Compare commits
10 Commits
b4f93fdfc3
...
52c3c66a82
Author | SHA1 | Date | |
---|---|---|---|
52c3c66a82 | |||
9848482651 | |||
c74d2c45ca | |||
b63ef77827 | |||
96eea1d61e | |||
f08f847ab1 | |||
8063792e70 | |||
213dfeeb37 | |||
bb043850ad | |||
bd70f443d0 |
@ -23,10 +23,6 @@ indent_size = 2
|
|||||||
indent_style = space
|
indent_style = space
|
||||||
indent_size = 2
|
indent_size = 2
|
||||||
|
|
||||||
[justfile]
|
|
||||||
indent_style = space
|
|
||||||
indent_size = 4
|
|
||||||
|
|
||||||
# Markdown Files
|
# Markdown Files
|
||||||
#
|
#
|
||||||
# Two spaces at the end of a line in Markdown mean "new line",
|
# Two spaces at the end of a line in Markdown mean "new line",
|
||||||
|
4
.github/workflows/matrix.yml
vendored
4
.github/workflows/matrix.yml
vendored
@ -13,7 +13,7 @@ jobs:
|
|||||||
- name: Check out
|
- name: Check out
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
- name: Run yamllint
|
- name: Run yamllint
|
||||||
uses: frenck/action-yamllint@v1.4.1
|
uses: frenck/action-yamllint@v1.4.0
|
||||||
ansible-lint:
|
ansible-lint:
|
||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@ -21,6 +21,6 @@ jobs:
|
|||||||
- name: Check out
|
- name: Check out
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
- name: Run ansible-lint
|
- name: Run ansible-lint
|
||||||
uses: ansible-community/ansible-lint-action@v6.16.0
|
uses: ansible-community/ansible-lint-action@v6.11.0
|
||||||
with:
|
with:
|
||||||
path: roles/custom
|
path: roles/custom
|
||||||
|
1
.gitignore
vendored
1
.gitignore
vendored
@ -5,7 +5,6 @@
|
|||||||
/roles/**/files/scratchpad
|
/roles/**/files/scratchpad
|
||||||
.DS_Store
|
.DS_Store
|
||||||
.python-version
|
.python-version
|
||||||
flake.lock
|
|
||||||
|
|
||||||
# ignore roles pulled by ansible-galaxy
|
# ignore roles pulled by ansible-galaxy
|
||||||
/roles/galaxy/*
|
/roles/galaxy/*
|
||||||
|
49
CHANGELOG.md
49
CHANGELOG.md
@ -1,38 +1,3 @@
|
|||||||
# 2023-05-25
|
|
||||||
|
|
||||||
## Enabling `forget_rooms_on_leave` by default for Synapse
|
|
||||||
|
|
||||||
With the [Synapse v1.84.0 update](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2698), we've also **changed the default value** of the `forget_rooms_on_leave` setting of Synapse to a value of `true`.
|
|
||||||
This way, **when you leave a room, Synapse will now forget it automatically**.
|
|
||||||
|
|
||||||
The upstream Synapse default is `false` (disabled), so that you must forget rooms manually after leaving.
|
|
||||||
|
|
||||||
**We go against the upstream default** ([somewhat controversially](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2700)) in an effort to make Synapse leaner and potentially do what we believe most users would expect their homeserver to be doing.
|
|
||||||
|
|
||||||
If you'd like to go back to the old behavior, add the following to your configuration: `matrix_synapse_forget_rooms_on_leave: false`
|
|
||||||
|
|
||||||
|
|
||||||
# 2023-04-03
|
|
||||||
|
|
||||||
## The matrix-jitsi role lives independently now
|
|
||||||
|
|
||||||
**TLDR**: the `matrix-jitsi` role is now included from the [ansible-role-jitsi](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi) repository, part of the [MASH playbook](https://github.com/mother-of-all-self-hosting/mash-playbook). Some variables have been renamed. All functionality remains intact.
|
|
||||||
|
|
||||||
The `matrix-jitsi` role has been relocated in its own repository, part of the [MASH playbook](https://github.com/mother-of-all-self-hosting/mash-playbook) project - an Ansible playbook for self-hosting [a growing list of FOSS software](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/supported-services.md). If hosting a Jitsi stack on the Matrix server itself did not stand right with you or you always wanted to host most stuff, you can now use this new playbook to do so.
|
|
||||||
|
|
||||||
As part of the extraction process of this role out of the Matrix playbook, a few other things improved:
|
|
||||||
|
|
||||||
- **native Traefik support** has been added
|
|
||||||
- **support for hosting under a subpath** has been added, although it suffers from a few minor issues listed [here](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/jitsi.md#url)
|
|
||||||
|
|
||||||
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're using Jitsi or not.
|
|
||||||
|
|
||||||
If you're making use of Jitsi via this playbook, you will need to update variable references in your `vars.yml` file:
|
|
||||||
|
|
||||||
- `matrix_jitsi_*_docker_image_` -> `matrix_jitsi_*_container_image_`
|
|
||||||
- `matrix_jitsi_` -> `jitsi_`
|
|
||||||
- some other internal variables have changed, but the playbook will tell you about them
|
|
||||||
|
|
||||||
# 2023-03-22
|
# 2023-03-22
|
||||||
|
|
||||||
## ntfy Web App is disabled by default
|
## ntfy Web App is disabled by default
|
||||||
@ -52,7 +17,7 @@ The `matrix-prometheus` role has been relocated in its own repository, part of t
|
|||||||
|
|
||||||
Extracting the Prometheus role out of this Matrix playbook required huge internal refactoring to the way the Prometheus configuration (scraping jobs) is generated. If you notice any breakage after upgrading, let us know.
|
Extracting the Prometheus role out of this Matrix playbook required huge internal refactoring to the way the Prometheus configuration (scraping jobs) is generated. If you notice any breakage after upgrading, let us know.
|
||||||
|
|
||||||
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're using Prometheus or not.
|
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're using Prometheus or not.
|
||||||
|
|
||||||
If you're making use of Prometheus via this playbook, you will need to update variable references in your `vars.yml` file:
|
If you're making use of Prometheus via this playbook, you will need to update variable references in your `vars.yml` file:
|
||||||
|
|
||||||
@ -94,7 +59,7 @@ To get started, see our [Setting up Sliding Sync Proxy](docs/configuring-playboo
|
|||||||
|
|
||||||
**TLDR**: the `matrix-etherpad` role is now included from [another repository](https://gitlab.com/etke.cc/roles/etherpad). Some variables have been renamed. All functionality remains intact.
|
**TLDR**: the `matrix-etherpad` role is now included from [another repository](https://gitlab.com/etke.cc/roles/etherpad). Some variables have been renamed. All functionality remains intact.
|
||||||
|
|
||||||
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're using Etherpad or not.
|
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're using Etherpad or not.
|
||||||
|
|
||||||
If you're making use of Etherpad via this playbook, you will need to update variable references in your `vars.yml` file:
|
If you're making use of Etherpad via this playbook, you will need to update variable references in your `vars.yml` file:
|
||||||
|
|
||||||
@ -202,7 +167,7 @@ Additional details are available in the [Customizing templates](docs/configuring
|
|||||||
|
|
||||||
The `matrix-redis` role (which configures [Redis](https://redis.io/)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/redis). This makes it possible to easily use it in other Ansible playbooks.
|
The `matrix-redis` role (which configures [Redis](https://redis.io/)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/redis). This makes it possible to easily use it in other Ansible playbooks.
|
||||||
|
|
||||||
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_redis_` -> `redis_`).
|
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_redis_` -> `redis_`).
|
||||||
|
|
||||||
## The matrix-ntfy role lives independently now
|
## The matrix-ntfy role lives independently now
|
||||||
|
|
||||||
@ -210,7 +175,7 @@ You need to **update your roles** (`just roles` or `make roles`) regardless of w
|
|||||||
|
|
||||||
The `matrix-ntfy` role (which configures [Ntfy](https://ntfy.sh/)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/ntfy). This makes it possible to easily use it in other Ansible playbooks.
|
The `matrix-ntfy` role (which configures [Ntfy](https://ntfy.sh/)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/ntfy). This makes it possible to easily use it in other Ansible playbooks.
|
||||||
|
|
||||||
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_ntfy_` -> `ntfy_`).
|
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_ntfy_` -> `ntfy_`).
|
||||||
|
|
||||||
|
|
||||||
# 2023-02-15
|
# 2023-02-15
|
||||||
@ -221,7 +186,7 @@ You need to **update your roles** (`just roles` or `make roles`) regardless of w
|
|||||||
|
|
||||||
The `matrix-grafana` role (which configures [Grafana](docs/configuring-playbook-prometheus-grafana.md)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/grafana). This makes it possible to easily use it in other Ansible playbooks.
|
The `matrix-grafana` role (which configures [Grafana](docs/configuring-playbook-prometheus-grafana.md)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/grafana). This makes it possible to easily use it in other Ansible playbooks.
|
||||||
|
|
||||||
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're enabling Grafana or not. If you're making use of Grafana via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_grafana_` -> `grafana_`).
|
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Grafana or not. If you're making use of Grafana via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_grafana_` -> `grafana_`).
|
||||||
|
|
||||||
|
|
||||||
# 2023-02-13
|
# 2023-02-13
|
||||||
@ -232,7 +197,7 @@ You need to **update your roles** (`just roles` or `make roles`) regardless of w
|
|||||||
|
|
||||||
Thanks to [moan0s](https://github.com/moan0s), the `matrix-backup-borg` role (which configures [Borg backups](docs/configuring-playbook-backup-borg.md)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/backup_borg). This makes it possible to easily use it in other Ansible playbooks and will become part of [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy) soon.
|
Thanks to [moan0s](https://github.com/moan0s), the `matrix-backup-borg` role (which configures [Borg backups](docs/configuring-playbook-backup-borg.md)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/backup_borg). This makes it possible to easily use it in other Ansible playbooks and will become part of [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy) soon.
|
||||||
|
|
||||||
You need to **update your roles** (`just roles` or `make roles`) regardless of whether you're enabling Borg backup functionality or not. If you're making use of Borg backups via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_backup_borg_` -> `backup_borg_`).
|
You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Borg backup functionality or not. If you're making use of Borg backups via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_backup_borg_` -> `backup_borg_`).
|
||||||
|
|
||||||
|
|
||||||
# 2023-02-12
|
# 2023-02-12
|
||||||
@ -1591,7 +1556,7 @@ People who have [fine-tuned Jitsi](docs/configuring-playbook-jitsi.md#optional-f
|
|||||||
|
|
||||||
The next time you run the playbook [installation](docs/installing.md) command, our validation logic will tell you if you're using some variables like that and will recommend a migration path for each one.
|
The next time you run the playbook [installation](docs/installing.md) command, our validation logic will tell you if you're using some variables like that and will recommend a migration path for each one.
|
||||||
|
|
||||||
Additionally, we've recently disabled transcriptions (`jitsi_enable_transcriptions: false`) and recording (`jitsi_enable_recording: false`) by default. These features did not work anyway, because we don't install the required dependencies for them (Jigasi and Jibri, respectively). If you've been somehow pointing your Jitsi installation to some manually installed Jigasi/Jibri service, you may need to toggle these flags back to enabled to have transcriptions and recordings working.
|
Additionally, we've recently disabled transcriptions (`matrix_jitsi_enable_transcriptions: false`) and recording (`matrix_jitsi_enable_recording: false`) by default. These features did not work anyway, because we don't install the required dependencies for them (Jigasi and Jibri, respectively). If you've been somehow pointing your Jitsi installation to some manually installed Jigasi/Jibri service, you may need to toggle these flags back to enabled to have transcriptions and recordings working.
|
||||||
|
|
||||||
|
|
||||||
# 2020-11-23
|
# 2020-11-23
|
||||||
|
@ -20,12 +20,10 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.chatgpt
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## 2. Get an access token and create encryption keys
|
## 2. Get an access token
|
||||||
|
|
||||||
Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
|
Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
|
||||||
|
|
||||||
To make sure the bot can read encrypted messages, it will need an encryption key, just like any other new user. While obtaining the access token, follow the prompts to setup a backup key. More information can be found in the [element documentation](https://element.io/help#encryption6).
|
|
||||||
|
|
||||||
|
|
||||||
## 3. Adjusting the playbook configuration
|
## 3. Adjusting the playbook configuration
|
||||||
|
|
||||||
|
@ -30,12 +30,30 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t
|
|||||||
|
|
||||||
## 3. Make sure the account is free from rate limiting
|
## 3. Make sure the account is free from rate limiting
|
||||||
|
|
||||||
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues.
|
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps.
|
||||||
|
|
||||||
If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands.
|
1. Copy the statement below into a text editor.
|
||||||
|
|
||||||
The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token.
|
```
|
||||||
|
INSERT INTO ratelimit_override VALUES ('@bot.draupnir:DOMAIN', 0, 0);
|
||||||
|
```
|
||||||
|
|
||||||
|
1. Change the username (`@bot.draupnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain.
|
||||||
|
|
||||||
|
1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal)
|
||||||
|
|
||||||
|
1. Connect to Synapse's database by typing `\connect synapse` into the database terminal
|
||||||
|
|
||||||
|
1. Paste in the `INSERT INTO` command that you edited and press enter.
|
||||||
|
|
||||||
|
You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
user_id | messages_per_second | burst_count
|
||||||
|
-----------------------+---------------------+-------------
|
||||||
|
@bot.draupnir:raim.ist | 0 | 0`
|
||||||
|
```
|
||||||
|
then you did it correctly.
|
||||||
|
|
||||||
|
|
||||||
## 4. Create a management room
|
## 4. Create a management room
|
||||||
|
@ -14,10 +14,6 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
|
|||||||
```yaml
|
```yaml
|
||||||
matrix_bot_honoroit_enabled: true
|
matrix_bot_honoroit_enabled: true
|
||||||
|
|
||||||
# Uncomment and adjust if you'd like to change the hostname or path
|
|
||||||
# matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"
|
|
||||||
# matrix_bot_honoroit_path_prefix: /honoroit
|
|
||||||
|
|
||||||
# Uncomment and adjust this part if you'd like to use a username different than the default
|
# Uncomment and adjust this part if you'd like to use a username different than the default
|
||||||
# matrix_bot_honoroit_login: honoroit
|
# matrix_bot_honoroit_login: honoroit
|
||||||
|
|
||||||
|
@ -29,11 +29,31 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t
|
|||||||
|
|
||||||
## 3. Make sure the account is free from rate limiting
|
## 3. Make sure the account is free from rate limiting
|
||||||
|
|
||||||
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues.
|
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps.
|
||||||
|
|
||||||
If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands.
|
1. Copy the statement below into a text editor.
|
||||||
|
|
||||||
|
```
|
||||||
|
INSERT INTO ratelimit_override VALUES ('@bot.mjolnir:DOMAIN', 0, 0);
|
||||||
|
```
|
||||||
|
|
||||||
|
1. Change the username (`@bot.mjolnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain.
|
||||||
|
|
||||||
|
1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal)
|
||||||
|
|
||||||
|
1. Connect to Synapse's database by typing `\connect synapse` into the database terminal
|
||||||
|
|
||||||
|
1. Paste in the `INSERT INTO` command that you edited and press enter.
|
||||||
|
|
||||||
|
You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
user_id | messages_per_second | burst_count
|
||||||
|
-----------------------+---------------------+-------------
|
||||||
|
@bot.mjolnir:raim.ist | 0 | 0`
|
||||||
|
```
|
||||||
|
then you did it correctly.
|
||||||
|
|
||||||
The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer <access_token>" -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token.
|
|
||||||
|
|
||||||
## 4. Create a management room
|
## 4. Create a management room
|
||||||
|
|
||||||
|
@ -4,26 +4,12 @@
|
|||||||
|
|
||||||
The playbook can install and configure [Postmoogle](https://gitlab.com/etke.cc/postmoogle) for you.
|
The playbook can install and configure [Postmoogle](https://gitlab.com/etke.cc/postmoogle) for you.
|
||||||
|
|
||||||
It's a bot/bridge you can use to forward emails to Matrix rooms.
|
It's a bot/bridge you can use to forward emails to Matrix rooms
|
||||||
Postmoogle runs an SMTP email server and allows you to assign mailbox addresses to Matrix rooms.
|
|
||||||
|
|
||||||
See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you.
|
See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you.
|
||||||
|
|
||||||
## Prerequisites
|
|
||||||
|
|
||||||
### Networking
|
## Adjusting the playbook configuration
|
||||||
|
|
||||||
Open the following ports on your server to be able to receive incoming emails:
|
|
||||||
|
|
||||||
- `25/tcp`: SMTP
|
|
||||||
- `587/tcp`: Submission (TLS-encrypted SMTP)
|
|
||||||
|
|
||||||
If you don't open these ports, you will still be able to send emails, but not receive any.
|
|
||||||
|
|
||||||
These port numbers are configurable via the `matrix_bot_postmoogle_smtp_host_bind_port` and `matrix_bot_postmoogle_submission_host_bind_port` variables, but other email servers will try to deliver on these default (standard) ports, so changing them is of little use.
|
|
||||||
|
|
||||||
|
|
||||||
### Adjusting the playbook configuration
|
|
||||||
|
|
||||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
|
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
|
||||||
|
|
||||||
@ -35,20 +21,9 @@ matrix_bot_postmoogle_enabled: true
|
|||||||
|
|
||||||
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
|
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
|
||||||
matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
|
matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
|
||||||
|
|
||||||
# Uncomment to add one or more admins to this bridge:
|
|
||||||
#
|
|
||||||
# matrix_bot_postmoogle_admins:
|
|
||||||
# - '@yourAdminAccount:domain.com'
|
|
||||||
#
|
|
||||||
# .. unless you've made yourself an admin of all bridges like this:
|
|
||||||
#
|
|
||||||
# matrix_admin: '@yourAdminAccount:domain.com'
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### DNS
|
You will also need to add several DNS records so that postmoogle can send emails.
|
||||||
|
|
||||||
You will also need to add several DNS records so that Postmoogle can send emails.
|
|
||||||
See [Configuring DNS](configuring-dns.md).
|
See [Configuring DNS](configuring-dns.md).
|
||||||
|
|
||||||
|
|
||||||
@ -76,13 +51,3 @@ Then send `!pm mailbox NAME` to expose this Matrix room as an inbox with the ema
|
|||||||
Send `!pm help` to the room to see the bot's help menu for additional commands.
|
Send `!pm help` to the room to see the bot's help menu for additional commands.
|
||||||
|
|
||||||
You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/postmoogle).
|
You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/postmoogle).
|
||||||
|
|
||||||
### Debug/Logs
|
|
||||||
|
|
||||||
As with all other services, you can find their logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by running something like `journalctl -fu matrix-bot-postmoogle`
|
|
||||||
|
|
||||||
The default logging level for this bridge is `INFO`, but you can increase it to `DEBUG` with the following additional configuration:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_bot_postmoogle_loglevel: 'DEBUG'
|
|
||||||
```
|
|
||||||
|
@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho
|
|||||||
1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file
|
1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file
|
||||||
2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required.
|
2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required.
|
||||||
3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
|
3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
|
||||||
4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-aux-role) explained below.
|
4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
|
||||||
5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
|
5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
|
||||||
|
|
||||||
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
|
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
|
||||||
@ -58,23 +58,23 @@ See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles
|
|||||||
|
|
||||||
The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.
|
The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.
|
||||||
|
|
||||||
### Manage GitHub Private Key with aux role
|
### Manage GitHub Private Key with matrix-aux role
|
||||||
|
|
||||||
The GitHub bridge requires you to install a private key file. This can be done in multiple ways:
|
The GitHub bridge requires you to install a private key file. This can be done in multiple ways:
|
||||||
- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)).
|
- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)).
|
||||||
- somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually.
|
- somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually.
|
||||||
- use the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux) to copy the file from an arbitrary path on your ansible client to the correct path on the server.
|
- use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server.
|
||||||
|
|
||||||
To use the `aux` role, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add the following additional configuration:
|
To use `matrix-aux`, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add to `matrix-aux` configuration like this:
|
||||||
```yaml
|
```yaml
|
||||||
aux_file_definitions:
|
matrix_aux_file_definitions:
|
||||||
- dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}"
|
- dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}"
|
||||||
content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}"
|
content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}"
|
||||||
mode: '0400'
|
mode: '0400'
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
```
|
```
|
||||||
For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml).
|
For more info see the documentation in the [matrix-aux base configuration file](/roles/custom/matrix-aux/defaults/main.yml).
|
||||||
|
|
||||||
### Provisioning API
|
### Provisioning API
|
||||||
|
|
||||||
|
@ -9,12 +9,12 @@ The setup done by the playbook is very similar to [docker-jitsi-meet](https://gi
|
|||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record (unless you've changed `jitsi_hostname`, as described below). See [Configuring DNS](configuring-dns.md) for details about DNS changes.
|
Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. See [Configuring DNS](configuring-dns.md).
|
||||||
|
|
||||||
You may also need to open the following ports to your server:
|
You may also need to open the following ports to your server:
|
||||||
|
|
||||||
- `4443/tcp` - RTP media fallback over TCP
|
- `4443/tcp` - RTP media fallback over TCP
|
||||||
- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`jitsi_jvb_stun_servers`](https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/blob/main/defaults/main.yml)).
|
- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/custom/matrix-jitsi/defaults/main.yml)).
|
||||||
|
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
@ -22,15 +22,17 @@ You may also need to open the following ports to your server:
|
|||||||
Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
Add this to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_enabled: true
|
matrix_jitsi_enabled: true
|
||||||
|
|
||||||
# Uncomment and adjust if you need to use another hostname
|
# Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords,
|
||||||
# jitsi_hostname: "jitsi.{{ matrix_domain }}"
|
# or define your own strong passwords manually.
|
||||||
|
matrix_jitsi_jicofo_auth_password: ""
|
||||||
# Uncomment and possible adjust if you'd like to host under a subpath
|
matrix_jitsi_jvb_auth_password: ""
|
||||||
# jitsi_path_prefix: /jitsi
|
matrix_jitsi_jibri_recorder_password: ""
|
||||||
|
matrix_jitsi_jibri_xmpp_password: ""
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## (Optional) Configure Jitsi authentication and guests mode
|
## (Optional) Configure Jitsi authentication and guests mode
|
||||||
|
|
||||||
By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration.
|
By default the Jitsi Meet instance does not require any kind of login and is open to use for anyone without registration.
|
||||||
@ -52,9 +54,9 @@ If a registered host is not yet present, guests are put on hold in individual wa
|
|||||||
Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_enable_auth: true
|
matrix_jitsi_enable_auth: true
|
||||||
jitsi_enable_guests: true
|
matrix_jitsi_enable_guests: true
|
||||||
jitsi_prosody_auth_internal_accounts:
|
matrix_jitsi_prosody_auth_internal_accounts:
|
||||||
- username: "jitsi-moderator"
|
- username: "jitsi-moderator"
|
||||||
password: "secret-password"
|
password: "secret-password"
|
||||||
- username: "another-user"
|
- username: "another-user"
|
||||||
@ -67,7 +69,7 @@ jitsi_prosody_auth_internal_accounts:
|
|||||||
|
|
||||||
### Authenticate using Matrix OpenID (Auth-Type 'matrix')
|
### Authenticate using Matrix OpenID (Auth-Type 'matrix')
|
||||||
|
|
||||||
**Attention: Probably breaks Jitsi in federated rooms and does not allow sharing conference links with guests.**
|
**Attention: Probably breaks jitsi in federated rooms and does not allow sharing conference links with guests.**
|
||||||
|
|
||||||
Using this authentication type require a [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service).
|
Using this authentication type require a [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service).
|
||||||
By default, this playbook creates and configures a user-verification-service to run locally, see [configuring-user-verification-service](configuring-playbook-user-verification-service.md).
|
By default, this playbook creates and configures a user-verification-service to run locally, see [configuring-user-verification-service](configuring-playbook-user-verification-service.md).
|
||||||
@ -75,8 +77,8 @@ By default, this playbook creates and configures a user-verification-service to
|
|||||||
To enable set this configuration at host level:
|
To enable set this configuration at host level:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_enable_auth: true
|
matrix_jitsi_enable_auth: true
|
||||||
jitsi_auth_type: matrix
|
matrix_jitsi_auth_type: "matrix"
|
||||||
matrix_user_verification_service_enabled: true
|
matrix_user_verification_service_enabled: true
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -87,21 +89,21 @@ For more information see also [https://github.com/matrix-org/prosody-mod-auth-ma
|
|||||||
An example LDAP configuration could be:
|
An example LDAP configuration could be:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_enable_auth: true
|
matrix_jitsi_enable_auth: true
|
||||||
jitsi_auth_type: ldap
|
matrix_jitsi_auth_type: ldap
|
||||||
jitsi_ldap_url: "ldap://ldap.DOMAIN"
|
matrix_jitsi_ldap_url: "ldap://ldap.DOMAIN"
|
||||||
jitsi_ldap_base: "OU=People,DC=DOMAIN"
|
matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN"
|
||||||
#jitsi_ldap_binddn: ""
|
#matrix_jitsi_ldap_binddn: ""
|
||||||
#jitsi_ldap_bindpw: ""
|
#matrix_jitsi_ldap_bindpw: ""
|
||||||
jitsi_ldap_filter: "uid=%u"
|
matrix_jitsi_ldap_filter: "uid=%u"
|
||||||
jitsi_ldap_auth_method: "bind"
|
matrix_jitsi_ldap_auth_method: "bind"
|
||||||
jitsi_ldap_version: "3"
|
matrix_jitsi_ldap_version: "3"
|
||||||
jitsi_ldap_use_tls: true
|
matrix_jitsi_ldap_use_tls: true
|
||||||
jitsi_ldap_tls_ciphers: ""
|
matrix_jitsi_ldap_tls_ciphers: ""
|
||||||
jitsi_ldap_tls_check_peer: true
|
matrix_jitsi_ldap_tls_check_peer: true
|
||||||
jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
|
matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
|
||||||
jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
|
matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
|
||||||
jitsi_ldap_start_tls: false
|
matrix_jitsi_ldap_start_tls: false
|
||||||
```
|
```
|
||||||
|
|
||||||
For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap) and the [saslauthd `LDAP_SASLAUTHD`](https://github.com/winlibs/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD) documentation.
|
For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap) and the [saslauthd `LDAP_SASLAUTHD`](https://github.com/winlibs/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD) documentation.
|
||||||
@ -118,7 +120,7 @@ Here is how to do it in the playbook.
|
|||||||
Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_jvb_container_extra_arguments:
|
matrix_jitsi_jvb_container_extra_arguments:
|
||||||
- '--env "JVB_ADVERTISE_IPS=<Local IP address of the host>"'
|
- '--env "JVB_ADVERTISE_IPS=<Local IP address of the host>"'
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -127,7 +129,7 @@ jitsi_jvb_container_extra_arguments:
|
|||||||
Sample **additional** `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration to save up resources (explained below):
|
Sample **additional** `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration to save up resources (explained below):
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_web_custom_config_extension: |
|
matrix_jitsi_web_custom_config_extension: |
|
||||||
config.enableLayerSuspension = true;
|
config.enableLayerSuspension = true;
|
||||||
|
|
||||||
config.disableAudioLevels = true;
|
config.disableAudioLevels = true;
|
||||||
@ -135,12 +137,13 @@ jitsi_web_custom_config_extension: |
|
|||||||
// Limit the number of video feeds forwarded to each client
|
// Limit the number of video feeds forwarded to each client
|
||||||
config.channelLastN = 4;
|
config.channelLastN = 4;
|
||||||
|
|
||||||
jitsi_web_config_resolution_width_ideal_and_max: 480
|
matrix_jitsi_web_config_resolution_width_ideal_and_max: 480
|
||||||
jitsi_web_config_resolution_height_ideal_and_max: 240
|
matrix_jitsi_web_config_resolution_height_ideal_and_max: 240
|
||||||
```
|
```
|
||||||
|
|
||||||
You may want to **suspend unused video layers** until they are requested again, to save up resources on both server and clients.
|
You may want to **suspend unused video layers** until they are requested again, to save up resources on both server and clients.
|
||||||
Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/)
|
Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/)
|
||||||
|
For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
You may wish to **disable audio levels** to avoid excessive refresh of the client-side page and decrease the CPU consumption involved.
|
You may wish to **disable audio levels** to avoid excessive refresh of the client-side page and decrease the CPU consumption involved.
|
||||||
|
|
||||||
@ -154,10 +157,10 @@ You may want to **limit the maximum video resolution**, to save up resources on
|
|||||||
|
|
||||||
The playbook allows a user to set a max number of participants allowed to join a Jitsi conference. By default there is no limit.
|
The playbook allows a user to set a max number of participants allowed to join a Jitsi conference. By default there is no limit.
|
||||||
|
|
||||||
In order to set the max number of participants use the following **additional** configuration:
|
In order to set the max number of participants add the following variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
```yaml
|
```
|
||||||
jitsi_prosody_max_participants: 4 # example value
|
matrix_prosody_jitsi_max_participants: <INTEGER OF MAX PARTICPANTS>
|
||||||
```
|
```
|
||||||
|
|
||||||
## (Optional) Additional JVBs
|
## (Optional) Additional JVBs
|
||||||
@ -174,17 +177,17 @@ For this role to work you will need an additional section in the ansible hosts f
|
|||||||
```
|
```
|
||||||
|
|
||||||
Each JVB will require a server id to be set so that it can be uniquely identified and this allows Jitsi to keep track of which conferences are on which JVB.
|
Each JVB will require a server id to be set so that it can be uniquely identified and this allows Jitsi to keep track of which conferences are on which JVB.
|
||||||
The server id is set with the variable `jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container.
|
The server id is set with the variable `matrix_jitsi_jvb_server_id` which ends up as the JVB_WS_SERVER_ID environment variables in the JVB docker container.
|
||||||
This variable can be set via the host file, a parameter to the ansible command or in the `vars.yaml` for the host which will have the additional JVB. For example:
|
This variable can be set via the host file, a parameter to the ansible command or in the `vars.yaml` for the host which will have the additional JVB. For example:
|
||||||
|
|
||||||
``` yaml
|
``` yaml
|
||||||
jitsi_jvb_server_id: 'jvb-2'
|
matrix_jitsi_jvb_server_id: 'jvb-2'
|
||||||
```
|
```
|
||||||
|
|
||||||
``` INI
|
``` INI
|
||||||
[jitsi_jvb_servers]
|
[jitsi_jvb_servers]
|
||||||
jvb-2.example.com ansible_host=192.168.0.2 jitsi_jvb_server_id=jvb-2
|
jvb-2.example.com ansible_host=192.168.0.2 matrix_jitsi_jvb_server_id=jvb-2
|
||||||
jvb-3.example.com ansible_host=192.168.0.3 jitsi_jvb_server_id=jvb-2
|
jvb-3.example.com ansible_host=192.168.0.3 matrix_jitsi_jvb_server_id=jvb-2
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that the server id `jvb-1` is reserved for the JVB instance running on the Matrix host and therefore should not be used as the id of an additional jvb host.
|
Note that the server id `jvb-1` is reserved for the JVB instance running on the Matrix host and therefore should not be used as the id of an additional jvb host.
|
||||||
@ -192,20 +195,20 @@ Note that the server id `jvb-1` is reserved for the JVB instance running on the
|
|||||||
The additional JVB will also need to expose the colibri web socket port and this can be done with the following variable:
|
The additional JVB will also need to expose the colibri web socket port and this can be done with the following variable:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_jvb_container_colibri_ws_host_bind_port: 9090
|
matrix_jitsi_jvb_container_colibri_ws_host_bind_port: 9090
|
||||||
```
|
```
|
||||||
|
|
||||||
The JVB will also need to know where the prosody xmpp server is located, similar to the server id this can be set in the vars for the JVB by using the variable
|
The JVB will also need to know where the prosody xmpp server is located, similar to the server id this can be set in the vars for the JVB by using the variable
|
||||||
`jitsi_xmpp_server`. The Jitsi prosody container is deployed on the matrix server by default so the value can be set to the matrix domain. For example:
|
`matrix_jitsi_xmpp_server`. The Jitsi prosody container is deployed on the matrix server by default so the value can be set to the matrix domain. For example:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_xmpp_server: "{{ matrix_domain }}"
|
matrix_jitsi_xmpp_server: "{{ matrix_domain }}"
|
||||||
```
|
```
|
||||||
|
|
||||||
However, it can also be set the ip address of the matrix server. This can be useful if you wish to use a private ip. For example:
|
However, it can also be set the ip address of the matrix server. This can be useful if you wish to use a private ip. For example:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_xmpp_server: "192.168.0.1"
|
matrix_jitsi_xmpp_server: "192.168.0.1"
|
||||||
```
|
```
|
||||||
|
|
||||||
The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable
|
The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable
|
||||||
@ -231,7 +234,7 @@ Since element already sends the url of configured Matrix avatars to Jitsi, we di
|
|||||||
To enable Gravatar set:
|
To enable Gravatar set:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_disable_gravatar: false
|
matrix_jitsi_disable_gravatar: false
|
||||||
```
|
```
|
||||||
|
|
||||||
**Beware:** This leaks information to a third party, namely the Gravatar-Service (unless configured otherwise: gravatar.com).
|
**Beware:** This leaks information to a third party, namely the Gravatar-Service (unless configured otherwise: gravatar.com).
|
||||||
@ -259,7 +262,7 @@ You can use the self-hosted Jitsi server in multiple ways:
|
|||||||
|
|
||||||
### Rebuilding your Jitsi installation
|
### Rebuilding your Jitsi installation
|
||||||
|
|
||||||
**If you ever run into any trouble** or **if you change configuration (`jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup.
|
**If you ever run into any trouble** or **if you change configuration (`matrix_jitsi_*` variables) too much**, we urge you to rebuild your Jitsi setup.
|
||||||
|
|
||||||
We normally don't require such manual intervention for other services, but Jitsi services generate a lot of configuration files on their own.
|
We normally don't require such manual intervention for other services, but Jitsi services generate a lot of configuration files on their own.
|
||||||
|
|
||||||
@ -267,6 +270,7 @@ These files are not all managed by Ansible (at least not yet), so you may someti
|
|||||||
|
|
||||||
To rebuild your Jitsi configuration:
|
To rebuild your Jitsi configuration:
|
||||||
|
|
||||||
- ask Ansible to stop all Jitsi services: `just run-tags stop-group --extra-vars=group=jitsi`
|
- SSH into the server and do this:
|
||||||
- SSH into the server and do this and remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`)
|
- stop all Jitsi services (`systemctl stop matrix-jitsi-*`).
|
||||||
- ask Ansible to set up Jitsi anew and restart services (`just install-service jitsi`)
|
- remove all Jitsi configuration & data (`rm -rf /matrix/jitsi`)
|
||||||
|
- ask Ansible to set up Jitsi anew and restart services (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-jitsi,start`)
|
||||||
|
@ -8,9 +8,7 @@ If you decide that you'd like to let this playbook install it for you, you need
|
|||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
matrix_synapse_ext_password_provider_ldap_enabled: true
|
matrix_synapse_ext_password_provider_ldap_enabled: true
|
||||||
matrix_synapse_ext_password_provider_ldap_uri:
|
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
|
||||||
- "ldap://ldap-01.mydomain.tld:389"
|
|
||||||
- "ldap://ldap-02.mydomain.tld:389"
|
|
||||||
matrix_synapse_ext_password_provider_ldap_start_tls: true
|
matrix_synapse_ext_password_provider_ldap_start_tls: true
|
||||||
matrix_synapse_ext_password_provider_ldap_base: "ou=users,dc=example,dc=com"
|
matrix_synapse_ext_password_provider_ldap_base: "ou=users,dc=example,dc=com"
|
||||||
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
|
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
|
||||||
|
@ -91,7 +91,7 @@ matrix_corporal_policy_provider_config: |
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Modify the policy below as you see fit
|
# Modify the policy below as you see fit
|
||||||
aux_file_definitions:
|
matrix_aux_file_definitions:
|
||||||
- dest: "{{ matrix_corporal_config_dir_path }}/policy.json"
|
- dest: "{{ matrix_corporal_config_dir_path }}/policy.json"
|
||||||
content: |
|
content: |
|
||||||
{
|
{
|
||||||
|
@ -33,13 +33,6 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
|
|||||||
```
|
```
|
||||||
|
|
||||||
Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
|
Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
|
||||||
|
|
||||||
**for all bridges with encryption support**:
|
|
||||||
```yaml
|
|
||||||
matrix_bridges_encryption_enabled: true
|
|
||||||
```
|
|
||||||
|
|
||||||
**Alternatively**, for a specific bridge:
|
|
||||||
```yaml
|
```yaml
|
||||||
matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
|
matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
|
||||||
bridge:
|
bridge:
|
||||||
|
@ -153,14 +153,14 @@ devture_traefik_additional_entrypoints_auto:
|
|||||||
port: 8449
|
port: 8449
|
||||||
host_bind_port: '127.0.0.1:8449'
|
host_bind_port: '127.0.0.1:8449'
|
||||||
config: {}
|
config: {}
|
||||||
# If your reverse-proxy runs on another machine, remove the config above and use this config instead:
|
# If your reverse-proxy runs on another machine, remove the config above and use this config instead:
|
||||||
# config:
|
# config:
|
||||||
# forwardedHeaders:
|
# forwardedHeaders:
|
||||||
# insecure: true
|
# insecure: true
|
||||||
# # trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
|
# # trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
|
||||||
```
|
```
|
||||||
|
|
||||||
For an example where the playbook's Traefik reverse-proxy is fronted by another reverse-proxy running on the same server, see [Nginx reverse-proxy fronting the playbook's Traefik](../examples/nginx/README.md) or [Caddy reverse-proxy fronting the playbook's Traefik](../examples/caddy2/README.md).
|
For an example where the playbook's Traefik reverse-proxy is fronted by [Nginx](https://nginx.org/) running on the same server, see [Nginx reverse-proxy fronting the playbook's Traefik](../examples/nginx/README.md).
|
||||||
|
|
||||||
|
|
||||||
### Using no reverse-proxy on the Matrix side at all
|
### Using no reverse-proxy on the Matrix side at all
|
||||||
|
@ -40,9 +40,9 @@ If you'd like to use your own SSL certificates, instead of the default (SSL cert
|
|||||||
To use your own SSL certificates with Traefik, you need to:
|
To use your own SSL certificates with Traefik, you need to:
|
||||||
|
|
||||||
- disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support
|
- disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support
|
||||||
- put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually
|
- put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually
|
||||||
- register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)
|
- register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)
|
||||||
- put the SSL files on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually
|
- put the SSL files on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Disable ACME / Let's Encrypt support.
|
# Disable ACME / Let's Encrypt support.
|
||||||
@ -53,7 +53,7 @@ devture_traefik_config_certificatesResolvers_acme_enabled: false
|
|||||||
devture_traefik_ssl_dir_enabled: true
|
devture_traefik_ssl_dir_enabled: true
|
||||||
|
|
||||||
# Tell Traefik to load our custom configuration file (certificates.yml).
|
# Tell Traefik to load our custom configuration file (certificates.yml).
|
||||||
# The file is created below, in `aux_file_definitions`.
|
# The file is created below, in `matrix_aux_file_definitions`.
|
||||||
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
|
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
|
||||||
devture_traefik_configuration_extension_yaml: |
|
devture_traefik_configuration_extension_yaml: |
|
||||||
providers:
|
providers:
|
||||||
@ -61,9 +61,9 @@ devture_traefik_configuration_extension_yaml: |
|
|||||||
filename: /config/certificates.yml
|
filename: /config/certificates.yml
|
||||||
watch: true
|
watch: true
|
||||||
|
|
||||||
# Use the aux role to create our custom files on the server.
|
# Use the matrix-aux role to create our custom files on the server.
|
||||||
# If you'd like to do this manually, you remove this `aux_file_definitions` variable.
|
# If you'd like to do this manually, you remove this `matrix_aux_file_definitions` variable.
|
||||||
aux_file_definitions:
|
matrix_aux_file_definitions:
|
||||||
# Create the privkey.pem file on the server by
|
# Create the privkey.pem file on the server by
|
||||||
# uploading a file from the computer where Ansible is running.
|
# uploading a file from the computer where Ansible is running.
|
||||||
- dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
|
- dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
|
||||||
|
@ -55,7 +55,7 @@ matrix_sygnal_apps:
|
|||||||
api_key: your_api_key_for_gcm
|
api_key: your_api_key_for_gcm
|
||||||
# .. more configuration ..
|
# .. more configuration ..
|
||||||
|
|
||||||
aux_file_definitions:
|
matrix_aux_file_definitions:
|
||||||
- dest: "{{ matrix_sygnal_data_path }}/my_key.p8"
|
- dest: "{{ matrix_sygnal_data_path }}/my_key.p8"
|
||||||
content: |
|
content: |
|
||||||
some
|
some
|
||||||
@ -73,7 +73,7 @@ Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easi
|
|||||||
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
|
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
|
||||||
To do that, the above example configuration:
|
To do that, the above example configuration:
|
||||||
|
|
||||||
- makes use of the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux) (and its `aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See [`defaults/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml) of the `aux` role for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `aux`.
|
- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/custom/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
|
||||||
|
|
||||||
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)
|
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)
|
||||||
|
|
||||||
|
@ -42,6 +42,8 @@ devture_postgres_process_extra_arguments: [
|
|||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**NOTE**: Disabling `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: false`) (that is, [using your own other webserver](configuring-playbook-own-webserver.md) when running a Synapse worker setup is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)).
|
||||||
|
|
||||||
In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`.
|
In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`.
|
||||||
|
|
||||||
|
|
||||||
@ -117,10 +119,3 @@ matrix_synapse_container_image_customizations_templates_git_repository_ssh_priva
|
|||||||
|
|
||||||
As mentioned in Synapse's Templates documentation, Synapse will fall back to its own templates if a template is not found in that directory.
|
As mentioned in Synapse's Templates documentation, Synapse will fall back to its own templates if a template is not found in that directory.
|
||||||
Due to this, it's recommended to only store and maintain template files in your repository if you need to make custom changes. Other files (which you don't need to change), should not be duplicated, so that you don't need to worry about getting out-of-sync with the original Synapse templates.
|
Due to this, it's recommended to only store and maintain template files in your repository if you need to make custom changes. Other files (which you don't need to change), should not be duplicated, so that you don't need to worry about getting out-of-sync with the original Synapse templates.
|
||||||
|
|
||||||
|
|
||||||
## Monitoring Synapse Metrics with Prometheus and Grafana
|
|
||||||
|
|
||||||
This playbook allows you to enable Synapse metrics, which can provide insight into the performance and activity of Synapse.
|
|
||||||
|
|
||||||
To enable Synapse metrics see [`configuring-playbook-prometheus-grafana.md`](./configuring-playbook-prometheus-grafana.md)
|
|
||||||
|
@ -36,7 +36,7 @@ If you have or want to enable [Jitsi](configuring-playbook-jitsi.md), you might
|
|||||||
If you do not do it, Jitsi will fall back to an upstream service.
|
If you do not do it, Jitsi will fall back to an upstream service.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
jitsi_web_stun_servers:
|
matrix_jitsi_web_stun_servers:
|
||||||
- stun:HOSTNAME_OR_IP:PORT
|
- stun:HOSTNAME_OR_IP:PORT
|
||||||
```
|
```
|
||||||
You can put multiple host/port combinations if you like.
|
You can put multiple host/port combinations if you like.
|
||||||
|
@ -12,7 +12,7 @@ You can then follow these steps inside the playbook directory:
|
|||||||
|
|
||||||
1. copy the sample configuration file (`cp examples/vars.yml inventory/host_vars/matrix.<your-domain>/vars.yml`)
|
1. copy the sample configuration file (`cp examples/vars.yml inventory/host_vars/matrix.<your-domain>/vars.yml`)
|
||||||
|
|
||||||
1. edit the configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) to your liking. You may also take a look at the various `roles/*/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file.
|
1. edit the configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) to your liking. You may also take a look at the various `roles/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file.
|
||||||
|
|
||||||
1. copy the sample inventory hosts file (`cp examples/hosts inventory/hosts`)
|
1. copy the sample inventory hosts file (`cp examples/hosts inventory/hosts`)
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ matrix_server_fqn_element: "element.YOUR_BASE_DOMAIN"
|
|||||||
# Feel free to use `dimension.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
|
# Feel free to use `dimension.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
|
||||||
matrix_server_fqn_dimension: "dimension.YOUR_BASE_DOMAIN"
|
matrix_server_fqn_dimension: "dimension.YOUR_BASE_DOMAIN"
|
||||||
|
|
||||||
# This is where you access Jitsi (if enabled via `jitsi_enabled: true`; NOT enabled by default).
|
# This is where you access Jitsi (if enabled via `matrix_jitsi_enabled: true`; NOT enabled by default).
|
||||||
#
|
#
|
||||||
# Feel free to use `jitsi.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
|
# Feel free to use `jitsi.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
|
||||||
matrix_server_fqn_jitsi: "jitsi.YOUR_BASE_DOMAIN"
|
matrix_server_fqn_jitsi: "jitsi.YOUR_BASE_DOMAIN"
|
||||||
|
@ -3,28 +3,24 @@
|
|||||||
Run this if you'd like to import your database from a previous default installation of Synapse.
|
Run this if you'd like to import your database from a previous default installation of Synapse.
|
||||||
(don't forget to import your `media_store` files as well - see [the importing-synapse-media-store guide](importing-synapse-media-store.md)).
|
(don't forget to import your `media_store` files as well - see [the importing-synapse-media-store guide](importing-synapse-media-store.md)).
|
||||||
|
|
||||||
While this playbook only supports running Synapse in combination with PostgreSQL, a Synapse instance installed manually usually defaults to using an SQLite database.
|
While this playbook always sets up PostgreSQL, by default a Synapse installation would run
|
||||||
|
using an SQLite database.
|
||||||
|
|
||||||
If you have such a Synapse setup and wish to migrate it to one managed by the playbook (and over to PostgreSQL), this documentation page is for you.
|
If you have such a Synapse setup and wish to migrate it here (and over to PostgreSQL), this command is for you.
|
||||||
|
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
Before doing the actual import:
|
Before doing the actual import, **you need to upload your SQLite database file to the server** (any path is okay).
|
||||||
|
|
||||||
- **ensure you have NOT started Synapse yet**. That is, make sure you have followed the [Installing step](installing.md), but haven't run the playbook's `start` tag yet. If you had started your new Synapse instance, it may have already initialized your Postgres database and importing onto it may not work. In such cases, you may need to clean up the `synapse` database first.
|
|
||||||
- **ensure you have uploaded your SQLite database file to the server** (any path is okay)
|
|
||||||
- if you're using the integrated Postgres server (**by default, you are** using it, unless you've explicitly switched to [Using an external PostgreSQL server](configuring-playbook-external-postgres.md)), **make sure Postgres is started** by running `just start-group postgres`
|
|
||||||
|
|
||||||
## Importing
|
## Importing
|
||||||
|
|
||||||
Run this command (make sure to replace `<server-path-to-homeserver.db>` with a file path on your server):
|
Run this command (make sure to replace `<server-path-to-homeserver.db>` with a file path on your server):
|
||||||
|
|
||||||
```sh
|
ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_homeserver_db=<server-path-to-homeserver.db>' --tags=import-synapse-sqlite-db
|
||||||
just run-tags import-synapse-sqlite-db --extra-vars=server_path_homeserver_db=<server-path-to-homeserver.db>
|
|
||||||
```
|
|
||||||
|
|
||||||
**Notes**:
|
**Notes**:
|
||||||
|
|
||||||
- `<server-path-to-homeserver.db>` must be replaced with a file path to a `homeserver.db` **file on the server** (not on your local machine!).
|
- `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` **file on the server** (not on your local machine!).
|
||||||
- if the SQLite database is from an older version of Synapse, the **importing procedure may run migrations on it to bring it up to date**. That is, your SQLite database file may get modified and become unusable with your older Synapse version. Keeping a copy of the original is probably wise.
|
- if the SQLite database is from an older version of Synapse, the **importing procedure may run migrations on it to bring it up to date**. That is, your SQLite database file may get modified and become unusable with your older Synapse version. Keeping a copy of the original is probably wise.
|
||||||
|
@ -1,10 +1,112 @@
|
|||||||
matrix.example.tld {
|
(cors) {
|
||||||
|
@cors_preflight method OPTIONS
|
||||||
|
|
||||||
|
handle @cors_preflight {
|
||||||
|
header Access-Control-Allow-Origin "{args.0}"
|
||||||
|
header Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE"
|
||||||
|
header Access-Control-Allow-Headers "Content-Type, Authorization"
|
||||||
|
header Access-Control-Max-Age "3600"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
matrix.DOMAIN.tld {
|
||||||
|
|
||||||
|
# creates letsencrypt certificate
|
||||||
|
# tls your@email.com
|
||||||
|
|
||||||
|
@identity {
|
||||||
|
path /_matrix/identity/*
|
||||||
|
}
|
||||||
|
|
||||||
|
@noidentity {
|
||||||
|
not path /_matrix/identity/*
|
||||||
|
}
|
||||||
|
|
||||||
|
@search {
|
||||||
|
path /_matrix/client/r0/user_directory/search/*
|
||||||
|
}
|
||||||
|
|
||||||
|
@nosearch {
|
||||||
|
not path /_matrix/client/r0/user_directory/search/*
|
||||||
|
}
|
||||||
|
|
||||||
|
@static {
|
||||||
|
path /matrix/static-files/*
|
||||||
|
}
|
||||||
|
|
||||||
|
@nostatic {
|
||||||
|
not path /matrix/static-files/*
|
||||||
|
}
|
||||||
|
|
||||||
|
@wellknown {
|
||||||
|
path /.well-known/matrix/*
|
||||||
|
}
|
||||||
|
|
||||||
|
header {
|
||||||
|
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||||
|
X-Content-Type-Options "nosniff"
|
||||||
|
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||||
|
X-Frame-Options "DENY"
|
||||||
|
# X-Robots-Tag
|
||||||
|
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Cache
|
||||||
|
header @static {
|
||||||
|
# Cache
|
||||||
|
Cache-Control "public, max-age=31536000"
|
||||||
|
defer
|
||||||
|
}
|
||||||
|
|
||||||
|
# identity
|
||||||
|
handle @identity {
|
||||||
|
reverse_proxy localhost:8090 {
|
||||||
|
header_up X-Forwarded-Port {http.request.port}
|
||||||
|
header_up X-Forwarded-Proto {http.request.scheme}
|
||||||
|
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||||
|
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||||
|
header_up X-Forwarded-HttpsProto {proto}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# search
|
||||||
|
handle @search {
|
||||||
|
reverse_proxy localhost:8090 {
|
||||||
|
header_up X-Forwarded-Port {http.request.port}
|
||||||
|
header_up X-Forwarded-Proto {http.request.scheme}
|
||||||
|
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||||
|
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||||
|
header_up X-Forwarded-HttpsProto {proto}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handle @wellknown {
|
||||||
|
encode zstd gzip
|
||||||
|
root * /matrix/static-files
|
||||||
|
header Cache-Control max-age=14400
|
||||||
|
header Content-Type application/json
|
||||||
|
header Access-Control-Allow-Origin *
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
|
||||||
|
# If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the base domain
|
||||||
|
#handle @wellknown {
|
||||||
|
# # .well-known is handled by base domain
|
||||||
|
# reverse_proxy https://DOMAIN.tld {
|
||||||
|
# header_up Host {http.reverse_proxy.upstream.hostport}
|
||||||
|
#}
|
||||||
|
|
||||||
handle {
|
handle {
|
||||||
encode zstd gzip
|
encode zstd gzip
|
||||||
|
|
||||||
reverse_proxy localhost:81 {
|
reverse_proxy localhost:8008 {
|
||||||
header_up X-Forwarded-Port {http.request.port}
|
header_up X-Forwarded-Port {http.request.port}
|
||||||
|
header_up X-Forwarded-Proto {http.request.scheme}
|
||||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||||
header_up X-Forwarded-HttpsProto {proto}
|
header_up X-Forwarded-HttpsProto {proto}
|
||||||
@ -12,12 +114,13 @@ matrix.example.tld {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
matrix.example.tld:8448 {
|
matrix.DOMAIN.tld:8448 {
|
||||||
handle {
|
handle {
|
||||||
encode zstd gzip
|
encode zstd gzip
|
||||||
|
|
||||||
reverse_proxy 127.0.0.1:8449 {
|
reverse_proxy 127.0.0.1:8048 {
|
||||||
header_up X-Forwarded-Port {http.request.port}
|
header_up X-Forwarded-Port {http.request.port}
|
||||||
|
header_up X-Forwarded-Proto {http.request.scheme}
|
||||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||||
header_up X-Forwarded-HttpsProto {proto}
|
header_up X-Forwarded-HttpsProto {proto}
|
||||||
@ -25,16 +128,142 @@ matrix.example.tld:8448 {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
element.DOMAIN.tld {
|
||||||
|
|
||||||
example.tld {
|
# creates letsencrypt certificate
|
||||||
# Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
|
# tls your@email.com
|
||||||
@wellknown {
|
|
||||||
path /.well-known/matrix/*
|
|
||||||
}
|
|
||||||
|
|
||||||
handle @wellknown {
|
import cors https://*.DOMAIN.tld
|
||||||
reverse_proxy https://matrix.example.tld {
|
|
||||||
header_up Host {http.reverse_proxy.upstream.hostport}
|
header {
|
||||||
|
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||||
|
X-Content-Type-Options "nosniff"
|
||||||
|
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||||
|
X-Frame-Options "DENY"
|
||||||
|
# If using integrations that add frames to Element, such as Dimension and its integrations running on the same domain, it can be a good idea to limit sources allowed to be rendered
|
||||||
|
# Content-Security-Policy frame-src https://*.DOMAIN.tld
|
||||||
|
# X-Robots-Tag
|
||||||
|
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||||
|
}
|
||||||
|
|
||||||
|
handle {
|
||||||
|
encode zstd gzip
|
||||||
|
|
||||||
|
reverse_proxy localhost:8765 {
|
||||||
|
header_up X-Forwarded-Port {http.request.port}
|
||||||
|
header_up X-Forwarded-Proto {http.request.scheme}
|
||||||
|
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||||
|
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||||
|
header_up X-Forwarded-HttpsProto {proto}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#dimension.DOMAIN.tld {
|
||||||
|
#
|
||||||
|
# # creates letsencrypt certificate
|
||||||
|
# # tls your@email.com
|
||||||
|
#
|
||||||
|
# import cors https://*.DOMAIN.tld
|
||||||
|
#
|
||||||
|
# header {
|
||||||
|
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||||
|
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||||
|
# X-XSS-Protection "1; mode=block"
|
||||||
|
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||||
|
# X-Content-Type-Options "nosniff"
|
||||||
|
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain (clickjacking protection)
|
||||||
|
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
|
||||||
|
# # X-Robots-Tag
|
||||||
|
# X-Robots-Tag "noindex, noarchive, nofollow"
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# handle {
|
||||||
|
# encode zstd gzip
|
||||||
|
#
|
||||||
|
# reverse_proxy localhost:8184 {
|
||||||
|
# header_up X-Forwarded-Port {http.request.port}
|
||||||
|
# header_up X-Forwarded-Proto {http.request.scheme}
|
||||||
|
# header_up X-Forwarded-TlsProto {tls_protocol}
|
||||||
|
# header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||||
|
# header_up X-Forwarded-HttpsProto {proto}
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
|
||||||
|
#jitsi.DOMAIN.tld {
|
||||||
|
#
|
||||||
|
# creates letsencrypt certificate
|
||||||
|
# tls your@email.com
|
||||||
|
#
|
||||||
|
# import cors https://*.DOMAIN.tld
|
||||||
|
#
|
||||||
|
# header {
|
||||||
|
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||||
|
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
#
|
||||||
|
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||||
|
# X-XSS-Protection "1; mode=block"
|
||||||
|
#
|
||||||
|
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||||
|
# X-Content-Type-Options "nosniff"
|
||||||
|
|
||||||
|
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain
|
||||||
|
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
|
||||||
|
#
|
||||||
|
# # Disable some features
|
||||||
|
# Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
|
||||||
|
#
|
||||||
|
# # Referer
|
||||||
|
# Referrer-Policy "no-referrer"
|
||||||
|
#
|
||||||
|
# # X-Robots-Tag
|
||||||
|
# X-Robots-Tag "none"
|
||||||
|
#
|
||||||
|
# # Remove Server header
|
||||||
|
# -Server
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# handle {
|
||||||
|
# encode zstd gzip
|
||||||
|
#
|
||||||
|
# reverse_proxy 127.0.0.1:13080 {
|
||||||
|
# header_up X-Forwarded-Port {http.request.port}
|
||||||
|
# header_up X-Forwarded-Proto {http.request.scheme}
|
||||||
|
# header_up X-Forwarded-TlsProto {tls_protocol}
|
||||||
|
# header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||||
|
# header_up X-Forwarded-HttpsProto {proto}
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
#DOMAIN.com {
|
||||||
|
# Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
|
||||||
|
# @wellknown {
|
||||||
|
# path /.well-known/matrix/*
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# handle @wellknown {
|
||||||
|
# reverse_proxy https://matrix.DOMAIN.com {
|
||||||
|
# header_up Host {http.reverse_proxy.upstream.hostport}
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
# # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the matrix subdomain
|
||||||
|
# # handle /.well-known/* {
|
||||||
|
# # encode zstd gzip
|
||||||
|
# # header Cache-Control max-age=14400
|
||||||
|
# # header Content-Type application/json
|
||||||
|
# # header Access-Control-Allow-Origin *
|
||||||
|
# #}
|
||||||
|
#
|
||||||
|
# # Configration for the base domain goes here
|
||||||
|
# # handle {
|
||||||
|
# # header -Server
|
||||||
|
# # encode zstd gzip
|
||||||
|
# # reverse_proxy localhost:4020
|
||||||
|
# # }
|
||||||
|
#}
|
||||||
|
@ -1,269 +0,0 @@
|
|||||||
(cors) {
|
|
||||||
@cors_preflight method OPTIONS
|
|
||||||
|
|
||||||
handle @cors_preflight {
|
|
||||||
header Access-Control-Allow-Origin "{args.0}"
|
|
||||||
header Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE"
|
|
||||||
header Access-Control-Allow-Headers "Content-Type, Authorization"
|
|
||||||
header Access-Control-Max-Age "3600"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
matrix.DOMAIN.tld {
|
|
||||||
|
|
||||||
# creates letsencrypt certificate
|
|
||||||
# tls your@email.com
|
|
||||||
|
|
||||||
@identity {
|
|
||||||
path /_matrix/identity/*
|
|
||||||
}
|
|
||||||
|
|
||||||
@noidentity {
|
|
||||||
not path /_matrix/identity/*
|
|
||||||
}
|
|
||||||
|
|
||||||
@search {
|
|
||||||
path /_matrix/client/r0/user_directory/search/*
|
|
||||||
}
|
|
||||||
|
|
||||||
@nosearch {
|
|
||||||
not path /_matrix/client/r0/user_directory/search/*
|
|
||||||
}
|
|
||||||
|
|
||||||
@static {
|
|
||||||
path /matrix/static-files/*
|
|
||||||
}
|
|
||||||
|
|
||||||
@nostatic {
|
|
||||||
not path /matrix/static-files/*
|
|
||||||
}
|
|
||||||
|
|
||||||
@wellknown {
|
|
||||||
path /.well-known/matrix/*
|
|
||||||
}
|
|
||||||
|
|
||||||
header {
|
|
||||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
|
||||||
X-Content-Type-Options "nosniff"
|
|
||||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
|
||||||
X-Frame-Options "DENY"
|
|
||||||
# X-Robots-Tag
|
|
||||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Cache
|
|
||||||
header @static {
|
|
||||||
# Cache
|
|
||||||
Cache-Control "public, max-age=31536000"
|
|
||||||
defer
|
|
||||||
}
|
|
||||||
|
|
||||||
# identity
|
|
||||||
handle @identity {
|
|
||||||
reverse_proxy localhost:8090 {
|
|
||||||
header_up X-Forwarded-Port {http.request.port}
|
|
||||||
header_up X-Forwarded-Proto {http.request.scheme}
|
|
||||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
|
||||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
|
||||||
header_up X-Forwarded-HttpsProto {proto}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# search
|
|
||||||
handle @search {
|
|
||||||
reverse_proxy localhost:8090 {
|
|
||||||
header_up X-Forwarded-Port {http.request.port}
|
|
||||||
header_up X-Forwarded-Proto {http.request.scheme}
|
|
||||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
|
||||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
|
||||||
header_up X-Forwarded-HttpsProto {proto}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
handle @wellknown {
|
|
||||||
encode zstd gzip
|
|
||||||
root * /matrix/static-files
|
|
||||||
header Cache-Control max-age=14400
|
|
||||||
header Content-Type application/json
|
|
||||||
header Access-Control-Allow-Origin *
|
|
||||||
file_server
|
|
||||||
}
|
|
||||||
|
|
||||||
# If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the base domain
|
|
||||||
#handle @wellknown {
|
|
||||||
# # .well-known is handled by base domain
|
|
||||||
# reverse_proxy https://DOMAIN.tld {
|
|
||||||
# header_up Host {http.reverse_proxy.upstream.hostport}
|
|
||||||
#}
|
|
||||||
|
|
||||||
handle {
|
|
||||||
encode zstd gzip
|
|
||||||
|
|
||||||
reverse_proxy localhost:8008 {
|
|
||||||
header_up X-Forwarded-Port {http.request.port}
|
|
||||||
header_up X-Forwarded-Proto {http.request.scheme}
|
|
||||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
|
||||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
|
||||||
header_up X-Forwarded-HttpsProto {proto}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
matrix.DOMAIN.tld:8448 {
|
|
||||||
handle {
|
|
||||||
encode zstd gzip
|
|
||||||
|
|
||||||
reverse_proxy 127.0.0.1:8048 {
|
|
||||||
header_up X-Forwarded-Port {http.request.port}
|
|
||||||
header_up X-Forwarded-Proto {http.request.scheme}
|
|
||||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
|
||||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
|
||||||
header_up X-Forwarded-HttpsProto {proto}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
element.DOMAIN.tld {
|
|
||||||
|
|
||||||
# creates letsencrypt certificate
|
|
||||||
# tls your@email.com
|
|
||||||
|
|
||||||
import cors https://*.DOMAIN.tld
|
|
||||||
|
|
||||||
header {
|
|
||||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
|
||||||
X-Content-Type-Options "nosniff"
|
|
||||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
|
||||||
X-Frame-Options "DENY"
|
|
||||||
# If using integrations that add frames to Element, such as Dimension and its integrations running on the same domain, it can be a good idea to limit sources allowed to be rendered
|
|
||||||
# Content-Security-Policy frame-src https://*.DOMAIN.tld
|
|
||||||
# X-Robots-Tag
|
|
||||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
|
||||||
}
|
|
||||||
|
|
||||||
handle {
|
|
||||||
encode zstd gzip
|
|
||||||
|
|
||||||
reverse_proxy localhost:8765 {
|
|
||||||
header_up X-Forwarded-Port {http.request.port}
|
|
||||||
header_up X-Forwarded-Proto {http.request.scheme}
|
|
||||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
|
||||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
|
||||||
header_up X-Forwarded-HttpsProto {proto}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#dimension.DOMAIN.tld {
|
|
||||||
#
|
|
||||||
# # creates letsencrypt certificate
|
|
||||||
# # tls your@email.com
|
|
||||||
#
|
|
||||||
# import cors https://*.DOMAIN.tld
|
|
||||||
#
|
|
||||||
# header {
|
|
||||||
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
|
||||||
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
||||||
# X-XSS-Protection "1; mode=block"
|
|
||||||
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
|
||||||
# X-Content-Type-Options "nosniff"
|
|
||||||
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain (clickjacking protection)
|
|
||||||
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
|
|
||||||
# # X-Robots-Tag
|
|
||||||
# X-Robots-Tag "noindex, noarchive, nofollow"
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
# handle {
|
|
||||||
# encode zstd gzip
|
|
||||||
#
|
|
||||||
# reverse_proxy localhost:8184 {
|
|
||||||
# header_up X-Forwarded-Port {http.request.port}
|
|
||||||
# header_up X-Forwarded-Proto {http.request.scheme}
|
|
||||||
# header_up X-Forwarded-TlsProto {tls_protocol}
|
|
||||||
# header_up X-Forwarded-TlsCipher {tls_cipher}
|
|
||||||
# header_up X-Forwarded-HttpsProto {proto}
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
#}
|
|
||||||
|
|
||||||
|
|
||||||
#jitsi.DOMAIN.tld {
|
|
||||||
#
|
|
||||||
# creates letsencrypt certificate
|
|
||||||
# tls your@email.com
|
|
||||||
#
|
|
||||||
# import cors https://*.DOMAIN.tld
|
|
||||||
#
|
|
||||||
# header {
|
|
||||||
# # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
|
||||||
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
||||||
#
|
|
||||||
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
||||||
# X-XSS-Protection "1; mode=block"
|
|
||||||
#
|
|
||||||
# # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
|
||||||
# X-Content-Type-Options "nosniff"
|
|
||||||
|
|
||||||
# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain
|
|
||||||
# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld
|
|
||||||
#
|
|
||||||
# # Disable some features
|
|
||||||
# Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
|
|
||||||
#
|
|
||||||
# # Referer
|
|
||||||
# Referrer-Policy "no-referrer"
|
|
||||||
#
|
|
||||||
# # X-Robots-Tag
|
|
||||||
# X-Robots-Tag "none"
|
|
||||||
#
|
|
||||||
# # Remove Server header
|
|
||||||
# -Server
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
# handle {
|
|
||||||
# encode zstd gzip
|
|
||||||
#
|
|
||||||
# reverse_proxy 127.0.0.1:13080 {
|
|
||||||
# header_up X-Forwarded-Port {http.request.port}
|
|
||||||
# header_up X-Forwarded-Proto {http.request.scheme}
|
|
||||||
# header_up X-Forwarded-TlsProto {tls_protocol}
|
|
||||||
# header_up X-Forwarded-TlsCipher {tls_cipher}
|
|
||||||
# header_up X-Forwarded-HttpsProto {proto}
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
#}
|
|
||||||
#DOMAIN.com {
|
|
||||||
# Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server
|
|
||||||
# @wellknown {
|
|
||||||
# path /.well-known/matrix/*
|
|
||||||
# }
|
|
||||||
#
|
|
||||||
# handle @wellknown {
|
|
||||||
# reverse_proxy https://matrix.DOMAIN.com {
|
|
||||||
# header_up Host {http.reverse_proxy.upstream.hostport}
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
# # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the matrix subdomain
|
|
||||||
# # handle /.well-known/* {
|
|
||||||
# # encode zstd gzip
|
|
||||||
# # header Cache-Control max-age=14400
|
|
||||||
# # header Content-Type application/json
|
|
||||||
# # header Access-Control-Allow-Origin *
|
|
||||||
# #}
|
|
||||||
#
|
|
||||||
# # Configration for the base domain goes here
|
|
||||||
# # handle {
|
|
||||||
# # header -Server
|
|
||||||
# # encode zstd gzip
|
|
||||||
# # reverse_proxy localhost:4020
|
|
||||||
# # }
|
|
||||||
#}
|
|
@ -1,20 +1,12 @@
|
|||||||
# Caddy reverse-proxy fronting the playbook's integrated Traefik reverse-proxy
|
# Caddyfile
|
||||||
|
|
||||||
This directory contains a sample config that shows you how to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with your own [Caddy](https://caddyserver.com/) reverse-proxy.
|
This directory contains sample files that show you how to do reverse-proxying using Caddy2.
|
||||||
|
|
||||||
|
## Config
|
||||||
|
|
||||||
## Prerequisite configuration
|
| Variable | Function |
|
||||||
|
| ------------------ | -------- |
|
||||||
To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
|
| tls your@email.com | Specify an email address for your [ACME account](https://caddyserver.com/docs/caddyfile/directives/tls) (but if only one email is used for all sites, we recommend the email [global option](https://caddyserver.com/docs/caddyfile/options) instead) |
|
||||||
|
| tls | To enable [tls](https://caddyserver.com/docs/caddyfile/directives/tls) support uncomment the lines for tls |
|
||||||
|
| Dimension | To enable Dimension support uncomment the lines for Dimension and set your data |
|
||||||
## Using the Caddyfile
|
| Jitsi | To enable Jitsi support uncomment the lines for Jitsi and set your data |
|
||||||
|
|
||||||
You can either just use the [Caddyfile](Caddyfile) directly or append its content to your own Caddyfile.
|
|
||||||
In both cases make sure to replace all the `example.tld` domains with your own domain.
|
|
||||||
|
|
||||||
This example does not include additional services like element, but you should be able copy the first block and replace the matrix subdomain with the additional services subdomain. I have not tested this though.
|
|
||||||
|
|
||||||
# Caddyfile.deprecated
|
|
||||||
|
|
||||||
This can be used as a [Caddy](https://caddyserver.com/) reverse-proxy without intermediary playbook managed reverse proxy. However, this setup is not supported by the playbook anymore. Instead [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) as described above.
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# Nginx reverse-proxy fronting the playbook's integrated Traefik reverse-proxy
|
# Nginx reverse-proxy fronting the playbook's integrated Traefik reverse-proxy
|
||||||
|
|
||||||
This directory contains a sample config that shows you how to use the [nginx](https://nginx.org/) webserver to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with another reverse-proxy.
|
This directory contains a sample config that shows you how use the [nginx](https://nginx.org/) webserver to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with another reverse-proxy.
|
||||||
|
|
||||||
|
|
||||||
## Prerequisite configuration
|
## Prerequisite configuration
|
||||||
@ -10,7 +10,7 @@ To get started, first follow the [front the integrated reverse-proxy webserver w
|
|||||||
|
|
||||||
## Using the nginx configuration
|
## Using the nginx configuration
|
||||||
|
|
||||||
Copy the [matrix.conf](matrix.conf) file to your nginx server's filesystem, modify it to your needs and include it in your nginx configuration (e.g. `include /path/to/matrix.conf;`).
|
Copy the [matrix.conf](matrix.conf) file to your nginx server's filesystem, modify it to your needs and include it your nginx configuration (e.g. `include /path/to/matrix.conf;`).
|
||||||
|
|
||||||
This configuration **disables SSL certificate retrieval**, so you will **need to obtain SSL certificates manually** (e.g. by using [certbot](https://certbot.eff.org/)) and set the appropriate path in `matrix.conf`. In the example nginx configuration, a single certificate is used for all subdomains (`matrix.DOMAIN`, `element.DOMAIN`, etc.). For your setup, may wish to change this and use separate `server` blocks and separate certificate files for each host.
|
This configuration **disables SSL certificate retrieval**, so you will **need to obtain SSL certificates manually** (e.g. by using [certbot](https://certbot.eff.org/)) and set the appropriate path in `matrix.conf`. In the example nginx configuration, a single certificate is used for all subdomains (`matrix.DOMAIN`, `element.DOMAIN`, etc.). For your setup, may wish to change this and use separate `server` blocks and separate certificate files for each host.
|
||||||
|
|
||||||
|
19
flake.nix
19
flake.nix
@ -1,19 +0,0 @@
|
|||||||
{
|
|
||||||
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
|
|
||||||
|
|
||||||
outputs = { self, nixpkgs, ... }:
|
|
||||||
let
|
|
||||||
pkgs = import nixpkgs { system = "x86_64-linux"; };
|
|
||||||
in
|
|
||||||
{
|
|
||||||
devShell.x86_64-linux = pkgs.mkShell {
|
|
||||||
buildInputs = with pkgs; [
|
|
||||||
just
|
|
||||||
python311Packages.ansible-core
|
|
||||||
python311Packages.passlib
|
|
||||||
];
|
|
||||||
LC_ALL = "C.UTF-8";
|
|
||||||
LC_CTYPE = "C.UTF-8";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -192,7 +192,7 @@ matrix_homeserver_app_service_config_files_auto: |
|
|||||||
|
|
||||||
# This list is not exhaustive and final.
|
# This list is not exhaustive and final.
|
||||||
# Synapse workers are still injected into the list at runtime.
|
# Synapse workers are still injected into the list at runtime.
|
||||||
# Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/galaxy/jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
|
# Additional JVB workers (playbooks/jitsi_jvb.yml -- roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml) override this variable at runtime as well.
|
||||||
#
|
#
|
||||||
# Priority levels are like this:
|
# Priority levels are like this:
|
||||||
# - core services (the homeserver) get a level of ~1000
|
# - core services (the homeserver) get a level of ~1000
|
||||||
@ -210,25 +210,25 @@ devture_systemd_service_manager_services_list_auto: |
|
|||||||
{{
|
{{
|
||||||
([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else [])
|
([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['matrix', 'backup', 'borg']}] if backup_borg_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron', 'bot-buscarron']}] if matrix_bot_buscarron_enabled else [])
|
([{'name': 'matrix-bot-buscarron.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'buscarron']}] if matrix_bot_buscarron_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb', 'bot-go-neb']}] if matrix_bot_go_neb_enabled else [])
|
([{'name': 'matrix-bot-go-neb.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'go-neb']}] if matrix_bot_go_neb_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit', 'bot-honoroit']}] if matrix_bot_honoroit_enabled else [])
|
([{'name': 'matrix-bot-honoroit.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'honoroit']}] if matrix_bot_honoroit_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot', 'bot-matrix-registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
|
([{'name': 'matrix-bot-matrix-registration-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'registration-bot']}] if matrix_bot_matrix_registration_bot_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot', 'bot-matrix-reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
|
([{'name': 'matrix-bot-matrix-reminder-bot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'reminder-bot']}] if matrix_bot_matrix_reminder_bot_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot', 'bot-maubot']}] if matrix_bot_maubot_enabled else [])
|
([{'name': 'matrix-bot-maubot.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'maubot']}] if matrix_bot_maubot_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-mjolnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'mjolnir', 'bot-mjolnir']}] if matrix_bot_mjolnir_enabled else [])
|
([{'name': 'matrix-bot-mjolnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'mjolnir']}] if matrix_bot_mjolnir_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir', 'bot-draupnir']}] if matrix_bot_draupnir_enabled else [])
|
([{'name': 'matrix-bot-draupnir.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'draupnir']}] if matrix_bot_draupnir_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-postmoogle.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'postmoogle', 'bot-postmoogle']}] if matrix_bot_postmoogle_enabled else [])
|
([{'name': 'matrix-bot-postmoogle.service', 'priority': 4000, 'groups': ['matrix', 'bots', 'postmoogle']}] if matrix_bot_postmoogle_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt', 'bot-chatgpt']}] if matrix_bot_chatgpt_enabled else [])
|
([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt']}] if matrix_bot_chatgpt_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
|
([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
|
||||||
+
|
+
|
||||||
@ -288,11 +288,11 @@ devture_systemd_service_manager_services_list_auto: |
|
|||||||
+
|
+
|
||||||
([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
|
([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny', 'client-cinny']}] if matrix_client_cinny_enabled else [])
|
([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny']}] if matrix_client_cinny_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element', 'client-element']}] if matrix_client_element_enabled else [])
|
([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element']}] if matrix_client_element_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen', 'client-hydrogen']}] if matrix_client_hydrogen_enabled else [])
|
([{'name': 'matrix-client-hydrogen.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'hydrogen']}] if matrix_client_hydrogen_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
|
([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
|
||||||
+
|
+
|
||||||
@ -314,13 +314,13 @@ devture_systemd_service_manager_services_list_auto: |
|
|||||||
+
|
+
|
||||||
([{'name': (grafana_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if grafana_enabled else [])
|
([{'name': (grafana_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'grafana']}] if grafana_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if jitsi_enabled else [])
|
([{'name': 'matrix-jitsi-web.service', 'priority': 4200, 'groups': ['matrix', 'jitsi', 'jitsi-web']}] if matrix_jitsi_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if jitsi_enabled else [])
|
([{'name': 'matrix-jitsi-prosody.service', 'priority': 4000, 'groups': ['matrix', 'jitsi', 'jitsi-prosody']}] if matrix_jitsi_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': (jitsi_identifier + '-jicofo.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if jitsi_enabled else [])
|
([{'name': 'matrix-jitsi-jicofo.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jicofo']}] if matrix_jitsi_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if jitsi_enabled else [])
|
([{'name': 'matrix-jitsi-jvb.service', 'priority': 4100, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] if matrix_jitsi_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
|
([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
|
||||||
+
|
+
|
||||||
@ -1653,15 +1653,8 @@ matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic
|
|||||||
|
|
||||||
# We don't enable bots by default.
|
# We don't enable bots by default.
|
||||||
matrix_bot_honoroit_enabled: false
|
matrix_bot_honoroit_enabled: false
|
||||||
|
|
||||||
matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"
|
matrix_bot_honoroit_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||||
|
|
||||||
matrix_bot_honoroit_path_prefix: /honoroit
|
|
||||||
|
|
||||||
# For consistency with other things hosted at the matrix FQN, we adjust the metrics endpoint
|
|
||||||
# so that metrics would be served at `/metrics/SERVICE_NAME`, and not at the default path for the role (`PREFIX/metrics`).
|
|
||||||
matrix_bot_honoroit_container_labels_traefik_metrics_path: /metrics/honoroit
|
|
||||||
|
|
||||||
matrix_bot_honoroit_systemd_required_services_list: |
|
matrix_bot_honoroit_systemd_required_services_list: |
|
||||||
{{
|
{{
|
||||||
['docker.service']
|
['docker.service']
|
||||||
@ -2285,7 +2278,7 @@ etherpad_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
|
|||||||
|
|
||||||
etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
|
etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
|
||||||
|
|
||||||
etherpad_framing_enabled: "{{ matrix_dimension_enabled or jitsi_enabled }}"
|
etherpad_framing_enabled: "{{ matrix_dimension_enabled or matrix_jitsi_enabled }}"
|
||||||
|
|
||||||
etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
|
etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
|
||||||
|
|
||||||
@ -2359,57 +2352,26 @@ matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in [
|
|||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# jitsi
|
# matrix-jitsi
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
jitsi_enabled: false
|
matrix_jitsi_enabled: false
|
||||||
|
|
||||||
jitsi_architecture: "{{ matrix_architecture }}"
|
|
||||||
|
|
||||||
jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
|
|
||||||
|
|
||||||
jitsi_identifier: matrix-jitsi
|
|
||||||
|
|
||||||
jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
|
|
||||||
|
|
||||||
jitsi_uid: "{{ matrix_user_uid }}"
|
|
||||||
jitsi_gid: "{{ matrix_user_gid }}"
|
|
||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# the Jitsi HTTP port to the local host.
|
# the Jitsi HTTP port to the local host.
|
||||||
jitsi_web_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
|
matrix_jitsi_web_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13080') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
|
||||||
|
|
||||||
jitsi_web_container_additional_networks_auto: |
|
matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
|
||||||
{{
|
|
||||||
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
|
|
||||||
}}
|
|
||||||
|
|
||||||
jitsi_jvb_container_colibri_ws_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '13090') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
|
matrix_jitsi_prosody_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '5280') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
|
||||||
|
|
||||||
jitsi_jvb_container_additional_networks_auto: |
|
matrix_jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
|
||||||
{{
|
matrix_jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
|
||||||
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
|
matrix_jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
|
||||||
}}
|
|
||||||
|
|
||||||
jitsi_prosody_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '5280') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
|
matrix_jitsi_web_stun_servers: |
|
||||||
|
|
||||||
jitsi_prosody_container_additional_networks_auto: |
|
|
||||||
{{
|
|
||||||
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
|
|
||||||
}}
|
|
||||||
|
|
||||||
jitsi_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
|
|
||||||
jitsi_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
|
|
||||||
jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
||||||
jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
||||||
|
|
||||||
jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
|
|
||||||
jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
|
|
||||||
jitsi_jvb_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
|
|
||||||
|
|
||||||
jitsi_web_stun_servers: |
|
|
||||||
{{
|
{{
|
||||||
[
|
[
|
||||||
'stun:' + matrix_server_fqn_matrix + ':5349',
|
'stun:' + matrix_server_fqn_matrix + ':5349',
|
||||||
@ -2419,39 +2381,24 @@ jitsi_web_stun_servers: |
|
|||||||
else [ 'stun:meet-jit-si-turnrelay.jitsi.net:443']
|
else [ 'stun:meet-jit-si-turnrelay.jitsi.net:443']
|
||||||
}}
|
}}
|
||||||
|
|
||||||
# The Jitsi instance installed by this playbook is meant for embedding into Matrix clients, so framing is allowed.
|
|
||||||
jitsi_web_framing_enabled: true
|
|
||||||
|
|
||||||
jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}"
|
|
||||||
jitsi_turn_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
|
|
||||||
jitsi_turns_host: "{{ ('turn.' + matrix_server_fqn_matrix) if matrix_coturn_enabled else '' }}"
|
|
||||||
jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port if matrix_coturn_enabled else '' }}"
|
|
||||||
jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port if matrix_coturn_enabled else '' }}"
|
|
||||||
|
|
||||||
# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
|
# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
|
||||||
# unless explicitly disabled by setting `jitsi_etherpad_enabled` to false.
|
# unless explicitly disabled by setting `matrix_jitsi_etherpad_enabled` to false.
|
||||||
# Falls back to the scalar.vector.im etherpad in case someone sets `jitsi_etherpad_enabled` to true,
|
# Falls back to the scalar.vector.im etherpad in case someone sets `matrix_jitsi_etherpad_enabled` to true,
|
||||||
# while also setting `etherpad_enabled` to false.
|
# while also setting `etherpad_enabled` to false.
|
||||||
jitsi_etherpad_enabled: "{{ etherpad_enabled }}"
|
matrix_jitsi_etherpad_enabled: "{{ etherpad_enabled }}"
|
||||||
jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
|
matrix_jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
|
||||||
|
|
||||||
# Allow verification using JWT and matrix-UVS
|
# Allow verification using JWT and matrix-UVS
|
||||||
jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}"
|
matrix_jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}"
|
||||||
jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}"
|
matrix_jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}"
|
||||||
|
|
||||||
jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}"
|
matrix_jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}"
|
||||||
|
|
||||||
# Gravatar is enabled by default upstream, but there's no need to leak data there needlessly
|
|
||||||
# when embedding Jitsi in Matrix rooms.
|
|
||||||
jitsi_disable_gravatar: true
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# /jitsi
|
# /matrix-jitsi
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-ldap-registration-proxy
|
# matrix-ldap-registration-proxy
|
||||||
@ -2583,14 +2530,7 @@ matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_pu
|
|||||||
matrix_nginx_proxy_trust_forwarded_proto: "{{ matrix_playbook_reverse_proxy_type != 'playbook-managed-nginx' }}"
|
matrix_nginx_proxy_trust_forwarded_proto: "{{ matrix_playbook_reverse_proxy_type != 'playbook-managed-nginx' }}"
|
||||||
matrix_nginx_proxy_x_forwarded_for: "{{ '$remote_addr' if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else '$proxy_add_x_forwarded_for' }}"
|
matrix_nginx_proxy_x_forwarded_for: "{{ '$remote_addr' if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else '$proxy_add_x_forwarded_for' }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_container_additional_networks: |
|
matrix_nginx_proxy_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
|
||||||
{{
|
|
||||||
(
|
|
||||||
([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [])
|
|
||||||
+
|
|
||||||
([jitsi_container_network] if jitsi_enabled and matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' and jitsi_container_network != matrix_nginx_proxy_container_network else [])
|
|
||||||
) | unique
|
|
||||||
}}
|
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-nginx-proxy:12080' }}"
|
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-nginx-proxy:12080' }}"
|
||||||
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:12080' }}"
|
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:12080' }}"
|
||||||
@ -2617,7 +2557,8 @@ matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and mat
|
|||||||
matrix_nginx_proxy_proxy_etherpad_enabled: "{{ etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
matrix_nginx_proxy_proxy_etherpad_enabled: "{{ etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||||
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ jitsi_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
|
||||||
|
matrix_nginx_proxy_proxy_jitsi_manage_wellknown: "{{ matrix_jitsi_require_well_known }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_grafana_enabled: "{{ grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
matrix_nginx_proxy_proxy_grafana_enabled: "{{ grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||||
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
|
||||||
@ -2629,6 +2570,7 @@ matrix_nginx_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_ent
|
|||||||
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
matrix_nginx_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true
|
matrix_nginx_proxy_container_labels_traefik_proxy_matrix_enabled: true
|
||||||
|
matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
|
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
|
||||||
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
||||||
@ -2696,31 +2638,33 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
|
|||||||
+
|
+
|
||||||
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
|
(['matrix-ma1sd.service'] if matrix_ma1sd_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-client-cinny.service'] if matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-client-cinny.service'] if matrix_client_cinny_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-client-element.service'] if matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-client-element.service'] if matrix_client_element_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else [])
|
||||||
+
|
+
|
||||||
([(grafana_identifier + '.service')] if grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
([(grafana_identifier + '.service')] if grafana_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-dimension.service'] if matrix_dimension_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-dimension.service'] if matrix_dimension_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-rageshake.service'] if matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-rageshake.service'] if matrix_rageshake_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-sygnal.service'] if matrix_sygnal_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
|
||||||
+
|
+
|
||||||
([(ntfy_identifier + '.service')] if ntfy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
([(ntfy_identifier + '.service')] if ntfy_enabled else [])
|
||||||
+
|
+
|
||||||
([(jitsi_identifier + '-web.service')] if jitsi_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-sliding-sync-proxy.service'] if matrix_sliding_sync_enabled else [])
|
||||||
+
|
+
|
||||||
([etherpad_identifier + '.service'] if etherpad_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
|
||||||
+
|
+
|
||||||
(['matrix-hookshot.service'] if matrix_hookshot_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] else [])
|
([etherpad_identifier + '.service'] if etherpad_enabled else [])
|
||||||
|
+
|
||||||
|
(['matrix-hookshot.service'] if matrix_hookshot_enabled else [])
|
||||||
}}
|
}}
|
||||||
|
|
||||||
matrix_ssl_domains_to_obtain_certificates_for: |
|
matrix_ssl_domains_to_obtain_certificates_for: |
|
||||||
@ -2743,7 +2687,7 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
|||||||
+
|
+
|
||||||
([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else [])
|
([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else [])
|
||||||
+
|
+
|
||||||
([matrix_server_fqn_jitsi] if jitsi_enabled else [])
|
([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else [])
|
||||||
+
|
+
|
||||||
([matrix_server_fqn_grafana] if grafana_enabled else [])
|
([matrix_server_fqn_grafana] if grafana_enabled else [])
|
||||||
+
|
+
|
||||||
@ -3241,7 +3185,7 @@ matrix_client_element_enable_presence_by_hs_url: |
|
|||||||
|
|
||||||
matrix_client_element_welcome_user_id: ~
|
matrix_client_element_welcome_user_id: ~
|
||||||
|
|
||||||
matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}"
|
matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
@ -4063,7 +4007,7 @@ matrix_user_verification_service_systemd_required_services_list: |
|
|||||||
# If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose
|
# If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose
|
||||||
# matrix-user-verfification-services's client-server port to port 3003.
|
# matrix-user-verfification-services's client-server port to port 3003.
|
||||||
# By default Matrix-User-Verification-Service binds to port 3000, which collides with grafana, therefore this uses port 3003.
|
# By default Matrix-User-Verification-Service binds to port 3000, which collides with grafana, therefore this uses port 3003.
|
||||||
matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (jitsi_enabled | bool and jitsi_enable_auth | bool and jitsi_auth_type == 'matrix') else matrix_playbook_service_host_bind_interface_prefix ~ '3003' }}"
|
matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (matrix_jitsi_enabled | bool and matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == 'matrix') else matrix_playbook_service_host_bind_interface_prefix ~ '3003' }}"
|
||||||
|
|
||||||
# URL exposed in the docker network
|
# URL exposed in the docker network
|
||||||
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
|
matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000"
|
||||||
@ -4120,16 +4064,11 @@ devture_traefik_base_path: "{{ matrix_base_data_path }}/traefik"
|
|||||||
devture_traefik_uid: "{{ matrix_user_uid }}"
|
devture_traefik_uid: "{{ matrix_user_uid }}"
|
||||||
devture_traefik_gid: "{{ matrix_user_gid }}"
|
devture_traefik_gid: "{{ matrix_user_gid }}"
|
||||||
|
|
||||||
devture_traefik_federation_entrypoint:
|
devture_traefik_additional_entrypoints_auto:
|
||||||
name: matrix-federation
|
- name: matrix-federation
|
||||||
port: "{{ matrix_federation_public_port }}"
|
port: "{{ matrix_federation_public_port }}"
|
||||||
host_bind_port: "{{ matrix_federation_public_port }}"
|
host_bind_port: "{{ matrix_federation_public_port }}"
|
||||||
config: {}
|
config: {}
|
||||||
|
|
||||||
devture_traefik_additional_entrypoints_auto: |
|
|
||||||
{{
|
|
||||||
([devture_traefik_federation_entrypoint] if (matrix_federation_public_port != devture_traefik_config_entrypoint_web_port) and (matrix_federation_public_port != devture_traefik_config_entrypoint_web_secure_port) else [])
|
|
||||||
}}
|
|
||||||
|
|
||||||
devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains_to_obtain_certificates_for }}"
|
devture_traefik_additional_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains_to_obtain_certificates_for }}"
|
||||||
|
|
||||||
|
24
inventory/scripts/jitsi-generate-passwords.sh
Executable file
24
inventory/scripts/jitsi-generate-passwords.sh
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# This is a bash script for generating strong passwords for the Jitsi role in this ansible project:
|
||||||
|
# https://github.com/spantaleev/matrix-docker-ansible-deploy
|
||||||
|
|
||||||
|
function generatePassword() {
|
||||||
|
openssl rand -hex 16
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "# If this script fails, it's likely because you don't have the openssl tool installed."
|
||||||
|
echo "# Install it before using this script, or simply create your own passwords manually."
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
JICOFO_AUTH_PASSWORD=$(generatePassword)
|
||||||
|
JVB_AUTH_PASSWORD=$(generatePassword)
|
||||||
|
JIBRI_RECORDER_PASSWORD=$(generatePassword)
|
||||||
|
JIBRI_XMPP_PASSWORD=$(generatePassword)
|
||||||
|
|
||||||
|
echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:"
|
||||||
|
echo ""
|
||||||
|
echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD"
|
||||||
|
echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD"
|
||||||
|
echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD"
|
||||||
|
echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD"
|
32
justfile
32
justfile
@ -1,60 +1,48 @@
|
|||||||
# Shows help
|
# Shows help
|
||||||
default:
|
default:
|
||||||
@just --list --justfile {{ justfile() }}
|
@just --list --justfile {{ justfile() }}
|
||||||
|
|
||||||
# Pulls external Ansible roles
|
# Pulls external Ansible roles
|
||||||
roles:
|
roles:
|
||||||
#!/usr/bin/env sh
|
rm -rf roles/galaxy
|
||||||
if [ -x "$(command -v agru)" ]; then
|
ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
|
||||||
agru
|
|
||||||
else
|
|
||||||
rm -rf roles/galaxy
|
|
||||||
ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updates requirements.yml if there are any new tags available. Requires agru
|
|
||||||
update:
|
|
||||||
@agru -u
|
|
||||||
|
|
||||||
# Runs ansible-lint against all roles in the playbook
|
# Runs ansible-lint against all roles in the playbook
|
||||||
lint:
|
lint:
|
||||||
ansible-lint
|
ansible-lint
|
||||||
|
|
||||||
# Runs the playbook with --tags=install-all,ensure-matrix-users-created,start and optional arguments
|
# Runs the playbook with --tags=install-all,ensure-matrix-users-created,start and optional arguments
|
||||||
install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,start" extra_args)
|
install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,start" extra_args)
|
||||||
|
|
||||||
# Runs installation tasks for a single service
|
# Runs installation tasks for a single service
|
||||||
install-service service *extra_args:
|
install-service service *extra_args:
|
||||||
just --justfile {{ justfile() }} run \
|
just --justfile {{ justfile() }} run --tags=install-{{ service }},start-group --extra-vars=group={{ service }} {{ extra_args }}
|
||||||
--tags=install-{{ service }},start-group \
|
|
||||||
--extra-vars=group={{ service }} \
|
|
||||||
--extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }}
|
|
||||||
|
|
||||||
# Runs the playbook with --tags=setup-all,ensure-matrix-users-created,start and optional arguments
|
# Runs the playbook with --tags=setup-all,ensure-matrix-users-created,start and optional arguments
|
||||||
setup-all *extra_args: (run-tags "setup-all,ensure-matrix-users-created,start" extra_args)
|
setup-all *extra_args: (run-tags "setup-all,ensure-matrix-users-created,start" extra_args)
|
||||||
|
|
||||||
# Runs the playbook with the given list of arguments
|
# Runs the playbook with the given list of arguments
|
||||||
run +extra_args:
|
run +extra_args:
|
||||||
ansible-playbook -i inventory/hosts setup.yml {{ extra_args }}
|
time ansible-playbook -i inventory/hosts setup.yml {{ extra_args }}
|
||||||
|
|
||||||
# Runs the playbook with the given list of comma-separated tags and optional arguments
|
# Runs the playbook with the given list of comma-separated tags and optional arguments
|
||||||
run-tags tags *extra_args:
|
run-tags tags *extra_args:
|
||||||
just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
|
just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
|
||||||
|
|
||||||
# Runs the playbook in user-registration mode
|
# Runs the playbook in user-registration mode
|
||||||
register-user username password admin_yes_or_no *extra_args:
|
register-user username password admin_yes_or_no *extra_args:
|
||||||
ansible-playbook -i inventory/hosts setup.yml --tags=register-user --extra-vars="username={{ username }} password={{ password }} admin={{ admin_yes_or_no }}" {{ extra_args }}
|
time ansible-playbook -i inventory/hosts setup.yml --tags=register-user --extra-vars="username={{ username }} password={{ password }} admin={{ admin_yes_or_no }}" {{ extra_args }}
|
||||||
|
|
||||||
# Starts all services
|
# Starts all services
|
||||||
start-all *extra_args: (run-tags "start-all" extra_args)
|
start-all *extra_args: (run-tags "start-all" extra_args)
|
||||||
|
|
||||||
# Starts a specific service group
|
# Starts a specific service group
|
||||||
start-group group *extra_args:
|
start-group group *extra_args:
|
||||||
@just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
|
@just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
|
||||||
|
|
||||||
# Stops all services
|
# Stops all services
|
||||||
stop-all *extra_args: (run-tags "stop-all" extra_args)
|
stop-all *extra_args: (run-tags "stop-all" extra_args)
|
||||||
|
|
||||||
# Stops a specific service group
|
# Stops a specific service group
|
||||||
stop-group group *extra_args:
|
stop-group group *extra_args:
|
||||||
@just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
|
@just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}
|
||||||
|
@ -8,5 +8,5 @@
|
|||||||
- role: galaxy/com.devture.ansible.role.systemd_docker_base
|
- role: galaxy/com.devture.ansible.role.systemd_docker_base
|
||||||
|
|
||||||
- custom/matrix-base
|
- custom/matrix-base
|
||||||
- galaxy/jitsi
|
- custom/matrix-jitsi
|
||||||
- custom/matrix-common-after
|
- custom/matrix-common-after
|
||||||
|
@ -100,7 +100,7 @@
|
|||||||
- custom/matrix-client-element
|
- custom/matrix-client-element
|
||||||
- custom/matrix-client-hydrogen
|
- custom/matrix-client-hydrogen
|
||||||
- custom/matrix-client-cinny
|
- custom/matrix-client-cinny
|
||||||
- galaxy/jitsi
|
- custom/matrix-jitsi
|
||||||
- custom/matrix-user-verification-service
|
- custom/matrix-user-verification-service
|
||||||
- custom/matrix-ldap-registration-proxy
|
- custom/matrix-ldap-registration-proxy
|
||||||
- custom/matrix-ma1sd
|
- custom/matrix-ma1sd
|
||||||
|
@ -1,53 +1,69 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
|
- src: geerlingguy.docker
|
||||||
version: v1.0.0-1
|
version: 6.1.0
|
||||||
name: aux
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
|
|
||||||
version: v1.2.4-1.7.13-0
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
|
||||||
version: v0.1.1-2
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
||||||
version: 129c8590e106b83e6f4c259649a613c6279e937a
|
version: 129c8590e106b83e6f4c259649a613c6279e937a
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
|
||||||
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
|
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
|
|
||||||
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
|
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
|
||||||
|
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
|
||||||
|
|
||||||
|
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
|
||||||
|
version: 3d5bb2976815958cdce3f368fa34fb51554f899b
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
|
||||||
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
|
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
|
||||||
version: v15.3-0
|
version: 38764398bf82b06a1736c3bfedc71dfd229e4b52
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
|
||||||
version: 8e9ec48a09284c84704d7a2dce17da35f181574d
|
version: 8e9ec48a09284c84704d7a2dce17da35f181574d
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
|
|
||||||
version: v1.0.0-0
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
|
||||||
version: v1.0.0-1
|
version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
|
|
||||||
version: v1.0.0-0
|
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
|
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
|
||||||
version: v2.10.1-1
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
|
|
||||||
version: v2.8.1-0
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
|
|
||||||
version: v1.8.18-2
|
|
||||||
- src: git+https://github.com/geerlingguy/ansible-role-docker
|
|
||||||
version: 6.1.0
|
|
||||||
name: geerlingguy.docker
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
|
|
||||||
version: v9.5.2-0
|
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
|
|
||||||
version: v8615-0
|
|
||||||
name: jitsi
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
|
|
||||||
version: v2.5.0-0
|
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
|
|
||||||
version: v2.44.0-0
|
|
||||||
name: prometheus
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
|
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
|
||||||
version: v1.6.0-0
|
version: v1.5.0-7
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
|
|
||||||
|
- src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git
|
||||||
version: v0.12.0-0
|
version: v0.12.0-0
|
||||||
name: prometheus_postgres_exporter
|
|
||||||
|
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
|
||||||
|
version: v1.2.4-1.7.9-0
|
||||||
|
|
||||||
|
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
|
||||||
|
version: v9.4.7-0
|
||||||
|
|
||||||
|
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
|
||||||
|
version: v2.2.0-0
|
||||||
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/redis.git
|
- src: git+https://gitlab.com/etke.cc/roles/redis.git
|
||||||
version: v7.0.10-0
|
version: v7.0.10-0
|
||||||
|
|
||||||
|
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
|
||||||
|
version: v1.8.18-2
|
||||||
|
|
||||||
|
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
||||||
|
version: v0.1.1-1
|
||||||
|
|
||||||
|
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
|
||||||
|
version: v2.9.9-0
|
||||||
|
|
||||||
|
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
|
||||||
|
version: v2.8.1-0
|
||||||
|
|
||||||
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
|
||||||
|
name: aux
|
||||||
|
version: v1.0.0-0
|
||||||
|
|
||||||
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
|
||||||
|
name: prometheus
|
||||||
|
version: v2.43.0-0
|
||||||
|
@ -13,9 +13,6 @@ matrix_domain: ~
|
|||||||
# Example value: "@someone:{{ matrix_domain }}"
|
# Example value: "@someone:{{ matrix_domain }}"
|
||||||
matrix_admin: ''
|
matrix_admin: ''
|
||||||
|
|
||||||
# Global var to enable/disable encryption across all bridges with encryption support
|
|
||||||
matrix_bridges_encryption_enabled: false
|
|
||||||
|
|
||||||
# matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc.
|
# matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc.
|
||||||
#
|
#
|
||||||
# Unless you're wrapping this playbook in another one
|
# Unless you're wrapping this playbook in another one
|
||||||
|
@ -14,10 +14,6 @@ matrix_bot_buscarron_hostname: ''
|
|||||||
# This value must either be `/` or not end with a slash (e.g. `/buscarron`).
|
# This value must either be `/` or not end with a slash (e.g. `/buscarron`).
|
||||||
matrix_bot_buscarron_path_prefix: /
|
matrix_bot_buscarron_path_prefix: /
|
||||||
|
|
||||||
# The path at which Buscarron will expose metrics
|
|
||||||
# This value must either be `/` or not end with a slash (e.g. `/metrics`).
|
|
||||||
matrix_bot_buscarron_metrics_path: /metrics
|
|
||||||
|
|
||||||
matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron"
|
matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron"
|
||||||
matrix_bot_buscarron_config_path: "{{ matrix_bot_buscarron_base_path }}/config"
|
matrix_bot_buscarron_config_path: "{{ matrix_bot_buscarron_base_path }}/config"
|
||||||
matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data"
|
matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data"
|
||||||
@ -40,15 +36,6 @@ matrix_bot_buscarron_container_network: matrix-bot-buscarron
|
|||||||
# Use this to expose this container to another reverse proxy, which runs in a different container network.
|
# Use this to expose this container to another reverse proxy, which runs in a different container network.
|
||||||
matrix_bot_buscarron_container_additional_networks: []
|
matrix_bot_buscarron_container_additional_networks: []
|
||||||
|
|
||||||
# enable basic auth for metrics
|
|
||||||
matrix_bot_buscarron_basicauth_enabled: false
|
|
||||||
# temporary file name on the host that runs ansible
|
|
||||||
matrix_bot_buscarron_basicauth_file: "/tmp/matrix_bot_buscarron_htpasswd"
|
|
||||||
# username
|
|
||||||
matrix_bot_buscarron_basicauth_user: ''
|
|
||||||
# password
|
|
||||||
matrix_bot_buscarron_basicauth_password: ''
|
|
||||||
|
|
||||||
# matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
# matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
||||||
# See `../templates/labels.j2` for details.
|
# See `../templates/labels.j2` for details.
|
||||||
#
|
#
|
||||||
@ -59,8 +46,6 @@ matrix_bot_buscarron_container_labels_traefik_hostname: "{{ matrix_bot_buscarron
|
|||||||
# The path prefix must either be `/` or not end with a slash (e.g. `/buscarron`).
|
# The path prefix must either be `/` or not end with a slash (e.g. `/buscarron`).
|
||||||
matrix_bot_buscarron_container_labels_traefik_path_prefix: "{{ matrix_bot_buscarron_path_prefix }}"
|
matrix_bot_buscarron_container_labels_traefik_path_prefix: "{{ matrix_bot_buscarron_path_prefix }}"
|
||||||
matrix_bot_buscarron_container_labels_traefik_rule: "Host(`{{ matrix_bot_buscarron_container_labels_traefik_hostname }}`){% if matrix_bot_buscarron_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_buscarron_container_labels_traefik_path_prefix }}`){% endif %}"
|
matrix_bot_buscarron_container_labels_traefik_rule: "Host(`{{ matrix_bot_buscarron_container_labels_traefik_hostname }}`){% if matrix_bot_buscarron_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_buscarron_container_labels_traefik_path_prefix }}`){% endif %}"
|
||||||
matrix_bot_buscarron_container_labels_traefik_metrics_path: "{{ matrix_bot_buscarron_metrics_path }}"
|
|
||||||
matrix_bot_buscarron_container_labels_traefik_metrics_rule: "Host(`{{ matrix_bot_buscarron_container_labels_traefik_hostname }}`) && Path(`{{ matrix_bot_buscarron_container_labels_traefik_metrics_path }}`)"
|
|
||||||
matrix_bot_buscarron_container_labels_traefik_priority: 0
|
matrix_bot_buscarron_container_labels_traefik_priority: 0
|
||||||
matrix_bot_buscarron_container_labels_traefik_entrypoints: web-secure
|
matrix_bot_buscarron_container_labels_traefik_entrypoints: web-secure
|
||||||
matrix_bot_buscarron_container_labels_traefik_tls: "{{ matrix_bot_buscarron_container_labels_traefik_entrypoints != 'web' }}"
|
matrix_bot_buscarron_container_labels_traefik_tls: "{{ matrix_bot_buscarron_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
@ -40,21 +40,6 @@
|
|||||||
- {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true}
|
- {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true}
|
||||||
when: "item.when | bool"
|
when: "item.when | bool"
|
||||||
|
|
||||||
- name: Determine basicauth filename
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
matrix_bot_buscarron_basicauth_file_tmp: "{{ matrix_bot_buscarron_basicauth_file }}_{{ inventory_hostname }}"
|
|
||||||
when: matrix_bot_buscarron_basicauth_enabled | bool
|
|
||||||
|
|
||||||
- name: Generate basic auth file
|
|
||||||
community.general.htpasswd:
|
|
||||||
path: "{{ matrix_bot_buscarron_basicauth_file }}"
|
|
||||||
name: "{{ matrix_bot_buscarron_basicauth_user }}"
|
|
||||||
password: "{{ matrix_bot_buscarron_basicauth_password }}"
|
|
||||||
mode: 0640
|
|
||||||
become: false
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
when: matrix_bot_buscarron_basicauth_enabled | bool
|
|
||||||
|
|
||||||
- name: Ensure buscarron support files installed
|
- name: Ensure buscarron support files installed
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ role_path }}/templates/{{ item }}.j2"
|
src: "{{ role_path }}/templates/{{ item }}.j2"
|
||||||
@ -66,14 +51,6 @@
|
|||||||
- env
|
- env
|
||||||
- labels
|
- labels
|
||||||
|
|
||||||
- name: Ensure temporary basic auth file is removed
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ matrix_bot_buscarron_basicauth_file }}"
|
|
||||||
state: absent
|
|
||||||
become: false
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
when: matrix_bot_buscarron_basicauth_enabled | bool
|
|
||||||
|
|
||||||
- name: Ensure buscarron image is pulled
|
- name: Ensure buscarron image is pulled
|
||||||
community.docker.docker_image:
|
community.docker.docker_image:
|
||||||
name: "{{ matrix_bot_buscarron_docker_image }}"
|
name: "{{ matrix_bot_buscarron_docker_image }}"
|
||||||
|
@ -6,7 +6,6 @@ traefik.docker.network={{ matrix_bot_buscarron_container_labels_traefik_docker_n
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% set middlewares = [] %}
|
{% set middlewares = [] %}
|
||||||
{% set middlewares_metrics = [] %}
|
|
||||||
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_path_prefix != '/' %}
|
{% if matrix_bot_buscarron_container_labels_traefik_path_prefix != '/' %}
|
||||||
traefik.http.middlewares.matrix-bot-buscarron-slashless-redirect.redirectregex.regex=({{ matrix_bot_buscarron_container_labels_traefik_path_prefix | quote }})$
|
traefik.http.middlewares.matrix-bot-buscarron-slashless-redirect.redirectregex.regex=({{ matrix_bot_buscarron_container_labels_traefik_path_prefix | quote }})$
|
||||||
@ -19,11 +18,6 @@ traefik.http.middlewares.matrix-bot-buscarron-strip-prefix.stripprefix.prefixes=
|
|||||||
{% set middlewares = middlewares + ['matrix-bot-buscarron-strip-prefix'] %}
|
{% set middlewares = middlewares + ['matrix-bot-buscarron-strip-prefix'] %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_bot_buscarron_basicauth_enabled %}
|
|
||||||
traefik.http.middlewares.matrix-bot-buscarron-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_buscarron_basicauth_file) }}
|
|
||||||
{% set middlewares_metrics = middlewares + ['matrix-bot-buscarron-auth'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
|
{% if matrix_bot_buscarron_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
|
||||||
{% for name, value in matrix_bot_buscarron_container_labels_traefik_additional_response_headers.items() %}
|
{% for name, value in matrix_bot_buscarron_container_labels_traefik_additional_response_headers.items() %}
|
||||||
traefik.http.middlewares.matrix-bot-buscarron-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
|
traefik.http.middlewares.matrix-bot-buscarron-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
|
||||||
@ -44,23 +38,8 @@ traefik.http.routers.matrix-bot-buscarron.tls={{ matrix_bot_buscarron_container_
|
|||||||
{% if matrix_bot_buscarron_container_labels_traefik_tls %}
|
{% if matrix_bot_buscarron_container_labels_traefik_tls %}
|
||||||
traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }}
|
traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080
|
traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080
|
||||||
|
|
||||||
{% if middlewares_metrics | length > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron-metrics.rule={{ matrix_bot_buscarron_container_labels_traefik_metrics_rule }}
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_priority | int > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron-metrics.priority={{ matrix_bot_buscarron_container_labels_traefik_priority }}
|
|
||||||
{% endif %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron-metrics.service=matrix-bot-buscarron
|
|
||||||
traefik.http.routers.matrix-bot-buscarron-metrics.middlewares={{ middlewares_metrics | join(',') }}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron-metrics.entrypoints={{ matrix_bot_buscarron_container_labels_traefik_entrypoints }}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron-metrics.tls={{ matrix_bot_buscarron_container_labels_traefik_tls | to_json }}
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_tls %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron-metrics.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }}
|
|
||||||
{% endif %}
|
|
||||||
traefik.http.services.matrix-bot-buscarron-metrics.loadbalancer.server.port=8080
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{{ matrix_bot_buscarron_container_labels_additional_labels }}
|
{{ matrix_bot_buscarron_container_labels_additional_labels }}
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
matrix_bot_chatgpt_enabled: true
|
matrix_bot_chatgpt_enabled: true
|
||||||
|
|
||||||
matrix_bot_chatgpt_version: 3.1.2
|
matrix_bot_chatgpt_version: 3.0.0
|
||||||
|
|
||||||
matrix_bot_chatgpt_container_image_self_build: false
|
matrix_bot_chatgpt_container_image_self_build: false
|
||||||
matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
|
matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
matrix_bot_draupnir_enabled: true
|
matrix_bot_draupnir_enabled: true
|
||||||
|
|
||||||
matrix_bot_draupnir_version: "v1.83.0"
|
matrix_bot_draupnir_version: "v1.80.1"
|
||||||
|
|
||||||
matrix_bot_draupnir_container_image_self_build: false
|
matrix_bot_draupnir_container_image_self_build: false
|
||||||
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git"
|
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git"
|
||||||
|
@ -11,10 +11,6 @@ matrix_bot_honoroit_hostname: ''
|
|||||||
# This value must either be `/` or not end with a slash (e.g. `/honoroit`).
|
# This value must either be `/` or not end with a slash (e.g. `/honoroit`).
|
||||||
matrix_bot_honoroit_path_prefix: /
|
matrix_bot_honoroit_path_prefix: /
|
||||||
|
|
||||||
# The path at which honoroit will expose metrics
|
|
||||||
# This value must either be `/` or not end with a slash (e.g. `/metrics`).
|
|
||||||
matrix_bot_honoroit_metrics_path: /metrics
|
|
||||||
|
|
||||||
matrix_bot_honoroit_container_image_self_build: false
|
matrix_bot_honoroit_container_image_self_build: false
|
||||||
matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
|
matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
|
||||||
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
|
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
|
||||||
@ -38,15 +34,6 @@ matrix_bot_honoroit_container_network: matrix-bot-honoroit
|
|||||||
# Use this to expose this container to another reverse proxy, which runs in a different container network.
|
# Use this to expose this container to another reverse proxy, which runs in a different container network.
|
||||||
matrix_bot_honoroit_container_additional_networks: []
|
matrix_bot_honoroit_container_additional_networks: []
|
||||||
|
|
||||||
# enable basic auth for metrics
|
|
||||||
matrix_bot_honoroit_basicauth_enabled: false
|
|
||||||
# temporary file name on the host that runs ansible
|
|
||||||
matrix_bot_honoroit_basicauth_file: "/tmp/matrix_bot_honoroit_htpasswd"
|
|
||||||
# username
|
|
||||||
matrix_bot_honoroit_basicauth_user: ''
|
|
||||||
# password
|
|
||||||
matrix_bot_honoroit_basicauth_password: ''
|
|
||||||
|
|
||||||
# matrix_bot_honoroit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
# matrix_bot_honoroit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
||||||
# See `../templates/labels.j2` for details.
|
# See `../templates/labels.j2` for details.
|
||||||
#
|
#
|
||||||
@ -56,8 +43,7 @@ matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_bot_hono
|
|||||||
matrix_bot_honoroit_container_labels_traefik_hostname: "{{ matrix_bot_honoroit_hostname }}"
|
matrix_bot_honoroit_container_labels_traefik_hostname: "{{ matrix_bot_honoroit_hostname }}"
|
||||||
# The path prefix must either be `/` or not end with a slash (e.g. `/honoroit`).
|
# The path prefix must either be `/` or not end with a slash (e.g. `/honoroit`).
|
||||||
matrix_bot_honoroit_container_labels_traefik_path_prefix: "{{ matrix_bot_honoroit_path_prefix }}"
|
matrix_bot_honoroit_container_labels_traefik_path_prefix: "{{ matrix_bot_honoroit_path_prefix }}"
|
||||||
matrix_bot_honoroit_container_labels_traefik_metrics_path: "{{ '' if matrix_bot_honoroit_path_prefix == '/' else matrix_bot_honoroit_path_prefix }}{{ matrix_bot_honoroit_metrics_path }}"
|
matrix_bot_honoroit_container_labels_traefik_rule: "Host(`{{ matrix_bot_honoroit_container_labels_traefik_hostname }}`){% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_bot_honoroit_container_labels_traefik_path_prefix }}`){% endif %}"
|
||||||
matrix_bot_honoroit_container_labels_traefik_metrics_rule: "Host(`{{ matrix_bot_honoroit_container_labels_traefik_hostname }}`) && Path(`{{ matrix_bot_honoroit_container_labels_traefik_metrics_path }}`)"
|
|
||||||
matrix_bot_honoroit_container_labels_traefik_priority: 0
|
matrix_bot_honoroit_container_labels_traefik_priority: 0
|
||||||
matrix_bot_honoroit_container_labels_traefik_entrypoints: web-secure
|
matrix_bot_honoroit_container_labels_traefik_entrypoints: web-secure
|
||||||
matrix_bot_honoroit_container_labels_traefik_tls: "{{ matrix_bot_honoroit_container_labels_traefik_entrypoints != 'web' }}"
|
matrix_bot_honoroit_container_labels_traefik_tls: "{{ matrix_bot_honoroit_container_labels_traefik_entrypoints != 'web' }}"
|
||||||
|
@ -40,21 +40,6 @@
|
|||||||
- {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
|
- {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
|
||||||
when: "item.when | bool"
|
when: "item.when | bool"
|
||||||
|
|
||||||
- name: Determine basicauth filename
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
matrix_bot_honoroit_basicauth_file_tmp: "{{ matrix_bot_honoroit_basicauth_file }}_{{ inventory_hostname }}"
|
|
||||||
when: matrix_bot_honoroit_basicauth_enabled | bool
|
|
||||||
|
|
||||||
- name: Generate basic auth file
|
|
||||||
community.general.htpasswd:
|
|
||||||
path: "{{ matrix_bot_honoroit_basicauth_file }}"
|
|
||||||
name: "{{ matrix_bot_honoroit_basicauth_user }}"
|
|
||||||
password: "{{ matrix_bot_honoroit_basicauth_password }}"
|
|
||||||
mode: 0640
|
|
||||||
become: false
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
when: matrix_bot_honoroit_basicauth_enabled | bool
|
|
||||||
|
|
||||||
- name: Ensure honoroit support files installed
|
- name: Ensure honoroit support files installed
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ role_path }}/templates/{{ item }}.j2"
|
src: "{{ role_path }}/templates/{{ item }}.j2"
|
||||||
@ -66,14 +51,6 @@
|
|||||||
- env
|
- env
|
||||||
- labels
|
- labels
|
||||||
|
|
||||||
- name: Ensure temporary basic auth file is removed
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ matrix_bot_honoroit_basicauth_file }}"
|
|
||||||
state: absent
|
|
||||||
become: false
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
when: matrix_bot_honoroit_basicauth_enabled | bool
|
|
||||||
|
|
||||||
- name: Ensure honoroit image is pulled
|
- name: Ensure honoroit image is pulled
|
||||||
community.docker.docker_image:
|
community.docker.docker_image:
|
||||||
name: "{{ matrix_bot_honoroit_docker_image }}"
|
name: "{{ matrix_bot_honoroit_docker_image }}"
|
||||||
@ -109,11 +86,6 @@
|
|||||||
pull: true
|
pull: true
|
||||||
when: "matrix_bot_honoroit_container_image_self_build | bool"
|
when: "matrix_bot_honoroit_container_image_self_build | bool"
|
||||||
|
|
||||||
- name: Ensure honoroit container network is created
|
|
||||||
community.general.docker_network:
|
|
||||||
name: "{{ matrix_bot_honoroit_container_network }}"
|
|
||||||
driver: bridge
|
|
||||||
|
|
||||||
- name: Ensure matrix-bot-honoroit.service installed
|
- name: Ensure matrix-bot-honoroit.service installed
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
|
src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
|
||||||
|
@ -6,7 +6,6 @@ traefik.docker.network={{ matrix_bot_honoroit_container_labels_traefik_docker_ne
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% set middlewares = [] %}
|
{% set middlewares = [] %}
|
||||||
{% set middlewares_metrics = [] %}
|
|
||||||
|
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %}
|
{% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %}
|
||||||
traefik.http.middlewares.matrix-bot-honoroit-slashless-redirect.redirectregex.regex=({{ matrix_bot_honoroit_container_labels_traefik_path_prefix | quote }})$
|
traefik.http.middlewares.matrix-bot-honoroit-slashless-redirect.redirectregex.regex=({{ matrix_bot_honoroit_container_labels_traefik_path_prefix | quote }})$
|
||||||
@ -26,26 +25,21 @@ traefik.http.middlewares.matrix-bot-honoroit-add-headers.headers.customresponseh
|
|||||||
{% set middlewares = middlewares + ['matrix-bot-honoroit-add-headers'] %}
|
{% set middlewares = middlewares + ['matrix-bot-honoroit-add-headers'] %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_bot_honoroit_basicauth_enabled %}
|
traefik.http.routers.matrix-bot-honoroit.rule={{ matrix_bot_honoroit_container_labels_traefik_rule }}
|
||||||
traefik.http.middlewares.matrix-bot-honoroit-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_honoroit_basicauth_file) }}
|
|
||||||
{% set middlewares_metrics = middlewares + ['matrix-bot-honoroit-auth'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if middlewares_metrics | length > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-honoroit-metrics.rule={{ matrix_bot_honoroit_container_labels_traefik_metrics_rule }}
|
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %}
|
{% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %}
|
||||||
traefik.http.routers.matrix-bot-honoroit-metrics.priority={{ matrix_bot_honoroit_container_labels_traefik_priority }}
|
traefik.http.routers.matrix-bot-honoroit.priority={{ matrix_bot_honoroit_container_labels_traefik_priority }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
traefik.http.routers.matrix-bot-honoroit-metrics.service=matrix-bot-honoroit-metrics
|
traefik.http.routers.matrix-bot-honoroit.service=matrix-bot-honoroit
|
||||||
traefik.http.routers.matrix-bot-honoroit-metrics.middlewares={{ middlewares_metrics | join(',') }}
|
{% if middlewares | length > 0 %}
|
||||||
traefik.http.routers.matrix-bot-honoroit-metrics.entrypoints={{ matrix_bot_honoroit_container_labels_traefik_entrypoints }}
|
traefik.http.routers.matrix-bot-honoroit.middlewares={{ middlewares | join(',') }}
|
||||||
traefik.http.routers.matrix-bot-honoroit-metrics.tls={{ matrix_bot_honoroit_container_labels_traefik_tls | to_json }}
|
{% endif %}
|
||||||
|
traefik.http.routers.matrix-bot-honoroit.entrypoints={{ matrix_bot_honoroit_container_labels_traefik_entrypoints }}
|
||||||
|
traefik.http.routers.matrix-bot-honoroit.tls={{ matrix_bot_honoroit_container_labels_traefik_tls | to_json }}
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_tls %}
|
{% if matrix_bot_honoroit_container_labels_traefik_tls %}
|
||||||
traefik.http.routers.matrix-bot-honoroit-metrics.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }}
|
traefik.http.routers.matrix-bot-honoroit.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }}
|
||||||
{% endif %}
|
|
||||||
traefik.http.services.matrix-bot-honoroit-metrics.loadbalancer.server.port=8080
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
traefik.http.services.matrix-bot-honoroit.loadbalancer.server.port=8080
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{{ matrix_bot_honoroit_container_labels_additional_labels }}
|
{{ matrix_bot_honoroit_container_labels_additional_labels }}
|
||||||
|
@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock
|
|||||||
matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
|
matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
|
||||||
|
|
||||||
|
|
||||||
matrix_bot_maubot_version: v0.4.1
|
matrix_bot_maubot_version: v0.4.0
|
||||||
matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
|
matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
|
||||||
matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
|
matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
|
||||||
|
@ -81,10 +81,10 @@ matrix_bot_postmoogle_maxsize: '1024'
|
|||||||
# A list of admins
|
# A list of admins
|
||||||
# Example set of rules:
|
# Example set of rules:
|
||||||
# matrix_bot_postmoogle_admins:
|
# matrix_bot_postmoogle_admins:
|
||||||
# - '@someone:example.com'
|
# - @someone:example.com
|
||||||
# - '@another:example.com'
|
# - @another:example.com
|
||||||
# - '@bot.*:example.com'
|
# - @bot.*:example.com
|
||||||
# - '@*:another.com'
|
# - @*:another.com
|
||||||
matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}"
|
matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}"
|
||||||
|
|
||||||
# Sentry DSN. Deprecated, use matrix_bot_postmoogle_monitoring_sentry_dsn
|
# Sentry DSN. Deprecated, use matrix_bot_postmoogle_monitoring_sentry_dsn
|
||||||
|
@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser
|
|||||||
|
|
||||||
# matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
|
# matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
|
||||||
# It's a bare version number now. We try to somewhat retain compatibility below.
|
# It's a bare version number now. We try to somewhat retain compatibility below.
|
||||||
matrix_appservice_irc_version: 0.38.0
|
matrix_appservice_irc_version: 0.37.0
|
||||||
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
|
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
|
||||||
matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
|
matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
|
||||||
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
||||||
|
@ -120,7 +120,7 @@ matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot
|
|||||||
matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_'
|
matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_'
|
||||||
|
|
||||||
# End-to-bridge encryption configuration
|
# End-to-bridge encryption configuration
|
||||||
matrix_appservice_kakaotalk_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
matrix_appservice_kakaotalk_bridge_encryption_allow: false
|
||||||
matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}"
|
matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}"
|
||||||
|
|
||||||
# Specifies the default log level for all bridge loggers.
|
# Specifies the default log level for all bridge loggers.
|
||||||
|
@ -83,11 +83,6 @@ matrix_beeper_linkedin_login_shared_secret: ''
|
|||||||
# Specifies the default log level for all bridge loggers.
|
# Specifies the default log level for all bridge loggers.
|
||||||
matrix_beeper_linkedin_logging_level: WARNING
|
matrix_beeper_linkedin_logging_level: WARNING
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
|
||||||
matrix_beeper_linkedin_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
|
||||||
matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
|
|
||||||
matrix_beeper_linkedin_bridge_encryption_key_sharing_allow: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
|
|
||||||
|
|
||||||
# Default beeper-linkedin configuration template which covers the generic use case.
|
# Default beeper-linkedin configuration template which covers the generic use case.
|
||||||
# You can customize it by controlling the various variables inside it.
|
# You can customize it by controlling the various variables inside it.
|
||||||
#
|
#
|
||||||
|
@ -156,15 +156,15 @@ bridge:
|
|||||||
# application service.
|
# application service.
|
||||||
encryption:
|
encryption:
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
allow: {{ matrix_beeper_linkedin_bridge_encryption_allow|to_json }}
|
allow: false
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
default: {{ matrix_beeper_linkedin_bridge_encryption_default|to_json }}
|
default: false
|
||||||
# Options for automatic key sharing.
|
# Options for automatic key sharing.
|
||||||
key_sharing:
|
key_sharing:
|
||||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||||
# You must use a client that supports requesting keys from other users to use this feature.
|
# You must use a client that supports requesting keys from other users to use this feature.
|
||||||
allow: {{ matrix_beeper_linkedin_bridge_encryption_key_sharing_allow|to_json }}
|
allow: false
|
||||||
# Require the requesting device to have a valid cross-signing signature?
|
# Require the requesting device to have a valid cross-signing signature?
|
||||||
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
||||||
# Not yet implemented.
|
# Not yet implemented.
|
||||||
|
@ -86,7 +86,7 @@ matrix_go_skype_bridge_bridge_double_puppet_server_map:
|
|||||||
"{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}"
|
"{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
# Enable End-to-bridge encryption
|
||||||
matrix_go_skype_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
matrix_go_skype_bridge_bridge_encryption_allow: false
|
||||||
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
|
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
|
||||||
|
|
||||||
# Minimum severity of journal log messages.
|
# Minimum severity of journal log messages.
|
||||||
|
@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
|
|||||||
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
|
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
|
||||||
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
|
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
|
||||||
|
|
||||||
matrix_hookshot_version: 4.1.0
|
matrix_hookshot_version: 3.0.1
|
||||||
|
|
||||||
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
|
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
|
||||||
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
|
@ -81,7 +81,7 @@
|
|||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
-v {{ matrix_hookshot_base_path }}/config.yml:/config.yml
|
-v {{ matrix_hookshot_base_path }}/config.yml:/config.yml
|
||||||
{{ matrix_hookshot_docker_image }} node config/Config.js /config.yml
|
{{ matrix_hookshot_docker_image }} node Config/Config.js /config.yml
|
||||||
register: hookshot_config_validation_result
|
register: hookshot_config_validation_result
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false
|
|||||||
matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
|
matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
|
||||||
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
|
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
|
||||||
|
|
||||||
matrix_mautrix_discord_version: v0.4.0
|
matrix_mautrix_discord_version: v0.2.0
|
||||||
# See: https://mau.dev/mautrix/discord/container_registry
|
# See: https://mau.dev/mautrix/discord/container_registry
|
||||||
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
|
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
|
||||||
matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
@ -137,7 +137,7 @@ matrix_mautrix_discord_registration_yaml: |
|
|||||||
matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"
|
matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
# Enable End-to-bridge encryption
|
||||||
matrix_mautrix_discord_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
matrix_mautrix_discord_bridge_encryption_allow: false
|
||||||
matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
|
matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
|
||||||
matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
|
matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true
|
|||||||
matrix_mautrix_facebook_container_image_self_build: false
|
matrix_mautrix_facebook_container_image_self_build: false
|
||||||
matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
|
matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
|
||||||
|
|
||||||
matrix_mautrix_facebook_version: v0.5.0
|
matrix_mautrix_facebook_version: v0.4.1
|
||||||
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
|
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
|
||||||
matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
|
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
|
||||||
@ -149,8 +149,3 @@ matrix_mautrix_facebook_registration_yaml: |
|
|||||||
de.sorunome.msc2409.push_ephemeral: true
|
de.sorunome.msc2409.push_ephemeral: true
|
||||||
|
|
||||||
matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml | from_yaml }}"
|
matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml | from_yaml }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
|
||||||
matrix_mautrix_facebook_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
|
||||||
matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"
|
|
||||||
matrix_mautrix_facebook_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"
|
|
||||||
|
@ -126,15 +126,15 @@ bridge:
|
|||||||
# application service.
|
# application service.
|
||||||
encryption:
|
encryption:
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
allow: {{ matrix_mautrix_facebook_bridge_encryption_allow|to_json }}
|
allow: false
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
default: {{ matrix_mautrix_facebook_bridge_encryption_default|to_json }}
|
default: false
|
||||||
# Options for automatic key sharing.
|
# Options for automatic key sharing.
|
||||||
key_sharing:
|
key_sharing:
|
||||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||||
# You must use a client that supports requesting keys from other users to use this feature.
|
# You must use a client that supports requesting keys from other users to use this feature.
|
||||||
allow_key_sharing: {{ matrix_mautrix_facebook_bridge_encryption_key_sharing_allow|to_json }}
|
allow: false
|
||||||
# Require the requesting device to have a valid cross-signing signature?
|
# Require the requesting device to have a valid cross-signing signature?
|
||||||
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
||||||
# Not yet implemented.
|
# Not yet implemented.
|
||||||
|
@ -129,7 +129,3 @@ matrix_mautrix_googlechat_registration_yaml: |
|
|||||||
de.sorunome.msc2409.push_ephemeral: true
|
de.sorunome.msc2409.push_ephemeral: true
|
||||||
|
|
||||||
matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml | from_yaml }}"
|
matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml | from_yaml }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
|
||||||
matrix_mautrix_googlechat_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
|
||||||
matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_mautrix_googlechat_bridge_encryption_allow }}"
|
|
||||||
|
@ -88,10 +88,10 @@ bridge:
|
|||||||
# application service.
|
# application service.
|
||||||
encryption:
|
encryption:
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
allow: {{ matrix_mautrix_googlechat_bridge_encryption_allow|to_json }}
|
allow: false
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
default: {{ matrix_mautrix_googlechat_bridge_encryption_default|to_json }}
|
default: false
|
||||||
|
|
||||||
# Whether or not created rooms should have federation enabled.
|
# Whether or not created rooms should have federation enabled.
|
||||||
# If false, created portal rooms will never be federated.
|
# If false, created portal rooms will never be federated.
|
||||||
|
@ -126,7 +126,3 @@ matrix_mautrix_hangouts_registration_yaml: |
|
|||||||
de.sorunome.msc2409.push_ephemeral: true
|
de.sorunome.msc2409.push_ephemeral: true
|
||||||
|
|
||||||
matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml | from_yaml }}"
|
matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml | from_yaml }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
|
||||||
matrix_mautrix_hangouts_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
|
||||||
matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_mautrix_hangouts_bridge_encryption_allow }}"
|
|
||||||
|
@ -88,10 +88,10 @@ bridge:
|
|||||||
# application service.
|
# application service.
|
||||||
encryption:
|
encryption:
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
allow: {{ matrix_mautrix_hangouts_bridge_encryption_allow|to_json }}
|
allow: false
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
default: {{ matrix_mautrix_hangouts_bridge_encryption_default|to_json }}
|
default: false
|
||||||
|
|
||||||
# Public website and API configs
|
# Public website and API configs
|
||||||
web:
|
web:
|
||||||
|
@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
|
|||||||
matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
|
matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
|
||||||
matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
|
matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
|
||||||
|
|
||||||
matrix_mautrix_instagram_version: v0.3.0
|
matrix_mautrix_instagram_version: v0.2.3
|
||||||
# See: https://mau.dev/tulir/mautrix-instagram/container_registry
|
# See: https://mau.dev/tulir/mautrix-instagram/container_registry
|
||||||
matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
|
matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
|
||||||
matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
@ -129,8 +129,3 @@ matrix_mautrix_instagram_registration_yaml: |
|
|||||||
de.sorunome.msc2409.push_ephemeral: true
|
de.sorunome.msc2409.push_ephemeral: true
|
||||||
|
|
||||||
matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml | from_yaml }}"
|
matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml | from_yaml }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
|
||||||
matrix_mautrix_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
|
||||||
matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"
|
|
||||||
matrix_mautrix_instagram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"
|
|
||||||
|
@ -143,15 +143,15 @@ bridge:
|
|||||||
# application service.
|
# application service.
|
||||||
encryption:
|
encryption:
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
allow: {{ matrix_mautrix_discord_bridge_encryption_allow|to_json }}
|
allow: false
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
default: {{ matrix_mautrix_discord_bridge_encryption_default|to_json }}
|
default: false
|
||||||
# Options for automatic key sharing.
|
# Options for automatic key sharing.
|
||||||
key_sharing:
|
key_sharing:
|
||||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||||
# You must use a client that supports requesting keys from other users to use this feature.
|
# You must use a client that supports requesting keys from other users to use this feature.
|
||||||
allow: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow|to_json }}
|
allow: false
|
||||||
# Require the requesting device to have a valid cross-signing signature?
|
# Require the requesting device to have a valid cross-signing signature?
|
||||||
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
||||||
# Not yet implemented.
|
# Not yet implemented.
|
||||||
|
@ -9,8 +9,8 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
|
|||||||
matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
|
matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
|
||||||
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
|
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
|
||||||
|
|
||||||
matrix_mautrix_signal_version: v0.4.3
|
matrix_mautrix_signal_version: v0.4.2
|
||||||
matrix_mautrix_signal_daemon_version: 0.23.2
|
matrix_mautrix_signal_daemon_version: 0.23.1
|
||||||
# See: https://mau.dev/mautrix/signal/container_registry
|
# See: https://mau.dev/mautrix/signal/container_registry
|
||||||
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}"
|
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}"
|
||||||
matrix_mautrix_signal_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signal_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_signal_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signal_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
@ -152,7 +152,7 @@ matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml
|
|||||||
|
|
||||||
matrix_mautrix_signal_log_level: 'DEBUG'
|
matrix_mautrix_signal_log_level: 'DEBUG'
|
||||||
|
|
||||||
matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
matrix_mautrix_signal_bridge_encryption_allow: false
|
||||||
matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
|
matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
|
||||||
matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
|
matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
|
||||||
|
|
||||||
|
@ -133,6 +133,6 @@ matrix_mautrix_slack_registration_yaml: |
|
|||||||
matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"
|
matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
# Enable End-to-bridge encryption
|
||||||
matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
matrix_mautrix_slack_bridge_encryption_allow: false
|
||||||
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
|
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
|
||||||
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
|
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
|
||||||
|
@ -17,7 +17,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
|
|||||||
matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
|
matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
|
||||||
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
|
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
|
||||||
|
|
||||||
matrix_mautrix_telegram_version: v0.14.0
|
matrix_mautrix_telegram_version: v0.13.0
|
||||||
# See: https://mau.dev/mautrix/telegram/container_registry
|
# See: https://mau.dev/mautrix/telegram/container_registry
|
||||||
matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
|
matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
|
||||||
matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
@ -166,6 +166,6 @@ matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
|
|||||||
matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
|
matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
# Enable End-to-bridge encryption
|
||||||
matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
matrix_mautrix_telegram_bridge_encryption_allow: false
|
||||||
matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
|
matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
|
||||||
matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
|
matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
|
||||||
|
@ -8,7 +8,7 @@ matrix_mautrix_twitter_container_image_self_build: false
|
|||||||
matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"
|
matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"
|
||||||
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
|
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
|
||||||
|
|
||||||
matrix_mautrix_twitter_version: v0.1.6
|
matrix_mautrix_twitter_version: v0.1.5
|
||||||
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
|
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
|
||||||
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
|
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
|
||||||
matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
@ -127,8 +127,3 @@ matrix_mautrix_twitter_registration_yaml: |
|
|||||||
de.sorunome.msc2409.push_ephemeral: true
|
de.sorunome.msc2409.push_ephemeral: true
|
||||||
|
|
||||||
matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}"
|
matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
|
||||||
matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
|
||||||
matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"
|
|
||||||
matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"
|
|
||||||
|
@ -126,15 +126,15 @@ bridge:
|
|||||||
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
|
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption
|
||||||
encryption:
|
encryption:
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
allow: {{ matrix_mautrix_twitter_bridge_encryption_allow|to_json }}
|
allow: false
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
default: {{ matrix_mautrix_twitter_bridge_encryption_default|to_json }}
|
default: false
|
||||||
# Options for automatic key sharing.
|
# Options for automatic key sharing.
|
||||||
key_sharing:
|
key_sharing:
|
||||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||||
# You must use a client that supports requesting keys from other users to use this feature.
|
# You must use a client that supports requesting keys from other users to use this feature.
|
||||||
allow: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow|to_json }}
|
allow: false
|
||||||
# Require the requesting device to have a valid cross-signing signature?
|
# Require the requesting device to have a valid cross-signing signature?
|
||||||
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
# This doesn't require that the bridge has verified the device, only that the user has verified it.
|
||||||
# Not yet implemented.
|
# Not yet implemented.
|
||||||
|
@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
|
|||||||
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
|
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
|
||||||
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
|
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
|
||||||
|
|
||||||
matrix_mautrix_whatsapp_version: v0.8.5
|
matrix_mautrix_whatsapp_version: v0.8.3
|
||||||
# See: https://mau.dev/mautrix/whatsapp/container_registry
|
# See: https://mau.dev/mautrix/whatsapp/container_registry
|
||||||
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
|
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
|
||||||
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
@ -97,7 +97,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map:
|
|||||||
"{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}"
|
"{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}"
|
||||||
|
|
||||||
# Enable End-to-bridge encryption
|
# Enable End-to-bridge encryption
|
||||||
matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
matrix_mautrix_whatsapp_bridge_encryption_allow: false
|
||||||
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
|
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
|
||||||
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
|
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true
|
|||||||
matrix_client_cinny_container_image_self_build: false
|
matrix_client_cinny_container_image_self_build: false
|
||||||
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
|
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
|
||||||
|
|
||||||
matrix_client_cinny_version: v2.2.6
|
matrix_client_cinny_version: v2.2.4
|
||||||
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
|
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
|
||||||
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
|
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
|
||||||
|
@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
|
|||||||
# - https://github.com/vector-im/element-web/issues/19544
|
# - https://github.com/vector-im/element-web/issues/19544
|
||||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||||
|
|
||||||
matrix_client_element_version: v1.11.31
|
matrix_client_element_version: v1.11.25
|
||||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }},
|
"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }},
|
||||||
"bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }},
|
"bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }},
|
||||||
"themeManifests": [
|
"themeManifests": [
|
||||||
"{{ '' if matrix_client_hydrogen_path_prefix == '/' else matrix_client_hydrogen_path_prefix }}/assets/theme-element.json"
|
"{{ matrix_client_hydrogen_path_prefix }}assets/theme-element.json"
|
||||||
],
|
],
|
||||||
"defaultTheme": {
|
"defaultTheme": {
|
||||||
"light": "element-light",
|
"light": "element-light",
|
||||||
|
@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
|
|||||||
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
|
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
|
||||||
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
|
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
|
||||||
|
|
||||||
matrix_coturn_version: 4.6.1-r3
|
matrix_coturn_version: 4.6.1-r2
|
||||||
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
|
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
|
||||||
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
||||||
|
@ -73,6 +73,7 @@
|
|||||||
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
|
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
|
||||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-coturn.service"
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-coturn.service"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
register: matrix_coturn_systemd_service_change_results
|
||||||
|
|
||||||
# This may be unnecessary when more long-lived certificates are used.
|
# This may be unnecessary when more long-lived certificates are used.
|
||||||
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
|
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
|
||||||
@ -82,6 +83,7 @@
|
|||||||
src: "{{ role_path }}/templates/systemd/{{ item }}.j2"
|
src: "{{ role_path }}/templates/systemd/{{ item }}.j2"
|
||||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}"
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
register: "matrix_coturn_systemd_service_change_results"
|
||||||
when: "matrix_coturn_tls_enabled | bool"
|
when: "matrix_coturn_tls_enabled | bool"
|
||||||
with_items:
|
with_items:
|
||||||
- matrix-coturn-reload.service
|
- matrix-coturn-reload.service
|
||||||
@ -92,7 +94,13 @@
|
|||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: absent
|
state: absent
|
||||||
|
register: "matrix_coturn_systemd_service_change_results"
|
||||||
when: "not matrix_coturn_tls_enabled | bool"
|
when: "not matrix_coturn_tls_enabled | bool"
|
||||||
with_items:
|
with_items:
|
||||||
- matrix-coturn-reload.service
|
- matrix-coturn-reload.service
|
||||||
- matrix-coturn-reload.timer
|
- matrix-coturn-reload.timer
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded if systemd units changed
|
||||||
|
ansible.builtin.service:
|
||||||
|
daemon_reload: true
|
||||||
|
when: "matrix_coturn_systemd_service_change_results.changed"
|
||||||
|
@ -4,12 +4,8 @@
|
|||||||
|
|
||||||
matrix_dendrite_enabled: true
|
matrix_dendrite_enabled: true
|
||||||
|
|
||||||
matrix_dendrite_container_image_self_build: false
|
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
|
||||||
matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/dendrite.git"
|
matrix_dendrite_docker_image_name_prefix: "docker.io/"
|
||||||
|
|
||||||
matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith"
|
|
||||||
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}"
|
|
||||||
matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}"
|
|
||||||
matrix_dendrite_docker_image_tag: "v0.12.0"
|
matrix_dendrite_docker_image_tag: "v0.12.0"
|
||||||
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
@ -21,8 +17,6 @@ matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats"
|
|||||||
matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin"
|
matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin"
|
||||||
matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"
|
matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"
|
||||||
|
|
||||||
matrix_dendrite_docker_src_files_path: "{{ matrix_dendrite_base_path }}/docker-src"
|
|
||||||
|
|
||||||
# By default, we make Dendrite only serve HTTP (not HTTPS).
|
# By default, we make Dendrite only serve HTTP (not HTTPS).
|
||||||
# HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`).
|
# HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`).
|
||||||
#
|
#
|
||||||
@ -91,14 +85,14 @@ matrix_dendrite_systemd_wanted_services_list: []
|
|||||||
# matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars/<host>/dendrite.yaml.j2"
|
# matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars/<host>/dendrite.yaml.j2"
|
||||||
matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2"
|
matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2"
|
||||||
|
|
||||||
matrix_dendrite_client_api_registration_shared_secret: ""
|
matrix_dendrite_client_api_registration_shared_secret: ''
|
||||||
matrix_dendrite_allow_guest_access: false
|
matrix_dendrite_allow_guest_access: false
|
||||||
|
|
||||||
matrix_dendrite_max_file_size_bytes: 10485760
|
matrix_dendrite_max_file_size_bytes: 10485760
|
||||||
|
|
||||||
# Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client.
|
# Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client.
|
||||||
# This is likely required if Dendrite is running behind a reverse proxy server.
|
# This is likely required if Dendrite is running behind a reverse proxy server.
|
||||||
matrix_dendrite_sync_api_real_ip_header: "X-Forwarded-For"
|
matrix_dendrite_sync_api_real_ip_header: 'X-Forwarded-For'
|
||||||
|
|
||||||
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
||||||
matrix_dendrite_tmp_directory_size_mb: 500
|
matrix_dendrite_tmp_directory_size_mb: 500
|
||||||
@ -153,7 +147,7 @@ matrix_dendrite_metrics_password: "metrics"
|
|||||||
|
|
||||||
# Postgres database information
|
# Postgres database information
|
||||||
matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}"
|
matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}"
|
||||||
matrix_dendrite_database_hostname: ""
|
matrix_dendrite_database_hostname: ''
|
||||||
matrix_dendrite_database_user: "dendrite"
|
matrix_dendrite_database_user: "dendrite"
|
||||||
matrix_dendrite_database_password: "itsasecret"
|
matrix_dendrite_database_password: "itsasecret"
|
||||||
matrix_dendrite_federation_api_database: "dendrite_federationapi"
|
matrix_dendrite_federation_api_database: "dendrite_federationapi"
|
||||||
|
@ -1,23 +1,17 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure Dendrite paths exist
|
- name: Ensure Dendrite paths exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0750
|
mode: 0750
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- path: "{{ matrix_dendrite_config_dir_path }}"
|
- "{{ matrix_dendrite_config_dir_path }}"
|
||||||
when: true
|
- "{{ matrix_dendrite_bin_path }}"
|
||||||
- path: "{{ matrix_dendrite_bin_path }}"
|
- "{{ matrix_dendrite_ext_path }}"
|
||||||
when: true
|
- "{{ matrix_dendrite_nats_storage_path }}"
|
||||||
- path: "{{ matrix_dendrite_ext_path }}"
|
|
||||||
when: true
|
|
||||||
- path: "{{ matrix_dendrite_nats_storage_path }}"
|
|
||||||
when: true
|
|
||||||
- path: "{{ matrix_dendrite_docker_src_files_path }}"
|
|
||||||
when: "{{ matrix_dendrite_container_image_self_build }}"
|
|
||||||
when: "item.when | bool"
|
|
||||||
|
|
||||||
# This will throw a Permission Denied error if already mounted using fuse
|
# This will throw a Permission Denied error if already mounted using fuse
|
||||||
- name: Check Dendrite media store path
|
- name: Check Dendrite media store path
|
||||||
@ -43,7 +37,6 @@
|
|||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}"
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}"
|
||||||
when: "not matrix_dendrite_container_image_self_build | bool"
|
|
||||||
register: result
|
register: result
|
||||||
retries: "{{ devture_playbook_help_container_retries_count }}"
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||||
@ -79,34 +72,6 @@
|
|||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
- when: "matrix_dendrite_container_image_self_build | bool"
|
|
||||||
block:
|
|
||||||
- name: Ensure Dendrite repository is present on self-build
|
|
||||||
ansible.builtin.git:
|
|
||||||
repo: "{{ matrix_dendrite_container_image_self_build_repo }}"
|
|
||||||
dest: "{{ matrix_dendrite_docker_src_files_path }}"
|
|
||||||
version: "{{ matrix_dendrite_docker_image.split(':')[1] }}"
|
|
||||||
force: "yes"
|
|
||||||
become: true
|
|
||||||
become_user: "{{ matrix_user_username }}"
|
|
||||||
register: matrix_dendrite_git_pull_results
|
|
||||||
|
|
||||||
- name: Check if Dendrite Docker image exists
|
|
||||||
ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_dendrite_docker_image }}'"
|
|
||||||
register: matrix_dendrite_docker_image_check_result
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
# Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,
|
|
||||||
# because the latter does not support BuildKit.
|
|
||||||
# See: https://github.com/ansible-collections/community.general/issues/514
|
|
||||||
- name: Ensure Dendrite Docker image is built
|
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}"
|
|
||||||
environment:
|
|
||||||
DOCKER_BUILDKIT: 1
|
|
||||||
changed_when: true
|
|
||||||
when: "matrix_dendrite_git_pull_results.changed | bool or matrix_dendrite_docker_image_check_result.stdout == ''"
|
|
||||||
|
|
||||||
- name: Ensure Dendrite container network is created
|
- name: Ensure Dendrite container network is created
|
||||||
community.general.docker_network:
|
community.general.docker_network:
|
||||||
name: "{{ matrix_dendrite_container_network }}"
|
name: "{{ matrix_dendrite_container_network }}"
|
||||||
|
320
roles/custom/matrix-jitsi/defaults/main.yml
Normal file
320
roles/custom/matrix-jitsi/defaults/main.yml
Normal file
@ -0,0 +1,320 @@
|
|||||||
|
---
|
||||||
|
# Project source code URL: https://github.com/jitsi/docker-jitsi-meet
|
||||||
|
|
||||||
|
matrix_jitsi_enabled: true
|
||||||
|
|
||||||
|
matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
|
||||||
|
|
||||||
|
matrix_jitsi_enable_auth: false
|
||||||
|
matrix_jitsi_enable_guests: false
|
||||||
|
matrix_jitsi_enable_recording: false
|
||||||
|
matrix_jitsi_enable_transcriptions: false
|
||||||
|
matrix_jitsi_enable_jaas_components: false
|
||||||
|
matrix_jitsi_enable_p2p: true
|
||||||
|
matrix_jitsi_enable_av_moderation: true
|
||||||
|
matrix_jitsi_enable_breakout_rooms: true
|
||||||
|
matrix_jitsi_disable_gravatar: true
|
||||||
|
|
||||||
|
# Authentication type, must be one of internal, jwt, matrix or ldap.
|
||||||
|
# Currently, only internal, matrix and ldap mechanisms are supported by this playbook.
|
||||||
|
# matrix auth verifies against matrix openID, and requires a user-verification-service to run.
|
||||||
|
matrix_jitsi_auth_type: internal
|
||||||
|
|
||||||
|
# A list of Jitsi (Prosody) accounts to create using the internal authentication mechanism.
|
||||||
|
#
|
||||||
|
# Accounts added here and subsequently removed will not be automatically removed
|
||||||
|
# from the Prosody server until user account cleaning is integrated into the playbook.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# matrix_jitsi_prosody_auth_internal_accounts:
|
||||||
|
# - username: "jitsi-moderator"
|
||||||
|
# password: "secret-password"
|
||||||
|
# - username: "another-user"
|
||||||
|
# password: "another-password"
|
||||||
|
matrix_jitsi_prosody_auth_internal_accounts: []
|
||||||
|
|
||||||
|
# Configuration options for LDAP authentication. For details see upstream:
|
||||||
|
# https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
|
||||||
|
# Defaults are taken from:
|
||||||
|
# https://github.com/jitsi/docker-jitsi-meet/blob/master/prosody/rootfs/defaults/saslauthd.conf
|
||||||
|
matrix_jitsi_ldap_url: ""
|
||||||
|
matrix_jitsi_ldap_base: ""
|
||||||
|
matrix_jitsi_ldap_binddn: ""
|
||||||
|
matrix_jitsi_ldap_bindpw: ""
|
||||||
|
matrix_jitsi_ldap_filter: "uid=%u"
|
||||||
|
matrix_jitsi_ldap_auth_method: "bind"
|
||||||
|
matrix_jitsi_ldap_version: "3"
|
||||||
|
matrix_jitsi_ldap_use_tls: false
|
||||||
|
matrix_jitsi_ldap_tls_ciphers: ""
|
||||||
|
matrix_jitsi_ldap_tls_check_peer: false
|
||||||
|
matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
|
||||||
|
matrix_jitsi_ldap_start_tls: false
|
||||||
|
|
||||||
|
# Auth type: matrix
|
||||||
|
matrix_jitsi_prosody_auth_matrix_user_verification_repo_location: "https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification"
|
||||||
|
matrix_jitsi_prosody_auth_matrix_user_verification_repo_target: "{{ matrix_jitsi_prosody_ext_path }}/prosody_auth_matrix_user_verification"
|
||||||
|
matrix_jitsi_prosody_auth_matrix_user_verification_repo_version: "2839499cb03894d8cfc3e5b2219441427cb133d8" # v1.8.0
|
||||||
|
matrix_jitsi_prosody_auth_matrix_uvs_sync_power_levels: true
|
||||||
|
matrix_jitsi_prosody_auth_matrix_uvs_location: ""
|
||||||
|
# Should match domain, see https://github.com/vector-im/element-web/pull/15114/commits/0410a6b3be82a41457275e4d1ce879dea146e092
|
||||||
|
matrix_jitsi_prosody_auth_matrix_jwt_app_id: "{{ matrix_server_fqn_jitsi }}"
|
||||||
|
matrix_jitsi_prosody_auth_matrix_files:
|
||||||
|
- path: "mod_auth_matrix_user_verification.lua"
|
||||||
|
when: true
|
||||||
|
- path: "mod_matrix_power_sync.lua"
|
||||||
|
when: "{{ matrix_jitsi_prosody_auth_matrix_uvs_sync_power_levels }}"
|
||||||
|
|
||||||
|
# Plugged in group_vars
|
||||||
|
matrix_jitsi_prosody_auth_matrix_uvs_auth_token: ''
|
||||||
|
|
||||||
|
matrix_jitsi_timezone: UTC
|
||||||
|
|
||||||
|
matrix_jitsi_xmpp_domain: meet.jitsi
|
||||||
|
matrix_jitsi_xmpp_server: xmpp.meet.jitsi
|
||||||
|
matrix_jitsi_xmpp_auth_domain: auth.meet.jitsi
|
||||||
|
matrix_jitsi_xmpp_bosh_url_base: http://{{ matrix_jitsi_xmpp_server }}:5280
|
||||||
|
matrix_jitsi_xmpp_guest_domain: guest.meet.jitsi
|
||||||
|
matrix_jitsi_xmpp_muc_domain: muc.meet.jitsi
|
||||||
|
matrix_jitsi_xmpp_internal_muc_domain: internal-muc.meet.jitsi
|
||||||
|
matrix_jitsi_xmpp_modules: ''
|
||||||
|
|
||||||
|
matrix_jitsi_recorder_domain: recorder.meet.jitsi
|
||||||
|
|
||||||
|
|
||||||
|
matrix_jitsi_jibri_brewery_muc: jibribrewery
|
||||||
|
matrix_jitsi_jibri_pending_timeout: 90
|
||||||
|
matrix_jitsi_jibri_xmpp_user: jibri
|
||||||
|
matrix_jitsi_jibri_xmpp_password: ''
|
||||||
|
matrix_jitsi_jibri_recorder_user: recorder
|
||||||
|
matrix_jitsi_jibri_recorder_password: ''
|
||||||
|
|
||||||
|
matrix_jitsi_enable_lobby: false
|
||||||
|
|
||||||
|
matrix_jitsi_version: stable-8319
|
||||||
|
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
|
||||||
|
|
||||||
|
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
|
||||||
|
matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
|
||||||
|
matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config"
|
||||||
|
matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts"
|
||||||
|
matrix_jitsi_web_crontabs_path: "{{ matrix_jitsi_web_base_path }}/crontabs"
|
||||||
|
|
||||||
|
matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
|
||||||
|
|
||||||
|
# STUN servers used in the web UI. Feel free to point them to your own STUN server.
|
||||||
|
# Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`.
|
||||||
|
matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443']
|
||||||
|
|
||||||
|
# Setting up TURN
|
||||||
|
# Default set with Coturn container
|
||||||
|
matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}"
|
||||||
|
matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}"
|
||||||
|
matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}"
|
||||||
|
matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}"
|
||||||
|
matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}"
|
||||||
|
matrix_jitsi_turn_transport: tcp
|
||||||
|
|
||||||
|
# Controls whether Etherpad will be available within Jitsi
|
||||||
|
matrix_jitsi_etherpad_enabled: false
|
||||||
|
|
||||||
|
# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:13080"), or empty string to not expose.
|
||||||
|
matrix_jitsi_web_container_http_host_bind_port: ''
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_jitsi_web_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-jitsi-web.service depends on
|
||||||
|
matrix_jitsi_web_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
|
||||||
|
# Custom configuration to be appended to `interface_config.js`, passed to Jitsi Web.
|
||||||
|
#
|
||||||
|
# Note: not to be confused with `matrix_jitsi_web_custom_config_extension`.
|
||||||
|
#
|
||||||
|
# For interface configuration, the flow is like this:
|
||||||
|
# - a default `interface_config.js` is generated from within the docker image
|
||||||
|
# - the contents of `matrix_jitsi_web_custom_interface_config_extension` is appended and can define new settings or override defaults.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# matrix_jitsi_web_custom_interface_config_extension: |
|
||||||
|
# interfaceConfig.LANG_DETECTION = false;
|
||||||
|
# interfaceConfig.SHOW_JITSI_WATERMARK = false;
|
||||||
|
# interfaceConfig.DISABLE_VIDEO_BACKGROUND = true;
|
||||||
|
matrix_jitsi_web_custom_interface_config_extension: ''
|
||||||
|
|
||||||
|
|
||||||
|
# Controls after which participant audio will be muted. If not specified, defaults to Jitsi's default value (likely 10)
|
||||||
|
matrix_jitsi_web_config_start_audio_muted_after_nth_participant: ~
|
||||||
|
# Controls after which participant video will be muted. If not specified, defaults to Jitsi's default value (likely 10)
|
||||||
|
matrix_jitsi_web_config_start_video_muted_after_nth_participant: ~
|
||||||
|
|
||||||
|
matrix_jitsi_web_config_defaultLanguage: 'en' # noqa var-naming
|
||||||
|
|
||||||
|
# Ideal and also maximum resolution width. If not specified, defaults to Jitsi's default value (likely 1280)
|
||||||
|
matrix_jitsi_web_config_resolution_width_ideal_and_max: ~
|
||||||
|
# Minimum resolution width. If not specified, defaults to Jitsi's default value (likely 320)
|
||||||
|
matrix_jitsi_web_config_resolution_width_min: ~
|
||||||
|
# Ideal and also maximum resolution height. If not specified, defaults to Jitsi's default value (likely 720)
|
||||||
|
matrix_jitsi_web_config_resolution_height_ideal_and_max: ~
|
||||||
|
# Minimum resolution height. If not specified, defaults to Jitsi's default value (likely 180)
|
||||||
|
matrix_jitsi_web_config_resolution_height_min: ~
|
||||||
|
|
||||||
|
# Custom configuration to be injected into `custom-config.js`, passed to Jitsi Web.
|
||||||
|
# This configuration gets appended to the final configuration that Jitsi Web uses.
|
||||||
|
#
|
||||||
|
# Note: not to be confused with `matrix_jitsi_web_custom_interface_config_extension`.
|
||||||
|
#
|
||||||
|
# The flow is like this:
|
||||||
|
# - some default configuration is automatically generated based on the environment variables passed to the Jitsi Web container
|
||||||
|
# - the contents of `custom-config.js` is appended to it (see `templates/web/custom-config.js.j2`)
|
||||||
|
# - said `custom-config.js` contains your custom contents specified in `matrix_jitsi_web_custom_config_extension`.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# matrix_jitsi_web_custom_config_extension: |
|
||||||
|
# if (!config.hasOwnProperty('testing')) config.testing = {};
|
||||||
|
# config.testing.p2pTestMode = true
|
||||||
|
matrix_jitsi_web_custom_config_extension: ''
|
||||||
|
|
||||||
|
# Additional environment variables to pass to the Jitsi Web container.
|
||||||
|
# You can use this to further influence the default configuration generated by the Jitsi Web container on every startup.
|
||||||
|
# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
|
||||||
|
# by using `matrix_jitsi_web_custom_config_extension`.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# matrix_jitsi_web_environment_variables_extension: |
|
||||||
|
# ENABLE_FILE_RECORDING_SERVICE=1
|
||||||
|
# DROPBOX_APPKEY=something
|
||||||
|
# DROPBOX_REDIRECT_URI=something
|
||||||
|
matrix_jitsi_web_environment_variables_extension: ''
|
||||||
|
|
||||||
|
|
||||||
|
matrix_jitsi_prosody_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/prosody:{{ matrix_jitsi_container_image_tag }}"
|
||||||
|
matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
|
||||||
|
matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config"
|
||||||
|
matrix_jitsi_prosody_plugins_path: "{{ matrix_jitsi_prosody_base_path }}/prosody-plugins-custom"
|
||||||
|
matrix_jitsi_prosody_ext_path: "{{ matrix_jitsi_prosody_base_path }}/ext"
|
||||||
|
|
||||||
|
# well known is currently only needed for auth type "matrix"
|
||||||
|
matrix_jitsi_require_well_known: "{{ matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == 'matrix' }}"
|
||||||
|
matrix_jitsi_wellknown_element_jitsi_json: '{"auth": "openidtoken-jwt"}'
|
||||||
|
|
||||||
|
#
|
||||||
|
matrix_jitsi_muc_modules: |
|
||||||
|
{{
|
||||||
|
(['matrix_power_sync'] if matrix_jitsi_prosody_auth_matrix_uvs_sync_power_levels | bool else [])
|
||||||
|
}}
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_jitsi_prosody_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-jitsi-prosody.service depends on
|
||||||
|
matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
# Neccessary Port binding for those disabling the integrated nginx proxy
|
||||||
|
matrix_jitsi_prosody_container_http_host_bind_port: ''
|
||||||
|
|
||||||
|
matrix_jitsi_prosody_container_jvb_host_bind_port: 5222
|
||||||
|
|
||||||
|
matrix_jitsi_jicofo_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
|
||||||
|
matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
|
||||||
|
matrix_jitsi_jicofo_config_path: "{{ matrix_jitsi_jicofo_base_path }}/config"
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_jitsi_jicofo_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-jitsi-jicofo.service depends on
|
||||||
|
matrix_jitsi_jicofo_systemd_required_services_list: ['docker.service', 'matrix-jitsi-prosody.service']
|
||||||
|
|
||||||
|
matrix_jitsi_jicofo_component_secret: ''
|
||||||
|
matrix_jitsi_jicofo_auth_user: focus
|
||||||
|
matrix_jitsi_jicofo_auth_password: ''
|
||||||
|
|
||||||
|
# To enable Sentry integration for Jicofo, specify a valid DSN connection string
|
||||||
|
matrix_jitsi_jicofo_sentry_dsn: ''
|
||||||
|
|
||||||
|
matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
|
||||||
|
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
|
||||||
|
matrix_jitsi_jvb_config_path: "{{ matrix_jitsi_jvb_base_path }}/config"
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_jitsi_jvb_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-jitsi-jvb.service depends on
|
||||||
|
matrix_jitsi_jvb_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
matrix_jitsi_jvb_auth_user: jvb
|
||||||
|
matrix_jitsi_jvb_auth_password: ''
|
||||||
|
|
||||||
|
# To enable Sentry integration for JVB, specify a valid DSN connection string
|
||||||
|
matrix_jitsi_jvb_sentry_dsn: ''
|
||||||
|
|
||||||
|
# STUN servers used by JVB on the server-side, so it can discover its own external IP address.
|
||||||
|
# Pointing this to a STUN server running on the same Docker network may lead to incorrect IP address discovery.
|
||||||
|
matrix_jitsi_jvb_stun_servers: ['meet-jit-si-turnrelay.jitsi.net:443']
|
||||||
|
|
||||||
|
matrix_jitsi_jvb_brewery_muc: jvbbrewery
|
||||||
|
matrix_jitsi_jvb_rtp_udp_port: 10000
|
||||||
|
matrix_jitsi_jvb_rtp_tcp_port: 4443
|
||||||
|
matrix_jitsi_jvb_server_id: 'jvb-1'
|
||||||
|
|
||||||
|
|
||||||
|
# Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
|
||||||
|
# This configuration gets appended to the final configuration that Jitsi JVB uses.
|
||||||
|
#
|
||||||
|
# The flow is like this:
|
||||||
|
# - some default configuration is automatically generated based on the environment variables passed to the Jitsi JVB container
|
||||||
|
# - the contents of `custom-sip-communicator.properties` is appended to it (see `templates/jvb/custom-sip-communicator.properties.j2`)
|
||||||
|
# - said `custom-sip-communicator.properties` contains your custom contents specified in `matrix_jitsi_jvb_custom_config_extension`.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# matrix_jitsi_jvb_custom_config_extension: |
|
||||||
|
# org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=false
|
||||||
|
# org.jitsi.videobridge.ENABLE_STATISTICS=false
|
||||||
|
matrix_jitsi_jvb_custom_config_extension: ''
|
||||||
|
|
||||||
|
# Additional environment variables to pass to the Jitsi JVB container.
|
||||||
|
# You can use this to further influence the default configuration generated by the Jitsi JVB container on every startup.
|
||||||
|
# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
|
||||||
|
# by using `matrix_jitsi_jvb_custom_config_extension`.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# matrix_jitsi_jvb_environment_variables_extension: |
|
||||||
|
# SOME_VARIABLE=1
|
||||||
|
# ANOTHER_VARIABLE=something
|
||||||
|
matrix_jitsi_jvb_environment_variables_extension: ''
|
||||||
|
|
||||||
|
# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:10000"), or empty string to not expose.
|
||||||
|
matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_port }}"
|
||||||
|
|
||||||
|
# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/4443 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
|
||||||
|
matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"
|
||||||
|
|
||||||
|
# Controls whether the matrix-jitsi-jvb container exposes its Colibri WebSocket port (tcp/9090 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12090"), or empty string to not expose.
|
||||||
|
matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''
|
||||||
|
|
||||||
|
# Default max participants to the empty string
|
||||||
|
#
|
||||||
|
# The setting requires an integer to be set for usage and allows a user to specify the max number of particpants on a conference.
|
||||||
|
matrix_prosody_jitsi_max_participants: ''
|
||||||
|
|
||||||
|
# Allows abailty to set XMPP AUTH user if using JIGASI
|
||||||
|
matrix_jitsi_jigasi_xmpp_user: ''
|
||||||
|
# Allows abailty to set XMPP AUTH pasword if using JIGASI
|
||||||
|
matrix_jitsi_jigasi_xmpp_password: ''
|
5
roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
Normal file
5
roles/custom/matrix-jitsi/tasks/init_additional_jvb.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- ansible.builtin.set_fact:
|
||||||
|
devture_systemd_service_manager_services_list_auto: "{{ [{'name': 'matrix-jitsi-jvb.service', 'priority': 1000, 'groups': ['matrix', 'jitsi', 'jitsi-jvb']}] }}"
|
||||||
|
when: matrix_jitsi_enabled | bool
|
75
roles/custom/matrix-jitsi/tasks/main.yml
Normal file
75
roles/custom/matrix-jitsi/tasks/main.yml
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- setup-additional-jitsi-jvb
|
||||||
|
- install-additional-jitsi-jvb
|
||||||
|
block:
|
||||||
|
- when: matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/init_additional_jvb.yml"
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-jitsi
|
||||||
|
- setup-additional-jitsi-jvb
|
||||||
|
- install-all
|
||||||
|
- install-jitsi
|
||||||
|
- install-additional-jitsi-jvb
|
||||||
|
block:
|
||||||
|
- when: matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
|
||||||
|
- when: matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_base.yml"
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-jitsi
|
||||||
|
- install-all
|
||||||
|
- install-jitsi
|
||||||
|
block:
|
||||||
|
- when: matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_install.yml"
|
||||||
|
|
||||||
|
- when: matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_install.yml"
|
||||||
|
|
||||||
|
- when: matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_install.yml"
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-jitsi
|
||||||
|
block:
|
||||||
|
- when: not matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_web_uninstall.yml"
|
||||||
|
|
||||||
|
- when: not matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_prosody_uninstall.yml"
|
||||||
|
|
||||||
|
- when: not matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jicofo_uninstall.yml"
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-jitsi
|
||||||
|
- setup-additional-jitsi-jvb
|
||||||
|
- install-all
|
||||||
|
- install-jitsi
|
||||||
|
- install-additional-jitsi-jvb
|
||||||
|
block:
|
||||||
|
- when: matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_install.yml"
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-jitsi
|
||||||
|
- setup-additional-jitsi-jvb
|
||||||
|
block:
|
||||||
|
- when: not matrix_jitsi_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_jitsi_jvb_uninstall.yml"
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- self-check
|
||||||
|
block:
|
||||||
|
- when: matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == 'matrix'
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_matrix_auth.yml"
|
63
roles/custom/matrix-jitsi/tasks/self_check_matrix_auth.yml
Normal file
63
roles/custom/matrix-jitsi/tasks/self_check_matrix_auth.yml
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- ansible.builtin.set_fact:
|
||||||
|
matrix_jitsi_prosody_self_check_uvs_health_url: "{{ matrix_jitsi_prosody_auth_matrix_uvs_location }}/health"
|
||||||
|
matrix_jitsi_element_jitsi_well_known_url: "{{ matrix_jitsi_web_public_url }}/.well-known/element/jitsi"
|
||||||
|
|
||||||
|
- name: Check if jitsi serves the .well-known/element/jitsi
|
||||||
|
ansible.builtin.uri:
|
||||||
|
url: "{{ matrix_jitsi_element_jitsi_well_known_url }}"
|
||||||
|
follow_redirects: none
|
||||||
|
return_content: true
|
||||||
|
validate_certs: "{{ matrix_jitsi_self_check_validate_certificates }}"
|
||||||
|
headers:
|
||||||
|
Origin: example.com
|
||||||
|
check_mode: false
|
||||||
|
register: result_well_known_jitsi_element_jitsi
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: Fail if .well-known not working
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: |
|
||||||
|
Failed checking that the Jitsi well-known file for Element auth is configured at `{{ matrix_jitsi_element_jitsi_well_known_url }}`
|
||||||
|
Full error: {{ result_well_known_jitsi_element_jitsi }}
|
||||||
|
when: "result_well_known_jitsi_element_jitsi.failed"
|
||||||
|
|
||||||
|
- name: Parse JSON for well-known payload at the matrix hostname
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
well_known_matrix_payload: "{{ result_well_known_jitsi_element_jitsi.content | from_json }}"
|
||||||
|
|
||||||
|
- name: Fail if .well-known not CORS-aware
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: "The well-known file on `{{ matrix_jitsi_element_jitsi_well_known_url }}` is not CORS-aware. The file needs to be served with an Access-Control-Allow-Origin header set."
|
||||||
|
when: "'access_control_allow_origin' not in result_well_known_jitsi_element_jitsi"
|
||||||
|
|
||||||
|
- name: Report working .well-known
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "well-known is configured correctly at `{{ matrix_jitsi_element_jitsi_well_known_url }}`"
|
||||||
|
|
||||||
|
- name: Check if we can reach the user verification service and if it's healthy
|
||||||
|
ansible.builtin.command:
|
||||||
|
argv:
|
||||||
|
- "docker"
|
||||||
|
- "exec"
|
||||||
|
- "matrix-jitsi-prosody"
|
||||||
|
- "wget"
|
||||||
|
- "-O"
|
||||||
|
- "-"
|
||||||
|
- "--quiet"
|
||||||
|
- "{{ matrix_jitsi_prosody_self_check_uvs_health_url | quote }}"
|
||||||
|
register: matrix_jitsi_prosody_self_check_uvs_result
|
||||||
|
changed_when: false
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: Fail if user verification service is not (reachable and healthy)
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: |
|
||||||
|
Failed checking user verification service is up (checked endpoint: `{{ matrix_jitsi_prosody_self_check_uvs_health_url }}`).
|
||||||
|
Full error: {{ matrix_jitsi_prosody_self_check_uvs_result }}
|
||||||
|
when: "matrix_jitsi_prosody_self_check_uvs_result.failed"
|
||||||
|
|
||||||
|
- name: Report healthy user verification service
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "User verification service is working (checked endpoint: `{{ matrix_jitsi_prosody_self_check_uvs_health_url }}`)"
|
16
roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml
Normal file
16
roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- ansible.builtin.include_role:
|
||||||
|
name: custom/matrix-base
|
||||||
|
tasks_from: ensure_openssl_installed
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi base path exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_jitsi_base_path }}", when: true}
|
||||||
|
when: item.when | bool
|
@ -0,0 +1,51 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi-jicofo path exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_jitsi_jicofo_base_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_jitsi_jicofo_config_path }}", when: true}
|
||||||
|
when: item.when | bool
|
||||||
|
|
||||||
|
- name: Ensure jitsi-jicofo Docker image is pulled
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ matrix_jitsi_jicofo_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}"
|
||||||
|
register: result
|
||||||
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||||
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||||
|
until: result is not failed
|
||||||
|
|
||||||
|
- name: Ensure jitsi-jicofo environment variables file created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/jicofo/env.j2"
|
||||||
|
dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
when: matrix_jitsi_enabled | bool
|
||||||
|
|
||||||
|
- name: Ensure jitsi-jicofo configuration files created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
|
||||||
|
dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- sip-communicator.properties
|
||||||
|
- logging.properties
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-jicofo.service installed
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2"
|
||||||
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_jitsi_jicofo_systemd_service_result
|
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Check existence of matrix-jitsi-jicofo service
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
|
||||||
|
register: matrix_jitsi_jicofo_service_stat
|
||||||
|
|
||||||
|
- when: matrix_jitsi_jicofo_service_stat.stat.exists | bool
|
||||||
|
block:
|
||||||
|
- name: Ensure matrix-jitsi-jicofo is stopped
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: matrix-jitsi-jicofo
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-jicofo.service doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi-jicofo paths doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ matrix_jitsi_jicofo_base_path }}"
|
||||||
|
state: absent
|
49
roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_install.yml
Normal file
49
roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb_install.yml
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi-jvb path exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_jitsi_jvb_base_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_jitsi_jvb_config_path }}", when: true}
|
||||||
|
when: item.when | bool
|
||||||
|
|
||||||
|
- name: Ensure jitsi-jvb Docker image is pulled
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ matrix_jitsi_jvb_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}"
|
||||||
|
register: result
|
||||||
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||||
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||||
|
until: result is not failed
|
||||||
|
|
||||||
|
- name: Ensure jitsi-jvb configuration files created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
|
||||||
|
dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- custom-sip-communicator.properties
|
||||||
|
- logging.properties
|
||||||
|
|
||||||
|
- name: Ensure jitsi-jvb environment variables file created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/jvb/env.j2"
|
||||||
|
dest: "{{ matrix_jitsi_jvb_base_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-jvb.service installed
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2"
|
||||||
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
|
||||||
|
mode: 0644
|
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Check existence of matrix-jitsi-jvb service
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
|
||||||
|
register: matrix_jitsi_jvb_service_stat
|
||||||
|
|
||||||
|
- when: matrix_jitsi_jvb_service_stat.stat.exists | bool
|
||||||
|
block:
|
||||||
|
- name: Ensure matrix-jitsi-jvb is stopped
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: matrix-jitsi-jvb
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-jvb.service doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi-jvb paths doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ matrix_jitsi_jvb_base_path }}"
|
||||||
|
state: absent
|
@ -0,0 +1,85 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi-prosody environment exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_jitsi_prosody_base_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_jitsi_prosody_config_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_jitsi_prosody_ext_path }}", when: true}
|
||||||
|
when: item.when | bool
|
||||||
|
|
||||||
|
- name: Ensure jitsi-prosody Docker image is pulled
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ matrix_jitsi_prosody_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
|
||||||
|
register: result
|
||||||
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||||
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||||
|
until: result is not failed
|
||||||
|
|
||||||
|
- name: Ensure jitsi-prosody environment variables file is created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/prosody/env.j2"
|
||||||
|
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
# Configure matrix authentication.
|
||||||
|
- name: Install user verification plugin
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "{{ role_path }}/tasks/util/setup_jitsi_auth_uvs_install.yml"
|
||||||
|
when: matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == "matrix"
|
||||||
|
|
||||||
|
- name: Manage Jitsi .well-known
|
||||||
|
when: matrix_jitsi_require_well_known | bool
|
||||||
|
block:
|
||||||
|
- name: Ensure .well-known directories exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0775
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_static_files_base_path }}/.well-known/element", when: "{{ matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == 'matrix' }}"}
|
||||||
|
when: item.when | bool
|
||||||
|
|
||||||
|
# Create .well-known/element/jitsi in the static file directory for nginx-proxy.
|
||||||
|
- name: Ensure Jitsi /.well-known/element/jitsi configured
|
||||||
|
ansible.builtin.copy:
|
||||||
|
content: "{{ matrix_jitsi_wellknown_element_jitsi_json }}"
|
||||||
|
dest: "{{ matrix_static_files_base_path }}/.well-known/element/jitsi"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
when: matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == "matrix"
|
||||||
|
# END Block
|
||||||
|
|
||||||
|
# Remove matrix authentication if disabled
|
||||||
|
- name: Ensure user verification plugin is not present if matrix auth is disabled
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "{{ role_path }}/tasks/util/setup_jitsi_auth_uvs_uninstall.yml"
|
||||||
|
when: (not matrix_jitsi_enable_auth | bool) or (matrix_jitsi_auth_type != "matrix")
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-prosody.service file is installed
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
|
||||||
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_jitsi_prosody_systemd_service_result
|
||||||
|
|
||||||
|
# Tasks that require a running prosody container are called in this file.
|
||||||
|
- name: Run prosody related tasks, that require a running container.
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "{{ role_path }}/tasks/util/setup_jitsi_prosody_post_setup_hooks.yml"
|
||||||
|
when:
|
||||||
|
- matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == "internal"
|
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Check if matrix-jitsi-prosody.service file exists
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
|
||||||
|
register: matrix_jitsi_prosody_service_stat
|
||||||
|
|
||||||
|
- when: matrix_jitsi_prosody_service_stat.stat.exists | bool
|
||||||
|
block:
|
||||||
|
- name: Ensure matrix-jitsi-prosody is stopped
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: matrix-jitsi-prosody
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-prosody.service file doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi-prosody paths doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ matrix_jitsi_prosody_base_path }}"
|
||||||
|
state: absent
|
52
roles/custom/matrix-jitsi/tasks/setup_jitsi_web_install.yml
Normal file
52
roles/custom/matrix-jitsi/tasks/setup_jitsi_web_install.yml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi-web path exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_jitsi_web_base_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_jitsi_web_config_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_jitsi_web_transcripts_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_jitsi_web_crontabs_path }}", when: true}
|
||||||
|
when: item.when | bool
|
||||||
|
|
||||||
|
- name: Ensure jitsi-web Docker image is pulled
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ matrix_jitsi_web_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}"
|
||||||
|
register: result
|
||||||
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||||
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||||
|
until: result is not failed
|
||||||
|
|
||||||
|
- name: Ensure jitsi-web environment variables file created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/web/env.j2"
|
||||||
|
dest: "{{ matrix_jitsi_web_base_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Ensure jitsi-web configuration files created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/web/{{ item }}.j2"
|
||||||
|
dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- custom-config.js
|
||||||
|
- custom-interface_config.js
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-web.service installed
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2"
|
||||||
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_jitsi_web_systemd_service_result
|
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Check existence of matrix-jitsi-web service
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
|
||||||
|
register: matrix_jitsi_web_service_stat
|
||||||
|
|
||||||
|
- when: matrix_jitsi_web_service_stat.stat.exists | bool
|
||||||
|
block:
|
||||||
|
- name: Ensure matrix-jitsi-web is stopped
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: matrix-jitsi-web
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-web.service doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Ensure Matrix jitsi-web paths doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ matrix_jitsi_web_base_path }}"
|
||||||
|
state: absent
|
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
#
|
||||||
|
# Tasks related to configuring Jitsi internal authentication on a running prosody instance.
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Ensure Jitsi internal authentication users are configured
|
||||||
|
ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}"
|
||||||
|
with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}"
|
||||||
|
when:
|
||||||
|
- matrix_jitsi_prosody_auth_internal_accounts|length > 0
|
||||||
|
register: matrix_jitsi_user_configuration_result
|
||||||
|
changed_when: matrix_jitsi_user_configuration_result.rc == 0
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to clean up after configuring internal authentication.
|
||||||
|
#
|
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Checkout Prosody Auth Matrix User Verification Plugin Repo
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_location }}"
|
||||||
|
dest: "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_target }}"
|
||||||
|
version: "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_version }}"
|
||||||
|
become: true
|
||||||
|
become_user: "{{ matrix_user_username }}"
|
||||||
|
|
||||||
|
- name: Install Prosody Auth Matrix User Verification Plugin
|
||||||
|
ansible.builtin.copy:
|
||||||
|
remote_src: true
|
||||||
|
src: "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_target }}/{{ item.path }}"
|
||||||
|
dest: "{{ matrix_jitsi_prosody_plugins_path }}/{{ item.path }}"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items: "{{ matrix_jitsi_prosody_auth_matrix_files }}"
|
||||||
|
when: item.when | bool
|
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Remove all files regarding prosody mod auth_matrix_user_verification and .well-known/element/jitsi
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_flattened:
|
||||||
|
- "{{ matrix_static_files_base_path }}/.well-known/element/jitsi"
|
||||||
|
- "{{ matrix_jitsi_prosody_auth_matrix_user_verification_repo_target }}"
|
||||||
|
- "{{ matrix_jitsi_prosody_auth_matrix_files | map(attribute='path') | map('regex_replace', '^', matrix_jitsi_prosody_plugins_path+'/') | list }}"
|
||||||
|
register: matrix_jitsi_prosody_auth_matrix_user_verification_uninstalled
|
||||||
|
|
||||||
|
- when: matrix_jitsi_prosody_auth_matrix_user_verification_uninstalled.changed
|
||||||
|
block:
|
||||||
|
- name: Populate service facts
|
||||||
|
ansible.builtin.service_facts:
|
||||||
|
|
||||||
|
- name: Ensure prosody is restarted later on if currently running
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_jitsi_prosody_require_restart: "{{ true if ansible_facts.services['matrix-jitsi-prosody.service']['state'] == 'running' else false }}"
|
@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
#####
|
||||||
|
#
|
||||||
|
# This tasks file starts and stops (if state before was stopped) a prosody container during setup to run commands,
|
||||||
|
# that require a running prosody container.
|
||||||
|
# The task is called in ../setup_jitsi_prosody_install.yml.
|
||||||
|
#
|
||||||
|
# Important: The task is called conditionally, as to only start if really needed.
|
||||||
|
# So if you add or change anything - remember to also change the 'when' in: ../setup_jitsi_prosody_install.yml
|
||||||
|
#
|
||||||
|
#####
|
||||||
|
|
||||||
|
#
|
||||||
|
# Start Necessary Services
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Ensure matrix-jitsi-prosody container is running
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
state: "{{ 'restarted' if matrix_jitsi_prosody_require_restart | default(false) | bool else 'started' }}"
|
||||||
|
name: matrix-jitsi-prosody
|
||||||
|
register: matrix_jitsi_prosody_start_result
|
||||||
|
|
||||||
|
# If the flag was set, we can safely disable now.
|
||||||
|
- name: Disable require restart flag
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_jitsi_prosody_require_restart: false
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to configuring Jitsi internal authentication
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Ensure internal authentication is properly configured
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "{{ role_path }}/tasks/util/prosody_post_setup_hooks/setup_jitsi_auth_internal.yml"
|
||||||
|
when: matrix_jitsi_enable_auth | bool and matrix_jitsi_auth_type == "internal"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to ...
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Stop Necessary Services
|
||||||
|
#
|
||||||
|
- name: Ensure matrix-jitsi-prosody container is stopped if necessary
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
state: stopped
|
||||||
|
name: matrix-jitsi-prosody
|
||||||
|
when: matrix_jitsi_prosody_start_result.changed | bool
|
81
roles/custom/matrix-jitsi/tasks/validate_config.yml
Normal file
81
roles/custom/matrix-jitsi/tasks/validate_config.yml
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if on an unsupported architecture
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214"
|
||||||
|
when: matrix_jitsi_enabled | bool and matrix_architecture not in ['amd64', 'arm64']
|
||||||
|
|
||||||
|
- name: Fail if required Jitsi settings not defined
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
You need to define a required configuration setting (`{{ item }}`) to properly configure Jitsi.
|
||||||
|
|
||||||
|
If you're setting up Jitsi for the first time, you may have missed a step.
|
||||||
|
Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
|
||||||
|
|
||||||
|
If you had previously setup Jitsi successfully and are only now facing this error,
|
||||||
|
it means that your installation is most likely using default passwords previously defined by the playbook.
|
||||||
|
These defaults are insecure. Jitsi should be rebuilt with secure values.
|
||||||
|
Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md).
|
||||||
|
when: "vars[item] == ''"
|
||||||
|
with_items:
|
||||||
|
- "matrix_jitsi_jibri_xmpp_password"
|
||||||
|
- "matrix_jitsi_jibri_recorder_password"
|
||||||
|
- "matrix_jitsi_jicofo_auth_password"
|
||||||
|
- "matrix_jitsi_jvb_auth_password"
|
||||||
|
|
||||||
|
|
||||||
|
- name: Fail if authentication is enabled, but not properly configured.
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
You have enabled authentication, but the configured auth type is missing required configuration.
|
||||||
|
|
||||||
|
Auth type 'internal':
|
||||||
|
At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication.
|
||||||
|
If you're setting up Jitsi for the first time, you may have missed a step.
|
||||||
|
Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
|
||||||
|
|
||||||
|
Auth type 'matrix':
|
||||||
|
If you want to enable matrix_user_verification in jitsi,
|
||||||
|
please provide an auth token for the user verification service (uvs) using `matrix_jitsi_prosody_auth_matrix_uvs_auth_token`.
|
||||||
|
If the user-verfication-service is also managed by this playbook the token is derived from `matrix_homeserver_generic_secret_key` in the group vars.
|
||||||
|
when:
|
||||||
|
- matrix_jitsi_enable_auth | bool
|
||||||
|
- ((matrix_jitsi_auth_type == 'internal' and matrix_jitsi_prosody_auth_internal_accounts|length == 0)
|
||||||
|
or (matrix_jitsi_auth_type == 'matrix' and matrix_jitsi_prosody_auth_matrix_uvs_auth_token|length == 0))
|
||||||
|
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report renamed settings
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
Your configuration contains a variable, which now has a different name.
|
||||||
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
|
when: "item.old in vars"
|
||||||
|
with_items:
|
||||||
|
- {'old': 'matrix_jitsi_web_config_constraints_enabled', 'new': '<Now unnecessary. Constraints are always applied automatically>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_constraints_video_aspectRatio', 'new': '<Not applicable anymore>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_constraints_video_height_ideal', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_constraints_video_height_max', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_constraints_video_height_min', 'new': 'matrix_jitsi_web_config_resolution_height_min'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_disableAudioLevels', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_enableLayerSuspension', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_channelLastN', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_testing_p2pTestMode', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_start_with_audio_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_audio_muted_after_nth_participant>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_config_start_with_video_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_video_muted_after_nth_participant>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_show_watermark_for_guests', 'new': '<Not applicable anymore>'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_invitation_powered_by', 'new': '<Not applicable anymore>'}
|
||||||
|
- {'old': 'matrix_jisti_web_interface_config_show_deep_linking_image', 'new': 'matrix_jitsi_web_interface_config_show_deep_linking_image'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_lang_detection', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_show_jitsi_watermark', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_jitsi_watermark_link', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_show_brand_watermark', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_brand_watermark_link', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_display_welcome_page_content', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_app_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_native_app_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_provider_name', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_show_powered_by', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_disable_transcription_subtitles', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
||||||
|
- {'old': 'matrix_jitsi_web_interface_config_show_deep_linking_image', 'new': '<Deprecated, use matrix_jitsi_web_custom_interface_config_extension instead'}
|
38
roles/custom/matrix-jitsi/templates/jicofo/env.j2
Normal file
38
roles/custom/matrix-jitsi/templates/jicofo/env.j2
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
AUTH_TYPE={{ matrix_jitsi_auth_type }}
|
||||||
|
BRIDGE_AVG_PARTICIPANT_STRESS
|
||||||
|
BRIDGE_STRESS_THRESHOLD
|
||||||
|
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
|
||||||
|
ENABLE_AUTO_OWNER
|
||||||
|
ENABLE_CODEC_VP8
|
||||||
|
ENABLE_CODEC_VP9
|
||||||
|
ENABLE_CODEC_H264
|
||||||
|
ENABLE_OCTO
|
||||||
|
ENABLE_RECORDING
|
||||||
|
ENABLE_SCTP
|
||||||
|
ENABLE_AUTO_LOGIN
|
||||||
|
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
|
||||||
|
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
|
||||||
|
JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
|
||||||
|
JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
|
||||||
|
JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
|
||||||
|
JICOFO_ENABLE_HEALTH_CHECKS
|
||||||
|
JICOFO_SHORT_ID
|
||||||
|
JICOFO_RESERVATION_ENABLED
|
||||||
|
JICOFO_RESERVATION_REST_BASE_URL
|
||||||
|
JIBRI_BREWERY_MUC={{ matrix_jitsi_jibri_brewery_muc }}
|
||||||
|
JIBRI_REQUEST_RETRIES
|
||||||
|
JIBRI_PENDING_TIMEOUT={{ matrix_jitsi_jibri_pending_timeout }}
|
||||||
|
JIGASI_BREWERY_MUC
|
||||||
|
JIGASI_SIP_URI
|
||||||
|
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
|
||||||
|
MAX_BRIDGE_PARTICIPANTS
|
||||||
|
OCTO_BRIDGE_SELECTION_STRATEGY
|
||||||
|
SENTRY_DSN={{ matrix_jitsi_jicofo_sentry_dsn }}
|
||||||
|
SENTRY_ENVIRONMENT
|
||||||
|
SENTRY_RELEASE
|
||||||
|
TZ={{ matrix_jitsi_timezone }}
|
||||||
|
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
|
||||||
|
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
|
||||||
|
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
|
||||||
|
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
|
||||||
|
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
|
@ -0,0 +1,27 @@
|
|||||||
|
{% raw %}
|
||||||
|
{{ if .Env.SENTRY_DSN | default "0" | toBool }}
|
||||||
|
handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
|
||||||
|
{{ else }}
|
||||||
|
handlers= java.util.logging.ConsoleHandler
|
||||||
|
{{ end }}
|
||||||
|
{% endraw %}
|
||||||
|
|
||||||
|
java.util.logging.ConsoleHandler.level = ALL
|
||||||
|
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
|
||||||
|
|
||||||
|
net.java.sip.communicator.util.ScLogFormatter.programname=Jicofo
|
||||||
|
|
||||||
|
.level=INFO
|
||||||
|
net.sf.level=SEVERE
|
||||||
|
net.java.sip.communicator.plugin.reconnectplugin.level=FINE
|
||||||
|
org.ice4j.level=SEVERE
|
||||||
|
org.jitsi.impl.neomedia.level=SEVERE
|
||||||
|
io.sentry.jul.SentryHandler.level=WARNING
|
||||||
|
|
||||||
|
# Do not worry about missing strings
|
||||||
|
net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE
|
||||||
|
|
||||||
|
#net.java.sip.communicator.service.protocol.level=ALL
|
||||||
|
|
||||||
|
# Enable debug packets logging
|
||||||
|
#org.jitsi.impl.protocol.xmpp.level=FINE
|
@ -0,0 +1,33 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix jitsi-jicofo server
|
||||||
|
{% for service in matrix_jitsi_jicofo_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
DefaultDependencies=no
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||||
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true'
|
||||||
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true'
|
||||||
|
|
||||||
|
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
|
||||||
|
--log-driver=none \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
|
||||||
|
--mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \
|
||||||
|
{% for arg in matrix_jitsi_jicofo_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_jitsi_jicofo_docker_image }}
|
||||||
|
|
||||||
|
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true'
|
||||||
|
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true'
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
SyslogIdentifier=matrix-jitsi-jicofo
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,9 @@
|
|||||||
|
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
|
||||||
|
org.jitsi.jicofo.BRIDGE_MUC={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
|
||||||
|
|
||||||
|
org.jitsi.jicofo.jibri.BREWERY={{ matrix_jitsi_jibri_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
|
||||||
|
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
|
||||||
|
|
||||||
|
{% if matrix_jitsi_enable_auth %}
|
||||||
|
org.jitsi.jicofo.auth.URL=XMPP:{{ matrix_jitsi_xmpp_domain }}
|
||||||
|
{% endif %}
|
@ -0,0 +1,7 @@
|
|||||||
|
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
|
||||||
|
|
||||||
|
org.jitsi.videobridge.ENABLE_STATISTICS=true
|
||||||
|
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
|
||||||
|
org.jitsi.videobridge.STATISTICS_INTERVAL=5000
|
||||||
|
|
||||||
|
{{ matrix_jitsi_jvb_custom_config_extension }}
|
31
roles/custom/matrix-jitsi/templates/jvb/env.j2
Normal file
31
roles/custom/matrix-jitsi/templates/jvb/env.j2
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
DOCKER_HOST_ADDRESS
|
||||||
|
ENABLE_COLIBRI_WEBSOCKET
|
||||||
|
ENABLE_OCTO
|
||||||
|
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
|
||||||
|
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
|
||||||
|
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
|
||||||
|
JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
|
||||||
|
JVB_TCP_HARVESTER_DISABLED=true
|
||||||
|
JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
|
||||||
|
JVB_TCP_MAPPED_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
|
||||||
|
{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
|
||||||
|
JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }}
|
||||||
|
{% endif %}
|
||||||
|
JVB_OCTO_BIND_ADDRESS
|
||||||
|
JVB_OCTO_PUBLIC_ADDRESS
|
||||||
|
JVB_OCTO_BIND_PORT
|
||||||
|
JVB_OCTO_REGION
|
||||||
|
JVB_WS_DOMAIN
|
||||||
|
JVB_WS_SERVER_ID={{ matrix_jitsi_jvb_server_id }}
|
||||||
|
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
|
||||||
|
SENTRY_DSN={{ matrix_jitsi_jvb_sentry_dsn }}
|
||||||
|
SENTRY_ENVIRONMENT
|
||||||
|
SENTRY_RELEASE
|
||||||
|
COLIBRI_REST_ENABLED
|
||||||
|
SHUTDOWN_REST_ENABLED
|
||||||
|
TZ={{ matrix_jitsi_timezone }}
|
||||||
|
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
|
||||||
|
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
|
||||||
|
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
|
||||||
|
|
||||||
|
{{ matrix_jitsi_jvb_environment_variables_extension }}
|
@ -0,0 +1,20 @@
|
|||||||
|
{% raw %}
|
||||||
|
{{ if .Env.SENTRY_DSN | default "0" | toBool }}
|
||||||
|
handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
|
||||||
|
{{ else }}
|
||||||
|
handlers= java.util.logging.ConsoleHandler
|
||||||
|
{{ end }}
|
||||||
|
{% endraw %}
|
||||||
|
|
||||||
|
java.util.logging.ConsoleHandler.level = ALL
|
||||||
|
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
|
||||||
|
|
||||||
|
net.java.sip.communicator.util.ScLogFormatter.programname=JVB
|
||||||
|
|
||||||
|
.level=INFO
|
||||||
|
|
||||||
|
org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
|
||||||
|
io.sentry.jul.SentryHandler.level=WARNING
|
||||||
|
|
||||||
|
# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
|
||||||
|
org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING
|
@ -0,0 +1,43 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix jitsi-jvb server
|
||||||
|
{% for service in matrix_jitsi_jvb_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
DefaultDependencies=no
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||||
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true'
|
||||||
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true'
|
||||||
|
|
||||||
|
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-jvb \
|
||||||
|
--log-driver=none \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
--network-alias=jvb.meet.jitsi \
|
||||||
|
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
|
||||||
|
{% if matrix_jitsi_jvb_container_rtp_udp_host_bind_port %}
|
||||||
|
-p {{ matrix_jitsi_jvb_container_rtp_udp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_udp_port }}/udp \
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
|
||||||
|
-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_jitsi_jvb_container_colibri_ws_host_bind_port %}
|
||||||
|
-p {{ matrix_jitsi_jvb_container_colibri_ws_host_bind_port }}:9090 \
|
||||||
|
{% endif %}
|
||||||
|
--mount type=bind,src={{ matrix_jitsi_jvb_config_path }},dst=/config \
|
||||||
|
{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_jitsi_jvb_docker_image }}
|
||||||
|
|
||||||
|
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true'
|
||||||
|
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true'
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
SyslogIdentifier=matrix-jitsi-jvb
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user