Compare commits
87 Commits
e692b81ae1
...
fe3c012906
Author | SHA1 | Date | |
---|---|---|---|
fe3c012906 | |||
8b34271557 | |||
109e38d1ab | |||
|
2bf052369d | ||
|
278bbae4d5 | ||
|
bad2c5296e | ||
|
6adc028d52 | ||
|
71b404d9df | ||
|
e3183ba267 | ||
|
1ba7760ea4 | ||
|
871df86068 | ||
|
56ad50cb97 | ||
|
01a136692f | ||
|
d38c0e121b | ||
|
6b0f739e9a | ||
|
2e16080f41 | ||
|
40506d5c5a | ||
|
b5d8444764 | ||
|
c8744ef9a9 | ||
|
096c960b84 | ||
|
256d3ffec5 | ||
|
3474d0c809 | ||
|
3119ef4574 | ||
|
b4b14539a7 | ||
|
f02c08dc7f | ||
|
1c8ec8d080 | ||
|
59d4532efb | ||
|
5e867f150e | ||
|
0ed585baa7 | ||
|
31396f0615 | ||
|
4f841a7001 | ||
|
62ce06e28c | ||
|
72688a49da | ||
|
9a4187c852 | ||
|
a676b5358c | ||
|
2578ca4cee | ||
|
120b49a2b2 | ||
|
d0cd67044e | ||
|
11398dc1a6 | ||
|
4b500ffb43 | ||
|
11b215f8ec | ||
|
ff63f4efce | ||
|
33c471477f | ||
|
6902ee5aa7 | ||
|
8339103594 | ||
|
7724247152 | ||
|
ca705cf9dd | ||
|
2453876eb9 | ||
|
087a5d62f1 | ||
|
6ecd947c72 | ||
|
463e9a6196 | ||
|
f19856e125 | ||
|
c6f8bc5d83 | ||
|
a49da05cf9 | ||
|
ef4b5a187d | ||
|
b120b8aeba | ||
|
3125ee56e2 | ||
|
e75ecd858d | ||
|
a37e5b6d60 | ||
|
14effd5e2b | ||
|
312bcc444b | ||
|
92b26ec846 | ||
|
7203d4ec21 | ||
|
9ac5ad148a | ||
|
b2f96df1a9 | ||
|
fa43d04ad7 | ||
|
7b9929e17b | ||
|
517ecbf0d1 | ||
|
d93b2109f4 | ||
|
bdf10462d2 | ||
|
50441346d3 | ||
|
41c335b967 | ||
|
8c17a65e55 | ||
|
8504ad2228 | ||
|
ea4af65ceb | ||
|
662438ba6e | ||
|
5d77e76e77 | ||
|
157b70673c | ||
|
59b61f6cc2 | ||
|
326802ac21 | ||
|
53384b5a97 | ||
|
7491508d63 | ||
|
98e6cd685d | ||
|
83a90f1cd1 | ||
|
4a2b169fc9 | ||
|
7f0b8fef0a | ||
|
5209a17da1 |
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,7 +1,3 @@
|
|||||||
/inventory/*
|
|
||||||
!/inventory/.gitkeep
|
|
||||||
!/inventory/host_vars/.gitkeep
|
|
||||||
!/inventory/scripts
|
|
||||||
/roles/*/files/scratchpad
|
/roles/*/files/scratchpad
|
||||||
.DS_Store
|
.DS_Store
|
||||||
.python-version
|
.python-version
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
[defaults]
|
[defaults]
|
||||||
|
|
||||||
|
vault_password_file = gpg/open_vault.sh
|
||||||
|
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
stdout_callback = yaml
|
stdout_callback = yaml
|
||||||
|
|
||||||
|
inventory = inventory/hosts
|
||||||
|
|
||||||
[connection]
|
[connection]
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
@ -26,7 +26,7 @@ The following repositories allow you to copy and use this setup:
|
|||||||
|
|
||||||
Updates to this section are trailed here:
|
Updates to this section are trailed here:
|
||||||
|
|
||||||
[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/gomatrixhosting-matrix-docker-ansible-deploy)
|
[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/matrix-docker-ansible-deploy)
|
||||||
|
|
||||||
|
|
||||||
## Does I need an AWX setup to use this? How do I configure it?
|
## Does I need an AWX setup to use this? How do I configure it?
|
||||||
|
@ -108,6 +108,9 @@ matrix_nginx_proxy_container_federation_host_bind_port: '127.0.0.1:8449'
|
|||||||
# Since we don't obtain any certificates (`matrix_ssl_retrieval_method: none` above), it won't work by default.
|
# Since we don't obtain any certificates (`matrix_ssl_retrieval_method: none` above), it won't work by default.
|
||||||
# An alternative is to tweak some of: `matrix_coturn_tls_enabled`, `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path`.
|
# An alternative is to tweak some of: `matrix_coturn_tls_enabled`, `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path`.
|
||||||
matrix_coturn_enabled: false
|
matrix_coturn_enabled: false
|
||||||
|
|
||||||
|
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
|
||||||
|
matrix_nginx_proxy_trust_forwarded_proto: true
|
||||||
```
|
```
|
||||||
|
|
||||||
With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.
|
With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.
|
||||||
|
@ -56,8 +56,40 @@ Name | Description
|
|||||||
`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics`
|
`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics`
|
||||||
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`)
|
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`)
|
||||||
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable)
|
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable)
|
||||||
`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`).
|
`matrix_server_fqn_grafana`|Use this variable to override the domain at which the Grafana web user-interface is at (defaults to `stats.DOMAIN`)
|
||||||
|
|
||||||
|
### Collecting system and Postgres metrics to an external Prometheus server (advanced)
|
||||||
|
|
||||||
|
When you normally enable the Prometheus and Grafana via the playbook, it will also show general system (via node-exporter) and Postgres (via postgres-exporter) stats. If you are instead collecting your metrics to an external Prometheus server, you can follow this advanced configuration example to also export these stats.
|
||||||
|
|
||||||
|
It would be possible to use `matrix_prometheus_node_exporter_container_http_host_bind_port` etc., but that is not always the best choice, for example because your server is on a public network.
|
||||||
|
|
||||||
|
Use the following variables in addition to the ones mentioned above:
|
||||||
|
|
||||||
|
Name | Description
|
||||||
|
-----|----------
|
||||||
|
`matrix_nginx_proxy_proxy_grafana_enabled`|Set this to `true` to make the stats subdomain (`matrix_server_fqn_grafana`) available via the Nginx proxy
|
||||||
|
`matrix_ssl_additional_domains_to_obtain_certificates_for`|Add `"{{ matrix_server_fqn_grafana }}"` to this list to have letsencrypt fetch a certificate for the stats subdomain
|
||||||
|
`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter
|
||||||
|
`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the Postgres exporter
|
||||||
|
`matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks`|Add locations to this list depending on which of the above exporters you enabled (see below)
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks:
|
||||||
|
- 'location /node-exporter/ {
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
proxy_pass http://matrix-prometheus-node-exporter:9100/;
|
||||||
|
auth_basic "protected";
|
||||||
|
auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
|
||||||
|
}'
|
||||||
|
- 'location /postgres-exporter/ {
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
proxy_pass http://matrix-prometheus-postgres-exporter:9187/;
|
||||||
|
auth_basic "protected";
|
||||||
|
auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd;
|
||||||
|
}'
|
||||||
|
```
|
||||||
|
You can customize the `location`s to your liking, just point your Prometheus to there later (e.g. `stats.DOMAIN/node-exporter/metrics`). Nginx is very picky about the `proxy_pass`syntax: take care to follow the example closely and note the trailing slash as well as absent use of variables. postgres-exporter uses the nonstandard port 9187.
|
||||||
|
|
||||||
## More information
|
## More information
|
||||||
|
|
||||||
|
@ -60,7 +60,7 @@ ALTER TABLE public.application_services_state OWNER TO synapse_user;
|
|||||||
It can be worked around by changing the username to `synapse`, for example by using `sed`:
|
It can be worked around by changing the username to `synapse`, for example by using `sed`:
|
||||||
|
|
||||||
```Shell
|
```Shell
|
||||||
$ sed -i "s/synapse_user/synapse/g" homeserver.sql"
|
$ sed -i "s/synapse_user/synapse/g" homeserver.sql
|
||||||
```
|
```
|
||||||
|
|
||||||
This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead.
|
This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead.
|
||||||
|
@ -22,6 +22,7 @@ List of roles where self-building the Docker image is currently possible:
|
|||||||
- `matrix-mailer`
|
- `matrix-mailer`
|
||||||
- `matrix-bridge-appservice-irc`
|
- `matrix-bridge-appservice-irc`
|
||||||
- `matrix-bridge-appservice-slack`
|
- `matrix-bridge-appservice-slack`
|
||||||
|
- `matrix-bridge-appservice-webhooks`
|
||||||
- `matrix-bridge-mautrix-facebook`
|
- `matrix-bridge-mautrix-facebook`
|
||||||
- `matrix-bridge-mautrix-hangouts`
|
- `matrix-bridge-mautrix-hangouts`
|
||||||
- `matrix-bridge-mautrix-telegram`
|
- `matrix-bridge-mautrix-telegram`
|
||||||
|
5
gpg/open_vault.sh
Executable file
5
gpg/open_vault.sh
Executable file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e -u
|
||||||
|
|
||||||
|
gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null
|
18
gpg/vault_passphrase.gpg
Normal file
18
gpg/vault_passphrase.gpg
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
|
||||||
|
iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
|
||||||
|
foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
|
||||||
|
C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
|
||||||
|
luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
|
||||||
|
+rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
|
||||||
|
RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
|
||||||
|
4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
|
||||||
|
0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
|
||||||
|
eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
|
||||||
|
ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
|
||||||
|
jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
|
||||||
|
anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
|
||||||
|
yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
|
||||||
|
=Cecg
|
||||||
|
-----END PGP MESSAGE-----
|
@ -104,6 +104,8 @@ matrix_appservice_discord_database_password: "{{ matrix_synapse_macaroon_secret_
|
|||||||
# We don't enable bridges by default.
|
# We don't enable bridges by default.
|
||||||
matrix_appservice_webhooks_enabled: false
|
matrix_appservice_webhooks_enabled: false
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
|
||||||
|
|
||||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-webhooks over the container network.
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-webhooks over the container network.
|
||||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
# matrix-appservice-webhooks' client-server port to the local host.
|
# matrix-appservice-webhooks' client-server port to the local host.
|
||||||
|
339
inventory/host_vars/matrix.finallycoffee.eu/vars.yml
Normal file
339
inventory/host_vars/matrix.finallycoffee.eu/vars.yml
Normal file
@ -0,0 +1,339 @@
|
|||||||
|
#
|
||||||
|
# General config
|
||||||
|
# Domain of the matrix server and SSL config
|
||||||
|
#
|
||||||
|
matrix_domain: finallycoffee.eu
|
||||||
|
matrix_ssl_retrieval_method: none
|
||||||
|
matrix_nginx_proxy_enabled: false
|
||||||
|
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
|
||||||
|
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
|
||||||
|
|
||||||
|
web_user: "web"
|
||||||
|
revproxy_autoload_dir: "/vault/services/web/sites.d"
|
||||||
|
|
||||||
|
#matrix_client_element_version: v1.8.4
|
||||||
|
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
|
||||||
|
#matrix_mautrix_telegram_version: v0.10.0
|
||||||
|
|
||||||
|
#
|
||||||
|
# General Synapse config
|
||||||
|
#
|
||||||
|
matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
|
||||||
|
# A secret used to protect access keys issued by the server.
|
||||||
|
matrix_synapse_macaroon_secret_key: "{{ vault_matrix_synapse_macaroon_secret_key }}"
|
||||||
|
# Make synapse accept larger media aswell
|
||||||
|
matrix_synapse_max_upload_size_mb: 100
|
||||||
|
# Enable metrics at (default) :9100/_synapse/metrics
|
||||||
|
matrix_synapse_metrics_enabled: true
|
||||||
|
matrix_synapse_enable_group_creation: true
|
||||||
|
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
|
||||||
|
matrix_synapse_turn_uris:
|
||||||
|
- "turns:voip.matrix.finallycoffee.eu?transport=udp"
|
||||||
|
- "turns:voip.matrix.finallycoffee.eu?transport=tcp"
|
||||||
|
# Auto-join all users into those rooms
|
||||||
|
matrix_synapse_auto_join_rooms:
|
||||||
|
- "#welcome:finallycoffee.eu"
|
||||||
|
- "#announcements:finallycoffee.eu"
|
||||||
|
|
||||||
|
## Synapse rate limits
|
||||||
|
matrix_synapse_rc_federation:
|
||||||
|
window_size: 1000
|
||||||
|
sleep_limit: 25
|
||||||
|
sleep_delay: 500
|
||||||
|
reject_limit: 50
|
||||||
|
concurrent: 5
|
||||||
|
matrix_synapse_rc_message:
|
||||||
|
per_second: 0.5
|
||||||
|
burst_count: 25
|
||||||
|
|
||||||
|
## Synapse cache tuning
|
||||||
|
matrix_synapse_caches_global_factor: 0.7
|
||||||
|
matrix_synapse_event_cache_size: "200K"
|
||||||
|
|
||||||
|
## Synapse workers
|
||||||
|
matrix_synapse_workers_enabled: true
|
||||||
|
matrix_synapse_workers_preset: "little-federation-helper"
|
||||||
|
matrix_synapse_workers_generic_worker_client_server_count: 0
|
||||||
|
matrix_synapse_workers_media_repository_workers_count: 0
|
||||||
|
matrix_synapse_workers_federation_sender_workers_count: 1
|
||||||
|
matrix_synapse_workers_pusher_workers_count: 0
|
||||||
|
matrix_synapse_workers_appservice_workers_count: 1
|
||||||
|
|
||||||
|
# Static secret auth for matrix-synapse-shared-secret-auth
|
||||||
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||||
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_enabled: true
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
||||||
|
|
||||||
|
# Enable experimental spaces support
|
||||||
|
matrix_synapse_configuration_extension_yaml: |
|
||||||
|
experimental_features:
|
||||||
|
spaces_enabled: true
|
||||||
|
|
||||||
|
#
|
||||||
|
# synapse-admin tool
|
||||||
|
#
|
||||||
|
matrix_synapse_admin_enabled: true
|
||||||
|
matrix_synapse_admin_container_http_host_bind_port: 8985
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# VoIP / CoTURN config
|
||||||
|
#
|
||||||
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
||||||
|
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
|
||||||
|
# Disable coturn, as we use own instance
|
||||||
|
matrix_coturn_enabled: false
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# dimension (integration manager) config
|
||||||
|
#
|
||||||
|
matrix_dimension_enabled: true
|
||||||
|
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
|
||||||
|
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
|
||||||
|
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
|
||||||
|
matrix_dimension_configuration_extension_yaml: |
|
||||||
|
telegram:
|
||||||
|
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mautrix-whatsapp config
|
||||||
|
#
|
||||||
|
matrix_mautrix_whatsapp_enabled: true
|
||||||
|
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
|
||||||
|
matrix_mautrix_whatsapp_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
|
||||||
|
max_connection_attempts: 5
|
||||||
|
connection_timeout: 30
|
||||||
|
contact_wait_delay: 5
|
||||||
|
private_chat_portal_meta: true
|
||||||
|
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
||||||
|
logging:
|
||||||
|
print_level: info
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
|
||||||
|
whatsapp:
|
||||||
|
os_name: Linux mautrix-whatsapp
|
||||||
|
browser_name: Chrome
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mautrix-telegram config
|
||||||
|
#
|
||||||
|
matrix_mautrix_telegram_enabled: true
|
||||||
|
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
|
||||||
|
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
|
||||||
|
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
|
||||||
|
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
|
||||||
|
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
|
||||||
|
matrix_mautrix_telegram_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
|
||||||
|
matrix_mautrix_telegram_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
displayname_template: "{displayname} (via Telegram)"
|
||||||
|
parallel_file_transfer: false
|
||||||
|
inline_images: false
|
||||||
|
image_as_file_size: 20
|
||||||
|
delivery_receipts: true
|
||||||
|
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
||||||
|
animated_sticker:
|
||||||
|
target: webm
|
||||||
|
encryption:
|
||||||
|
allow: true
|
||||||
|
default: true
|
||||||
|
permissions:
|
||||||
|
"@transcaffeine:finallycoffee.eu": "admin"
|
||||||
|
"gruenhage.xyz": "full"
|
||||||
|
logging:
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
|
||||||
|
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mautrix-signal config
|
||||||
|
#
|
||||||
|
matrix_mautrix_signal_enabled: true
|
||||||
|
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
|
||||||
|
matrix_mautrix_signal_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mautrix_signal_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
displayname_template: "{displayname} (via Signal)"
|
||||||
|
community_id: "+signal:finallycoffee.eu"
|
||||||
|
encryption:
|
||||||
|
allow: true
|
||||||
|
default: true
|
||||||
|
key_sharing:
|
||||||
|
allow: true
|
||||||
|
require_verification: false
|
||||||
|
delivery_receipts: true
|
||||||
|
logging:
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mx-puppet-instagram configuration
|
||||||
|
#
|
||||||
|
matrix_mx_puppet_instagram_enabled: true
|
||||||
|
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
|
||||||
|
matrix_mx_puppet_instagram_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mx_puppet_instagram_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
enableGroupSync: true
|
||||||
|
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
|
||||||
|
path: /metrics
|
||||||
|
presence:
|
||||||
|
enabled: true
|
||||||
|
interval: 3000
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mx-puppet-skype configuration
|
||||||
|
#
|
||||||
|
matrix_mx_puppet_skype_enabled: true
|
||||||
|
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
|
||||||
|
matrix_mx_puppet_skype_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mx_puppet_skype_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
enableGroupSync: true
|
||||||
|
avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
|
||||||
|
path: /metrics
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mx-puppet-discord configuration
|
||||||
|
#
|
||||||
|
matrix_mx_puppet_discord_enabled: true
|
||||||
|
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
|
||||||
|
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
|
||||||
|
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
|
||||||
|
matrix_mx_puppet_discord_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mx_puppet_discord_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
enableGroupSync: true
|
||||||
|
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
|
||||||
|
path: /metrics
|
||||||
|
limits:
|
||||||
|
maxAutojoinUsers: 500
|
||||||
|
roomUserAutojoinDelay: 50
|
||||||
|
presence:
|
||||||
|
enabled: true
|
||||||
|
interval: 3000
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mx-puppet-slack configuration
|
||||||
|
#
|
||||||
|
matrix_mx_puppet_slack_enabled: true
|
||||||
|
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
|
||||||
|
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
|
||||||
|
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
|
||||||
|
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
|
||||||
|
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
|
||||||
|
matrix_mx_puppet_slack_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
|
||||||
|
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
enableGroupSync: true
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
|
||||||
|
path: /metrics
|
||||||
|
limits:
|
||||||
|
maxAutojoinUsers: 500
|
||||||
|
roomUserAutojoinDelay: 50
|
||||||
|
presence:
|
||||||
|
enabled: true
|
||||||
|
interval: 3000
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Element web configuration
|
||||||
|
#
|
||||||
|
# Branding config
|
||||||
|
matrix_client_element_brand: "Chat"
|
||||||
|
matrix_client_element_default_theme: "dark"
|
||||||
|
matrix_client_element_themes_enabled: true
|
||||||
|
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
|
||||||
|
matrix_client_element_welcome_text: |
|
||||||
|
Decentralised, encrypted chat & collaboration,<br />
|
||||||
|
hosted on finallycoffee.eu, powered by element.io &
|
||||||
|
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
|
||||||
|
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
|
||||||
|
</a>
|
||||||
|
matrix_client_element_welcome_logo: "welcome/images/logo.png"
|
||||||
|
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
|
||||||
|
matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
|
||||||
|
matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
|
||||||
|
matrix_client_element_container_extra_arguments:
|
||||||
|
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
|
||||||
|
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
|
||||||
|
# Integration and capabilites config
|
||||||
|
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
|
||||||
|
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
|
||||||
|
matrix_client_element_integrations_widgets_urls:
|
||||||
|
- "https://{{ matrix_server_fqn_dimension }}/widgets"
|
||||||
|
- "https://scalar.vector.im/api"
|
||||||
|
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
|
||||||
|
matrix_client_element_disable_custom_urls: false
|
||||||
|
matrix_client_element_roomdir_servers:
|
||||||
|
- "matrix.org"
|
||||||
|
- "finallycoffee.eu"
|
||||||
|
- "entropia.de"
|
||||||
|
matrix_client_element_enable_presence_by_hs_url:
|
||||||
|
https://matrix.org: false
|
||||||
|
|
||||||
|
|
||||||
|
# Matrix ma1sd extended configuration
|
||||||
|
matrix_ma1sd_configuration_extension_yaml: |
|
||||||
|
hashing:
|
||||||
|
enabled: true
|
||||||
|
pepperLength: 20
|
||||||
|
rotationPolicy: per_requests
|
||||||
|
requests: 10
|
||||||
|
hashStorageType: sql
|
||||||
|
algorithms:
|
||||||
|
- none
|
||||||
|
- sha256
|
||||||
|
|
||||||
|
|
||||||
|
# Matrix mail notification relay setup
|
||||||
|
matrix_mailer_enabled: true
|
||||||
|
matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
|
||||||
|
matrix_mailer_relay_use: true
|
||||||
|
matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
|
||||||
|
matrix_mailer_relay_host_port: 587
|
||||||
|
matrix_mailer_relay_auth: true
|
||||||
|
matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
|
||||||
|
matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"
|
100
inventory/host_vars/matrix.finallycoffee.eu/vault.yml
Normal file
100
inventory/host_vars/matrix.finallycoffee.eu/vault.yml
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
64343261653838626666353837393238353033353632393763363634303466613033376235386235
|
||||||
|
6333386536323034643139656232636133386463393264300a663333333237656337343562366336
|
||||||
|
66663064393930656566396636333430373233373362346339383866623066316133323366663961
|
||||||
|
3732666162363238300a636230346163656334393063343030333064393962663431326461653239
|
||||||
|
36653030393234623335313335383832646463663835653035303765633064666435373464653336
|
||||||
|
31323433373734633531353562333065623039623633633163376235353737343935623133326663
|
||||||
|
65333761383130336165356439623066363964313033666433316231663533393532333738333430
|
||||||
|
36633463343335366364343565353862363531376539626237613263303331323631333366363830
|
||||||
|
33613937346531323139343166613839366233383663363732353561643238383362353964373135
|
||||||
|
61633430353037316266343962376238383238366562323764373135646365383030626130383433
|
||||||
|
32313263663165656366313633653431663332636532656465623465353062643934343738633434
|
||||||
|
63346333326331633830363663666631326466353138646233383235313532383864633233613134
|
||||||
|
39363734353165653065343938643861646630376334303832613163663265373839323765396234
|
||||||
|
38633336393739666565346565343865346233373639363530383533386533616337373033613865
|
||||||
|
66353434653262663263326237626265636430646630313866383532376264383933343933326264
|
||||||
|
65316337323863343935306138343462336666313332396439656234613831356262663630663038
|
||||||
|
31376539653638333263333933633134303734656662343039396563343636366433396130653830
|
||||||
|
33326539636432646438613236356430343435623539333062666630373265306635343233646333
|
||||||
|
39653934323738303239643834663463396165656235393437396635623131316532333465316231
|
||||||
|
65373130393463383932383837383830656637653963666638653665356437303239376262613062
|
||||||
|
34613830613164323365636461303035616136636330323531383164376334363862383762366665
|
||||||
|
62643839333662373461363038326436616639326264633735316139346536373839666236653634
|
||||||
|
30376536386137636336363562376339393261373739333162373461656364353139626339346637
|
||||||
|
30366431336534663037653438376330346238636562383932653561306134626566333861333630
|
||||||
|
39633536653233393161333136316564623631313839633461333438633166363064303238663464
|
||||||
|
65353338353464313635333934623833303965393462373530303666643537336662376266613434
|
||||||
|
37356664616539323631373535316434383361323935376638666437646538316537613030653231
|
||||||
|
62636263663935646466383663306535626465633239366562373038356366366331333537333663
|
||||||
|
64363130386535306362646533393161643737366662313631623132356465636565313530353363
|
||||||
|
35366165383837326564623363636632616331393834313130303937303664353436363266323033
|
||||||
|
61373532383962393937666261626263666631346235646237656337363831633734623733633835
|
||||||
|
39613736373031633263396530626566303665343039663866333632636565633034376366356635
|
||||||
|
35383633336465636331306232353434653739653339396437363163313630393035366665383263
|
||||||
|
34353238656563306366336466376363316430636666353965356535653334343630633532313034
|
||||||
|
64626436643030656335616337653564653331326463383461643739333163613361333133633639
|
||||||
|
66656137313937356134646362623536363065633564633166343766356436313130373663663334
|
||||||
|
63626138356562303761323336646332383761646663383032386261623936633661653735343637
|
||||||
|
35326137343532333635353436376665326633633135656537623631326336353138346136636239
|
||||||
|
37396135326362613039663136333964626237353562343966383764613231363061333534316233
|
||||||
|
38636130313261643061613138656235396530656366313132346362383430333734663866383666
|
||||||
|
61633631353830643565313437306664636262666135353133656531623563616335643737373438
|
||||||
|
63633235363566616466663262333466383939373336383139643362376365623763386137666332
|
||||||
|
39353363636437393236303764343337633233386236303563636634353836363537383632306434
|
||||||
|
33653632373064646361616364323133343138363437373436636232373261663639616330666465
|
||||||
|
37333130393435613134366437396361363830656137663963643132303334633331633661363061
|
||||||
|
38356439666161643431356532353334383539353566386333666461663562613231383331623063
|
||||||
|
33336435636239343663663937353864306363363264663033303539616434333436353134383034
|
||||||
|
64663533366134306462366565333236383235373233656132396538663437616333343534333166
|
||||||
|
66646566623734636532666230326530633538656639353262343665316235386534376534386634
|
||||||
|
65663032303930353661363162373533363762353237393030346238306532326264303636383264
|
||||||
|
63363063326265396166313533663362346539333532386665316466386131623161313738623239
|
||||||
|
66386236656561396539356634636234393436323239396330366237333539343761393431336138
|
||||||
|
66396230656435356365356530343132373861376336346532653063666331343366393761373131
|
||||||
|
66313864373362326139316461666232386132306535616561663566623963353034313961666266
|
||||||
|
34373534363834626334386139653532656564333863323363343165643538336430386434613235
|
||||||
|
64386564643564636530313565326433623365303738386433323463396437653066636134313564
|
||||||
|
33383035393436393163373864353331376163653137316136376564643066636335313735396664
|
||||||
|
33623735353438643237333734353766363863313763653737633135353332363066336232363131
|
||||||
|
33333532653737633033666336326331376561636330643935323636626562303439346338633135
|
||||||
|
33663035366461336339666665663835373235633338613664636439393837303932643363643830
|
||||||
|
63333862643430383235663836653161376637373265646463313538386531666362376532663738
|
||||||
|
62333536383537613562336235666431393164616263303863323834343735326133646131303063
|
||||||
|
62623836313730363832313764363562306666383337396561633865336561396632303539333166
|
||||||
|
35623063336534653531303134653630666264333133393864626665623564313466363731316339
|
||||||
|
36646666653062326665346332373963376439396538396663656130616333316533623331346461
|
||||||
|
39643862356663316338333662646464353233356635303931626366323831303136366462366133
|
||||||
|
34303234343064393265303866636137646461336530653733623264383261653864633332346435
|
||||||
|
62383065353662303564633239326664356364366365626466666266326466333834316437383134
|
||||||
|
35383261373437643261623533623533326335393932356632653634326432376235393038333464
|
||||||
|
33626361366565316533663537343237316563343730363632663639623930313963316665663965
|
||||||
|
33386435663462626435383733383336343064333935356364623436626632356535333430343262
|
||||||
|
62363136353562633631613965353062363231343037626166363035376530646537646136363730
|
||||||
|
35303530343361616230383662333139333533333138613834323437636238656538656436623433
|
||||||
|
38353363336665346637643631663934633061626532376330633731316565336166313936393533
|
||||||
|
35323535376539633937376532333536323234376632306362633438626565376234353235353836
|
||||||
|
37663735366165393963313536356437653361306232313736356164656635616333306332356637
|
||||||
|
39353465633536313539366264646364343231653466346165313863623365333465623336376635
|
||||||
|
37396663333638356565306439636365653438623935363361356464316663613465303933346537
|
||||||
|
61303863323631343264613665323866363935383265323562326364346364343133393965333135
|
||||||
|
33306434646533333662613930666337646330303439333938326433376161613836663237303534
|
||||||
|
63636139636338656664333034356635653330666362633563366663616661303266326135643036
|
||||||
|
34383939613035323331366261356531343961303239626365383332313633393561623963643134
|
||||||
|
30353239356234336635616663313830396133643035663838653837613262616364623637616237
|
||||||
|
37363662663466396330323830343963366262643339316162643164353430663763613634346233
|
||||||
|
62303539336433313066346339363163336236373334613938613061613038613466636632336335
|
||||||
|
35326133373061323164623436623338316466396261393630623466313164393736353566356237
|
||||||
|
34396530383361613464643461313336663331643438313136353039386263633134616534666464
|
||||||
|
33373536326637316635326461656130383333613832386662643431666435663565343565616266
|
||||||
|
35303738656362663266653735373833613765356366626436336437326665396635636335616566
|
||||||
|
32663733396432656430356335383262613133623066636238623166613839393833616436653936
|
||||||
|
34306536343664643732356262663435623834313732373564613337373765373130653734386632
|
||||||
|
35623038623639346564393466393463613238363231663965633037353337353332663464336539
|
||||||
|
33616131353734663463336436303866306334336339316364313962346430383338306161636462
|
||||||
|
64303064313135346236346434316333346434303764356237636530663239633631383561393537
|
||||||
|
66383836326634666362613661353533363432303437663235393336396331356465633031326430
|
||||||
|
35333263633731626564326430613937343136633562386432396537363663653438333333366135
|
||||||
|
33333339376165303736643661343535356561353938346131653662363966643839653262363537
|
||||||
|
38373331353539313463363236383633326138366534313064303739626337343962653830653663
|
||||||
|
626263633730663932376165333438323835
|
22
inventory/hosts
Normal file
22
inventory/hosts
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31336566376336626265653165306635633033376662656164383037383834653239656136333734
|
||||||
|
3833666339393037323035343565343235396163636166370a643933333933386133366564396465
|
||||||
|
30393637613164356564393337633361653432333232383664303739363736633435363764343530
|
||||||
|
3532313739363963660a343434356534316230623133636366386334323465376139363162616238
|
||||||
|
39396638366262313531653635326361616537396338363533303961623165343931373939306239
|
||||||
|
31336632643166633662653765333231393461643933306464303165633037343061323636313034
|
||||||
|
34376631656563646665373566633431366638383863666130323264316337663237343135306236
|
||||||
|
66323536346164663239343139623430303230333466633437643337343930363530653964626163
|
||||||
|
38336363633730393136333637383631636266396636646533356262376630646139303636666538
|
||||||
|
32366437353163663865623234643061313639646162643965393535353938313133326237313265
|
||||||
|
66646163333535396539646461356334633532313530653834623263386265383765356130333466
|
||||||
|
30373531306137393935363030313739666536363138363962646565306439393239303030643162
|
||||||
|
33333166663430393866666439653532623034396130313066383035396535646633366237303264
|
||||||
|
36356665366461323664373038366364623937386233313039323837666333653764616462333365
|
||||||
|
31326264633236373937313537633961633164323138356135633765663639323537656263633766
|
||||||
|
38653836323263386333376131333330326237393666363064326463663961633839393039323835
|
||||||
|
61306265333232623037356465393133323733363634646364336261326333366239346565366338
|
||||||
|
61646132333033373866623739343830336164316461646366666237313565626639323537623732
|
||||||
|
38323830656136323137323530343764666433633432366136643538323832653130376363653135
|
||||||
|
64376261386635636533353961613335663962306337353866616464613636303735336230623962
|
||||||
|
3336
|
@ -24,14 +24,6 @@
|
|||||||
mode: '0660'
|
mode: '0660'
|
||||||
tags: use-survey
|
tags: use-survey
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
tags: use-survey
|
|
||||||
|
|
||||||
- name: Recreate 'Backup Server' job template
|
- name: Recreate 'Backup Server' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -49,8 +41,8 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
tags: use-survey
|
tags: use-survey
|
||||||
|
|
||||||
@ -90,6 +82,15 @@
|
|||||||
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
|
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
|
||||||
when: matrix_awx_backup_enabled|bool
|
when: matrix_awx_backup_enabled|bool
|
||||||
|
|
||||||
|
- name: Delete the AWX session token for executing modules
|
||||||
|
awx.awx.tower_token:
|
||||||
|
description: 'AWX Session Token'
|
||||||
|
scope: "write"
|
||||||
|
state: absent
|
||||||
|
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
||||||
|
tower_host: "https://{{ awx_host }}"
|
||||||
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
- name: Set boolean value to exit playbook
|
||||||
set_fact:
|
set_fact:
|
||||||
end_playbook: true
|
end_playbook: true
|
||||||
|
10
roles/matrix-awx/tasks/create_session_token.yml
Normal file
10
roles/matrix-awx/tasks/create_session_token.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
|
||||||
|
- name: Create a AWX session token for executing modules
|
||||||
|
awx.awx.tower_token:
|
||||||
|
description: 'AWX Session Token'
|
||||||
|
scope: "write"
|
||||||
|
state: present
|
||||||
|
tower_host: "https://{{ awx_host }}"
|
||||||
|
tower_oauthtoken: "{{ awx_master_token }}"
|
||||||
|
register: awx_session_token
|
||||||
|
no_log: True
|
@ -23,6 +23,15 @@
|
|||||||
/usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
|
/usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
|
||||||
register: cmd
|
register: cmd
|
||||||
|
|
||||||
|
- name: Delete the AWX session token for executing modules
|
||||||
|
awx.awx.tower_token:
|
||||||
|
description: 'AWX Session Token'
|
||||||
|
scope: "write"
|
||||||
|
state: absent
|
||||||
|
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
||||||
|
tower_host: "https://{{ awx_host }}"
|
||||||
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
|
|
||||||
- name: Result
|
- name: Result
|
||||||
debug: msg="{{ cmd.stdout }}"
|
debug: msg="{{ cmd.stdout }}"
|
||||||
|
|
||||||
|
@ -77,13 +77,6 @@
|
|||||||
mode: '0660'
|
mode: '0660'
|
||||||
when: customise_base_domain_website is undefined
|
when: customise_base_domain_website is undefined
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Website + Access Export' job template
|
- name: Recreate 'Configure Website + Access Export' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -101,8 +94,8 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
when: customise_base_domain_website is defined
|
when: customise_base_domain_website is defined
|
||||||
|
|
||||||
@ -123,8 +116,8 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
when: customise_base_domain_website is undefined
|
when: customise_base_domain_website is undefined
|
||||||
|
|
||||||
|
9
roles/matrix-awx/tasks/delete_session_token.yml
Normal file
9
roles/matrix-awx/tasks/delete_session_token.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
|
||||||
|
- name: Delete the AWX session token for executing modules
|
||||||
|
awx.awx.tower_token:
|
||||||
|
description: 'AWX Session Token'
|
||||||
|
scope: "write"
|
||||||
|
state: absent
|
||||||
|
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
||||||
|
tower_host: "https://{{ awx_host }}"
|
||||||
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
@ -24,6 +24,15 @@
|
|||||||
units: days
|
units: days
|
||||||
unique: yes
|
unique: yes
|
||||||
|
|
||||||
|
- name: Delete the AWX session token for executing modules
|
||||||
|
awx.awx.tower_token:
|
||||||
|
description: 'AWX Session Token'
|
||||||
|
scope: "write"
|
||||||
|
state: absent
|
||||||
|
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
||||||
|
tower_host: "https://{{ awx_host }}"
|
||||||
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
- name: Set boolean value to exit playbook
|
||||||
set_fact:
|
set_fact:
|
||||||
end_playbook: true
|
end_playbook: true
|
||||||
|
@ -9,3 +9,7 @@
|
|||||||
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
|
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
|
||||||
no_log: True
|
no_log: True
|
||||||
|
|
||||||
|
- name: Include AWX master token from awx_tokens.yml
|
||||||
|
include_vars:
|
||||||
|
file: /var/lib/awx/projects/hosting/awx_tokens.yml
|
||||||
|
no_log: True
|
||||||
|
@ -17,6 +17,15 @@
|
|||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
|
# Create AWX session token
|
||||||
|
- include_tasks:
|
||||||
|
file: "create_session_token.yml"
|
||||||
|
apply:
|
||||||
|
tags: always
|
||||||
|
when: run_setup|bool and matrix_awx_enabled|bool
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
# Perform a backup of the server
|
# Perform a backup of the server
|
||||||
- include_tasks:
|
- include_tasks:
|
||||||
file: "backup_server.yml"
|
file: "backup_server.yml"
|
||||||
@ -25,7 +34,7 @@
|
|||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
when: run_setup|bool and matrix_awx_enabled|bool
|
||||||
tags:
|
tags:
|
||||||
- backup-server
|
- backup-server
|
||||||
|
|
||||||
# Perform a export of the server
|
# Perform a export of the server
|
||||||
- include_tasks:
|
- include_tasks:
|
||||||
file: "export_server.yml"
|
file: "export_server.yml"
|
||||||
@ -62,6 +71,15 @@
|
|||||||
tags:
|
tags:
|
||||||
- purge-database
|
- purge-database
|
||||||
|
|
||||||
|
# Rotate SSH key if called
|
||||||
|
- include_tasks:
|
||||||
|
file: "rotate_ssh.yml"
|
||||||
|
apply:
|
||||||
|
tags: rotate-ssh
|
||||||
|
when: run_setup|bool and matrix_awx_enabled|bool
|
||||||
|
tags:
|
||||||
|
- rotate-ssh
|
||||||
|
|
||||||
# Import configs, media repo from /chroot/backup import
|
# Import configs, media repo from /chroot/backup import
|
||||||
- include_tasks:
|
- include_tasks:
|
||||||
file: "import_awx.yml"
|
file: "import_awx.yml"
|
||||||
@ -179,6 +197,15 @@
|
|||||||
tags:
|
tags:
|
||||||
- setup-synapse-admin
|
- setup-synapse-admin
|
||||||
|
|
||||||
|
# Delete AWX session token
|
||||||
|
- include_tasks:
|
||||||
|
file: "delete_session_token.yml"
|
||||||
|
apply:
|
||||||
|
tags: always
|
||||||
|
when: run_setup|bool and matrix_awx_enabled|bool
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
# Load newly formed matrix variables from AWX volume
|
# Load newly formed matrix variables from AWX volume
|
||||||
- include_tasks:
|
- include_tasks:
|
||||||
file: "load_matrix_variables.yml"
|
file: "load_matrix_variables.yml"
|
||||||
|
@ -5,18 +5,18 @@
|
|||||||
name: dateutils
|
name: dateutils
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
- name: Ensure dateutils, curl and jq intalled on target machine
|
- name: Include vars in matrix_vars.yml
|
||||||
|
include_vars:
|
||||||
|
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||||
|
no_log: True
|
||||||
|
|
||||||
|
- name: Ensure curl and jq intalled on target machine
|
||||||
apt:
|
apt:
|
||||||
pkg:
|
pkg:
|
||||||
- curl
|
- curl
|
||||||
- jq
|
- jq
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Include vars in matrix_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Collect before shrink size of Synapse database
|
- name: Collect before shrink size of Synapse database
|
||||||
shell: du -sh /matrix/postgres/data
|
shell: du -sh /matrix/postgres/data
|
||||||
register: db_size_before_stat
|
register: db_size_before_stat
|
||||||
@ -144,13 +144,6 @@
|
|||||||
loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}"
|
loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}"
|
||||||
when: purge_mode.find("Number of events [slower]") != -1
|
when: purge_mode.find("Number of events [slower]") != -1
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Adjust 'Deploy/Update a Server' job template
|
- name: Adjust 'Deploy/Update a Server' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -165,8 +158,8 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
|
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
|
||||||
|
|
||||||
@ -175,8 +168,8 @@
|
|||||||
awx.awx.tower_job_launch:
|
awx.awx.tower_job_launch:
|
||||||
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
||||||
wait: yes
|
wait: yes
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
|
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
|
||||||
|
|
||||||
@ -194,8 +187,8 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
|
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
|
||||||
|
|
||||||
@ -231,8 +224,8 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
when: (purge_mode.find("Perform final shrink") != -1)
|
when: (purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
@ -241,8 +234,8 @@
|
|||||||
awx.awx.tower_job_launch:
|
awx.awx.tower_job_launch:
|
||||||
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
||||||
wait: yes
|
wait: yes
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
when: (purge_mode.find("Perform final shrink") != -1)
|
when: (purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
@ -260,8 +253,8 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
when: (purge_mode.find("Perform final shrink") != -1)
|
when: (purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
@ -308,6 +301,15 @@
|
|||||||
msg: "{{ db_size_after_stat.stdout.split('\n') }}"
|
msg: "{{ db_size_after_stat.stdout.split('\n') }}"
|
||||||
when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1)
|
when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
|
- name: Delete the AWX session token for executing modules
|
||||||
|
awx.awx.tower_token:
|
||||||
|
description: 'AWX Session Token'
|
||||||
|
scope: "write"
|
||||||
|
state: absent
|
||||||
|
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
||||||
|
tower_host: "https://{{ awx_host }}"
|
||||||
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
- name: Set boolean value to exit playbook
|
||||||
set_fact:
|
set_fact:
|
||||||
end_playbook: true
|
end_playbook: true
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
- name: Ensure dateutils and curl is installed in AWX
|
- name: Ensure dateutils is installed in AWX
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
yum:
|
yum:
|
||||||
name: dateutils
|
name: dateutils
|
||||||
@ -90,6 +90,15 @@
|
|||||||
msg: "{{ remote_media_size_after.stdout.split('\n') }}"
|
msg: "{{ remote_media_size_after.stdout.split('\n') }}"
|
||||||
when: matrix_purge_media_type == "Remote Media"
|
when: matrix_purge_media_type == "Remote Media"
|
||||||
|
|
||||||
|
- name: Delete the AWX session token for executing modules
|
||||||
|
awx.awx.tower_token:
|
||||||
|
description: 'AWX Session Token'
|
||||||
|
scope: "write"
|
||||||
|
state: absent
|
||||||
|
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
||||||
|
tower_host: "https://{{ awx_host }}"
|
||||||
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
- name: Set boolean value to exit playbook
|
||||||
set_fact:
|
set_fact:
|
||||||
end_playbook: true
|
end_playbook: true
|
||||||
|
@ -5,4 +5,3 @@
|
|||||||
path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
|
path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
|
||||||
regexp: 'matrix_synapse_use_presence'
|
regexp: 'matrix_synapse_use_presence'
|
||||||
replace: 'matrix_synapse_presence_enabled'
|
replace: 'matrix_synapse_presence_enabled'
|
||||||
|
|
||||||
|
24
roles/matrix-awx/tasks/rotate_ssh.yml
Normal file
24
roles/matrix-awx/tasks/rotate_ssh.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
|
||||||
|
- name: Set the new authorized key taken from file
|
||||||
|
authorized_key:
|
||||||
|
user: root
|
||||||
|
state: present
|
||||||
|
exclusive: yes
|
||||||
|
key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"
|
||||||
|
|
||||||
|
- name: Delete the AWX session token for executing modules
|
||||||
|
awx.awx.tower_token:
|
||||||
|
description: 'AWX Session Token'
|
||||||
|
scope: "write"
|
||||||
|
state: absent
|
||||||
|
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
||||||
|
tower_host: "https://{{ awx_host }}"
|
||||||
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
|
|
||||||
|
- name: Set boolean value to exit playbook
|
||||||
|
set_fact:
|
||||||
|
end_playbook: true
|
||||||
|
|
||||||
|
- name: End playbook if this task list is called.
|
||||||
|
meta: end_play
|
||||||
|
when: end_playbook is defined and end_playbook|bool
|
@ -218,13 +218,6 @@
|
|||||||
- debug:
|
- debug:
|
||||||
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
|
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Corporal (Advanced)' job template
|
- name: Recreate 'Configure Corporal (Advanced)' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -242,6 +235,6 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
@ -82,13 +82,6 @@
|
|||||||
dest: '/matrix/awx/configure_dimension.json'
|
dest: '/matrix/awx/configure_dimension.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Dimension' job template
|
- name: Recreate 'Configure Dimension' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -106,6 +99,6 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
@ -40,13 +40,6 @@
|
|||||||
dest: '/matrix/awx/configure_element.json'
|
dest: '/matrix/awx/configure_element.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Element' job template
|
- name: Recreate 'Configure Element' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -64,6 +57,6 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
@ -21,13 +21,6 @@
|
|||||||
dest: '/matrix/awx/configure_element_subdomain.json'
|
dest: '/matrix/awx/configure_element_subdomain.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Element Subdomain' job template
|
- name: Recreate 'Configure Element Subdomain' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -44,6 +37,6 @@
|
|||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}"
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
@ -22,13 +22,6 @@
|
|||||||
dest: '/matrix/awx/configure_jitsi.json'
|
dest: '/matrix/awx/configure_jitsi.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Jitsi' job template
|
- name: Recreate 'Configure Jitsi' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -46,6 +39,6 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
@ -79,13 +79,6 @@
|
|||||||
dest: '/matrix/awx/configure_ma1sd.json'
|
dest: '/matrix/awx/configure_ma1sd.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure ma1sd (Advanced)' job template
|
- name: Recreate 'Configure ma1sd (Advanced)' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -103,7 +96,7 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
|
||||||
|
@ -21,13 +21,6 @@
|
|||||||
dest: '/matrix/awx/configure_email_relay.json'
|
dest: '/matrix/awx/configure_email_relay.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Email Relay' job template
|
- name: Recreate 'Configure Email Relay' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -45,6 +38,6 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
@ -200,13 +200,6 @@
|
|||||||
dest: '/matrix/awx/configure_synapse.json'
|
dest: '/matrix/awx/configure_synapse.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Synapse' job template
|
- name: Recreate 'Configure Synapse' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -224,6 +217,6 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
@ -21,13 +21,6 @@
|
|||||||
dest: '/matrix/awx/configure_synapse_admin.json'
|
dest: '/matrix/awx/configure_synapse_admin.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
|
||||||
register: tower_token
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Synapse Admin' job template
|
- name: Recreate 'Configure Synapse Admin' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
@ -45,6 +38,6 @@
|
|||||||
become_enabled: yes
|
become_enabled: yes
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
@ -83,8 +83,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
|
|||||||
matrix_host_command_systemctl: "/usr/bin/env systemctl"
|
matrix_host_command_systemctl: "/usr/bin/env systemctl"
|
||||||
matrix_host_command_sh: "/usr/bin/env sh"
|
matrix_host_command_sh: "/usr/bin/env sh"
|
||||||
|
|
||||||
matrix_ntpd_package: "{{ 'systemd-timesyncd' if ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' else 'ntp' }}"
|
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else 'ntp' }}"
|
||||||
matrix_ntpd_service: "{{ 'systemd-timesyncd' if ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' else ('ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp') }}"
|
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
|
||||||
|
|
||||||
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
|
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
|
|
||||||
|
@ -4,7 +4,6 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name:
|
name:
|
||||||
- python-docker
|
- python-docker
|
||||||
- "{{ matrix_ntpd_package }}"
|
|
||||||
# TODO This needs to be verified. Which version do we need?
|
# TODO This needs to be verified. Which version do we need?
|
||||||
- fuse3
|
- fuse3
|
||||||
- python-dnspython
|
- python-dnspython
|
||||||
|
@ -3,13 +3,20 @@
|
|||||||
|
|
||||||
matrix_appservice_webhooks_enabled: true
|
matrix_appservice_webhooks_enabled: true
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_container_image_self_build: false
|
||||||
|
matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/turt2live/matrix-appservice-webhooks"
|
||||||
|
matrix_appservice_webhooks_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_webhooks_version == 'latest' else matrix_appservice_webhooks_version }}"
|
||||||
|
matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path: "Dockerfile"
|
||||||
|
|
||||||
matrix_appservice_webhooks_version: latest
|
matrix_appservice_webhooks_version: latest
|
||||||
matrix_appservice_webhooks_docker_image: "{{ matrix_container_global_registry_prefix }}turt2live/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
|
matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}turt2live/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
|
||||||
|
matrix_appservice_webhooks_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_webhooks_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"
|
matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks"
|
matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks"
|
||||||
matrix_appservice_webhooks_config_path: "{{ matrix_appservice_webhooks_base_path }}/config"
|
matrix_appservice_webhooks_config_path: "{{ matrix_appservice_webhooks_base_path }}/config"
|
||||||
matrix_appservice_webhooks_data_path: "{{ matrix_appservice_webhooks_base_path }}/data"
|
matrix_appservice_webhooks_data_path: "{{ matrix_appservice_webhooks_base_path }}/data"
|
||||||
|
matrix_appservice_webhooks_docker_src_files_path: "{{ matrix_appservice_webhooks_base_path }}/docker-src"
|
||||||
|
|
||||||
# If nginx-proxy is disabled, the bridge itself expects its endpoint to be on its own domain (e.g. "localhost:6789")
|
# If nginx-proxy is disabled, the bridge itself expects its endpoint to be on its own domain (e.g. "localhost:6789")
|
||||||
matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
|
matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
|
||||||
|
@ -1,23 +1,47 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Ensure AppService webhooks paths exist
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- { path: "{{ matrix_appservice_webhooks_base_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_appservice_webhooks_config_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_appservice_webhooks_data_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_appservice_webhooks_docker_src_files_path }}", when: "{{ matrix_appservice_webhooks_container_image_self_build }}"}
|
||||||
|
when: "item.when|bool"
|
||||||
|
|
||||||
- name: Ensure Appservice webhooks image is pulled
|
- name: Ensure Appservice webhooks image is pulled
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ matrix_appservice_webhooks_docker_image }}"
|
name: "{{ matrix_appservice_webhooks_docker_image }}"
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}"
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}"
|
||||||
|
when: "not matrix_appservice_webhooks_container_image_self_build|bool"
|
||||||
|
|
||||||
- name: Ensure AppService webhooks paths exist
|
- block:
|
||||||
file:
|
- name: Ensure Appservice webhooks repository is present on self-build
|
||||||
path: "{{ item }}"
|
git:
|
||||||
state: directory
|
repo: "{{ matrix_appservice_webhooks_container_image_self_build_repo }}"
|
||||||
mode: 0750
|
dest: "{{ matrix_appservice_webhooks_docker_src_files_path }}"
|
||||||
owner: "{{ matrix_user_username }}"
|
version: "{{ matrix_appservice_webhooks_container_image_self_build_repo_version }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
force: "yes"
|
||||||
with_items:
|
register: matrix_appservice_webhooks_git_pull_results
|
||||||
- "{{ matrix_appservice_webhooks_base_path }}"
|
|
||||||
- "{{ matrix_appservice_webhooks_config_path }}"
|
- name: Ensure Appservice webhooks Docker image is built
|
||||||
- "{{ matrix_appservice_webhooks_data_path }}"
|
docker_image:
|
||||||
|
name: "{{ matrix_appservice_webhooks_docker_image }}"
|
||||||
|
source: build
|
||||||
|
force_source: "{{ matrix_appservice_webhooks_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_git_pull_results.changed }}"
|
||||||
|
build:
|
||||||
|
dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}"
|
||||||
|
path: "{{ matrix_appservice_webhooks_docker_src_files_path }}"
|
||||||
|
pull: yes
|
||||||
|
when: "matrix_appservice_webhooks_container_image_self_build|bool"
|
||||||
|
|
||||||
- name: Ensure Matrix Appservice webhooks config is installed
|
- name: Ensure Matrix Appservice webhooks config is installed
|
||||||
copy:
|
copy:
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
matrix_beeper_linkedin_enabled: true
|
matrix_beeper_linkedin_enabled: true
|
||||||
|
|
||||||
matrix_beeper_linkedin_version: v0.5.0
|
matrix_beeper_linkedin_version: v0.5.1
|
||||||
# See: https://gitlab.com/beeper/linkedin/container_registry
|
# See: https://gitlab.com/beeper/linkedin/container_registry
|
||||||
matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64"
|
matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64"
|
||||||
matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}"
|
matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}"
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
matrix_heisenbridge_enabled: true
|
matrix_heisenbridge_enabled: true
|
||||||
|
|
||||||
matrix_heisenbridge_version: 1.1.1
|
matrix_heisenbridge_version: 1.2.1
|
||||||
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
|
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
|
||||||
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
|
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -110,6 +110,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
|
|||||||
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
|
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
|
||||||
matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
|
matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
|
||||||
|
|
||||||
|
matrix_mautrix_telegram_sender_localpart: "telegrambot"
|
||||||
|
|
||||||
matrix_mautrix_telegram_registration_yaml: |
|
matrix_mautrix_telegram_registration_yaml: |
|
||||||
id: telegram
|
id: telegram
|
||||||
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
|
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
|
||||||
@ -123,10 +125,10 @@ matrix_mautrix_telegram_registration_yaml: |
|
|||||||
aliases:
|
aliases:
|
||||||
- exclusive: true
|
- exclusive: true
|
||||||
regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
|
regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
|
||||||
# See https://github.com/mautrix/signal/issues/43
|
|
||||||
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
|
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
|
||||||
url: {{ matrix_mautrix_telegram_appservice_address }}
|
url: {{ matrix_mautrix_telegram_appservice_address }}
|
||||||
rate_limited: false
|
rate_limited: false
|
||||||
de.sorunome.msc2409.push_ephemeral: true
|
de.sorunome.msc2409.push_ephemeral: true
|
||||||
|
# sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
|
||||||
|
|
||||||
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"
|
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"
|
||||||
|
@ -25,7 +25,7 @@ presence:
|
|||||||
# Bridge Discord online/offline status
|
# Bridge Discord online/offline status
|
||||||
enabled: true
|
enabled: true
|
||||||
# How often to send status to the homeserver in milliseconds
|
# How often to send status to the homeserver in milliseconds
|
||||||
interval: 500
|
interval: 10000
|
||||||
|
|
||||||
provisioning:
|
provisioning:
|
||||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||||
@ -70,7 +70,7 @@ namePatterns:
|
|||||||
#
|
#
|
||||||
# name: username of the user
|
# name: username of the user
|
||||||
# discriminator: hashtag of the user (ex. #1234)
|
# discriminator: hashtag of the user (ex. #1234)
|
||||||
user: :name
|
user: ":name (#:discriminator) (via Discord)"
|
||||||
|
|
||||||
# A user's guild-specific displayname - if they've set a custom nick in
|
# A user's guild-specific displayname - if they've set a custom nick in
|
||||||
# a guild
|
# a guild
|
||||||
@ -82,7 +82,7 @@ namePatterns:
|
|||||||
# displayname: the user's custom group-specific nick
|
# displayname: the user's custom group-specific nick
|
||||||
# channel: the name of the channel
|
# channel: the name of the channel
|
||||||
# guild: the name of the guild
|
# guild: the name of the guild
|
||||||
userOverride: :name
|
userOverride: ":displayname (:name#:discriminator) (via Discord)"
|
||||||
|
|
||||||
# Room names for bridged Discord channels
|
# Room names for bridged Discord channels
|
||||||
#
|
#
|
||||||
@ -90,7 +90,7 @@ namePatterns:
|
|||||||
#
|
#
|
||||||
# name: name of the channel
|
# name: name of the channel
|
||||||
# guild: name of the guild
|
# guild: name of the guild
|
||||||
room: :name
|
room: "#:name (:guild on Discord)"
|
||||||
|
|
||||||
# Group names for bridged Discord servers
|
# Group names for bridged Discord servers
|
||||||
#
|
#
|
||||||
|
@ -3,7 +3,7 @@ matrix_client_element_enabled: true
|
|||||||
matrix_client_element_container_image_self_build: false
|
matrix_client_element_container_image_self_build: false
|
||||||
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
|
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
|
||||||
|
|
||||||
matrix_client_element_version: v1.8.5
|
matrix_client_element_version: v1.9.0
|
||||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||||
|
BIN
roles/matrix-client-element/files/antifa_coffee_cups.png
Normal file
BIN
roles/matrix-client-element/files/antifa_coffee_cups.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 188 KiB |
BIN
roles/matrix-client-element/files/background.jpg
Normal file
BIN
roles/matrix-client-element/files/background.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.1 MiB |
BIN
roles/matrix-client-element/files/background_small.jpg
Normal file
BIN
roles/matrix-client-element/files/background_small.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 747 KiB |
@ -67,6 +67,18 @@
|
|||||||
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
|
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
|
||||||
when: "matrix_client_element_enabled|bool and item.src is not none"
|
when: "matrix_client_element_enabled|bool and item.src is not none"
|
||||||
|
|
||||||
|
- name: Copy Element costum files
|
||||||
|
copy:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
|
||||||
|
- {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
|
||||||
|
when: "matrix_client_element_enabled|bool and item.src is not none"
|
||||||
|
|
||||||
- name: Ensure Element config files removed
|
- name: Ensure Element config files removed
|
||||||
file:
|
file:
|
||||||
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"
|
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"
|
||||||
|
@ -33,7 +33,7 @@ h1::after {
|
|||||||
}
|
}
|
||||||
|
|
||||||
.mx_Logo {
|
.mx_Logo {
|
||||||
height: 54px;
|
height: 92px;
|
||||||
margin-top: 2px;
|
margin-top: 2px;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
- name: Generate Etherpad proxying configuration for matrix-nginx-proxy
|
- name: Generate Etherpad proxying configuration for matrix-nginx-proxy
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_etherpad_matrix_nginx_proxy_configuration: |
|
matrix_etherpad_matrix_nginx_proxy_configuration: |
|
||||||
rewrite ^{{ matrix_etherpad_public_endpoint }}$ $scheme://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;
|
rewrite ^{{ matrix_etherpad_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;
|
||||||
|
|
||||||
location {{ matrix_etherpad_public_endpoint }}/ {
|
location {{ matrix_etherpad_public_endpoint }}/ {
|
||||||
{% if matrix_nginx_proxy_enabled|default(False) %}
|
{% if matrix_nginx_proxy_enabled|default(False) %}
|
||||||
@ -27,7 +27,7 @@
|
|||||||
proxy_http_version 1.1; # recommended with keepalive connections
|
proxy_http_version 1.1; # recommended with keepalive connections
|
||||||
proxy_pass_header Server;
|
proxy_pass_header Server;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; # for EP to set secure cookie flag when https is used
|
||||||
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
|
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection $connection_upgrade;
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
@ -40,6 +40,12 @@ matrix_nginx_proxy_container_extra_arguments: []
|
|||||||
# - services are served directly from the HTTP vhost
|
# - services are served directly from the HTTP vhost
|
||||||
matrix_nginx_proxy_https_enabled: true
|
matrix_nginx_proxy_https_enabled: true
|
||||||
|
|
||||||
|
# Controls whether matrix-nginx-proxy trusts an upstream server's X-Forwarded-Proto header
|
||||||
|
#
|
||||||
|
# Required if you disable HTTPS for the container (see `matrix_nginx_proxy_https_enabled`) and have an upstream server handle it instead.
|
||||||
|
matrix_nginx_proxy_trust_forwarded_proto: false
|
||||||
|
matrix_nginx_proxy_x_forwarded_proto_value: "{{ '$http_x_forwarded_proto' if matrix_nginx_proxy_trust_forwarded_proto else '$scheme' }}"
|
||||||
|
|
||||||
# Controls whether the matrix-nginx-proxy container exposes its HTTP port (tcp/8080 in the container).
|
# Controls whether the matrix-nginx-proxy container exposes its HTTP port (tcp/8080 in the container).
|
||||||
#
|
#
|
||||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:80"), or empty string to not expose.
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:80"), or empty string to not expose.
|
||||||
@ -177,6 +183,10 @@ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:809
|
|||||||
# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain)
|
# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain)
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics: false
|
matrix_nginx_proxy_proxy_synapse_metrics: false
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false
|
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false
|
||||||
|
# The following value will be written verbatim to the htpasswd file that stores the password for nginx to check against and needs to be encoded appropriately.
|
||||||
|
# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here.
|
||||||
|
# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/`
|
||||||
|
# The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/"
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: ""
|
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: ""
|
||||||
|
|
||||||
# The addresses where the Matrix Client API is.
|
# The addresses where the Matrix Client API is.
|
||||||
@ -426,7 +436,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
|
|||||||
|
|
||||||
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
||||||
matrix_ssl_lets_encrypt_staging: false
|
matrix_ssl_lets_encrypt_staging: false
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.19.0"
|
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.20.0"
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
||||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||||
matrix_ssl_lets_encrypt_support_email: ~
|
matrix_ssl_lets_encrypt_support_email: ~
|
||||||
|
@ -88,7 +88,7 @@ server {
|
|||||||
{% if matrix_nginx_proxy_ocsp_stapling_enabled %}
|
{% if matrix_nginx_proxy_ocsp_stapling_enabled %}
|
||||||
ssl_stapling on;
|
ssl_stapling on;
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_element_hostname }}/chain.pem;
|
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_hydrogen_hostname }}/chain.pem;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
||||||
|
@ -20,13 +20,13 @@
|
|||||||
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
add_header Permissions-Policy interest-cohort=() always;
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_nginx_proxy_hsts_preload_enabled %}
|
{% if matrix_nginx_proxy_hsts_preload_enabled %}
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
{% else %}
|
{% else %}
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
||||||
|
|
||||||
location /.well-known/matrix {
|
location /.well-known/matrix {
|
||||||
@ -59,7 +59,7 @@
|
|||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -77,7 +77,7 @@
|
|||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -112,7 +112,7 @@
|
|||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -137,7 +137,7 @@
|
|||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
|
|
||||||
client_body_buffer_size 25M;
|
client_body_buffer_size 25M;
|
||||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
|
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
|
||||||
@ -152,7 +152,7 @@
|
|||||||
#}
|
#}
|
||||||
location ~* ^/$ {
|
location ~* ^/$ {
|
||||||
{% if matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain %}
|
{% if matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain %}
|
||||||
return 302 $scheme://{{ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain }}$request_uri;
|
return 302 {{ matrix_nginx_proxy_x_forwarded_proto_value }}://{{ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain }}$request_uri;
|
||||||
{% else %}
|
{% else %}
|
||||||
rewrite ^/$ /_matrix/static/ last;
|
rewrite ^/$ /_matrix/static/ last;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -215,12 +215,12 @@ server {
|
|||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/chain.pem;
|
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/chain.pem;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }};
|
ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }};
|
||||||
ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }};
|
ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }};
|
||||||
|
|
||||||
{{ render_vhost_directives() }}
|
{{ render_vhost_directives() }}
|
||||||
}
|
}
|
||||||
@ -262,7 +262,7 @@ server {
|
|||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
ssl_trusted_certificate {{ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_trusted_certificate }};
|
ssl_trusted_certificate {{ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_trusted_certificate }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -283,7 +283,7 @@ server {
|
|||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
|
|
||||||
client_body_buffer_size 25M;
|
client_body_buffer_size 25M;
|
||||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
|
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
|
||||||
|
@ -71,7 +71,7 @@
|
|||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
@ -128,7 +128,7 @@ server {
|
|||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/chain.pem;
|
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_jitsi_hostname }}/chain.pem;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -29,7 +29,7 @@
|
|||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
@ -85,7 +85,7 @@ server {
|
|||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_sygnal_hostname }}/chain.pem;
|
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_sygnal_hostname }}/chain.pem;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -22,7 +22,8 @@ matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}
|
|||||||
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}"
|
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}"
|
||||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
|
matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.0{{ matrix_postgres_docker_image_suffix }}"
|
||||||
|
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}"
|
||||||
|
|
||||||
# This variable is assigned at runtime. Overriding its value has no effect.
|
# This variable is assigned at runtime. Overriding its value has no effect.
|
||||||
matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'
|
matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'
|
||||||
|
@ -54,3 +54,8 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}"
|
matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}"
|
||||||
when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')"
|
when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')"
|
||||||
|
|
||||||
|
- name: Determine corresponding Docker image to detected version (use 13.x, if detected)
|
||||||
|
set_fact:
|
||||||
|
matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v13 }}"
|
||||||
|
when: "matrix_postgres_detected_version == '13' or matrix_postgres_detected_version.startswith('13.')"
|
||||||
|
@ -22,8 +22,8 @@
|
|||||||
- name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
|
- name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_registration_matrix_nginx_proxy_configuration: |
|
matrix_registration_matrix_nginx_proxy_configuration: |
|
||||||
rewrite ^{{ matrix_registration_public_endpoint }}$ $scheme://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
|
rewrite ^{{ matrix_registration_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
|
||||||
rewrite ^{{ matrix_registration_public_endpoint }}/$ $scheme://$server_name{{ matrix_registration_public_endpoint }}/register redirect;
|
rewrite ^{{ matrix_registration_public_endpoint }}/$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_registration_public_endpoint }}/register redirect;
|
||||||
|
|
||||||
location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
|
location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
|
||||||
{% if matrix_nginx_proxy_enabled|default(False) %}
|
{% if matrix_nginx_proxy_enabled|default(False) %}
|
||||||
|
BIN
roles/matrix-riot-web/files/antifa_coffee_cups.png
Normal file
BIN
roles/matrix-riot-web/files/antifa_coffee_cups.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 188 KiB |
BIN
roles/matrix-riot-web/files/background.jpg
Normal file
BIN
roles/matrix-riot-web/files/background.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.1 MiB |
@ -22,7 +22,7 @@
|
|||||||
- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
|
- name: Generate Synapse Admin proxying configuration for matrix-nginx-proxy
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_synapse_admin_matrix_nginx_proxy_configuration: |
|
matrix_synapse_admin_matrix_nginx_proxy_configuration: |
|
||||||
rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ $scheme://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
|
rewrite ^{{ matrix_synapse_admin_public_endpoint }}$ {{ matrix_nginx_proxy_x_forwarded_proto_value }}://$server_name{{ matrix_synapse_admin_public_endpoint }}/ permanent;
|
||||||
|
|
||||||
location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
|
location ~ ^{{ matrix_synapse_admin_public_endpoint }}/(.*) {
|
||||||
{% if matrix_nginx_proxy_enabled|default(False) %}
|
{% if matrix_nginx_proxy_enabled|default(False) %}
|
||||||
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
|||||||
# amd64 gets released first.
|
# amd64 gets released first.
|
||||||
# arm32 relies on self-building, so the same version can be built immediately.
|
# arm32 relies on self-building, so the same version can be built immediately.
|
||||||
# arm64 users need to wait for a prebuilt image to become available.
|
# arm64 users need to wait for a prebuilt image to become available.
|
||||||
matrix_synapse_version: v1.43.0
|
matrix_synapse_version: v1.44.0
|
||||||
matrix_synapse_version_arm64: v1.43.0
|
matrix_synapse_version_arm64: v1.44.0
|
||||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -2612,12 +2612,16 @@ user_directory:
|
|||||||
#enabled: false
|
#enabled: false
|
||||||
|
|
||||||
# Defines whether to search all users visible to your HS when searching
|
# Defines whether to search all users visible to your HS when searching
|
||||||
# the user directory, rather than limiting to users visible in public
|
# the user directory. If false, search results will only contain users
|
||||||
# rooms. Defaults to false.
|
# visible in public rooms and users sharing a room with the requester.
|
||||||
|
# Defaults to false.
|
||||||
#
|
#
|
||||||
# If you set it true, you'll have to rebuild the user_directory search
|
# NB. If you set this to true, and the last time the user_directory search
|
||||||
# indexes, see:
|
# indexes were (re)built was before Synapse 1.44, you'll have to
|
||||||
# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md
|
# rebuild the indexes in order to search through all known users.
|
||||||
|
# These indexes are built the first time Synapse starts; admins can
|
||||||
|
# manually trigger a rebuild following the instructions at
|
||||||
|
# https://matrix-org.github.io/synapse/latest/user_directory.html
|
||||||
#
|
#
|
||||||
# Uncomment to return search results containing all known users, even if that
|
# Uncomment to return search results containing all known users, even if that
|
||||||
# user does not share a room with the requester.
|
# user does not share a room with the requester.
|
||||||
|
32
setup.yml
32
setup.yml
@ -56,4 +56,34 @@
|
|||||||
- matrix-aux
|
- matrix-aux
|
||||||
- matrix-postgres-backup
|
- matrix-postgres-backup
|
||||||
- matrix-prometheus-postgres-exporter
|
- matrix-prometheus-postgres-exporter
|
||||||
- matrix-common-after
|
- matrix-common-after
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Ensure web-user is present
|
||||||
|
user:
|
||||||
|
name: "{{ web_user }}"
|
||||||
|
state: present
|
||||||
|
system: yes
|
||||||
|
register: web_user_res
|
||||||
|
tags: [ setup-caddy, setup-all, start ]
|
||||||
|
- name: Ensure directory for revproxy config is present
|
||||||
|
file:
|
||||||
|
path: "{{ revproxy_autoload_dir }}/matrix"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ web_user_res.uid }}"
|
||||||
|
group: "{{ web_user_res.group }}"
|
||||||
|
mode: 0750
|
||||||
|
tags: [ setup-caddy, setup-all, start ]
|
||||||
|
- name: Template reverse proxy configuration
|
||||||
|
template:
|
||||||
|
src: Caddyfile.j2
|
||||||
|
dest: "{{ revproxy_autoload_dir }}/matrix/Caddyfile"
|
||||||
|
owner: "{{ web_user_res.uid }}"
|
||||||
|
group: "{{ web_user_res.group }}"
|
||||||
|
mode: 0640
|
||||||
|
tags: [ setup-caddy, setup-all, start ]
|
||||||
|
- name: Restart reverse proxy
|
||||||
|
docker_container:
|
||||||
|
name: web
|
||||||
|
state: started
|
||||||
|
restart: yes
|
||||||
|
110
templates/Caddyfile.j2
Normal file
110
templates/Caddyfile.j2
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
https://{{ matrix_server_fqn_matrix }} {
|
||||||
|
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
|
||||||
|
encode zstd gzip
|
||||||
|
header {
|
||||||
|
Strict-Transport-Security "max-age=31536000;"
|
||||||
|
X-Frame-Options "DENY"
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
}
|
||||||
|
# matrix-ma1sd
|
||||||
|
reverse_proxy /_matrix/identity/* {{ matrix_ma1sd_container_http_host_bind_port }} {
|
||||||
|
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
||||||
|
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||||||
|
}
|
||||||
|
reverse_proxy /_matrix/client/r0/user_directory/search/* {{ matrix_ma1sd_container_http_host_bind_port }} {
|
||||||
|
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
||||||
|
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||||||
|
}
|
||||||
|
reverse_proxy /_matrix/federation/* http://{{ matrix_synapse_container_federation_api_plain_host_bind_port }}
|
||||||
|
reverse_proxy /_matrix/key/* http://{{ matrix_synapse_container_federation_api_plain_host_bind_port }}
|
||||||
|
reverse_proxy /_matrix/* {{ matrix_synapse_container_client_api_host_bind_port }} {
|
||||||
|
import proxyheaders
|
||||||
|
header_down Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
||||||
|
header_down Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||||||
|
}
|
||||||
|
route /synapse-admin/* {
|
||||||
|
uri strip_prefix /synapse-admin
|
||||||
|
reverse_proxy http://127.0.0.1{{ matrix_synapse_admin_container_http_host_bind_port }}
|
||||||
|
}
|
||||||
|
reverse_proxy /_synapse/* http://{{ matrix_synapse_container_client_api_host_bind_port }}
|
||||||
|
basicauth /metrics/* bcrypt monitoring {
|
||||||
|
monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
|
||||||
|
}
|
||||||
|
route /metrics/synapse {
|
||||||
|
uri replace /metrics/synapse /_synapse/metrics
|
||||||
|
reverse_proxy http://{{ matrix_synapse_container_metrics_api_host_bind_port }}
|
||||||
|
}
|
||||||
|
route /metrics/synapse/worker/appservice {
|
||||||
|
uri replace /metrics/synapse/worker/appservice /_synapse/metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_synapse_workers_appservice_workers_metrics_range_start }}
|
||||||
|
}
|
||||||
|
route /metrics/synapse/worker/federation-sender {
|
||||||
|
uri replace /metrics/synapse/worker/federation-sender /_synapse/metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start }}
|
||||||
|
}
|
||||||
|
route /metrics/bridge/* {
|
||||||
|
uri strip_prefix /metrics/bridge
|
||||||
|
route /mautrix-telegram {
|
||||||
|
uri replace /mautrix-telegram /metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
|
||||||
|
}
|
||||||
|
route /mautrix-whatsapp {
|
||||||
|
uri replace /mautrix-whatsapp /metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
|
||||||
|
}
|
||||||
|
route /mautrix-signal {
|
||||||
|
uri replace /mautrix-signal /metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
|
||||||
|
}
|
||||||
|
route /mx-puppet-instagram {
|
||||||
|
uri replace /mx-puppet-instagram /metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
|
||||||
|
}
|
||||||
|
route /mx-puppet-discord {
|
||||||
|
uri replace /mx-puppet-discord /metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
|
||||||
|
}
|
||||||
|
route /mx-puppet-skype {
|
||||||
|
uri replace /mx-puppet-skype /metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
|
||||||
|
}
|
||||||
|
route /mx-puppet-slack {
|
||||||
|
uri replace /mx-puppet-slack /metrics
|
||||||
|
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
reverse_proxy /bridge/telegram/* http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}
|
||||||
|
reverse_proxy /bridge/slack/* http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}
|
||||||
|
}
|
||||||
|
|
||||||
|
https://{{ matrix_server_fqn_dimension }} {
|
||||||
|
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
|
||||||
|
encode zstd gzip
|
||||||
|
reverse_proxy http://{{ matrix_dimension_container_http_host_bind_port }} {
|
||||||
|
#header_up X-Forwarded-For {remote}
|
||||||
|
import proxyheaders
|
||||||
|
#header_up Host {host}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
https://{{ matrix_server_fqn_element }} {
|
||||||
|
tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
|
||||||
|
encode zstd gzip
|
||||||
|
reverse_proxy http://{{ matrix_client_element_container_http_host_bind_port }}
|
||||||
|
}
|
||||||
|
|
||||||
|
https://{{ matrix_domain }}/.well-known/matrix/* {
|
||||||
|
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
|
||||||
|
route {
|
||||||
|
uri strip_prefix /.well-known/matrix
|
||||||
|
root * /matrix_static
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
header {
|
||||||
|
Content-Type "application/json"
|
||||||
|
X-Content-Type-Options "nosniff"
|
||||||
|
Access-Control-Allow-Origin *
|
||||||
|
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
||||||
|
Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user