -22,7 +18,7 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}"
when: matrix_client_hydrogen_enabled|bool and not matrix_client_hydrogen_container_image_self_build when: "not matrix_client_hydrogen_container_image_self_build|bool"
- name: Ensure Hydrogen repository is present on self-build - name: Ensure Hydrogen repository is present on self-build
git: git:
@ -31,7 +27,7 @@
version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}" version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}"
force: "yes" force: "yes"
register: matrix_client_hydrogen_git_pull_results register: matrix_client_hydrogen_git_pull_results
when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" when: "matrix_client_hydrogen_container_image_self_build|bool"
- name: Ensure Hydrogen configuration installed - name: Ensure Hydrogen configuration installed
copy: copy:
@ -40,7 +36,7 @@
mode: 0644 mode: 0644
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" when: "matrix_client_hydrogen_container_image_self_build|bool"
- name: Ensure Hydrogen additional config files installed - name: Ensure Hydrogen additional config files installed
template: template:
@ -51,7 +47,7 @@
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
when: "matrix_client_hydrogen_enabled|bool and item.src is not none" when: "item.src is not none"
# This step MUST come after the steps to install the configuration files because the config files # This step MUST come after the steps to install the configuration files because the config files
# are currently only read at build time, not at run time like most other components in the playbook # are currently only read at build time, not at run time like most other components in the playbook
@ -64,7 +60,7 @@
dockerfile: Dockerfile dockerfile: Dockerfile
path: "{{ matrix_client_hydrogen_docker_src_files_path }}" path: "{{ matrix_client_hydrogen_docker_src_files_path }}"
pull: yes pull: yes
when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" when: "matrix_client_hydrogen_container_image_self_build|bool"
- name: Ensure matrix-client-hydrogen.service installed - name: Ensure matrix-client-hydrogen.service installed
template: template:
@ -72,50 +68,8 @@
dest: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" dest: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service"
mode: 0644 mode: 0644
register: matrix_client_hydrogen_systemd_service_result register: matrix_client_hydrogen_systemd_service_result
when: matrix_client_hydrogen_enabled|bool
- name: Ensure systemd reloaded after matrix-client-hydrogen.service installation - name: Ensure systemd reloaded after matrix-client-hydrogen.service installation
service: service:
daemon_reload: yes daemon_reload: yes
when: "matrix_client_hydrogen_enabled and matrix_client_hydrogen_systemd_service_result.changed" when: "matrix_client_hydrogen_systemd_service_result.changed|bool"
#
# Tasks related to getting rid of Hydrogen (if it was previously enabled)
#
- name: Check existence of matrix-client-hydrogen.service
stat:
path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service"
register: matrix_client_hydrogen_service_stat
when: "not matrix_client_hydrogen_enabled|bool"
- name: Ensure matrix-client-hydrogen is stopped
service:
name: matrix-client-hydrogen
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists"
- name: Ensure matrix-client-hydrogen.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service"
state: absent
when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-client-hydrogen.service removal
service:
daemon_reload: yes
when: "not matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_service_stat.stat.exists"
- name: Ensure Hydrogen paths doesn't exist
file:
path: "{{ matrix_client_hydrogen_data_path }}"
state: absent
when: "not matrix_client_hydrogen_enabled|bool"
- name: Ensure Hydrogen Docker image doesn't exist
docker_image:
name: "{{ matrix_client_hydrogen_docker_image }}"
state: absent
when: "not matrix_client_hydrogen_enabled|bool"

View File

@ -0,0 +1,35 @@
---
- name: Check existence of matrix-client-hydrogen.service
stat:
path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service"
register: matrix_client_hydrogen_service_stat
- name: Ensure matrix-client-hydrogen is stopped
service:
name: matrix-client-hydrogen
state: stopped
daemon_reload: yes
register: stopping_result
when: "matrix_client_hydrogen_service_stat.stat.exists|bool"
- name: Ensure matrix-client-hydrogen.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service"
state: absent
when: "matrix_client_hydrogen_service_stat.stat.exists|bool"
- name: Ensure systemd reloaded after matrix-client-hydrogen.service removal
service:
daemon_reload: yes
when: "matrix_client_hydrogen_service_stat.stat.exists|bool"
- name: Ensure Hydrogen paths doesn't exist
file:
path: "{{ matrix_client_hydrogen_data_path }}"
state: absent
- name: Ensure Hydrogen Docker image doesn't exist
docker_image:
name: "{{ matrix_client_hydrogen_docker_image }}"
state: absent

View File

@ -3,7 +3,7 @@
matrix_grafana_enabled: false matrix_grafana_enabled: false
matrix_grafana_version: 8.1.4 matrix_grafana_version: 8.2.2
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

View File

@ -19,7 +19,8 @@ matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src/ma1
matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config" matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config"
matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data" matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data"
# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/8090 in the container). matrix_ma1sd_default_port: 8090
# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/{{ matrix_ma1sd_default_port }} in the container).
# #
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose.
matrix_ma1sd_container_http_host_bind_port: '' matrix_ma1sd_container_http_host_bind_port: ''

View File

@ -26,7 +26,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
--tmpfs=/tmp:rw,exec,nosuid,size=10m \ --tmpfs=/tmp:rw,exec,nosuid,size=10m \
--network={{ matrix_docker_network }} \ --network={{ matrix_docker_network }} \
{% if matrix_ma1sd_container_http_host_bind_port %} {% if matrix_ma1sd_container_http_host_bind_port %}
-p {{ matrix_ma1sd_container_http_host_bind_port }}:8090 \ -p {{ matrix_ma1sd_container_http_host_bind_port }}:{{ matrix_ma1sd_default_port }} \
{% endif %} {% endif %}
{% if matrix_ma1sd_verbose_logging %} {% if matrix_ma1sd_verbose_logging %}
-e MA1SD_LOG_LEVEL=debug \ -e MA1SD_LOG_LEVEL=debug \

View File

@ -165,23 +165,24 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:410
# This can be used to forward the API endpoint to another service, augmenting the functionality of Synapse's own User Directory Search. # This can be used to forward the API endpoint to another service, augmenting the functionality of Synapse's own User Directory Search.
# To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/directory.md # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/directory.md
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:8090" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}"
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:8090" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}"
# Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain). # Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain).
# This allows another service to control registrations involving 3PIDs. # This allows another service to control registrations involving 3PIDs.
# To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md
matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false
matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:8090" matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}"
matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:8090" matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}"
# Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain) # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:8090" matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}"
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:8090" matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}"
# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) # Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain)
matrix_nginx_proxy_proxy_synapse_metrics: false matrix_nginx_proxy_proxy_synapse_metrics: false
matrix_nginx_proxy_synapse_workers_enabled_list: []
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false
# The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately. # The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately.
# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. # Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here.
@ -226,7 +227,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes: |
+ +
(['/_synapse/admin'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled else []) (['/_synapse/admin'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled else [])
+ +
(['/_synapse/metrics'] if matrix_nginx_proxy_proxy_synapse_metrics else []) (['/_synapse.*/metrics'] if matrix_nginx_proxy_proxy_synapse_metrics else [])
}} }}
# Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected. # Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected.

View File

@ -38,6 +38,15 @@
mode: 0400 mode: 0400
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool" when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool"
- name: Generate sample prometheus.yml for external scraping
template:
src: "{{ role_path }}/templates/prometheus/external_prometheus.yml.example.j2"
dest: "{{ matrix_base_data_path }}/external_prometheus.yml.example"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
when: matrix_nginx_proxy_proxy_synapse_metrics|bool
- name: Ensure Matrix nginx-proxy configured (generic) - name: Ensure Matrix nginx-proxy configured (generic)
template: template:
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2" src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
@ -270,3 +279,9 @@
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
state: absent state: absent
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool" when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool"
- name: Ensure sample prometheus.yml for external scraping is deleted
file:
path: "{{ matrix_base_data_path }}/external_prometheus.yml.example"
state: absent
when: "not matrix_nginx_proxy_proxy_synapse_metrics|bool"

View File

@ -62,7 +62,9 @@
server { server {
listen 12080; listen 12080;
{% if matrix_nginx_proxy_enabled %}
server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }};
{% endif %}
server_tokens off; server_tokens off;
root /dev/null; root /dev/null;
@ -153,6 +155,24 @@ server {
} }
{% endif %} {% endif %}
{% if matrix_nginx_proxy_enabled and matrix_nginx_proxy_proxy_synapse_metrics %}
{% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %}
{% if worker.metrics_port != 0 %}
location /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics {
resolver 127.0.0.11 valid=5s;
set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}";
proxy_pass http://$backend/_synapse/metrics;
proxy_set_header Host $host;
{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
auth_basic "protected";
auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
{% endif %}
}
{% endif %}
{% endfor %}
{% endif %}
{# Everything else just goes to the API server ##} {# Everything else just goes to the API server ##}
location / { location / {
{% if matrix_nginx_proxy_enabled %} {% if matrix_nginx_proxy_enabled %}
@ -176,8 +196,10 @@ server {
{% if matrix_nginx_proxy_proxy_synapse_federation_api_enabled %} {% if matrix_nginx_proxy_proxy_synapse_federation_api_enabled %}
server { server {
listen 12088; listen 12088;
{% if matrix_nginx_proxy_enabled %}
server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }};
{% endif %}
server_tokens off; server_tokens off;
root /dev/null; root /dev/null;

View File

@ -0,0 +1,40 @@
global:
scrape_interval: 5s
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: 'synapse-{{ matrix_domain }}'
rule_files:
- /etc/prometheus/synapse-v2.rules
scrape_configs:
- job_name: 'synapse'
metrics_path: /_synapse/metrics
scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }}
{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
basic_auth:
username: prometheus
password_file: /path/to/your/passwordfile.pwd
{% endif %}
static_configs:
- targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}']
labels:
job: "master"
index: 1
{% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %}
- job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}'
metrics_path: /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics
scheme: {{ 'https' if matrix_nginx_proxy_https_enabled else 'http' }}
{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
basic_auth:
username: prometheus
password_file: /path/to/your/passwordfile.pwd
{% endif %}
static_configs:
- targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}']
labels:
job: "{{ worker.type }}"
index: {{ worker.instanceId }}
{% endfor %}

View File

@ -11,6 +11,10 @@ Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null'
# We need /dev/shm to be larger than the default to allow VACUUM to work.
# See:
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1362
# - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1268
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
--log-driver=none \ --log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@ -18,6 +22,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
--read-only \ --read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \ --tmpfs=/tmp:rw,noexec,nosuid,size=100m \
--tmpfs=/run/postgresql:rw,noexec,nosuid,size=100m \ --tmpfs=/run/postgresql:rw,noexec,nosuid,size=100m \
--shm-size=256m \
--network={{ matrix_docker_network }} \ --network={{ matrix_docker_network }} \
{% if matrix_postgres_container_postgres_bind_port %} {% if matrix_postgres_container_postgres_bind_port %}
-p {{ matrix_postgres_container_postgres_bind_port }}:5432 \ -p {{ matrix_postgres_container_postgres_bind_port }}:5432 \

View File

@ -3,7 +3,7 @@
matrix_prometheus_enabled: false matrix_prometheus_enabled: false
matrix_prometheus_version: v2.29.2 matrix_prometheus_version: v2.30.3
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"

View File

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first. # amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately. # arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available. # arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.45.1 matrix_synapse_version: v1.46.0
matrix_synapse_version_arm64: v1.45.1 matrix_synapse_version_arm64: v1.46.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

View File

@ -492,6 +492,48 @@ redaction_retention_period: {{ matrix_synapse_redaction_retention_period }}
user_ips_max_age: {{ matrix_synapse_user_ips_max_age }} user_ips_max_age: {{ matrix_synapse_user_ips_max_age }}
# Inhibits the /requestToken endpoints from returning an error that might leak
# information about whether an e-mail address is in use or not on this
# homeserver.
# Note that for some endpoints the error situation is the e-mail already being
# used, and for others the error is entering the e-mail being unused.
# If this option is enabled, instead of returning an error, these endpoints will
# act as if no error happened and return a fake session ID ('sid') to clients.
#
#request_token_inhibit_3pid_errors: true
# A list of domains that the domain portion of 'next_link' parameters
# must match.
#
# This parameter is optionally provided by clients while requesting
# validation of an email or phone number, and maps to a link that
# users will be automatically redirected to after validation
# succeeds. Clients can make use this parameter to aid the validation
# process.
#
# The whitelist is applied whether the homeserver or an
# identity server is handling validation.
#
# The default value is no whitelist functionality; all domains are
# allowed. Setting this value to an empty list will instead disallow
# all domains.
#
#next_link_domain_whitelist: ["matrix.org"]
# Templates to use when generating email or HTML page contents.
#
templates:
# Directory in which Synapse will try to find template files to use to generate
# email or HTML page contents.
# If not set, or a file is not found within the template directory, a default
# template from within the Synapse package will be used.
#
# See https://matrix-org.github.io/synapse/latest/templates.html for more
# information about using custom templates.
#
#custom_template_directory: /path/to/custom/templates/
# Message retention policy at the server level. # Message retention policy at the server level.
# #
# Room admins and mods can define a retention period for their rooms using the # Room admins and mods can define a retention period for their rooms using the
@ -561,47 +603,6 @@ retention:
# - shortest_max_lifetime: 3d # - shortest_max_lifetime: 3d
# interval: 1d # interval: 1d
# Inhibits the /requestToken endpoints from returning an error that might leak
# information about whether an e-mail address is in use or not on this
# homeserver.
# Note that for some endpoints the error situation is the e-mail already being
# used, and for others the error is entering the e-mail being unused.
# If this option is enabled, instead of returning an error, these endpoints will
# act as if no error happened and return a fake session ID ('sid') to clients.
#
#request_token_inhibit_3pid_errors: true
# A list of domains that the domain portion of 'next_link' parameters
# must match.
#
# This parameter is optionally provided by clients while requesting
# validation of an email or phone number, and maps to a link that
# users will be automatically redirected to after validation
# succeeds. Clients can make use this parameter to aid the validation
# process.
#
# The whitelist is applied whether the homeserver or an
# identity server is handling validation.
#
# The default value is no whitelist functionality; all domains are
# allowed. Setting this value to an empty list will instead disallow
# all domains.
#
#next_link_domain_whitelist: ["matrix.org"]
# Templates to use when generating email or HTML page contents.
#
templates:
# Directory in which Synapse will try to find template files to use to generate
# email or HTML page contents.
# If not set, or a file is not found within the template directory, a default
# template from within the Synapse package will be used.
#
# See https://matrix-org.github.io/synapse/latest/templates.html for more
# information about using custom templates.
#
#custom_template_directory: /path/to/custom/templates/
## TLS ## ## TLS ##