f4f06ae068
The matrix-nginx-proxy role can now be used independently. This makes it consistent with all other roles, with the `matrix-base` role remaining as their only dependency. Separating matrix-nginx-proxy was relatively straightforward, with the exception of the Mautrix Telegram reverse-proxying configuration. Mautrix Telegram, being an extension/bridge, does not feel important enough to justify its own special handling in matrix-nginx-proxy. Thus, we've introduced the concept of "additional configuration blocks" (`matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks`), where any module can register its own custom nginx server blocks. For such dynamic registration to work, the order of role execution becomes important. To make it possible for each module participating in dynamic registration to verify that the order of execution is correct, we've also introduced a `matrix_nginx_proxy_role_executed` variable. It should be noted that this doesn't make the matrix-synapse role dependent on matrix-nginx-proxy. It's optional runtime detection and registration, and it only happens in the matrix-synapse role when `matrix_mautrix_telegram_enabled: true`.
117 lines
4.7 KiB
YAML
117 lines
4.7 KiB
YAML
---
|
|
|
|
- name: Ensure Mautrix Telegram image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_mautrix_telegram_docker_image }}"
|
|
when: "matrix_mautrix_telegram_enabled"
|
|
|
|
- name: Ensure Mautrix Telegram configuration path exists
|
|
file:
|
|
path: "{{ matrix_mautrix_telegram_base_path }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
when: "matrix_mautrix_telegram_enabled"
|
|
|
|
- stat: "path={{ matrix_mautrix_telegram_base_path }}/config.yaml"
|
|
register: mautrix_config_file
|
|
|
|
- name: Ensure Matrix Mautrix telegram config installed
|
|
template:
|
|
src: "{{ role_path }}/templates/ext/mautrix-telegram/config.yaml.j2"
|
|
dest: "{{ matrix_mautrix_telegram_base_path }}/config.yaml"
|
|
mode: 0644
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
when: "matrix_mautrix_telegram_enabled and mautrix_config_file.stat.exists == False"
|
|
|
|
- name: Ensure matrix-mautrix-telegram.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2"
|
|
dest: "/etc/systemd/system/matrix-mautrix-telegram.service"
|
|
mode: 0644
|
|
when: "matrix_mautrix_telegram_enabled"
|
|
|
|
- stat:
|
|
path: "{{ matrix_mautrix_telegram_base_path }}/registration.yaml"
|
|
register: mautrix_telegram_registration_file
|
|
|
|
- name: Generate matrix-mautrix-telegram registration.yaml if it doesn't exist
|
|
shell: /usr/bin/docker run --rm --name matrix-mautrix-telegram-gen -v {{ matrix_mautrix_telegram_base_path }}:/data:z {{ matrix_mautrix_telegram_docker_image }} python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml
|
|
when: "matrix_mautrix_telegram_enabled and mautrix_telegram_registration_file.stat.exists == False"
|
|
|
|
- set_fact:
|
|
matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml'
|
|
|
|
- set_fact:
|
|
matrix_synapse_container_additional_volumes: >
|
|
{{ matrix_synapse_container_additional_volumes }}
|
|
+
|
|
{{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }}
|
|
when: "matrix_mautrix_telegram_enabled"
|
|
|
|
- set_fact:
|
|
matrix_synapse_app_service_config_files: >
|
|
{{ matrix_synapse_app_service_config_files }}
|
|
+
|
|
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json }}
|
|
when: "matrix_mautrix_telegram_enabled"
|
|
|
|
- block:
|
|
- name: Fail if matrix-nginx-proxy role already executed
|
|
fail:
|
|
msg: >
|
|
Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
|
|
but it's pointless since the matrix-nginx-proxy role had already executed.
|
|
To fix this, please change the order of roles in your plabook,
|
|
so that the matrix-nginx-proxy role would run after the matrix-synapse role.
|
|
when: "matrix_nginx_proxy_role_executed"
|
|
|
|
- name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
|
|
set_fact:
|
|
matrix_mautrix_telegram_matrix_nginx_proxy_configuration: |
|
|
location {{ matrix_mautrix_telegram_public_endpoint }} {
|
|
{% if matrix_nginx_proxy_enabled %}
|
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
|
resolver 127.0.0.11 valid=5s;
|
|
set $backend "matrix-mautrix-telegram:8080";
|
|
proxy_pass http://$backend;
|
|
{% else %}
|
|
{# Generic configuration for use outside of our container setup #}
|
|
proxy_pass http://localhost:8080;
|
|
{% endif %}
|
|
}
|
|
|
|
- name: Register Mautrix Telegram proxying configuration with matrix-nginx-proxy
|
|
set_fact:
|
|
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
|
|
{{
|
|
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks
|
|
+
|
|
[matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
|
|
}}
|
|
|
|
when: "matrix_mautrix_telegram_enabled and matrix_nginx_proxy_enabled|default(False)"
|
|
tags:
|
|
- always
|
|
|
|
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
|
debug:
|
|
msg: >
|
|
NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
|
|
reverse proxy.
|
|
Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
|
|
URL endpoint to the matrix-mautrix-telegram container.
|
|
when: "matrix_mautrix_telegram_enabled and matrix_nginx_proxy_enabled is not defined"
|
|
|
|
#
|
|
# Tasks related to getting rid of matrix-mautrix-telegram (if it was previously enabled)
|
|
#
|
|
|
|
- name: Ensure matrix-mautrix-telegram.service doesn't exist
|
|
file:
|
|
path: "/etc/systemd/system/matrix-mautrix-telegram.service"
|
|
state: absent
|
|
when: "not matrix_mautrix_telegram_enabled"
|