overmind
/
matrix-docker-ansible-deploy
зеркало из https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Форкнуть 0
Код Задачи 0 Релизы 0 Вики Активность
Просмотр исходного кода

Add traefik config

pull/3512/head
Jade Ellis 5 месяцев назад
committed by Thom Wiggers
Родитель
18b212a671
Сommit
0c4cc36691
Не найден GPG ключ соответствующий данной подписи Идентификатор GPG ключа: 1BB0A7CE26E363
5 измененных файлов: 86 добавлений и 1 удалений
Единый вид
Опции Diff
Показать статистику Скачать Patch файл Скачать Diff файл
  1. +7
    -0
      group_vars/matrix_servers
  2. +24
    -1
      roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
  3. +8
    -0
      roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
  4. +43
    -0
      roles/custom/matrix-bridge-appservice-irc/templates/labels.j2
  5. +4
    -0
      roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2

+ 7
- 0
group_vars/matrix_servers Просмотреть файл

@@ -843,6 +843,8 @@ matrix_appservice_irc_container_additional_networks_auto: |-
([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+ +
([postgres_container_network] if (postgres_enabled and matrix_appservice_irc_database_hostname == postgres_connection_hostname and matrix_appservice_irc_container_network != postgres_container_network) else []) ([postgres_container_network] if (postgres_enabled and matrix_appservice_irc_database_hostname == postgres_connection_hostname and matrix_appservice_irc_container_network != postgres_container_network) else [])
+
[matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_appservice_irc_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else []
) | unique ) | unique
}} }}


@@ -860,6 +862,11 @@ matrix_appservice_irc_database_hostname: "{{ postgres_connection_hostname if pos
matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}" matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}"
matrix_appservice_irc_database_container_network: "{{ postgres_container_network if postgres_enabled else '' }}" matrix_appservice_irc_database_container_network: "{{ postgres_container_network if postgres_enabled else '' }}"


matrix_appservice_irc_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_appservice_irc_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_appservice_irc_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_appservice_irc_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

###################################################################### ######################################################################
# #
# /matrix-bridge-appservice-irc # /matrix-bridge-appservice-irc


+ 24
- 1
roles/custom/matrix-bridge-appservice-irc/defaults/main.yml Просмотреть файл

@@ -463,11 +463,16 @@ matrix_appservice_irc_ircService_servers: [] # noqa var-naming
# # Kick a Matrix user from ALL rooms if they choose to QUIT the IRC network. # # Kick a Matrix user from ALL rooms if they choose to QUIT the IRC network.
# userQuit: true # userQuit: true


# Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container).
# Controls whether the matrix-appservice-irc container exposes its HTTP port (tcp/9999 in the container).
# #
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose. # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
matrix_appservice_irc_container_http_host_bind_port: '' matrix_appservice_irc_container_http_host_bind_port: ''


# Controls whether the matrix-appservice-irc container exposes its media proxy HTTP port (tcp/11111 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:11111"), or empty string to not expose.
matrix_appservice_irc_container_media_proxy_host_bind_port: ''

matrix_appservice_irc_container_network: "" matrix_appservice_irc_container_network: ""


matrix_appservice_irc_container_additional_networks: "{{ matrix_appservice_irc_container_additional_networks_auto + matrix_appservice_irc_container_additional_networks_custom }}" matrix_appservice_irc_container_additional_networks: "{{ matrix_appservice_irc_container_additional_networks_auto + matrix_appservice_irc_container_additional_networks_custom }}"
@@ -477,6 +482,24 @@ matrix_appservice_irc_container_additional_networks_custom: []
# A list of extra arguments to pass to the container # A list of extra arguments to pass to the container
matrix_appservice_irc_container_extra_arguments: [] matrix_appservice_irc_container_extra_arguments: []


# matrix_appservice_irc_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# To inject your own other container labels, see `matrix_appservice_irc_container_labels_additional_labels`.
matrix_appservice_irc_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_appservice_irc_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_appservice_irc_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
matrix_appservice_irc_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

# Controls whether Traefik labels for the media proxy will be applied
matrix_appservice_irc_container_labels_media_proxy_enabled: true
matrix_appservice_irc_container_labels_media_proxy_traefik_rule: "Host(`{{ matrix_domain }}`) && PathPrefix(`/irc/`)"
matrix_appservice_irc_container_labels_media_proxy_traefik_priority: 2000
matrix_appservice_irc_container_labels_media_proxy_traefik_entrypoints: "{{ matrix_appservice_irc_container_labels_traefik_entrypoints }}"
matrix_appservice_irc_container_labels_media_proxy_traefik_tls: "{{ matrix_appservice_irc_container_labels_media_proxy_traefik_entrypoints != 'web' }}"
matrix_appservice_irc_container_labels_media_proxy_traefik_tls_certResolver: "{{ matrix_appservice_irc_container_labels_traefik_tls_certResolver }}"

# matrix-appservice-irc container additional labels
matrix_appservice_irc_container_labels_additional_labels: ''

# List of systemd services that matrix-appservice-irc.service depends on. # List of systemd services that matrix-appservice-irc.service depends on.
matrix_appservice_irc_systemd_required_services_list: "{{ matrix_appservice_irc_systemd_required_services_list_default + matrix_appservice_irc_systemd_required_services_list_auto + matrix_appservice_irc_systemd_required_services_list_custom }}" matrix_appservice_irc_systemd_required_services_list: "{{ matrix_appservice_irc_systemd_required_services_list_default + matrix_appservice_irc_systemd_required_services_list_auto + matrix_appservice_irc_systemd_required_services_list_custom }}"
matrix_appservice_irc_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" matrix_appservice_irc_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"


+ 8
- 0
roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml Просмотреть файл

@@ -121,6 +121,14 @@
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_group_name }}"


- name: Ensure Matrix Appservice IRC labels file installed
ansible.builtin.template:
src: "{{ role_path }}/templates/labels.j2"
dest: "{{ matrix_appservice_irc_base_path }}/labels"
mode: 0644
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"

- name: Generate Appservice IRC passkey if it doesn't exist - name: Generate Appservice IRC passkey if it doesn't exist
ansible.builtin.shell: ansible.builtin.shell:
cmd: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048" cmd: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"


+ 43
- 0
roles/custom/matrix-bridge-appservice-irc/templates/labels.j2 Просмотреть файл

@@ -0,0 +1,43 @@
{#
SPDX-FileCopyrightText: 2025 Jade Ellis

SPDX-License-Identifier: AGPL-3.0-or-later
#}

{% if matrix_appservice_irc_container_labels_traefik_enabled and matrix_appservice_irc_container_labels_media_proxy_enabled %}
traefik.enable=true

{% if matrix_appservice_irc_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_appservice_irc_container_labels_traefik_docker_network }}
{% endif %}

traefik.http.services.matrix-appservice-irc-media-proxy.loadbalancer.server.port={{ matrix_appservice_irc_homeserver_media_bind_port }}

############################################################
# #
# IRC Bridge Media Proxy #
# #
############################################################

traefik.http.routers.matrix-appservice-irc-media-proxy.rule={{ matrix_appservice_irc_container_labels_media_proxy_traefik_rule }}

{% if matrix_appservice_irc_container_labels_media_proxy_traefik_priority | int > 0 %}
traefik.http.routers.matrix-appservice-irc-media-proxy.priority={{ matrix_appservice_irc_container_labels_media_proxy_traefik_priority }}
{% endif %}

traefik.http.routers.matrix-appservice-irc-media-proxy.service=matrix-appservice-irc-media-proxy
traefik.http.routers.matrix-appservice-irc-media-proxy.entrypoints={{ matrix_appservice_irc_container_labels_media_proxy_traefik_entrypoints }}

traefik.http.routers.matrix-appservice-irc-media-proxy.tls={{ matrix_appservice_irc_container_labels_media_proxy_traefik_tls | to_json }}
{% if matrix_appservice_irc_container_labels_media_proxy_traefik_tls %}
traefik.http.routers.matrix-appservice-irc-media-proxy.tls.certResolver={{ matrix_appservice_irc_container_labels_media_proxy_traefik_tls_certResolver }}
{% endif %}

############################################################
# #
# /IRC Bridge Media Proxy #
# #
############################################################
{% endif %}

{{ matrix_appservice_irc_container_labels_additional_labels }}

+ 4
- 0
roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 Просмотреть файл

@@ -26,8 +26,12 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
{% if matrix_appservice_irc_container_http_host_bind_port %} {% if matrix_appservice_irc_container_http_host_bind_port %}
-p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \ -p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \
{% endif %} {% endif %}
{% if matrix_appservice_irc_container_media_proxy_host_bind_port %}
-p {{ matrix_appservice_irc_container_media_proxy_host_bind_port }}:{{ matrix_appservice_irc_homeserver_media_bind_port }} \
{% endif %}
--mount type=bind,src={{ matrix_appservice_irc_config_path }},dst=/config \ --mount type=bind,src={{ matrix_appservice_irc_config_path }},dst=/config \
--mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data \ --mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data \
--label-file={{ matrix_appservice_irc_base_path }}/labels \
{% for arg in matrix_appservice_irc_container_extra_arguments %} {% for arg in matrix_appservice_irc_container_extra_arguments %}
{{ arg }} \ {{ arg }} \
{% endfor %} {% endfor %}


Редактирование Предпросмотр
Загрузка…
Отмена
Сохранить