diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml index beff46585..22ba92532 100644 --- a/.config/ansible-lint.yml +++ b/.config/ansible-lint.yml @@ -9,5 +9,8 @@ skip_list: - schema - command-instead-of-shell - role-name + # We frequently load configuration from a template (into a variable), then merge that with another variable (configuration extension) + # before finally dumping it to a file. + - template-instead-of-copy offline: false diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index aa107858b..8da5b9690 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,7 +13,7 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run yamllint - uses: frenck/action-yamllint@v1.2.0 + uses: frenck/action-yamllint@v1.3.1 ansible-lint: name: ansible-lint runs-on: ubuntu-latest diff --git a/.gitignore b/.gitignore index 36c65bdaa..0b64b8594 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,10 @@ !/inventory/.gitkeep !/inventory/host_vars/.gitkeep !/inventory/scripts -/roles/*/files/scratchpad +/roles/**/files/scratchpad .DS_Store .python-version + +# ignore roles pulled by ansible-galaxy +/roles/galaxy/* +!/roles/galaxy/.gitkeep diff --git a/.yamllint b/.yamllint index 08b89afd9..75da2b702 100644 --- a/.yamllint +++ b/.yamllint @@ -1,8 +1,5 @@ --- extends: default -ignore: | - roles/matrix-synapse/vars/workers.yml - rules: line-length: disable diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e094858d..209e99459 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,183 @@ +# 2022-11-05 + +## (Backward Compatibility Break) A new default standalone mode for Etherpad + +Until now, [Etherpad](https://etherpad.org/) (which [the playbook could install for you](docs/configuring-playbook-etherpad.md)) required the [Dimension integration manager](docs/configuring-playbook-dimension.md) to also be installed, because Etherpad was hosted on the Dimension domain (at `dimension.DOMAIN/etherpad`). + +From now on, Etherpad can be installed in `standalone` mode on `etherpad.DOMAIN` and used even without Dimension. This is much more versatile, so the playbook now defaults to this new mode (`matrix_etherpad_mode: standalone`). + +If you've already got both Etherpad and Dimension in use you could: + +- **either** keep hosting Etherpad under the Dimension domain by adding `matrix_etherpad_mode: dimension` to your `vars.yml` file. All your existing room widgets will continue working at the same URLs and no other changes will be necessary. + +- **or**, you could change to hosting Etherpad separately on `etherpad.DOMAIN`. You will need to [configure a DNS record](docs/configuring-dns.md) for this new domain. You will also need to reconfigure Dimension to use the new pad URLs (`https://etherpad.DOMAIN/...`) going forward (refer to our [configuring Etherpad documentation](docs/configuring-playbook-etherpad.md)). All your existing room widgets (which still use `https://dimension.DOMAIN/etherpad/...`) will break as Etherpad is not hosted there anymore. You will need to re-add them or to consider not using `standalone` mode + + +# 2022-11-04 + +## The playbook now uses external roles for some things + +**TLDR**: when updating the playbook and before running it, you'll need to run `make roles` to make [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) download dependency roles (see the [`requirements.yml` file](requirements.yml)) to the `roles/galaxy` directory. Without this, the playbook won't work. + +We're in the process of trimming the playbook and making it reuse Ansible roles. + +Starting now, the playbook is composed of 2 types of Ansible roles: + +- those that live within the playbook itself (`roles/custom/*`) + +- those downloaded from other sources (using [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to `roles/galaxy`, based on the [`requirements.yml` file](requirements.yml)). These roles are maintained by us or by other people from the Ansible community. + +We're doing this for greater code-reuse (across Ansible playbooks, including our own related playbooks [gitea-docker-ansible-deploy](https://github.com/spantaleev/gitea-docker-ansible-deploy) and [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy)) and decreased maintenance burden. Until now, certain features were copy-pasted across playbooks or were maintained separately in each one, with improvements often falling behind. We've also tended to do too much by ourselves - installing Docker on the server from our `matrix-base` role, etc. - something that we'd rather not do anymore by switching to the [geerlingguy.docker](https://galaxy.ansible.com/geerlingguy/docker) role. + +Some variable names will change during the transition to having more and more external (galaxy) roles. There's a new `custom/matrix_playbook_migration` role added to the playbook which will tell you about these changes each time you run the playbook. + +**From now on**, every time you update the playbook (well, every time the `requirements.yml` file changes), it's best to run `make roles` to update the roles downloaded from other sources. `make roles` is a shortcut (a `roles` target defined in [`Makefile`](Makefile) and executed by the [`make`](https://www.gnu.org/software/make/) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `make`, you can also manually run the commands seen in the `Makefile`. + + +# 2022-10-14 + +## synapse-s3-storage-provider support + +**`synapse-s3-storage-provider` support is very new and still relatively untested. Using it may cause data loss.** + +You can now store your Synapse media repository files on Amazon S3 (or another S3-compatible object store) using [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) - a media provider for Synapse (Python module), which should work faster and more reliably than our previous [Goofys](docs/configuring-playbook-s3-goofys.md) implementation (Goofys will continue to work). + +This is not just for initial installations. Users with existing files (stored in the local filesystem) can also migrate their files to `synapse-s3-storage-provider`. + +To get started, see our [Storing Synapse media files on Amazon S3 with synapse-s3-storage-provider](docs/configuring-playbook-synapse-s3-storage-provider.md) documentation. + + +## Synapse container image customization support + +We now support customizing the Synapse container image by adding additional build steps to its [`Dockerfile`](https://docs.docker.com/engine/reference/builder/). + +Our [synapse-s3-storage-provider support](#synapse-s3-storage-provider-support) is actually built on this. When `s3-storage-provider` is enabled, we automatically add additional build steps to install its Python module into the Synapse image. + +Besides this kind of auto-added build steps (for components supported by the playbook), we also let you inject your own custom build steps using configuration like this: + +```yaml +matrix_synapse_container_image_customizations_enabled: true + +matrix_synapse_container_image_customizations_dockerfile_body_custom: | + RUN echo 'This is a custom step for building the customized Docker image for Synapse.' + RUN echo 'You can override matrix_synapse_container_image_customizations_dockerfile_body_custom to add your own steps.' + RUN echo 'You do NOT need to include a FROM clause yourself.' +``` + +People who have needed to customize Synapse previously had to fork the git repository, make their changes to the `Dockerfile` there, point the playbook to the new repository (`matrix_synapse_container_image_self_build_repo`) and enable self-building from scratch (`matrix_synapse_container_image_self_build: true`). This is harder and slower. + +With the new Synapse-customization feature in the playbook, we use the original upstream (pre-built, if available) Synapse image and only build on top of it, right on the Matrix server. This is much faster than building all of Synapse from scratch. + + +# 2022-10-02 + +## matrix-ldap-registration-proxy support + +Thanks to [@TheOneWithTheBraid](https://github.com/TheOneWithTheBraid), we now support installing [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) - a proxy which handles Matrix registration requests and forwards them to LDAP. + +See our [Setting up the ldap-registration-proxy](docs/configuring-playbook-matrix-ldap-registration-proxy.md) documentation to get started. + + +# 2022-09-15 + +## (Potential Backward Compatibility Break) Major improvements to Synapse workers + +People who are interested in running a Synapse worker setup should know that **our Synapse worker implementation is much more powerful now**: + +- we've added support for [Stream writers](#stream-writers-support) +- we've added support for [multiple federation sender workers](#multiple-federation-sender-workers-support) +- we've added support for [multiple pusher workers](#multiple-pusher-workers-support) +- we've added support for [running background tasks on a worker](#background-tasks-can-run-on-a-worker) +- we've restored support for [`appservice` workers](#appservice-worker-support-is-back) +- we've restored support for [`user_dir` workers](#user-directory-worker-support-is-back) +- we've made it possible to [reliably use more than 1 `media_repository` worker](#using-more-than-1-media-repository-worker-is-now-more-reliable) +- see the [Potential Backward Incompatibilities after these Synapse worker changes](#potential-backward-incompatibilities-after-these-synapse-worker-changes) + +### Stream writers support + +From now on, the playbook lets you easily set up various [stream writer workers](https://matrix-org.github.io/synapse/latest/workers.html#stream-writers) which can handle different streams (`events` stream; `typing` URL endpoints, `to_device` URL endpoints, `account_data` URL endpoints, `receipts` URL endpoints, `presence` URL endpoints). All of this work was previously handled by the main Synapse process, but can now be offloaded to stream writer worker processes. + +If you're using `matrix_synapse_workers_preset: one-of-each`, you'll automatically get 6 additional workers (one for each of the above stream types). Our `little-federation-helper` preset (meant to be quite minimal and focusing in improved federation performance) does not include stream writer workers. + +If you'd like to customize the number of workers we also make that possible using these variables: + +```yaml +# Synapse only supports more than 1 worker for the `events` stream. +# All other streams can utilize either 0 or 1 workers, not more than that. +matrix_synapse_workers_stream_writer_events_stream_workers_count: 5 +matrix_synapse_workers_stream_writer_typing_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_to_device_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_account_data_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_receipts_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_presence_stream_workers_count: 1 +``` + +### Multiple federation sender workers support + +Until now, we only supported a single `federation_sender` worker (`matrix_synapse_workers_federation_sender_workers_count` could either be `0` or `1`). +From now on, you can have as many as you want to help with your federation traffic. + +### Multiple pusher workers support + +Until now, we only supported a single `pusher` worker (`matrix_synapse_workers_pusher_workers_count` could either be `0` or `1`). +From now on, you can have as many as you want to help with pushing notifications out. + +### Background tasks can run on a worker + +From now on, you can put [background task processing on a worker](https://matrix-org.github.io/synapse/latest/workers.html#background-tasks). + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `background` worker automatically. +You can also control the `background` workers count with `matrix_synapse_workers_background_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. + +### Appservice worker support is back + +We previously had an `appservice` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. + +The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of talking to Application Services. +From now on, we have support for this. + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `appservice` worker automatically. +You can also control the `appservice` workers count with `matrix_synapse_workers_appservice_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. + +### User Directory worker support is back + +We previously had a `user_dir` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. + +The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of serving the user directory. +From now on, we have support for this. + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `user_dir` worker automatically. +You can also control the `user_dir` workers count with `matrix_synapse_workers_user_dir_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. + +### Using more than 1 media repository worker is now more reliable + +With `matrix_synapse_workers_preset: one-of-each`, we only launch one `media_repository` worker. + +If you've been configuring `matrix_synapse_workers_media_repository_workers_count` manually, you may have increased that to more workers. +When multiple media repository workers are in use, background tasks related to the media repository must always be configured to run on a single `media_repository` worker via `media_instance_running_background_jobs`. Until now, we weren't doing this correctly, but we now are. + +### Potential Backward Incompatibilities after these Synapse worker changes + +Below we'll discuss **potential backward incompatibilities**. + +- **Worker names** (container names, systemd services, worker configuration files) **have changed**. Workers are now labeled sequentially (e.g. `matrix-synapse-worker_generic_worker-18111` -> `matrix-synapse-worker-generic-0`). The playbook will handle these changes automatically. + +- Due to increased worker types support above, people who use `matrix_synapse_workers_preset: one-of-each` should be aware that with these changes, **the playbook will deploy 9 additional workers** (6 stream writers, 1 `appservice` worker, 1 `user_dir` worker, 1 background task worker). This **may increase RAM/CPU usage**, etc. If you find your server struggling, consider disabling some workers with the appropriate `matrix_synapse_workers_*_workers_count` variables. + +- **Metric endpoints have also changed** (`/metrics/synapse/worker/generic_worker-18111` -> `/metrics/synapse/worker/generic-worker-0`). If you're [collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server), consider revisiting our [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server) docs and updating your Prometheus configuration. **If you're collecting metrics to the integrated Prometheus server** (not enabled by default), **your Prometheus configuration will be updated automatically**. Old data (from before this change) may stick around though. + +- **the format of `matrix_synapse_workers_enabled_list` has changed**. You were never advised to use this variable for directly creating workers (we advise people to control workers using `matrix_synapse_workers_preset` or by tweaking `matrix_synapse_workers_*_workers_count` variables only), but some people may have started using the `matrix_synapse_workers_enabled_list` variable to gain more control over workers. If you're one of them, you'll need to adjust its value. See `roles/custom/matrix-synapse/defaults/main.yml` for more information on the new format. The playbook will also do basic validation and complain if you got something wrong. + + +# 2022-09-09 + +## Cactus Comments support + +Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now set up [Cactus Comments](https://cactus.chat) - federated comment system for the web based on Matrix. + +See our [Setting up a Cactus Comments server](docs/configuring-playbook-cactus-comments.md) documentation to get started. + + # 2022-08-23 ## Postmoogle email bridge support @@ -268,7 +448,7 @@ matrix_ma1sd_enabled: true We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401). -To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`. +To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/custom/matrix-synapse/defaults/main.yml`. # 2022-02-01 @@ -655,7 +835,7 @@ You have 3 ways to proceed: - stop the bridge (`systemctl stop matrix-mautrix-facebook`) - create a new `matrix_mautrix_facebook` Postgres database for it - run [pgloader](https://pgloader.io/) manually (we import this bridge's data using default settings and it works well) - - define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/matrix-mautrix-facebook/defaults/main.yml` + - define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/custom/matrix-mautrix-facebook/defaults/main.yml` - switch the bridge to Postgres (`matrix_mautrix_facebook_database_engine: 'postgres'` in your `vars.yml` file) - re-run the playbook (`--tags=setup-all,start`) and ensure the bridge works (`systemctl status matrix-mautrix-facebook` and `journalctl -fu matrix-mautrix-facebook`) - send a `login` message to the Facebook bridge bot again @@ -1533,7 +1713,7 @@ Having Synapse not be a required component potentially opens the door for instal ## Bridges are now separate from the Synapse role Bridges are no longer part of the `matrix-synapse` role. -Each bridge now lives in its own separate role (`roles/matrix-bridge-*`). +Each bridge now lives in its own separate role (`roles/custom/matrix-bridge-*`). These bridge roles are independent of the `matrix-synapse` role, so it should be possible to use them with a Synapse instance installed another way (not through the playbook). @@ -1827,7 +2007,7 @@ The following variables are no longer supported by this playbook: - `matrix_mxisd_template_config` You are encouraged to use the `matrix_mxisd_configuration_extension_yaml` variable to define your own mxisd configuration additions and overrides. -Refer to the [default variables file](roles/matrix-mxisd/defaults/main.yml) for more information. +Refer to the [default variables file](roles/custom/matrix-mxisd/defaults/main.yml) for more information. This new way of configuring mxisd is beneficial because: @@ -1889,14 +2069,14 @@ Based on feedback from others, running Synapse on Python 3 is supposed to decrea ## Riot homepage customization You can now customize some parts of the Riot homepage (or even completely replace it with your own custom page). -See the `matrix_riot_web_homepage_` variables in `roles/matrix-riot-web/defaults/main.yml`. +See the `matrix_riot_web_homepage_` variables in `roles/custom/matrix-riot-web/defaults/main.yml`. # 2018-12-04 ## mxisd extensibility -The [LDAP identity store for mxisd](https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md) can now be configured easily using playbook variables (see the `matrix_mxisd_ldap_` variables in `roles/matrix-server/defaults/main.yml`). +The [LDAP identity store for mxisd](https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md) can now be configured easily using playbook variables (see the `matrix_mxisd_ldap_` variables in `roles/custom/matrix-server/defaults/main.yml`). # 2018-11-28 diff --git a/Makefile b/Makefile index f0aeb3971..b7fc41bd7 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,11 @@ -.PHONY: lint +.PHONY: roles lint help: ## Show this help. - @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//' + @grep -F -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -e 's/\\$$//' | sed -e 's/##//' + +roles: ## Pull roles + rm -rf roles/galaxy + ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force lint: ## Runs ansible-lint against all roles in the playbook ansible-lint diff --git a/README.md b/README.md index 221e8a85b..569dbb3f8 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. -- (optional) [Amazon S3](https://aws.amazon.com/s3/) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys) +- (optional) [Amazon S3](https://aws.amazon.com/s3/) (or other S3-compatible object store) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys) or [`synapse-s3-storage-provider`](https://github.com/matrix-org/synapse-s3-storage-provider) - (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. @@ -45,6 +45,8 @@ Using this playbook, you can get the following services configured on your serve - (optional, advanced) the [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) LDAP Auth password provider module +- (optional, advanced) the [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) a proxy that handles Matrix registration requests and forwards them to LDAP. + - (optional, advanced) the [synapse-simple-antispam](https://github.com/t2bot/synapse-simple-antispam) spam checker module - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server @@ -137,6 +139,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation +- (optional) [Cactus Comments](https://cactus.chat), a federated comment system built on matrix - see [docs/configuring-playbook-cactus-comments.md](docs/configuring-playbook-cactus-comments.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. diff --git a/docs/ansible.md b/docs/ansible.md index bd1fe9273..e8a0ddb21 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -45,10 +45,7 @@ Alternatively, you can run Ansible inside a Docker container (powered by the [de This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook. -There are 2 ways to go about it: - -- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) -- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server) +You can either [run Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) or [run Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server). ### Running Ansible in a container on the Matrix server itself @@ -73,13 +70,15 @@ docker run -it --rm \ -w /work \ -v `pwd`:/work \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.13.0-r0 +docker.io/devture/ansible:2.13.6-r0 ``` Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. -You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now. +First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues). + +Finally, you can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now. ### Running Ansible in a container on another computer (not the Matrix server) @@ -92,7 +91,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -docker.io/devture/ansible:2.13.0-r0 +docker.io/devture/ansible:2.13.6-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). @@ -101,7 +100,10 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container. The `/work` directory contains the playbook's code. -You can execute `ansible-playbook ...` commands as per normal now. +First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues). + +Finally, you execute `ansible-playbook ...` commands as per normal now. + #### If you don't use SSH keys for authentication @@ -112,3 +114,13 @@ apk add sshpass ``` Then, to be asked for the password whenever running an `ansible-playbook` command add `--ask-pass` to the arguments of the command. + +#### Resolve directory ownership issues + +Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as: + +> fatal: unsafe repository ('/work' is owned by someone else) +> To add an exception for this directory, call: +> git config --global --add safe.directory /work + +These errors can be resolved by making `git` trust the playbook directory by running `git config --global --add safe.directory /work` diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index ca7c08b08..d7ccf17e7 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -26,20 +26,29 @@ Be mindful as to how long it will take for the DNS records to propagate. If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail. +When you're done configuring DNS, proceed to [Configuring the playbook](configuring-playbook.md). + ## DNS settings for optional services/features -| Type | Host | Priority | Weight | Port | Target | -| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | -| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | -| CNAME | `dimension` | - | - | - | `matrix.` | -| CNAME | `jitsi` | - | - | - | `matrix.` | -| CNAME | `stats` | - | - | - | `matrix.` | -| CNAME | `goneb` | - | - | - | `matrix.` | -| CNAME | `sygnal` | - | - | - | `matrix.` | -| CNAME | `ntfy` | - | - | - | `matrix.` | -| CNAME | `hydrogen` | - | - | - | `matrix.` | -| CNAME | `cinny` | - | - | - | `matrix.` | -| CNAME | `buscarron` | - | - | - | `matrix.` | +| Used by component | Type | Host | Priority | Weight | Port | Target | +| ----------------------------------------------------------------------------------------------------------------------- | ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- | +| [ma1sd](configuring-playbook-ma1sd.md) identity server | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | +| [Dimension](configuring-playbook-dimension.md) integration server | CNAME | `dimension` | - | - | - | `matrix.` | +| [Jitsi](configuring-playbook-jitsi.md) video-conferencing platform | CNAME | `jitsi` | - | - | - | `matrix.` | +| [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) monitoring system | CNAME | `stats` | - | - | - | `matrix.` | +| [Go-NEB](configuring-playbook-bot-go-neb.md) bot | CNAME | `goneb` | - | - | - | `matrix.` | +| [Sygnal](configuring-playbook-sygnal.md) push notification gateway | CNAME | `sygnal` | - | - | - | `matrix.` | +| [ntfy](configuring-playbook-ntfy.md) push notifications server | CNAME | `ntfy` | - | - | - | `matrix.` | +| [Etherpad](configuring-playbook-etherpad.md) collaborative text editor | CNAME | `etherpad` | - | - | - | `matrix.` | +| [Hydrogen](configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.` | +| [Cinny](configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.` | +| [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | MX | `matrix` | 10 | 0 | - | `matrix.` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` | + +When setting up a SRV record, if you are asked for a service and protocol instead of a hostname split the host value from the table where the period is. For example use service as `_matrix-identity` and protocol as `_tcp`. ## Subdomains setup @@ -60,6 +69,8 @@ The `sygnal.` subdomain may be necessary, because this playbook cou The `ntfy.` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.` DNS record. +The `etherpad.` subdomain may be necessary, because this playbook could install the [Etherpad](https://etherpad.org/) a highly customizable open source online editor providing collaborative editing in really real-time. The installation of etherpad is disabled by default, it is not a core required component. To learn how to install it, see our [configuring etherpad guide](configuring-playbook-etherpad.md). If you do not wish to set up etherpad, feel free to skip the `etherpad.` DNS record. + The `hydrogen.` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.` DNS record. The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. @@ -77,3 +88,8 @@ This is an optional feature for the optionally-installed [ma1sd service](configu Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md). + +## `_dmarc`, `postmoogle._domainkey` TXT and `matrix` MX records setup + +To make the [postmoogle](configuring-playbook-bot-postmoogle.md) email bridge enable its email sending features, you need to configure +SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 41ca0156c..f3cfc6def 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -56,7 +56,7 @@ where: * USER - SSH user of a provider/server * HOST - SSH host of a provider/server -* REPO - borg repository name, it will be initialized on backup start, eg: `matrix` +* REPO - borg repository name, it will be initialized on backup start, eg: `matrix`, regarding Syntax see [Remote repositories](https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls) * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager * PRIVATE KEY - the content of the **private** part of the SSH key you created before. The whole key (all of its belonging lines) under `matrix_backup_borg_ssh_key_private` needs to be indented with 2 spaces @@ -64,7 +64,7 @@ To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to you `matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. -Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options. +Check the `roles/custom/matrix-backup-borg/defaults/main.yml` file for the full list of available options. ## Installing @@ -73,3 +73,9 @@ After configuring the playbook, run the [installation](installing.md) command ag ``` ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ``` + +## Manually start a backup + +For testing your setup it can be helpful to not wait until 4am. If you want to run the backup immediately, log onto the server +and run `systemctl start matrix-backup-borg`. This will not return until the backup is done, so possibly a long time. +Consider using [tmux](https://en.wikipedia.org/wiki/Tmux) if your SSH connection is unstable. diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md index 3a5822abd..0b80ba403 100644 --- a/docs/configuring-playbook-bot-buscarron.md +++ b/docs/configuring-playbook-bot-buscarron.md @@ -5,20 +5,6 @@ The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/bu It's a bot you can use to setup **your own helpdesk on matrix** It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room -## Registering the bot user - -By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`. - -(to use a different username, adjust the `matrix_bot_buscarron_login` variable). - -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - ## Adjusting the playbook configuration @@ -27,7 +13,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_buscarron_enabled: true -# Adjust this to whatever password you chose when registering the bot user +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_buscarron_login: bot.buscarron + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT # Adjust accepted forms @@ -36,10 +25,10 @@ matrix_bot_buscarron_forms: room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + hasemail: 1 # (optional) form has "email" field that should be validated extensions: [] # (optional) list of form extensions (not used yet) -matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically -matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically +matrix_bot_buscarron_spamlist: [] # (optional) list of emails/domains/hosts (with wildcards support) that should be rejected automatically ``` You will also need to add a DNS record so that buscarron can be accessed. @@ -57,9 +46,15 @@ matrix_server_fqn_buscarron: "form.{{ matrix_domain }}" After configuring the playbook, run the [installation](installing.md) command again: +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` + +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_buscarron_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_buscarron_password` to let the bot know its new password ## Usage diff --git a/docs/configuring-playbook-bot-honoroit.md b/docs/configuring-playbook-bot-honoroit.md index 45fc033da..42f31d49a 100644 --- a/docs/configuring-playbook-bot-honoroit.md +++ b/docs/configuring-playbook-bot-honoroit.md @@ -7,21 +7,6 @@ It's a bot you can use to setup **your own helpdesk on matrix** See the project's [documentation](https://gitlab.com/etke.cc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you. -## Registering the bot user - -By default, the playbook will set up the bot with a username like this: `@honoroit:DOMAIN`. - -(to use a different username, adjust the `matrix_bot_honoroit_login` variable). - -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=honoroit password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - - ## Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: @@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_honoroit_enabled: true -# Adjust this to whatever password you chose when registering the bot user +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_honoroit_login: honoroit + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` matrix_bot_honoroit_password: PASSWORD_FOR_THE_BOT # Adjust this to your room ID @@ -41,9 +29,15 @@ matrix_bot_honoroit_roomid: "!yourRoomID:DOMAIN" After configuring the playbook, run the [installation](installing.md) command again: +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` + +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_honoroit_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_honoroit_password` to let the bot know its new password ## Usage diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index 739f0869c..b1e3fdc6c 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -16,7 +16,7 @@ By default, the playbook will set use the bot with a username like this: `@bot.m (to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable). -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): +For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): ``` ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user @@ -56,7 +56,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. diff --git a/docs/configuring-playbook-bot-matrix-reminder-bot.md b/docs/configuring-playbook-bot-matrix-reminder-bot.md index aaf5670c1..da73e5dbe 100644 --- a/docs/configuring-playbook-bot-matrix-reminder-bot.md +++ b/docs/configuring-playbook-bot-matrix-reminder-bot.md @@ -7,21 +7,6 @@ It's a bot you can use to **schedule one-off & recurring reminders and alarms**. See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage) to learn what it does and why it might be useful to you. -## Registering the bot user - -By default, the playbook will set up the bot with a username like this: `@bot.matrix-reminder-bot:DOMAIN`. - -(to use a different username, adjust the `matrix_bot_matrix_reminder_bot_matrix_user_id_localpart` variable). - -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-reminder-bot password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - - ## Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: @@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_matrix_reminder_bot_enabled: true -# Adjust this to whatever password you chose when registering the bot user +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_matrix_reminder_bot_matrix_user_id_localpart: bot.matrix-reminder-bot + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` matrix_bot_matrix_reminder_bot_matrix_user_password: PASSWORD_FOR_THE_BOT # Adjust this to your timezone @@ -41,9 +29,15 @@ matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/London After configuring the playbook, run the [installation](installing.md) command again: +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` + +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_matrix_reminder_bot_matrix_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_matrix_reminder_bot_matrix_user_password` to let the bot know its new password ## Usage diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md index 1a6636d79..11ab1cce2 100644 --- a/docs/configuring-playbook-bot-maubot.md +++ b/docs/configuring-playbook-bot-maubot.md @@ -54,4 +54,5 @@ Choose a strong password for the bot. You can generate a good password with a co ## Obtaining an admin access token -This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md). +This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands you'll need to open the bot docker container with `docker exec -it matrix-bot-maubot sh` +Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md). However these two methods won't allow the bot to work in encrypted rooms. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 20760d5ef..5fc6331e3 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -29,7 +29,7 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t ## 3. Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps. +You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps. 1. Copy the statement below into a text editor. diff --git a/docs/configuring-playbook-bot-postmoogle.md b/docs/configuring-playbook-bot-postmoogle.md index 70ac57b63..0fa366935 100644 --- a/docs/configuring-playbook-bot-postmoogle.md +++ b/docs/configuring-playbook-bot-postmoogle.md @@ -9,21 +9,6 @@ It's a bot/bridge you can use to forward emails to Matrix rooms See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you. -## Registering the bot user - -By default, the playbook will set up the bot with a username like this: `@postmoogle:DOMAIN`. - -(to use a different username, adjust the `matrix_bot_postmoogle_login` variable). - -You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=postmoogle password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - - ## Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: @@ -31,18 +16,30 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_postmoogle_enabled: true -# Adjust this to whatever password you chose when registering the bot user +# Uncomment and adjust this part if you'd like to use a username different than the default +# matrix_bot_postmoogle_login: postmoogle + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT ``` +You will also need to add several DNS records so that postmoogle can send emails. +See [Configuring DNS](configuring-dns.md). + ## Installing After configuring the playbook, run the [installation](installing.md) command again: +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` + +**Notes**: + +- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account + +- if you change the bot password (`matrix_bot_postmoogle_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_postmoogle_password` to let the bot know its new password ## Usage diff --git a/docs/configuring-playbook-bridge-appservice-kakaotalk.md b/docs/configuring-playbook-bridge-appservice-kakaotalk.md index 127f18f49..99ddafe83 100644 --- a/docs/configuring-playbook-bridge-appservice-kakaotalk.md +++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md @@ -2,6 +2,8 @@ The playbook can install and configure [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) for you. `matrix-appservice-kakaotalk` is a bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. +**NOTE**: there have been recent reports (~2022-09-16) that **using this bridge may get your account banned**. + See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you. @@ -26,8 +28,8 @@ There are some additional things you may wish to configure about the bridge. Take a look at: -- `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file -- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable +- `roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable ### Set up Double Puppeting diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md index eac756e29..6ec294fbd 100644 --- a/docs/configuring-playbook-bridge-beeper-linkedin.md +++ b/docs/configuring-playbook-bridge-beeper-linkedin.md @@ -27,7 +27,7 @@ matrix_beeper_linkedin_configuration_extension_yaml: | '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure. ## Set up Double Puppeting diff --git a/docs/configuring-playbook-bridge-heisenbridge.md b/docs/configuring-playbook-bridge-heisenbridge.md index 2c1b438f6..b21eab1ff 100644 --- a/docs/configuring-playbook-bridge-heisenbridge.md +++ b/docs/configuring-playbook-bridge-heisenbridge.md @@ -8,7 +8,7 @@ See the project's [README](https://github.com/hifi/heisenbridge/blob/master/READ ## Configuration -Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/matrix-bridge-heisenbridge/defaults/main.yml). +Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/custom/matrix-bridge-heisenbridge/defaults/main.yml). At a minimum, you only need to enable the bridge to get it up and running (`inventory/host_vars/matrix.DOMAIN/vars.yml`): diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 3e8a54a20..5cd4dd4c0 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -8,17 +8,36 @@ See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/l Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. + ## Setup Instructions Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do. -1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. -2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. -4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. +1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file +2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required. +3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). +4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. + +Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them. + +Finally, run the playbook (see [installing](installing.md)). + + +## Usage + +Create a room and invite the Hookshot bot (`@hookshot:DOMAIN`) to it. + +Make sure the bot is able to send state events (usually the Moderator power level in clients). + +Send a `!hookshot help` message to see a list of help commands. + +Refer to [Hookshot's documentation](https://matrix-org.github.io/matrix-hookshot/latest/usage.html) for more details about using the brige's various features. + +**Important:** Note that the different listeners are bound to certain paths which might differ from those assumed by the hookshot documentation, see [URLs for bridges setup](#urls-for-bridges-setup) below. + -Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. +## More setup documentation ### URLs for bridges setup @@ -35,14 +54,14 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | | metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | -See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). +See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml). -The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. +The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. ### Manage GitHub Private Key with matrix-aux role The GitHub bridge requires you to install a private key file. This can be done in multiple ways: -- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml)). +- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)). - somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually. - use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server. @@ -55,7 +74,7 @@ matrix_aux_file_definitions: owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" ``` -For more info see the documentation in the [matrix-aux base configuration file](/roles/matrix-aux/defaults/main.yml). +For more info see the documentation in the [matrix-aux base configuration file](/roles/custom/matrix-aux/defaults/main.yml). ### Provisioning API diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md index 9fbf14240..6acab6f10 100644 --- a/docs/configuring-playbook-bridge-mautrix-discord.md +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -1,9 +1,8 @@ # Setting up Mautrix Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. -- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. +- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. - For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. -The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you. @@ -12,13 +11,10 @@ See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.h ## Prerequisites -For using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**. - -You can delete the Discord app after the authentication process. +There are 2 ways to login to discord using this bridge, either by [scanning a QR code](#method-1-login-using-qr-code-recommended) using the Discord mobile app **or** by using a [Discord token](#method-2-login-using-discord-token-not-recommended). If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you proceed with this one if possible. - ## Installing To enable the bridge, add this to your `vars.yml` file: @@ -40,8 +36,8 @@ There are some additional things you may wish to configure about the bridge. Take a look at: -- `roles/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file -- `roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable +- `roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable ### Set up Double Puppeting @@ -69,8 +65,22 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ## Usage +### Logging in + +#### Method 1: Login using QR code (recommended) + +For using this bridge, you would need to authenticate by **scanning a QR code** with the Discord app on your phone. + +You can delete the Discord app after the authentication process. + +#### Method 2: Login using Discord token (not recommended) + +To acquire the token, open Discord in a private browser window. Then open the developer settings (keyboard shortcut might be "ctrl+shift+i" or by pressing "F12"). Navigate to the "Network" tab then reload the page. In the URL filter or search bar type "/api" and find the response with the file name of "library". Under the request headers you should find a variable called "Authorization", this is the token to your Discord account. After copying the token, you can close the browser window. + +### Bridging + 1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). -2. Send a `login` command +2. If you would like to login to Discord using a token, send `login-token` command, otherwise, send `login-qr` command. 3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app. 4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..." 5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index d74ec2a3f..82d51df32 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: | default: true ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index cbfdcb0b5..c5b3feb7a 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -31,7 +31,7 @@ matrix_mautrix_instagram_configuration_extension_yaml: | '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. ## Usage diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index 403177e6a..13e424d4f 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -55,7 +55,7 @@ matrix_mautrix_signal_bridge_permissions: | '@USER:YOUR_DOMAIN' : user ``` -You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure. ## Set up Double Puppeting diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index 08ee83ccd..91596afc4 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -59,3 +59,8 @@ matrix_mautrix_telegram_configuration_extension_yaml: | More details about permissions in this example: https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml#L410 + +If you like to exclude all groups from syncing and use the Telgeram-Bridge only for direct chats, you can add the following additional playbook configuration: +```yaml +matrix_mautrix_telegram_filter_mode: whitelist +``` diff --git a/docs/configuring-playbook-cactus-comments.md b/docs/configuring-playbook-cactus-comments.md new file mode 100644 index 000000000..00c76f543 --- /dev/null +++ b/docs/configuring-playbook-cactus-comments.md @@ -0,0 +1,65 @@ +# Setting up Cactus Comments (optional) + +The playbook can install and configure [Cactus Comments](https://cactus.chat) for you. + +Cactus Comments is a **federated comment system** built on Matrix. The role allows you to self-host the system. +It respects your privacy, and puts you in control. + +See the project's [documentation](https://cactus.chat/docs/getting-started/introduction/) to learn what it +does and why it might be useful to you. + + +## Configuration + +Add the following block to your `vars.yaml` and make sure to exchange the tokens to randomly generated values. + +```yaml +################# +## Cactus Chat ## +################# + +matrix_cactus_comments_enabled: true + +# To allow guest comments without users needing to log in, you need to have guest registration enabled. +# To do this you need to uncomment one of the following lines (depending if you are using synapse or dentrite as a homeserver) +# If you don't know which one you use: The default is synapse ;) +# matrix_synapse_allow_guest_access: true +# matrix_dentrite_allow_guest_access +``` + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +Upon starting Cactus Comments, a `bot.cactusbot` user account is created automatically. + +To get started, send a `help` message to the `@bot.cactusbot:your-homeserver.com` bot to confirm it's working. +Then, register a site by typing: `register `. You will then be invited into a moderation room. +Now you are good to go and can include the comment section on your website! + +**Careful:** To really make use of self-hosting you need change a few things in comparison to the official docs! + +Insert the following snippet into you page and make sure to replace `example.com` with your base domain! + + +```html + + +
+ +``` diff --git a/docs/configuring-playbook-client-element.md b/docs/configuring-playbook-client-element.md index 2248327f6..1f90aca68 100644 --- a/docs/configuring-playbook-client-element.md +++ b/docs/configuring-playbook-client-element.md @@ -17,7 +17,7 @@ matrix_client_element_enabled: false The playbook provides some customization variables you could use to change Element's settings. -Their defaults are defined in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/matrix-client-element/templates/config.json.j2`](../roles/matrix-client-element/templates/config.json.j2) template. +Their defaults are defined in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/custom/matrix-client-element/templates/config.json.j2`](../roles/custom/matrix-client-element/templates/config.json.j2) template. **If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix./vars.yml`) and [re-run the playbook](installing.md) to apply the changes. @@ -25,9 +25,9 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo - you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Element's various settings that rarely get used. -- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml). +- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/custom/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml). -- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml). +- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml). ## Themes diff --git a/docs/configuring-playbook-conduit.md b/docs/configuring-playbook-conduit.md new file mode 100644 index 000000000..8739a5674 --- /dev/null +++ b/docs/configuring-playbook-conduit.md @@ -0,0 +1,58 @@ +# Configuring Conduit (optional) + +By default, this playbook configures the [Synapse](https://github.com/matrix-org/synapse) Matrix server, but you can also use [Conduit](https://conduit.rs). + +**NOTES**: + +- **You can't switch an existing Matrix server's implementation** (e.g. Synapse -> Conduit). Proceed below only if you're OK with losing data or you're dealing with a server on a new domain name, which hasn't participated in the Matrix federation yet. + +- **homeserver implementations other than Synapse may not be fully functional**. The playbook may also not assist you in an optimal way (like it does with Synapse). Make yourself familiar with the downsides before proceeding + + +## Installation + +To use Conduit, you **generally** need the following additional `vars.yml` configuration: + +```yaml +matrix_homeserver_implementation: conduit +``` + +However, since Conduit is difficult (see [famedly/conduit#276](https://gitlab.com/famedly/conduit/-/issues/276) and [famedly/conduit#354](https://gitlab.com/famedly/conduit/-/merge_requests/354)) when it comes to creating the first user account and does not support [registering users](registering-users.md) (via the command line or via the playbook) like Synapse and Dendrite do, we recommend the following flow: + +1. Add `matrix_conduit_allow_registration: true` to your `vars.yml` the first time around, temporarily +2. Run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` - see [Installing](installing.md)) +3. Create your first user via Element or any other client which supports creating users +4. Get rid of `matrix_conduit_allow_registration: true` from your `vars.yml` +5. Run the playbook again (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-conduit,start` would be enough this time) +6. You can now use your server safely. Additional users can be created by messaging the internal Conduit bot + + +## Configuring bridges / appservices + +Automatic appservice setup is currently unsupported when using conduit. After setting up the service as usual you may notice that it is unable to start. + +You will have to manually register appservices using the the [register-appservice](https://gitlab.com/famedly/conduit/-/blob/next/APPSERVICES.md) command. + +Find the `registration.yaml` in the `/matrix` directory, for example `/matrix/mautrix-signal/bridge/registration.yaml`, then pass the content to conduit: + + + @conduit:your.server.name: register-appservice + ``` + as_token: + de.sorunome.msc2409.push_ephemeral: true + hs_token: + id: signal + namespaces: + aliases: + - exclusive: true + regex: ^#signal_.+:example\.org$ + users: + - exclusive: true + regex: ^@signal_.+:example\.org$ + - exclusive: true + regex: ^@signalbot:example\.org$ + rate_limited: false + sender_localpart: _bot_signalbot + url: http://matrix-mautrix-signal:29328 + ``` + diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index b97be7646..e201785a1 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -22,7 +22,7 @@ matrix_dimension_enabled: true ## Define admin users -These users can modify the integrations this Dimension supports. +These users can modify the integrations this Dimension supports. Add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml @@ -73,6 +73,6 @@ In the interim until the above limitation is resolved, an admin user needs to co ## Additional features To use a more custom configuration, you can define a `matrix_dimension_configuration_extension_yaml` string variable and put your configuration in it. -To learn more about how to do this, refer to the information about `matrix_dimension_configuration_extension_yaml` in the [default variables file](../roles/matrix-dimension/defaults/main.yml) of the Dimension component. +To learn more about how to do this, refer to the information about `matrix_dimension_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-dimension/defaults/main.yml) of the Dimension component. You can find all configuration options on [GitHub page of Dimension project](https://github.com/turt2live/matrix-dimension/blob/master/config/default.yaml). diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md index 9bebe0e97..56e181f1d 100644 --- a/docs/configuring-playbook-email2matrix.md +++ b/docs/configuring-playbook-email2matrix.md @@ -1,6 +1,7 @@ # Setting up Email2Matrix (optional) **Note**: email bridging can also happen via the [Postmoogle](configuring-playbook-bot-postmoogle.md) bot supported by the playbook. +Postmoogle is much more powerful and easier to use, so we recommend that you use it, instead of Email2Matrix. The playbook can install and configure [email2matrix](https://github.com/devture/email2matrix) for you. @@ -9,6 +10,10 @@ See the project's [documentation](https://github.com/devture/email2matrix/blob/m ## Preparation +### DNS configuration + +It's not strictly necessary, but you may increase the chances that incoming emails reach your server by adding an `MX` record for `matrix.DOMAIN`, as described in the [Configuring DNS](configuring-dns.md) documentation page. + ### Port availability Ensure that port 25 is available on your Matrix server and open in your firewall. diff --git a/docs/configuring-playbook-etherpad.md b/docs/configuring-playbook-etherpad.md index 4c38bb3ca..2ea423ef7 100644 --- a/docs/configuring-playbook-etherpad.md +++ b/docs/configuring-playbook-etherpad.md @@ -1,12 +1,20 @@ # Setting up Etherpad (optional) -[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io) +[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io) or used as standalone web app. When enabled together with the Jitsi audio/video conferencing system (see [our docs on Jitsi](configuring-playbook-jitsi.md)), it will be made available as an option during the conferences. + ## Prerequisites -For the self-hosted Etherpad instance to be available to your users, you must first enable and configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md) +Etherpad can be installed in 2 modes: + +- (default) `standalone` mode (`matrix_etherpad_mode: standalone`) - Etherpad will be hosted on `etherpad.` (`matrix_server_fqn_etherpad`), so the DNS record for this domian must be created. See [Configuring your DNS server](configuring-dns.md) on how to set up the `etherpad` DNS record correctly + +- `dimension` mode (`matrix_etherpad_mode: dimension`) - Etherpad will be hosted on `dimension./etherpad` (`matrix_server_fqn_dimension`). This requires that you **first** configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md) + +We recomend that you go with the default (`standalone`) mode, which makes Etherpad independent and allows it to be used with or without Dimension. + ## Installing @@ -14,35 +22,40 @@ For the self-hosted Etherpad instance to be available to your users, you must fi ```yaml matrix_etherpad_enabled: true + +# Uncomment below if you'd like to install Etherpad on the Dimension domain (not recommended) +# matrix_etherpad_mode: dimension + +# Uncomment below to enable the admin web UI +# matrix_etherpad_admin_username: admin +# matrix_etherpad_admin_password: some-password ``` -## Set Dimension default to the self-hosted Etherpad +If enabled, the admin web-UI should then be available on `https://etherpad./admin` (or `https://dimension./etherpad/admin`, if `matrix_etherpad_mode: dimension`) -The Dimension administrator users can configure the default URL template. The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab. Replace `scalar.vector.im` with your own Dimension domain. -### Removing the integrated Etherpad chat +## Managing / Deleting old pads -If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template. -Example: `https://dimension./etherpad/p/$roomId_$padName?showChat=false` +If you want to manage and remove old unused pads from Etherpad, you will first need to able Admin access as described above. -### Etherpad Admin access (optional) +Then from the plugin manager page (`https://etherpad./admin/plugins` or `https://dimension./etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI. -Etherpad comes with a admin web-UI which is disabled by default. You can enable it by setting a username and password in your configuration file (`inventory/host_vars/matrix./vars.yml`): -```yaml -matrix_etherpad_admin_username: admin -matrix_etherpad_admin_password: some-password -``` +## Set Dimension default to the self-hosted Etherpad (optional) -The admin web-UI should then be available on: `https://dimension./etherpad/admin` +If you decided to install [Dimension integration manager](configuring-playbook-dimension.md) alongside Etherpad, the Dimension administrator users can configure the default URL template. +The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab. -### Managing / Deleting old pads -If you want to manage and remove old unused pads from Etherpad, you will first need to able Admin access as described above. +### Removing the integrated Etherpad chat + +If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template. Examples: +- `https://etherpad./p/$roomId_$padName?showChat=false` (for the default - `matrix_etherpad_mode: standalone`) + +- `https://dimension./etherpad/p/$roomId_$padName?showChat=false` (for `matrix_etherpad_mode: dimension`) -Then from the plugin manager page (`https://dimension./etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI. -## Known issues +### Known issues If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it. `$roomId_$padName` can end up being longer than 50 characters. You can avoid having this problem by altering the template so it only contains the three word random identifier `$padName`. diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md index eef3cbace..1f1a30e49 100644 --- a/docs/configuring-playbook-external-postgres.md +++ b/docs/configuring-playbook-external-postgres.md @@ -20,7 +20,7 @@ matrix_synapse_database_database: "your-postgres-server-database-name" # Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server. # Each service expects to have its own dedicated database on the Postgres server -# and uses its own variable names (see `roles/matrix-*/defaults/main.yml) for configuring Postgres connectivity. +# and uses its own variable names (see `roles/custom/matrix-*/defaults/main.yml) for configuring Postgres connectivity. ``` The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials. diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index f7e8a949c..f278e54ec 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -14,7 +14,7 @@ Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record. You may also need to open the following ports to your server: - `4443/tcp` - RTP media fallback over TCP -- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)). +- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/custom/matrix-jitsi/defaults/main.yml)). ## Installation @@ -87,7 +87,7 @@ For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/d By default the Jitsi Meet instance does not work with a client in LAN (Local Area Network), even if others are connected from WAN. There are no video and audio. In the case of WAN to WAN everything is ok. -The reason is the Jitsi VideoBridge git to LAN client the IP address of the docker image instead of the host. The [documentation](https://github.com/jitsi/docker-jitsi-meet#running-behind-nat-or-on-a-lan-environment) of Jitsi in docker suggest to add `DOCKER_HOST_ADDRESS` in enviornment variable to make it work. +The reason is the Jitsi VideoBridge git to LAN client the IP address of the docker image instead of the host. The [documentation](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/#running-behind-nat-or-on-a-lan-environment) of Jitsi in docker suggest to add `JVB_ADVERTISE_IPS` in enviornment variable to make it work. Here is how to do it in the playbook. @@ -95,7 +95,7 @@ Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configu ```yaml matrix_jitsi_jvb_container_extra_arguments: - - '--env "DOCKER_HOST_ADDRESS="' + - '--env "JVB_ADVERTISE_IPS="' ``` ## (Optional) Fine tune Jitsi diff --git a/docs/configuring-playbook-ldap-auth.md b/docs/configuring-playbook-ldap-auth.md index 5144323ad..ecc0f2579 100644 --- a/docs/configuring-playbook-ldap-auth.md +++ b/docs/configuring-playbook-ldap-auth.md @@ -28,5 +28,12 @@ If you wish for users to **authenticate only against configured password provide matrix_synapse_password_config_localdb_enabled: false ``` + ## Using ma1sd Identity Server for authentication + If you wish to use the ma1sd Identity Server for LDAP authentication instead of [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) consult [Adjusting ma1sd Identity Server configuration](configuring-playbook-ma1sd.md#authentication). + + +## Handling user registration + +If you wish for users to also be able to make new registrations against LDAP, you may **also** wish to [set up the ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md). diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index e18a51c5d..1e92378a9 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -33,7 +33,7 @@ matrix_ma1sd_matrixorg_forwarding_enabled: true ## Customizing email templates If you'd like to change the default email templates used by ma1sd, take a look at the `matrix_ma1sd_threepid_medium_email_custom_` variables -(in the `roles/matrix-ma1sd/defaults/main.yml` file. +(in the `roles/custom/matrix-ma1sd/defaults/main.yml` file. ## ma1sd-controlled Registration @@ -86,7 +86,7 @@ You can refer to the [ma1sd website](https://github.com/ma1uta/ma1sd) for more d To use a more custom configuration, you can define a `matrix_ma1sd_configuration_extension_yaml` string variable and put your configuration in it. -To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component. +To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-ma1sd/defaults/main.yml) of the ma1sd component. ## Example: SMS verification diff --git a/docs/configuring-playbook-matrix-ldap-registration-proxy.md b/docs/configuring-playbook-matrix-ldap-registration-proxy.md new file mode 100644 index 000000000..16e0641e7 --- /dev/null +++ b/docs/configuring-playbook-matrix-ldap-registration-proxy.md @@ -0,0 +1,33 @@ +# Setting up matrix-ldap-registration-proxy (optional) + +The playbook can install and configure [matrix-ldap-registration-proxy](https://gitlab.com/activism.international/matrix_ldap_registration_proxy) for you. + +This proxy handles Matrix registration requests and forwards them to LDAP. + +**Please note:** This does support the full Matrix specification for registrations. It only provide a very coarse +implementation of a basic password registration. + +## Quickstart + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_ldap_registration_proxy_enabled: true +# LDAP credentials +matrix_ldap_registration_proxy_ldap_uri: +matrix_ldap_registration_proxy_ldap_base_dn: +matrix_ldap_registration_proxy_ldap_user: +matrix_ldap_registration_proxy_ldap_password: +``` + +If you already use the [synapse external password provider via LDAP](configuring-playbook-ldap-auth.md) (that is, you have `matrix_synapse_ext_password_provider_ldap_enabled: true` and other options in your configuration) +you can use the following values as configuration: + +```yaml +# Use the LDAP values specified for the synapse role to setup LDAP proxy +matrix_ldap_registration_proxy_ldap_uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}" +matrix_ldap_registration_proxy_ldap_base_dn: "{{ matrix_synapse_ext_password_provider_ldap_base }}" +matrix_ldap_registration_proxy_ldap_user: "{{ matrix_synapse_ext_password_provider_ldap_bind_dn }}" +matrix_ldap_registration_proxy_ldap_password: "{{ matrix_synapse_ext_password_provider_ldap_bind_password }}" +``` + diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md index 1cd76f963..abc6b0f18 100644 --- a/docs/configuring-playbook-mautrix-bridges.md +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -64,7 +64,7 @@ Can be used to set the username for the bridge. ## Discovering additional configuration options -You may wish to look at `roles/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure. +You may wish to look at `roles/custom/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting @@ -97,7 +97,7 @@ If you have issues with a service, and are requesting support, the higher levels ## Usage -You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). Send `login ` to the bridge bot to get started You can learn more here about authentication from the bridge's official documentation on Authentication https://docs.mau.fi/bridges/python/SERVICENAME/authentication.html . diff --git a/docs/configuring-playbook-nginx.md b/docs/configuring-playbook-nginx.md index c8500b374..96f854d0e 100644 --- a/docs/configuring-playbook-nginx.md +++ b/docs/configuring-playbook-nginx.md @@ -42,7 +42,7 @@ Besides changing the preset (`matrix_nginx_proxy_ssl_preset`), you can also dire - `matrix_nginx_proxy_ssl_prefer_server_ciphers`: for specifying if the server or the client choice when negotiating the cipher. It can set to `on` or `off`. - `matrix_nginx_proxy_ssl_ciphers`: for specifying the SSL Cipher suites used by nginx. -For more information about these variables, check the `roles/matrix-nginx-proxy/defaults/main.yml` file. +For more information about these variables, check the `roles/custom/matrix-nginx-proxy/defaults/main.yml` file. ## Synapse + OpenID Connect for Single-Sign-On @@ -80,5 +80,5 @@ matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: # These lines will be included in the nginx configuration. # This is at the top level of the file, so you will need to define all of the `server { ... }` blocks. - | - # For advanced use, have a look at the template files in `roles/matrix-nginx-proxy/templates/nginx/conf.d` + # For advanced use, have a look at the template files in `roles/custom/matrix-nginx-proxy/templates/nginx/conf.d` ``` diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 57dfb3b28..a5aec60b4 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -23,7 +23,7 @@ matrix_ntfy_configuration_extension_yaml: | log_level: DEBUG ``` -For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. +For a more complete list of variables that you could override, see `roles/custom/matrix-ntfy/defaults/main.yml`. For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). @@ -71,7 +71,8 @@ Steps needed for specific matrix apps: 3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section. * Element-android v1.4.26+: - - [not yet documented; should auto-detect and use it?] + 1. choose `Settings` -> `Notifications` -> `Notification method` -> `ntfy` + 2. verify `Settings` -> `Troubleshoot` -> `Troubleshoot notification settings` If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 76fa2d8b3..9fd51086b 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -1,11 +1,14 @@ # Using your own webserver, instead of this playbook's nginx proxy (optional, advanced) -By default, this playbook installs its own nginx webserver (in a Docker container) which listens on ports 80 and 443. +By default, this playbook installs its own nginx webserver (called `matrix-nginx-proxy`, in a Docker container) which listens on ports 80 and 443. If that's alright, you can skip this. If you don't want this playbook's nginx webserver to take over your server's 80/443 ports like that, and you'd like to use your own webserver (be it nginx, Apache, Varnish Cache, etc.), you can. +You should note, however, that the playbook's services work best when you keep using the integrated `matrix-nginx-proxy` webserver. +For example, disabling `matrix-nginx-proxy` when running a [Synapse worker setup for load-balancing](configuring-playbook-synapse.md#load-balancing-with-workers) (a more advanced, non-default configuration) is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). If you need a such more scalable setup, disabling `matrix-nginx-proxy` will be a bad idea. If yours will be a simple (default, non-worker-load-balancing) deployment, disabling `matrix-nginx-proxy` may be fine. + There are **2 ways you can go about it**, if you'd like to use your own webserver: - [Method 1: Disabling the integrated nginx reverse-proxy webserver](#method-1-disabling-the-integrated-nginx-reverse-proxy-webserver) @@ -24,11 +27,23 @@ No matter which external webserver you decide to go with, you'll need to: 1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx`. This allows your webserver user to access files owned by the `matrix` group. When using an external nginx webserver, this allows it to read configuration files from `/matrix/nginx-proxy/conf.d`. When using another server, it would make other files, such as `/matrix/static-files/.well-known`, accessible to it. -2) Edit your configuration file (`inventory/host_vars/matrix./vars.yml`) to disable the integrated nginx server: +2) Edit your configuration file (`inventory/host_vars/matrix./vars.yml`) + - to disable the integrated nginx server: -```yaml -matrix_nginx_proxy_enabled: false -``` + ```yaml + matrix_nginx_proxy_enabled: false + ``` + - if using an external server on another host, add the `_http_host_bind_port` or `_http_bind_port` variables for the services that will be exposed by the external server on the other host. The actual name of the variable is listed in the `roles//defaults/vars.yml` file for each service. Most variables follow the `_http_host_bind_port` format. + + These variables will make Docker expose the ports on all network interfaces instead of localhost only. + [Keep in mind that there are some security concerns if you simply proxy everything.](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) + + Here are the variables required for the default configuration (Synapse and Element) + ``` + matrix_synapse_container_client_api_host_bind_port: '0.0.0.0:8008' + matrix_synapse_container_federation_api_plain_host_bind_port: '0.0.0.0:8048' + matrix_client_element_container_http_host_bind_port: "0.0.0.0:8765" + ``` 3) **If you'll manage SSL certificates by yourself**, edit your configuration file (`inventory/host_vars/matrix./vars.yml`) to disable SSL certificate retrieval: @@ -38,7 +53,6 @@ matrix_ssl_retrieval_method: none **Note**: During [installation](installing.md), unless you've disabled SSL certificate management (`matrix_ssl_retrieval_method: none`), the playbook would need 80 to be available, in order to retrieve SSL certificates. **Please manually stop your other webserver while installing**. You can start it back up afterwards. - ### Using your own external nginx webserver Once you've followed the [Preparation](#preparation) guide above, it's time to set up your external nginx server. @@ -57,15 +71,6 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. -If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) -```yaml -# Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. -matrix_synapse_container_client_api_host_bind_port: '' -matrix_synapse_container_federation_api_plain_host_bind_port: '' -``` - - - ### Using your own external Apache webserver Once you've followed the [Preparation](#preparation) guide above, you can take a look at the [examples/apache](../examples/apache) directory for a sample configuration. @@ -79,7 +84,7 @@ After following the [Preparation](#preparation) guide above, you can take a loo ### Using another external webserver -Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/matrix-nginx-proxy/templates/nginx/conf.d/). +Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/). ## Method 2: Fronting the integrated nginx reverse-proxy webserver with another reverse-proxy diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index b2878c12b..f86566a94 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -90,11 +90,11 @@ matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_b Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). -Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. +Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. ### Collecting Synapse worker metrics to an external Prometheus server -If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. +If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/ID`, where `ID` corresponds to the worker `id` as exemplified in `matrix_synapse_workers_enabled_list`. The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. It will look a bit like this: @@ -111,8 +111,8 @@ scrape_configs: labels: job: "master" index: 1 - - job_name: 'synapse-generic_worker-1' - metrics_path: /metrics/synapse/worker/generic_worker-18111 + - job_name: 'matrix-synapse-synapse-worker-generic-worker-0' + metrics_path: /metrics/synapse/worker/generic-worker-0 scheme: https basic_auth: username: prometheus diff --git a/docs/configuring-playbook-s3-goofys.md b/docs/configuring-playbook-s3-goofys.md new file mode 100644 index 000000000..ef8f20c2c --- /dev/null +++ b/docs/configuring-playbook-s3-goofys.md @@ -0,0 +1,137 @@ +# Storing Matrix media files on Amazon S3 with Goofys (optional) + +If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service), +you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you. + +Another (and better performing) way to use S3 storage with Synapse is [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md). + +Using a Goofys-backed media store works, but performance may not be ideal. If possible, try to use a region which is close to your Matrix server. + +If you'd like to move your locally-stored media store data to Amazon S3 (or another S3-compatible object store), we also provide some migration instructions below. + + +## Usage + +After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure Goofys in your configuration file (`inventory/host_vars/matrix./vars.yml`): + +```yaml +matrix_s3_media_store_enabled: true +matrix_s3_media_store_bucket_name: "your-bucket-name" +matrix_s3_media_store_aws_access_key: "access-key-goes-here" +matrix_s3_media_store_aws_secret_key: "secret-key-goes-here" +matrix_s3_media_store_region: "eu-central-1" +``` + +You can use any S3-compatible object store by **additionally** configuring these variables: + +```yaml +matrix_s3_media_store_custom_endpoint_enabled: true +matrix_s3_media_store_custom_endpoint: "https://your-custom-endpoint" +``` + +If you have local media store files and wish to migrate to Backblaze B2 subsequently, follow our [migration guide to Backblaze B2](#migrating-to-backblaze-b2) below instead of applying this configuration as-is. + + +## Migrating from local filesystem storage to S3 + +It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before migrating your local media store to an S3-backed one. + +Follow one of the guides below for a migration path from a locally-stored media store to one stored on S3-compatible storage: + +- [Storing Matrix media files on Amazon S3 with Goofys (optional)](#storing-matrix-media-files-on-amazon-s3-with-goofys-optional) + - [Usage](#usage) + - [Migrating from local filesystem storage to S3](#migrating-from-local-filesystem-storage-to-s3) + - [Migrating to any S3-compatible storage (universal, but likely slow)](#migrating-to-any-s3-compatible-storage-universal-but-likely-slow) + - [Migrating to Backblaze B2](#migrating-to-backblaze-b2) + +### Migrating to any S3-compatible storage (universal, but likely slow) + +It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this. + +1. Proceed with the steps below without stopping Matrix services + +2. Start by adding the base S3 configuration in your `vars.yml` file (seen above, may be different depending on the S3 provider of your choice) + +3. In addition to the base configuration you see above, add this to your `vars.yml` file: + +```yaml +matrix_s3_media_store_path: /matrix/s3-media-store +``` + +This enables S3 support, but mounts the S3 storage bucket to `/matrix/s3-media-store` without hooking it to your homeserver yet. Your homeserver will still continue using your local filesystem for its media store. + +5. Run the playbook to apply the changes: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +6. Do an **initial sync of your files** by running this **on the server** (it may take a very long time): + +```sh +sudo -u matrix -- rsync --size-only --ignore-existing -avr /matrix/synapse/storage/media-store/. /matrix/s3-media-store/. +``` + +You may need to install `rsync` manually. + +7. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) + +8. Start the S3 service by running this **on the server**: `systemctl start matrix-goofys` + +9. Sync the files again by re-running the `rsync` command you see in step #6 + +10. Stop the S3 service by running this **on the server**: `systemctl stop matrix-goofys` + +11. Get the old media store out of the way by running this command on the server: + +```sh +mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup +``` + +12. Remove the `matrix_s3_media_store_path` configuration from your `vars.yml` file (undoing step #3 above) + +13. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +14. You're done! Verify that loading existing (old) media files works and that you can upload new ones. + +15. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup` + + +### Migrating to Backblaze B2 + +It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this. + +1. While all Matrix services are running, run the following command on the server: + +(you need to adjust the 3 `--env` line below with your own data) + +```sh +docker run -it --rm -w /work \ +--env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \ +--env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \ +--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \ +--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \ +--entrypoint=/bin/sh \ +docker.io/tianon/backblaze-b2:3.6.0 \ +-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET && b2 sync /work b2://$B2_BUCKET_NAME --skipNewer' +``` + +This is some initial file sync, which may take a very long time. + +2. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) + +3. Run the command from step #1 again. + +Doing this will sync any new files that may have been created locally in the meantime. + +Now that Matrix services aren't running, we're sure to get Backblaze B2 and your local media store fully in sync. + +4. Get the old media store out of the way by running this command on the server: + +```sh +mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup +``` + +5. Put the [Backblaze B2 settings seen above](#backblaze-b2) in your `vars.yml` file + +6. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +7. You're done! Verify that loading existing (old) media files works and that you can upload new ones. + +8. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup` diff --git a/docs/configuring-playbook-s3.md b/docs/configuring-playbook-s3.md index 9132ff718..539f96d32 100644 --- a/docs/configuring-playbook-s3.md +++ b/docs/configuring-playbook-s3.md @@ -1,19 +1,48 @@ -# Storing Matrix media files on Amazon S3 (optional) +# Storing Synapse media files on Amazon S3 or another compatible Object Storage (optional) By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem. If that's alright, you can skip this. -If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service), -you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you. +As an alternative to storing media files on the local filesystem, you can store them on [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object store. -Using a Goofys-backed media store works, but performance may not be ideal. If possible, try to use a region which is close to your Matrix server. +First, [choose an Object Storage provider](#choosing-an-object-storage-provider). -If you'd like to move your locally-stored media store data to Amazon S3 (or another S3-compatible object store), we also provide some migration instructions below. +Then, [create the S3 bucket](#bucket-creation-and-security-configuration). +Finally, [set up S3 storage for Synapse](#setting-up) (with [Goofys](configuring-playbook-s3-goofys.md) or [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md)). + + +## Choosing an Object Storage provider + +You can create [Amazon S3](https://aws.amazon.com/s3/) or another S3-compatible object store like [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html), [Wasabi](https://wasabi.com), [Digital Ocean Spaces](https://www.digitalocean.com/products/spaces), etc. + +Amazon S3 and Backblaze S3 are pay-as-you with no minimum charges for storing too little data. + +All these providers have different prices, with Backblaze B2 appearing to be the cheapest. + +Wasabi has a minimum charge of 1TB if you're storing less than 1TB, which becomes expensive if you need to store less data than that. + +Digital Ocean Spaces has a minimum charge of 250GB ($5/month as of 2022-10), which is also expensive if you're storing less data than that. + +Important aspects of choosing the right provider are: + +- a provider by a company you like and trust (or dislike less than the others) +- a provider which has a data region close to your Matrix server (if it's farther away, high latency may cause slowdowns) +- a provider which is OK pricewise +- a provider with free or cheap egress (if you need to get the data out often, for some reason) - likely not too important for the common use-case + + +## Bucket creation and Security Configuration + +Now that you've [chosen an Object Storage provider](#choosing-an-object-storage-provider), you need to create a storage bucket. + +How you do this varies from provider to provider, with Amazon S3 being the most complicated due to its vast number of services and complicated security policies. + +Below, we provider some guides for common providers. If you don't see yours, look at the others for inspiration or read some guides online about how to create a bucket. Feel free to contribute to this documentation with an update! ## Amazon S3 -You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example security policy: +You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example IAM security policy: ```json { @@ -34,154 +63,45 @@ You'll need an Amazon S3 bucket and some IAM user credentials (access key + secr } ``` -You then need to enable S3 support in your configuration file (`inventory/host_vars/matrix./vars.yml`). -It would be something like this: +**NOTE**: This policy needs to be attached to an IAM user created from the **Security Credentials** menu. This is not a **Bucket Policy**. -```yaml -matrix_s3_media_store_enabled: true -matrix_s3_media_store_bucket_name: "your-bucket-name" -matrix_s3_media_store_aws_access_key: "access-key-goes-here" -matrix_s3_media_store_aws_secret_key: "secret-key-goes-here" -matrix_s3_media_store_region: "eu-central-1" -``` +## Backblaze B2 -## Using other S3-compatible object stores +To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html) you first need to sign up. -You can use any S3-compatible object store by **additionally** configuring these variables: +You [can't easily change which region (US, Europe) your Backblaze account stores files in](https://old.reddit.com/r/backblaze/comments/hi1v90/make_the_choice_for_the_b2_data_center_region/), so make sure to carefully choose the region when signing up (hint: it's a hard to see dropdown below the username/password fields in the signup form). -```yaml -matrix_s3_media_store_custom_endpoint_enabled: true -# Example: "https://storage.googleapis.com" -matrix_s3_media_store_custom_endpoint: "your-custom-endpoint" -``` - -### Backblaze B2 - -To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html): +After logging in to Backblaze: - create a new **private** bucket through its user interface (you can call it something like `matrix-DOMAIN-media-store`) -- note the **Endpoint** for your bucket (something like `s3.us-west-002.backblazeb2.com`) -- adjust its lifecycle rules to use the following **custom** rules: - - File Path: *empty value* - - Days Till Hide: *empty value* - - Days Till Delete: `1` +- note the **Endpoint** for your bucket (something like `s3.us-west-002.backblazeb2.com`). +- adjust its Lifecycle Rules to: Keep only the last version of the file - go to [App Keys](https://secure.backblaze.com/app_keys.htm) and use the **Add a New Application Key** to create a new one - restrict it to the previously created bucket (e.g. `matrix-DOMAIN-media-store`) - give it *Read & Write* access -Copy the `keyID` and `applicationKey`. - -You need the following *additional* playbook configuration (on top of what you see above): - -```yaml -matrix_s3_media_store_bucket_name: "YOUR_BUCKET_NAME_GOES_HERE" -matrix_s3_media_store_aws_access_key: "YOUR_keyID_GOES_HERE" -matrix_s3_media_store_aws_secret_key: "YOUR_applicationKey_GOES_HERE" -matrix_s3_media_store_custom_endpoint_enabled: true -matrix_s3_media_store_custom_endpoint: "https://s3.us-west-002.backblazeb2.com" # this may be different for your bucket -``` - -If you have local media store files and wish to migrate to Backblaze B2 subsequently, follow our [migration guide to Backblaze B2](#migrating-to-backblaze-b2) below instead of applying this configuration as-is. - - -## Migrating from local filesystem storage to S3 - -It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before migrating your local media store to an S3-backed one. - -Follow one of the guides below for a migration path from a locally-stored media store to one stored on S3-compatible storage: - -- [Migrating to any S3-compatible storage (universal, but likely slow)](#migrating-to-any-s3-compatible-storage-universal-but-likely-slow) -- [Migrating to Backblaze B2](#migrating-to-backblaze-b2) - -### Migrating to any S3-compatible storage (universal, but likely slow) - -It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this. +The `keyID` value is your **Access Key** and `applicationKey` is your **Secret Key**. -1. Proceed with the steps below without stopping Matrix services +For configuring [Goofys](configuring-playbook-s3-goofys.md) or [s3-synapse-storage-provider](configuring-playbook-synapse-s3-storage-provider.md) you will need: -2. Start by adding the base S3 configuration in your `vars.yml` file (seen above, may be different depending on the S3 provider of your choice) +- **Endpoint URL** - this is the **Endpoint** value you saw above, but prefixed with `https://` -3. In addition to the base configuration you see above, add this to your `vars.yml` file: +- **Region** - use the value you see in the Endpoint (e.g. `us-west-002`) -```yaml -matrix_s3_media_store_path: /matrix/s3-media-store -``` - -This enables S3 support, but mounts the S3 storage bucket to `/matrix/s3-media-store` without hooking it to your homeserver yet. Your homeserver will still continue using your local filesystem for its media store. - -5. Run the playbook to apply the changes: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` - -6. Do an **initial sync of your files** by running this **on the server** (it may take a very long time): - -```sh -sudo -u matrix -- rsync --size-only --ignore-existing -avr /matrix/synapse/storage/media-store/. /matrix/s3-media-store/. -``` - -You may need to install `rsync` manually. - -7. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) - -8. Start the S3 service by running this **on the server**: `systemctl start matrix-goofys` - -9. Sync the files again by re-running the `rsync` command you see in step #6 - -10. Stop the S3 service by running this **on the server**: `systemctl stop matrix-goofys` - -11. Get the old media store out of the way by running this command on the server: - -```sh -mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup -``` - -12. Remove the `matrix_s3_media_store_path` configuration from your `vars.yml` file (undoing step #3 above) +- **Storage Class** - use `STANDARD`. Backblaze B2 does not have different storage classes, so it doesn't make sense to use any other value. -13. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` -14. You're done! Verify that loading existing (old) media files works and that you can upload new ones. +## Other providers -15. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup` +For other S3-compatible providers, you may not need to configure security policies, etc. (just like for [Backblaze B2](#backblaze-b2)). +You most likely just need to create an S3 bucket and get some credentials (access key and secret key) for accessing the bucket in a read/write manner. -### Migrating to Backblaze B2 - -It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this. - -1. While all Matrix services are running, run the following command on the server: - -(you need to adjust the 3 `--env` line below with your own data) - -```sh -docker run -it --rm -w /work \ ---env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \ ---env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \ ---env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \ --v /matrix/synapse/storage/media-store/:/work \ ---entrypoint=/bin/sh \ -docker.io/tianon/backblaze-b2:2.1.0 \ --c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET > /dev/null && b2 sync /work/ b2://$B2_BUCKET_NAME' -``` - -This is some initial file sync, which may take a very long time. - -2. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) - -3. Run the command from step #1 again. - -Doing this will sync any new files that may have been created locally in the meantime. - -Now that Matrix services aren't running, we're sure to get Backblaze B2 and your local media store fully in sync. - -4. Get the old media store out of the way by running this command on the server: - -```sh -mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup -``` - -5. Put the [Backblaze B2 settings seen above](#backblaze-b2) in your `vars.yml` file -6. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` +## Setting up -7. You're done! Verify that loading existing (old) media files works and that you can upload new ones. +To set up Synapse to store files in S3, follow the instructions for the method of your choice: -8. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup` +- using [synapse-s3-storage-provider](configuring-playbook-synapse-s3-storage-provider.md) (recommended) +- using [Goofys to mount the S3 store to the local filesystem](configuring-playbook-s3-goofys.md) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 30a8f0b87..606160da4 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -99,7 +99,7 @@ The certificate files would be made available in `/matrix/ssl/config/live//vars.yml`): + +```yaml +matrix_synapse_ext_synapse_s3_storage_provider_enabled: true +matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: your-bucket-name +matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: some-region-name # e.g. eu-central-1 +matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://.. # delete this whole line for Amazon S3 +matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-goes-here +matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here +matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc. + +# For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml` +``` + +If you have existing files in Synapse's media repository (`/matrix/synapse/media-store/..`): + +- new files will start being stored both locally and on the S3 store +- the existing files will remain on the local filesystem only until [migrating them to the S3 store](#migrating-your-existing-media-files-to-the-s3-store) +- at some point (and periodically in the future), you can delete local files which have been uploaded to the S3 store already + +Regardless of whether you need to [Migrate your existing files to the S3 store](#migrating-your-existing-media-files-to-the-s3-store) or not, make sure you've familiarized yourself with [How it works?](#how-it-works) above and [Periodically cleaning up the local filesystem](#periodically-cleaning-up-the-local-filesystem) below. + + +## Migrating your existing media files to the S3 store + +Migrating your existing data can happen in multiple ways: + +- [using the `s3_media_upload` script from `synapse-s3-storage-provider`](#using-the-s3_media_upload-script-from-synapse-s3-storage-provider) (very slow when dealing with lots of data) +- [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload) (quicker when dealing with lots of data) + +### Using the `s3_media_upload` script from `synapse-s3-storage-provider` + +Instead of using `s3_media_upload` directly, which is very slow and painful for an initial data migration, we recommend [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload). + +To copy your existing files, SSH into the server and run `/usr/local/bin/matrix-synapse-s3-storage-provider-shell`. + +This launches a Synapse container, which has access to the local media store, Postgres database, S3 store and has some convenient environment variables configured for you to use (`MEDIA_PATH`, `BUCKET`, `ENDPOINT`, `UPDATE_DB_DAYS`, etc). + +Then use the following commands (`$` values come from environment variables - they're **not placeholders** that you need to substitute): + +- `s3_media_upload update-db $UPDATE_DB_DURATION` - create a local SQLite database (`cache.db`) with a list of media repository files (from the `synapse` Postgres database) eligible for operating on + - `$UPDATE_DB_DURATION` is influenced by the `matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count` variable (defaults to `0`) + - `$UPDATE_DB_DURATION` defaults to `0d` (0 days), which means **include files which haven't been accessed for more than 0 days** (that is, **all files will be included**). +- `s3_media_upload check-deleted $MEDIA_PATH` - check whether files in the local cache still exist in the local media repository directory +- `s3_media_upload upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT` - uploads locally-stored files to S3 and deletes them from the local media repository directory + +The `s3_media_upload upload` command may take a lot of time to complete. + +Instead of running the above commands manually in the shell, you can also run the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because: + +- it's what the upstream project demonstrates and it teaches you how to use the `s3_media_upload` tool +- allows you to check and verify the output of each command, to catch mistakes +- includes progress bars and detailed output for each command +- allows you to easily interrupt slow-running commands, etc. (the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`) + +### Using another tool in combination with `s3_media_upload` + +To migrate your existing local data to S3, we recommend to: + +- **first** use another tool ([`aws s3`](#copying-data-to-amazon-s3) or [`b2 sync`](#copying-data-to-backblaze-b2), etc.) to copy the local files to the S3 bucket + +- **only then** [use the `s3_media_upload` tool to finish the migration](#using-the-s3_media_upload-script-from-synapse-s3-storage-provider) (this checks to ensure all files are uploaded and then deletes the local files) + +#### Copying data to Amazon S3 + +Generally, you need to use the `aws s3` tool. + +This documentation section could use an improvement. Ideally, we'd come up with a guide like the one used in [Copying data to Backblaze B2](#copying-data-to-backblaze-b2) - running `aws s3` in a container, etc. + +#### Copying data to Backblaze B2 + +To copy to Backblaze B2, start a container like this: + +```sh +docker run -it --rm \ +-w /work \ +--env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \ +--env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \ +--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \ +--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \ +--entrypoint=/bin/sh \ +tianon/backblaze-b2:3.6.0 \ +-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET && b2 sync /work b2://$B2_BUCKET_NAME --skipNewer' +``` + +## Periodically cleaning up the local filesystem + +As described in [How it works?](#how-it-works) above, when new media is uploaded to the Synapse homeserver, it's first stored locally and then also stored on the remote S3 storage. + +By default, we periodically ensure that all local files are uploaded to S3 and are then removed from the local filesystem. This is done automatically using: + +- the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script +- .. invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service +- .. triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00 + +So.. you don't need to perform any maintenance yourself. diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index 50860a178..2e14f1ad4 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -5,7 +5,7 @@ If that's enough for you, you can skip this document. The playbook provides lots of customization variables you could use to change Synapse's settings. -Their defaults are defined in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml) and they ultimately end up in the generated `/matrix/synapse/config/homeserver.yaml` file (on the server). This file is generated from the [`roles/matrix-synapse/templates/synapse/homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2) template. +Their defaults are defined in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml) and they ultimately end up in the generated `/matrix/synapse/config/homeserver.yaml` file (on the server). This file is generated from the [`roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2`](../roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2) template. **If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix./vars.yml`) and [re-run the playbook](installing.md) to apply the changes. @@ -13,9 +13,9 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you - you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Synapse's various settings that rarely get used. -- or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml). +- or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml). -- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml). +- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml). ## Load balancing with workers @@ -42,7 +42,7 @@ matrix_postgres_process_extra_arguments: [ ] ``` -If you're using the default setup (the `matrix-nginx-proxy` webserver being enabled) or you're using your own `nginx` server (which imports the configuration files generated by the playbook), you're good to go. If you use some other webserver, you may need to tweak your reverse-proxy setup manually to forward traffic to the various workers. +**NOTE**: Disabling `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: false`) (that is, [using your own other webserver](configuring-playbook-own-webserver.md) when running a Synapse worker setup is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index b3b44b5ff..127ab47da 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -34,13 +34,18 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional) +- [Setting up Etherpad](configuring-playbook-etherpad.md) (optional) + - [Setting up Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional) - [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) (optional) ### Core service adjustments -- [Configuring Synapse](configuring-playbook-synapse.md) (optional) +- Homeserver configuration: + - [Configuring Synapse](configuring-playbook-synapse.md), if you're going with the default/recommended homeserver implementation (optional) + + - [Configuring Conduit](configuring-playbook-conduit.md), if you've switched to the [Conduit](https://conduit.rs) homeserver implementation (optional) - [Configuring Element](configuring-playbook-client-element.md) (optional) @@ -86,6 +91,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the LDAP password provider module](configuring-playbook-ldap-auth.md) (optional, advanced) +- [Setting up the ldap-registration-proxy](configuring-playbook-matrix-ldap-registration-proxy.md) (optional, advanced) + - [Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md) (optional, advanced) - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) @@ -179,3 +186,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) - [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional) + +- [Setting up a Cactus Comments server](configuring-playbook-cactus-comments.md) - a federated comment system built on Matrix (optional) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 81caf04cb..fd548aa63 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -192,7 +192,7 @@ Make sure to: ## Confirming it works -No matter which method you've used to set up the well-known files, if you've done it correctly you should be able to see a JSON file at both of these URLs: +No matter which method you've used to set up the well-known files, if you've done it correctly you should be able to see a JSON file at these URLs: - `https:///.well-known/matrix/server` - `https:///.well-known/matrix/client` diff --git a/docs/container-images.md b/docs/container-images.md index b16babff0..737a44578 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -117,3 +117,5 @@ These services are not part of our default installation, but can be enabled by [ - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix - [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server + +- [cactuscomments/cactus-appservice](https://hub.docker.com/r/cactuscomments/cactus-appservice/) - [Cactus Comments](https://cactus.chat) a federated comment system built on Matrix diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index c5a8d8286..fe3817f53 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -12,8 +12,8 @@ If your database name differs, be sure to change `matrix_synapse_database_databa The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`). -Importing multiple databases (as dumped by `pg_dumpall`) is also supported. -But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new roomes, ...) +Importing multiple databases (as dumped by `pg_dumpall`) is also supported. +But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new rooms, ...) Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay). @@ -24,11 +24,14 @@ To import, run this command (make sure to replace `` must be a file path to a Postgres dump file on the server (not on your local machine!). +**Notes**: + +- `` must be a file path to a Postgres dump file on the server (not on your local machine!) +- `postgres_default_import_database` defaults to `matrix`, which is useful for importing multiple databases (for dumps made with `pg_dumpall`). If you're importing a single database (e.g. `synapse`), consider changing `postgres_default_import_database` accordingly ## Troubleshooting @@ -90,7 +93,7 @@ If not, you probably get this error. `synapse` is the correct table owner, but t "ERROR: role synapse does not exist" ``` -Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed. +Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed. Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal) ``` diff --git a/docs/installing.md b/docs/installing.md index 8b1b51aa5..53a86585c 100644 --- a/docs/installing.md +++ b/docs/installing.md @@ -1,25 +1,67 @@ # Installing -## 1. Installing the Matrix services - If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure. -Run this command to install the Matrix services: +**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `make roles`. `make roles` is a shortcut (a `roles` target defined in [`Makefile`](Makefile) and executed by the [`make`](https://www.gnu.org/software/make/) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `make`, you can also manually run the `roles` commands seen in the `Makefile`. -```bash -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all + +## Playbook tags introduction + +The Ansible playbook's tasks are tagged, so that certain parts of the Ansible playbook can be run without running all other tasks. + +The general command syntax is: `ansible-playbook -i inventory/hosts setup.yml --tags=COMMA_SEPARATED_TAGS_GO_HERE` + +Here are some playbook tags that you should be familiar with: + +- `setup-all` - runs all setup tasks for all components, but does not start/restart services + +- `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag). + +- `start` - starts all systemd services and makes them start automatically in the future + +- `stop` - stops all systemd services + +- `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created + +`setup-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc. + + +## 1. Installing Matrix + +If you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the all Ansible commands + +If you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to all Ansible commands + +There 2 ways to start the installation process - depending on whether you're [Installing a brand new server (without importing data)](#installing-a-brand-new-server-without-importing-data) or [Installing a server into which you'll import old data](#installing-a-server-into-which-youll-import-old-data). + + +### Installing a brand new server (without importing data) + +If this is **a brand new** Matrix server and you **won't be importing old data into it**, run all these tags: + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start ``` -The above command **doesn't start any services just yet** (another step does this later - below). Feel free to **re-run this setup command any time** you think something is off with the server configuration. +This will do a full installation and start all Matrix services. + +Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation) -**Notes**: -- if you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands. -- if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands. +### Installing a server into which you'll import old data -## 2. Things you might want to do after installing +If you will be importing data into your newly created Matrix server, install it, but **do not** start its services just yet. +Starting its services or messing with its database now will affect your data import later on. + +To do the installation **without** starting services, run only the `setup-all` tag: + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all +``` -**Before starting the services**, you may want to do additional things like: +When this command completes, services won't be running yet. + +You can now: - [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional) @@ -27,21 +69,26 @@ The above command **doesn't start any services just yet** (another step does thi - [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional) +.. and then proceed to starting all services: -## 3. Starting the services - -When you're ready to start the Matrix services (and set them up to auto-start in the future), run this command: - -```bash +```sh ansible-playbook -i inventory/hosts setup.yml --tags=start ``` -## 4. Finalize the installation +Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation) + + +## 2. Maintaining your setup in the future + +Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match. + + +## 3. Finalize the installation Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md). -## 5. Things to do next +## 4. Things to do next After you have started the services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can: diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index 52d2d9eed..d22b1648d 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -80,6 +80,10 @@ This playbook can upgrade your existing Postgres setup with the following comman ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres +**Warning: If you're using Borg Backup keep in mind that there is no official Postgres 15 support yet.** +As long as Alpine Linux is missing packages for postgres15, it is possible to use the `latest` or `14` image of borgmatic. Edit your `vars.yml` and add: +`matrix_backup_borg_version: "latest"` + **The old Postgres data directory is backed up** automatically, by renaming it to `/matrix/postgres/data-auto-upgrade-backup`. To rename to a different path, pass some extra flags to the command above, like this: `--extra-vars="postgres_auto_upgrade_backup_data_path=/another/disk/matrix-postgres-before-upgrade"` diff --git a/docs/maintenance-upgrading-services.md b/docs/maintenance-upgrading-services.md index fe289a86f..d1c707fd6 100644 --- a/docs/maintenance-upgrading-services.md +++ b/docs/maintenance-upgrading-services.md @@ -10,8 +10,8 @@ To upgrade services: - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of -- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all` +- download the upstream Ansible roles used by the playbook by running `make roles` -- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` +- re-run the [playbook setup](installing.md) and restart all serivces: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start` **Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 1ed4befea..c0a906408 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -22,11 +22,13 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you - [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components. +- [`make`](https://www.gnu.org/software/make/) for running `make roles`, etc. (see [`Makefile`](../Makefile)), although you can also run these commands manually (without `make`) + - An HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). - Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)). -- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: +- Some TCP/UDP ports open. This playbook (actually [Docker itself](https://docs.docker.com/network/iptables/)) configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: - `80/tcp`: HTTP webserver - `443/tcp`: HTTPS webserver diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 162e539e5..43005ca41 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -1,3 +1,15 @@ +(cors) { + @cors_preflight method OPTIONS + + handle @cors_preflight { + header Access-Control-Allow-Origin "{args.0}" + header Access-Control-Allow-Methods "HEAD, GET, POST, PUT, PATCH, DELETE" + header Access-Control-Allow-Headers "Content-Type, Authorization" + header Access-Control-Max-Age "3600" + } +} + + matrix.DOMAIN.tld { # creates letsencrypt certificate @@ -81,6 +93,13 @@ matrix.DOMAIN.tld { header Access-Control-Allow-Origin * file_server } + + # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the base domain + #handle @wellknown { + # # .well-known is handled by base domain + # reverse_proxy https://DOMAIN.tld { + # header_up Host {http.reverse_proxy.upstream.hostport} + #} handle { encode zstd gzip @@ -114,6 +133,8 @@ element.DOMAIN.tld { # creates letsencrypt certificate # tls your@email.com + import cors https://*.DOMAIN.tld + header { # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -123,6 +144,8 @@ element.DOMAIN.tld { X-Content-Type-Options "nosniff" # Disallow the site to be rendered within a frame (clickjacking protection) X-Frame-Options "DENY" + # If using integrations that add frames to Element, such as Dimension and its integrations running on the same domain, it can be a good idea to limit sources allowed to be rendered + # Content-Security-Policy frame-src https://*.DOMAIN.tld # X-Robots-Tag X-Robots-Tag "noindex, noarchive, nofollow" } @@ -144,6 +167,8 @@ element.DOMAIN.tld { # # creates letsencrypt certificate # # tls your@email.com # +# import cors https://*.DOMAIN.tld +# # header { # # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS # Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -151,8 +176,8 @@ element.DOMAIN.tld { # X-XSS-Protection "1; mode=block" # # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type # X-Content-Type-Options "nosniff" -# # Disallow the site to be rendered within a frame (clickjacking protection) -# X-Frame-Options "DENY" +# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain (clickjacking protection) +# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld # # X-Robots-Tag # X-Robots-Tag "noindex, noarchive, nofollow" # } @@ -176,6 +201,8 @@ element.DOMAIN.tld { # creates letsencrypt certificate # tls your@email.com # +# import cors https://*.DOMAIN.tld +# # header { # # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS # Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -185,9 +212,9 @@ element.DOMAIN.tld { # # # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type # X-Content-Type-Options "nosniff" -# -# # Disallow the site to be rendered within a frame (clickjacking protection) -# X-Frame-Options "SAMEORIGIN" + +# # Only allow same base domain to render this website in a frame; Can be removed if the client (Element for example) is hosted on another domain +# Content-Security-Policy frame-ancestors https://*.DOMAIN.tld # # # Disable some features # Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope #'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'" @@ -225,6 +252,14 @@ element.DOMAIN.tld { # header_up Host {http.reverse_proxy.upstream.hostport} # } # } +# # If you have other well-knowns already handled by your base domain, you can replace the above block by this one, along with the replacement suggested in the matrix subdomain +# # handle /.well-known/* { +# # encode zstd gzip +# # header Cache-Control max-age=14400 +# # header Content-Type application/json +# # header Access-Control-Allow-Origin * +# #} +# # # Configration for the base domain goes here # # handle { # # header -Server diff --git a/examples/vars.yml b/examples/vars.yml index 3ca8f4601..e1b6cf054 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -12,7 +12,9 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE # The Matrix homeserver software to install. -# See `roles/matrix-base/defaults/main.yml` for valid options. +# See: +# - `roles/custom/matrix-base/defaults/main.yml` for valid options +# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice matrix_homeserver_implementation: synapse # A secret used as a base, for generating various other secrets. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2ac8cc297..7df712479 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -9,6 +9,46 @@ # You can also override ANY variable (seen here or in any given role), # by re-defining it in your own configuration file (`inventory/host_vars/matrix.`). + +######################################################################## +# # +# com.devture.ansible.role.timesync # +# # +######################################################################## + +# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`. + +######################################################################## +# # +# /com.devture.ansible.role.timesync # +# # +######################################################################## + + + +###################################################################### +# +# com.devture.ansible.role.playbook_state_preserver +# +###################################################################### + +# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`. + +devture_playbook_state_preserver_uid: "{{ matrix_user_uid }}" +devture_playbook_state_preserver_gid: "{{ matrix_user_gid }}" + +devture_playbook_state_preserver_vars_preservation_dst: "{{ matrix_base_data_path }}/vars.yml" + +devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_data_path }}/git_hash.yml" + +###################################################################### +# +# /com.devture.ansible.role.playbook_state_preserver +# +###################################################################### + + + ###################################################################### # # matrix-base @@ -139,7 +179,7 @@ matrix_appservice_webhooks_systemd_required_services_list: | # We don't enable bridges by default. matrix_appservice_slack_enabled: false -matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-slack over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -695,6 +735,10 @@ matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_prov matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}" +# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default. +# This will be fixed in the upcoming `0.5.0` release of conduit. +matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}" + ###################################################################### # # /matrix-bridge-mautrix-discord @@ -765,7 +809,7 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false -matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" @@ -1163,7 +1207,7 @@ matrix_bot_honoroit_systemd_required_services_list: | # Postgres is the default, except if not using `matrix_postgres` (internal postgres) matrix_bot_honoroit_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db') | to_uuid }}" -matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # @@ -1194,7 +1238,7 @@ matrix_bot_buscarron_systemd_required_services_list: | # Postgres is the default, except if not using `matrix_postgres` (internal postgres) matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}" -matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # @@ -1210,6 +1254,9 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in # We don't enable bots by default. matrix_bot_postmoogle_enabled: false +matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}" +matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem" +matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem" matrix_bot_postmoogle_systemd_required_services_list: | {{ @@ -1224,7 +1271,7 @@ matrix_bot_postmoogle_systemd_required_services_list: | matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db') | to_uuid }}" -matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # @@ -1329,6 +1376,35 @@ matrix_backup_borg_systemd_required_services_list: | # /matrix-backup-borg # ###################################################################### +###################################################################### +# +# matrix-cactus-comments +# +###################################################################### + +matrix_cactus_comments_enabled: false + +# Derive secret values from homeserver secret +matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token') | to_uuid }}" +matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token') | to_uuid }}" + +matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_cactus_comments_systemd_required_services_list: | + {{ + (['docker.service']) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + + + (['matrix-' + matrix_homeserver_implementation + '.service']) + }} + +matrix_cactus_comments_client_nginx_path: "{{ '/cactus-comments/' if matrix_nginx_proxy_enabled else matrix_cactus_comments_client_path + '/' }}" + +###################################################################### +# +# /matrix-cactus-comments +# +###################################################################### ###################################################################### # @@ -1450,6 +1526,8 @@ matrix_etherpad_enabled: false matrix_etherpad_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9001' }}" +matrix_etherpad_base_url: "{{ 'https://'+ matrix_server_fqn_dimension + matrix_etherpad_public_endpoint if matrix_etherpad_mode == 'dimension' else 'https://' + matrix_server_fqn_etherpad + '/' }}" + matrix_etherpad_systemd_required_services_list: | {{ ['docker.service'] @@ -1538,6 +1616,20 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab # /matrix-jitsi # ###################################################################### +###################################################################### +# +# matrix-ldap-registration-proxy +# +###################################################################### + +# This is only for users with a specific LDAP setup +matrix_ldap_registration_proxy_enabled: false + +###################################################################### +# +# /matrix-ldap-registration-proxy +# +###################################################################### ###################################################################### # @@ -1660,6 +1752,7 @@ matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }} matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}" matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" +matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}" @@ -1728,14 +1821,20 @@ matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled } matrix_nginx_proxy_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}" matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}" matrix_nginx_proxy_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}" matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}" -matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" -matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" +matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}" matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] + + (matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled else []) + + (['matrix-corporal.service'] if matrix_corporal_enabled else []) + (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else []) @@ -1760,7 +1859,7 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else []) + - (['matrix-etherpad.service'] if matrix_etherpad_enabled and matrix_dimension_enabled else []) + (['matrix-etherpad.service'] if matrix_etherpad_enabled else []) + (['matrix-hookshot.service'] if matrix_hookshot_enabled else []) }} @@ -1781,6 +1880,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + + ([matrix_server_fqn_etherpad] if (matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone') else []) + + ([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else []) + ([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else []) @@ -1791,6 +1892,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + + ([matrix_bot_postmoogle_domain] if matrix_bot_postmoogle_enabled else []) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) + matrix_ssl_additional_domains_to_obtain_certificates_for @@ -1837,10 +1940,6 @@ matrix_postgres_additional_databases: | }] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + ([{ - 'name': matrix_dendrite_appservice_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, - },{ 'name': matrix_dendrite_federationapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, @@ -2062,18 +2161,9 @@ matrix_postgres_additional_databases: | }} -matrix_postgres_import_roles_to_ignore: | +matrix_postgres_systemd_services_to_stop_for_maintenance_list: | {{ - [matrix_postgres_connection_username] - + - matrix_postgres_additional_databases|map(attribute='username') | list - }} - -matrix_postgres_import_databases_to_ignore: | - {{ - [matrix_postgres_db_name] - + - matrix_postgres_additional_databases|map(attribute='name') | list + ['matrix-' + matrix_homeserver_implementation + '.service'] }} ###################################################################### @@ -2237,9 +2327,7 @@ matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}" matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" -# When ma1sd is enabled, we can use it to validate email addresses and phone numbers. -# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. -matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" +# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself. matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. @@ -2316,7 +2404,7 @@ matrix_synapse_systemd_required_services_list: | + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + - (['matrix-goofys'] if matrix_s3_media_store_enabled else []) + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} matrix_synapse_systemd_wanted_services_list: | @@ -2443,13 +2531,24 @@ matrix_grafana_enabled: false # Grafana's HTTP port to the local host. matrix_grafana_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:3000' }}" -matrix_grafana_dashboard_download_urls_all: | +matrix_grafana_dashboard_download_urls: | {{ - matrix_grafana_dashboard_download_urls + (matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else []) + + + (matrix_prometheus_node_exporter_dashboard_urls if matrix_prometheus_node_exporter_enabled else []) + (matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else []) }} +matrix_grafana_default_home_dashboard_path: |- + {{ + { + 'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled else '/etc/grafana/dashboards/node-exporter-full.json'), + 'dendrite': '/etc/grafana/dashboards/node-exporter-full.json', + 'conduit': '/etc/grafana/dashboards/node-exporter-full.json', + }[matrix_homeserver_implementation] + }} + matrix_grafana_systemd_wanted_services_list: | {{ [] @@ -2591,7 +2690,7 @@ matrix_dendrite_systemd_required_services_list: | + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + - (['matrix-goofys'] if matrix_s3_media_store_enabled else []) + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} matrix_dendrite_systemd_wanted_services_list: | @@ -2627,3 +2726,43 @@ matrix_conduit_systemd_required_services_list: | # /matrix-conduit # ###################################################################### + + +###################################################################### +# +# matrix-user-creator +# +###################################################################### + +matrix_user_creator_users_auto: | + {{ + [{ + 'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart, + 'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password, + 'initial_type': 'bot', + }] if matrix_bot_matrix_reminder_bot_enabled else [] + + + [{ + 'username': matrix_bot_honoroit_login, + 'initial_password': matrix_bot_honoroit_password, + 'initial_type': 'bot', + }] if matrix_bot_honoroit_enabled else [] + + + [{ + 'username': matrix_bot_postmoogle_login, + 'initial_password': matrix_bot_postmoogle_password, + 'initial_type': 'bot', + }] if matrix_bot_postmoogle_enabled else [] + + + [{ + 'username': matrix_bot_buscarron_login, + 'initial_password': matrix_bot_buscarron_password, + 'initial_type': 'bot', + }] if matrix_bot_buscarron_enabled else [] + }} + +###################################################################### +# +# /matrix-user-creator +# +###################################################################### diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 000000000..a57b63a9b --- /dev/null +++ b/requirements.yml @@ -0,0 +1,16 @@ +--- + +- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git + version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f + +- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git + version: 327d2e17f5189ac2480d6012f58cf64a2b46efba + +- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git + version: 461ace97fcf0e36c76747b36fcad8587d9b072f5 + +- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git + version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 + +- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git + version: f1c78d4e85e875129790c58335d0e44385683f6b diff --git a/roles/matrix-aux/defaults/main.yml b/roles/custom/matrix-aux/defaults/main.yml similarity index 89% rename from roles/matrix-aux/defaults/main.yml rename to roles/custom/matrix-aux/defaults/main.yml index e4a4e8277..4c1f88796 100644 --- a/roles/matrix-aux/defaults/main.yml +++ b/roles/custom/matrix-aux/defaults/main.yml @@ -50,6 +50,9 @@ matrix_aux_file_default_mode: '0640' # then you likely need to add `/matrix/some/path` to `matrix_aux_directory_definitions` as well. # You don't need to do this for directories that the playbook already creates for you. # +# Use a `content` key for text content and `src` with a location to a file for binary content. +# The `content` key does not support binary content (see https://github.com/ansible/ansible/issues/11594). +# # Example: # # matrix_aux_file_definitions: @@ -69,4 +72,10 @@ matrix_aux_file_default_mode: '0640' # mode: '0600' # owner: 'some-user' # group: 'some-group' +# +# - dest: /matrix/aux/binary-file.dat +# src: "/path/to/binary.dat" +# mode: '0600' +# owner: 'some-user' +# group: 'some-group' matrix_aux_file_definitions: [] diff --git a/roles/matrix-aux/tasks/main.yml b/roles/custom/matrix-aux/tasks/main.yml similarity index 100% rename from roles/matrix-aux/tasks/main.yml rename to roles/custom/matrix-aux/tasks/main.yml diff --git a/roles/matrix-aux/tasks/setup.yml b/roles/custom/matrix-aux/tasks/setup.yml similarity index 85% rename from roles/matrix-aux/tasks/setup.yml rename to roles/custom/matrix-aux/tasks/setup.yml index ccb0bdcb4..eb0adad49 100644 --- a/roles/matrix-aux/tasks/setup.yml +++ b/roles/custom/matrix-aux/tasks/setup.yml @@ -11,8 +11,9 @@ - name: Ensure AUX files are created ansible.builtin.copy: + src: "{{ item.src if 'src' in item else omit }}" + content: "{{ item.content if 'content' in item else omit }}" dest: "{{ item.dest }}" - content: "{{ item.content }}" owner: "{{ item.owner | default(matrix_user_username) }}" group: "{{ item.group | default(matrix_user_groupname) }}" mode: "{{ item.mode | default(matrix_aux_file_default_mode) }}" diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/custom/matrix-backup-borg/defaults/main.yml similarity index 93% rename from roles/matrix-backup-borg/defaults/main.yml rename to roles/custom/matrix-backup-borg/defaults/main.yml index 893817888..de086ebd9 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/custom/matrix-backup-borg/defaults/main.yml @@ -26,8 +26,11 @@ matrix_backup_borg_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-backup-borg.service wants matrix_backup_borg_systemd_wanted_services_list: [] -# systemd calendar configuration for backup job +# systemd calendar configuration for the backup job +# the actual job may run with a delay (see matrix_backup_borg_schedule_randomized_delay_sec) matrix_backup_borg_schedule: "*-*-* 04:00:00" +# the delay with which the systemd timer may run in relation to the `matrix_backup_borg_schedule` schedule +matrix_backup_borg_schedule_randomized_delay_sec: 2h # what directories should be added to backup matrix_backup_borg_location_source_directories: [] diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/custom/matrix-backup-borg/tasks/init.yml similarity index 100% rename from roles/matrix-backup-borg/tasks/init.yml rename to roles/custom/matrix-backup-borg/tasks/init.yml diff --git a/roles/matrix-backup-borg/tasks/main.yml b/roles/custom/matrix-backup-borg/tasks/main.yml similarity index 100% rename from roles/matrix-backup-borg/tasks/main.yml rename to roles/custom/matrix-backup-borg/tasks/main.yml diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/custom/matrix-backup-borg/tasks/setup_install.yml similarity index 91% rename from roles/matrix-backup-borg/tasks/setup_install.yml rename to roles/custom/matrix-backup-borg/tasks/setup_install.yml index e3401a13f..d12229e20 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml @@ -1,6 +1,7 @@ --- -- block: +- when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == '' + block: - name: Fail with matrix_backup_borg_version advice if Postgres not enabled ansible.builtin.fail: msg: >- @@ -9,7 +10,7 @@ when: not matrix_postgres_enabled - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: detect_existing_postgres_version - name: Fail if detected Postgres version is unsupported @@ -20,7 +21,6 @@ - name: Set the correct borg backup version to use ansible.builtin.set_fact: matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" - when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == '' - name: Ensure borg paths exist ansible.builtin.file: @@ -59,15 +59,15 @@ mode: 0600 - name: Ensure borg image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_backup_borg_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}" when: "not matrix_backup_borg_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure borg repository is present on self-build @@ -82,7 +82,7 @@ when: "matrix_backup_borg_container_image_self_build | bool" - name: Ensure borg image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_backup_borg_docker_image }}" source: build force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -96,14 +96,14 @@ - name: Ensure matrix-backup-borg.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" mode: 0644 register: matrix_backup_borg_systemd_service_result - name: Ensure matrix-backup-borg.timer installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" - dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer" mode: 0644 register: matrix_backup_borg_systemd_timer_result diff --git a/roles/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-backup-borg/tasks/setup_uninstall.yml rename to roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml index fb583f57a..c4c1028d4 100644 --- a/roles/matrix-backup-borg/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-backup-borg/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-backup-borg service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" register: matrix_backup_borg_service_stat - name: Ensure matrix-backup-borg is stopped @@ -15,13 +15,13 @@ - name: Ensure matrix-backup-borg.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service" state: absent when: "matrix_backup_borg_service_stat.stat.exists | bool" - name: Ensure matrix-backup-borg.timer doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer" state: absent when: "matrix_backup_borg_service_stat.stat.exists | bool" @@ -36,6 +36,6 @@ state: absent - name: Ensure borg Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_backup_borg_docker_image }}" state: absent diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/custom/matrix-backup-borg/tasks/validate_config.yml similarity index 100% rename from roles/matrix-backup-borg/tasks/validate_config.yml rename to roles/custom/matrix-backup-borg/tasks/validate_config.yml diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/custom/matrix-backup-borg/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-backup-borg/templates/config.yaml.j2 rename to roles/custom/matrix-backup-borg/templates/config.yaml.j2 diff --git a/roles/matrix-backup-borg/templates/passwd.j2 b/roles/custom/matrix-backup-borg/templates/passwd.j2 similarity index 100% rename from roles/matrix-backup-borg/templates/passwd.j2 rename to roles/custom/matrix-backup-borg/templates/passwd.j2 diff --git a/roles/matrix-backup-borg/templates/sshkey.j2 b/roles/custom/matrix-backup-borg/templates/sshkey.j2 similarity index 100% rename from roles/matrix-backup-borg/templates/sshkey.j2 rename to roles/custom/matrix-backup-borg/templates/sshkey.j2 diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 similarity index 66% rename from roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 rename to roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 index 76217250e..533f6e42f 100644 --- a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 +++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -12,10 +12,10 @@ DefaultDependencies=no [Service] Type=oneshot -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \ --log-driver=none \ --cap-drop=ALL \ --read-only \ @@ -33,7 +33,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-bor {{ matrix_backup_borg_docker_image }} \ sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}" -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \ --log-driver=none \ --cap-drop=ALL \ --read-only \ @@ -50,8 +50,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ {% endfor %} {{ matrix_backup_borg_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' SyslogIdentifier=matrix-backup-borg [Install] diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 similarity index 68% rename from roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 rename to roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 index 541d00203..fdafef766 100644 --- a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 +++ b/roles/custom/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 @@ -4,7 +4,7 @@ Description=Matrix Borg Backup timer [Timer] Unit=matrix-backup-borg.service OnCalendar={{ matrix_backup_borg_schedule }} -RandomizedDelaySec=2h +RandomizedDelaySec={{ matrix_backup_borg_schedule_randomized_delay_sec }} [Install] WantedBy=timers.target diff --git a/roles/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml similarity index 88% rename from roles/matrix-base/defaults/main.yml rename to roles/custom/matrix-base/defaults/main.yml index 6d69f3e5b..5c0f16dcf 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -62,6 +62,9 @@ matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}" # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" +# This is where you access the etherpad (if enabled via matrix_etherpad_enabled; disabled by default). +matrix_server_fqn_etherpad: "etherpad.{{ matrix_domain }}" + # For use with Go-NEB! (github callback url for example) matrix_server_fqn_bot_go_neb: "goneb.{{ matrix_domain }}" @@ -92,14 +95,6 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" -# Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt. -matrix_container_retries_count: 10 -matrix_container_retries_delay: 10 - -# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt. -matrix_geturl_retries_count: 10 -matrix_geturl_retries_delay: 10 - matrix_user_username: "matrix" matrix_user_groupname: "matrix" @@ -113,12 +108,6 @@ matrix_base_data_path: "/matrix" matrix_base_data_path_mode: "750" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" -matrix_systemd_path: "/etc/systemd/system" - -# Specifies the path to use for the `HOME` environment variable for systemd unit files. -# Docker 20.10 complains with `WARNING: Error loading config file: .dockercfg: $HOME is not defined` -# if `$HOME` is not defined, so we define something to make it happy. -matrix_systemd_unit_home_path: /root # This is now unused. We keep it so that cleanup tasks can use it. # To be removed in the future. @@ -126,16 +115,10 @@ matrix_cron_path: "/etc/cron.d" matrix_local_bin_path: "/usr/local/bin" -matrix_host_command_docker: "/usr/bin/env docker" matrix_host_command_sleep: "/usr/bin/env sleep" matrix_host_command_chown: "/usr/bin/env chown" matrix_host_command_fusermount: "/usr/bin/env fusermount" matrix_host_command_openssl: "/usr/bin/env openssl" -matrix_host_command_systemctl: "/usr/bin/env systemctl" -matrix_host_command_sh: "/usr/bin/env sh" - -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" -matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" @@ -255,12 +238,6 @@ matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_sup # The Docker network that all services would be put into matrix_docker_network: "matrix" -# Controls whether we'll preserve the vars.yml file on the Matrix server. -# If you have a differently organized inventory, you may wish to disable this feature, -# or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve. -matrix_vars_yml_snapshotting_enabled: true -matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}/vars.yml" - # Controls whether a `/.well-known/matrix/server` file is generated and used at all. # # If you wish to rely on DNS SRV records only, you can disable this. diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo b/roles/custom/matrix-base/files/yum.repos.d/docker-ce-centos.repo similarity index 100% rename from roles/matrix-base/files/yum.repos.d/docker-ce-centos.repo rename to roles/custom/matrix-base/files/yum.repos.d/docker-ce-centos.repo diff --git a/roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo b/roles/custom/matrix-base/files/yum.repos.d/docker-ce-fedora.repo similarity index 100% rename from roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo rename to roles/custom/matrix-base/files/yum.repos.d/docker-ce-fedora.repo diff --git a/roles/matrix-base/tasks/clean_up_old_files.yml b/roles/custom/matrix-base/tasks/clean_up_old_files.yml similarity index 100% rename from roles/matrix-base/tasks/clean_up_old_files.yml rename to roles/custom/matrix-base/tasks/clean_up_old_files.yml diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml new file mode 100644 index 000000000..8f768bd13 --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed.yml @@ -0,0 +1,12 @@ +--- + +# This is for both RedHat 7 and 8 +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml" + when: ansible_os_family == 'RedHat' + +# This is for both Debian and Raspbian +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml" + when: ansible_os_family == 'Debian' + +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml" + when: ansible_os_family == 'Archlinux' diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed_archlinux.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed_archlinux.yml new file mode 100644 index 000000000..676543d83 --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed_archlinux.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure fuse installed (Archlinux) + community.general.pacman: + name: fuse3 + state: present diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed_debian.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed_debian.yml new file mode 100644 index 000000000..b9491eb49 --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed_debian.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure fuse installed (Debian/Raspbian) + ansible.builtin.apt: + name: fuse + state: present diff --git a/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml b/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml new file mode 100644 index 000000000..878fb5682 --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure fuse installed (RedHat) + ansible.builtin.yum: + name: fuse + state: present diff --git a/roles/custom/matrix-base/tasks/ensure_openssl_installed.yml b/roles/custom/matrix-base/tasks/ensure_openssl_installed.yml new file mode 100644 index 000000000..d0cd8edea --- /dev/null +++ b/roles/custom/matrix-base/tasks/ensure_openssl_installed.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure openssl installed + ansible.builtin.package: + name: openssl + state: present diff --git a/roles/matrix-base/tasks/main.yml b/roles/custom/matrix-base/tasks/main.yml similarity index 100% rename from roles/matrix-base/tasks/main.yml rename to roles/custom/matrix-base/tasks/main.yml diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/custom/matrix-base/tasks/sanity_check.yml similarity index 100% rename from roles/matrix-base/tasks/sanity_check.yml rename to roles/custom/matrix-base/tasks/sanity_check.yml diff --git a/roles/matrix-base/tasks/server_base/setup.yml b/roles/custom/matrix-base/tasks/server_base/setup.yml similarity index 85% rename from roles/matrix-base/tasks/server_base/setup.yml rename to roles/custom/matrix-base/tasks/server_base/setup.yml index 40d5a4d01..d0b9f0b95 100644 --- a/roles/matrix-base/tasks/server_base/setup.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup.yml @@ -9,7 +9,8 @@ - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml" when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30 -- block: +- when: ansible_os_family == 'Debian' + block: # ansible_lsb is only available if lsb-release is installed. - name: Ensure lsb-release installed ansible.builtin.apt: @@ -20,7 +21,8 @@ register: lsb_release_installation_result - name: Reread ansible_lsb facts if lsb-release got installed - ansible.builtin.setup: filter=ansible_lsb* + ansible.builtin.setup: + filter: ansible_lsb* when: lsb_release_installation_result.changed - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml" @@ -28,7 +30,6 @@ - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml" when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian') - when: ansible_os_family == 'Debian' - ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml" when: ansible_distribution == 'Archlinux' @@ -38,9 +39,3 @@ name: docker state: started enabled: true - -- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns" - ansible.builtin.service: - name: "{{ matrix_ntpd_service }}" - state: started - enabled: true diff --git a/roles/matrix-base/tasks/server_base/setup_archlinux.yml b/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml similarity index 82% rename from roles/matrix-base/tasks/server_base/setup_archlinux.yml rename to roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml index c912e58f3..a93136148 100644 --- a/roles/matrix-base/tasks/server_base/setup_archlinux.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_archlinux.yml @@ -1,7 +1,7 @@ --- - name: Install host dependencies - pacman: + community.general.pacman: name: - python-docker - python-dnspython @@ -9,7 +9,7 @@ update_cache: true - name: Ensure Docker is installed - pacman: + community.general.pacman: name: - docker state: present diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/custom/matrix-base/tasks/server_base/setup_debian.yml similarity index 88% rename from roles/matrix-base/tasks/server_base/setup_debian.yml rename to roles/custom/matrix-base/tasks/server_base/setup_debian.yml index 271fab41f..412a11d02 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_debian.yml @@ -25,13 +25,6 @@ update_cache: true when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' -- name: Ensure APT packages are installed - ansible.builtin.apt: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.apt: name: diff --git a/roles/matrix-base/tasks/server_base/setup_fedora.yml b/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml similarity index 86% rename from roles/matrix-base/tasks/server_base/setup_fedora.yml rename to roles/custom/matrix-base/tasks/server_base/setup_fedora.yml index 2c7d528fb..19d465718 100644 --- a/roles/matrix-base/tasks/server_base/setup_fedora.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_fedora.yml @@ -17,13 +17,6 @@ key: https://download.docker.com/linux/fedora/gpg when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' -- name: Ensure yum packages are installed - ansible.builtin.yum: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.yum: name: diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml similarity index 82% rename from roles/matrix-base/tasks/server_base/setup_raspbian.yml rename to roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml index 54ea4d185..6959b39c8 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_raspbian.yml @@ -25,17 +25,10 @@ update_cache: true when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' -- name: Ensure APT packages are installed - ansible.builtin.apt: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.apt: name: - "{{ matrix_docker_package_name }}" - - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" + - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker" state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-base/tasks/server_base/setup_redhat.yml b/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml similarity index 83% rename from roles/matrix-base/tasks/server_base/setup_redhat.yml rename to roles/custom/matrix-base/tasks/server_base/setup_redhat.yml index 4e5c97d4d..dbddd9130 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_redhat.yml @@ -15,13 +15,6 @@ key: https://download.docker.com/linux/centos/gpg when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce' -- name: Ensure yum packages are installed - ansible.builtin.yum: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.yum: name: diff --git a/roles/matrix-base/tasks/server_base/setup_redhat8.yml b/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml similarity index 87% rename from roles/matrix-base/tasks/server_base/setup_redhat8.yml rename to roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml index 932dbab50..c303abb8f 100644 --- a/roles/matrix-base/tasks/server_base/setup_redhat8.yml +++ b/roles/custom/matrix-base/tasks/server_base/setup_redhat8.yml @@ -22,13 +22,6 @@ state: present update_cache: true -- name: Ensure yum packages are installed - ansible.builtin.yum: - name: - - "{{ matrix_ntpd_package }}" - state: present - update_cache: true - - name: Ensure Docker is installed ansible.builtin.yum: name: diff --git a/roles/matrix-base/tasks/setup_matrix_base.yml b/roles/custom/matrix-base/tasks/setup_matrix_base.yml similarity index 62% rename from roles/matrix-base/tasks/setup_matrix_base.yml rename to roles/custom/matrix-base/tasks/setup_matrix_base.yml index 2e8609873..f954bd796 100644 --- a/roles/matrix-base/tasks/setup_matrix_base.yml +++ b/roles/custom/matrix-base/tasks/setup_matrix_base.yml @@ -10,17 +10,8 @@ with_items: - "{{ matrix_base_data_path }}" -- name: Preserve vars.yml on the server for easily restoring if it gets lost later on - ansible.builtin.copy: - src: "{{ matrix_vars_yml_snapshotting_src }}" - dest: "{{ matrix_base_data_path }}/vars.yml" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: '0660' - when: "matrix_vars_yml_snapshotting_enabled | bool" - - name: Ensure Matrix network is created in Docker - docker_network: + community.docker.docker_network: name: "{{ matrix_docker_network }}" driver: bridge diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/custom/matrix-base/tasks/setup_matrix_user.yml similarity index 100% rename from roles/matrix-base/tasks/setup_matrix_user.yml rename to roles/custom/matrix-base/tasks/setup_matrix_user.yml diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/custom/matrix-base/tasks/setup_well_known.yml similarity index 100% rename from roles/matrix-base/tasks/setup_well_known.yml rename to roles/custom/matrix-base/tasks/setup_well_known.yml diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 similarity index 100% rename from roles/matrix-base/templates/static-files/well-known/matrix-client.j2 rename to roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-server.j2 similarity index 100% rename from roles/matrix-base/templates/static-files/well-known/matrix-server.j2 rename to roles/custom/matrix-base/templates/static-files/well-known/matrix-server.j2 diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-support.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2 similarity index 100% rename from roles/matrix-base/templates/static-files/well-known/matrix-support.j2 rename to roles/custom/matrix-base/templates/static-files/well-known/matrix-support.j2 diff --git a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 b/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 similarity index 85% rename from roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 rename to roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 index f4b23b446..f9b174e57 100644 --- a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 +++ b/roles/custom/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 @@ -16,9 +16,9 @@ if [ "$sure" != "Yes, I really want to remove everything!" ]; then else echo "Stop and remove matrix services" - for s in $(find {{ matrix_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do + for s in $(find {{ devture_systemd_docker_base_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do systemctl disable --now $s - rm -f {{ matrix_systemd_path }}/$s + rm -f {{ devture_systemd_docker_base_systemd_path }}/$s done systemctl daemon-reload diff --git a/roles/matrix-base/vars/main.yml b/roles/custom/matrix-base/vars/main.yml similarity index 100% rename from roles/matrix-base/vars/main.yml rename to roles/custom/matrix-base/vars/main.yml diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml similarity index 83% rename from roles/matrix-bot-buscarron/defaults/main.yml rename to roles/custom/matrix-bot-buscarron/defaults/main.yml index 648d53447..21d9a4a39 100644 --- a/roles/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.2.1 +matrix_bot_buscarron_version: v1.3.0 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" @@ -78,37 +78,49 @@ matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" matrix_bot_buscarron_forms: [] # Disable encryption -matrix_bot_buscarron_noencryption: +matrix_bot_buscarron_noencryption: false # Sentry DSN -matrix_bot_buscarron_sentry: +matrix_bot_buscarron_sentry: '' # Log level matrix_bot_buscarron_loglevel: INFO -# spam hosts/domains +# list of spammers with wildcards support, eg: *@spam.com spam@*, spam@spam.com +matrix_bot_buscarron_spamlist: [] + +# spam hosts/domains. +# deprecated, use matrix_bot_buscarron_spamlist matrix_bot_buscarron_spam_hosts: [] # spam email addresses +# deprecated, use matrix_bot_buscarron_spamlist matrix_bot_buscarron_spam_emails: [] # spam email localparts +# deprecated, use matrix_bot_buscarron_spamlist matrix_bot_buscarron_spam_localparts: [] -# Ban duration in hours -matrix_bot_buscarron_ban_duration: 24 - # Banlist size matrix_bot_buscarron_ban_size: 10000 +# Permanent banlist +matrix_bot_buscarron_ban_list: [] + # Postmark token (confirmation emails) -matrix_bot_buscarron_pm_token: +matrix_bot_buscarron_pm_token: '' # Postmark sender signature -matrix_bot_buscarron_pm_from: +matrix_bot_buscarron_pm_from: '' # Postmark confirmation email's reply-to -matrix_bot_buscarron_pm_replyto: +matrix_bot_buscarron_pm_replyto: '' + +# email address (from) for SMTP validation. Must be valid email on valid SMTP server, otherwise it will be rejected by other servers +matrix_bot_buscarron_smtp_from: '' + +# enforce SMTP validation +matrix_bot_buscarron_smtp_validation: false # Additional environment variables to pass to the buscarron container # diff --git a/roles/matrix-bot-buscarron/tasks/init.yml b/roles/custom/matrix-bot-buscarron/tasks/init.yml similarity index 100% rename from roles/matrix-bot-buscarron/tasks/init.yml rename to roles/custom/matrix-bot-buscarron/tasks/init.yml diff --git a/roles/matrix-bot-buscarron/tasks/main.yml b/roles/custom/matrix-bot-buscarron/tasks/main.yml similarity index 100% rename from roles/matrix-bot-buscarron/tasks/main.yml rename to roles/custom/matrix-bot-buscarron/tasks/main.yml diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml similarity index 89% rename from roles/matrix-bot-buscarron/tasks/setup_install.yml rename to roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 0db7b728b..156813def 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -2,13 +2,15 @@ - ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: false -- block: +- when: "matrix_bot_buscarron_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" register: matrix_bot_buscarron_sqlite_database_path_local_stat_result - - block: + - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" @@ -19,13 +21,11 @@ systemd_services_to_stop: ['matrix-bot-buscarron.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_buscarron_requires_restart: true - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_buscarron_database_engine == 'postgres'" - name: Ensure buscarron paths exist ansible.builtin.file: @@ -50,15 +50,15 @@ mode: 0640 - name: Ensure buscarron image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}" when: "not matrix_bot_buscarron_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure buscarron repository is present on self-build @@ -73,7 +73,7 @@ when: "matrix_bot_buscarron_container_image_self_build | bool" - name: Ensure buscarron image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" source: build force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -87,7 +87,7 @@ - name: Ensure matrix-bot-buscarron.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" mode: 0644 register: matrix_bot_buscarron_systemd_service_result diff --git a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-buscarron/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml index ad9e78cdd..cb3333bf2 100644 --- a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-buscarron service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" register: matrix_bot_buscarron_service_stat - name: Ensure matrix-buscarron is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-buscarron.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" state: absent when: "matrix_bot_buscarron_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure buscarron Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" state: absent diff --git a/roles/matrix-bot-buscarron/tasks/validate_config.yml b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-buscarron/tasks/validate_config.yml rename to roles/custom/matrix-bot-buscarron/tasks/validate_config.yml diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/custom/matrix-bot-buscarron/templates/env.j2 similarity index 83% rename from roles/matrix-bot-buscarron/templates/env.j2 rename to roles/custom/matrix-bot-buscarron/templates/env.j2 index 42da0d349..80ddd38cc 100644 --- a/roles/matrix-bot-buscarron/templates/env.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/env.j2 @@ -3,22 +3,26 @@ BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }} BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }} BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} +BUSCARRON_SPAMLIST={{ matrix_bot_buscarron_spamlist|join(" ") }} BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} BUSCARRON_SPAM_LOCALPARTS={{ matrix_bot_buscarron_spam_localparts|join(" ") }} BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} -BUSCARRON_BAN_DURATION={{ matrix_bot_buscarron_ban_duration }} BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }} +BUSCARRON_BAN_LIST={{ matrix_bot_buscarron_ban_list|default('')|join(' ') }} BUSCARRON_PM_TOKEN={{ matrix_bot_buscarron_pm_token }} BUSCARRON_PM_FROM={{ matrix_bot_buscarron_pm_from }} BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} +BUSCARRON_SMTP_FROM={{ matrix_bot_buscarron_smtp_from }} +BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }} BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} BUSCARRON_{{ form.name|upper }}_HASDOMAIN={{ form.hasdomain|default('') }} +BUSCARRON_{{ form.name|upper }}_HASEMAIL={{ form.hasemail|default('') }} BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} BUSCARRON_{{ form.name|upper }}_CONFIRMATION_SUBJECT={{ form.confirmation_subject|default('') }} diff --git a/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 similarity index 51% rename from roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 rename to roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 index fd6d03100..60909dc91 100644 --- a/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-buscarron \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron {% endfor %} {{ matrix_bot_buscarron_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-buscarron diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/custom/matrix-bot-go-neb/defaults/main.yml similarity index 100% rename from roles/matrix-bot-go-neb/defaults/main.yml rename to roles/custom/matrix-bot-go-neb/defaults/main.yml diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/custom/matrix-bot-go-neb/tasks/init.yml similarity index 100% rename from roles/matrix-bot-go-neb/tasks/init.yml rename to roles/custom/matrix-bot-go-neb/tasks/init.yml diff --git a/roles/matrix-bot-go-neb/tasks/main.yml b/roles/custom/matrix-bot-go-neb/tasks/main.yml similarity index 100% rename from roles/matrix-bot-go-neb/tasks/main.yml rename to roles/custom/matrix-bot-go-neb/tasks/main.yml diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml similarity index 88% rename from roles/matrix-bot-go-neb/tasks/setup_install.yml rename to roles/custom/matrix-bot-go-neb/tasks/setup_install.yml index a651c1608..70aec14ad 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/setup_install.yml @@ -17,14 +17,14 @@ when: "item.when | bool" - name: Ensure go-neb image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_go_neb_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure go-neb config installed @@ -38,7 +38,7 @@ - name: Ensure matrix-bot-go-neb.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" mode: 0644 register: matrix_bot_go_neb_systemd_service_result diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-go-neb/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml index 9794a90ad..d5caa86b7 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-go-neb service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" register: matrix_bot_go_neb_service_stat - name: Ensure matrix-go-neb is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-go-neb.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service" state: absent when: "matrix_bot_go_neb_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure go-neb Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_go_neb_docker_image }}" state: absent diff --git a/roles/matrix-bot-go-neb/tasks/validate_config.yml b/roles/custom/matrix-bot-go-neb/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-go-neb/tasks/validate_config.yml rename to roles/custom/matrix-bot-go-neb/tasks/validate_config.yml diff --git a/roles/matrix-bot-go-neb/templates/config.yaml.j2 b/roles/custom/matrix-bot-go-neb/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bot-go-neb/templates/config.yaml.j2 rename to roles/custom/matrix-bot-go-neb/templates/config.yaml.j2 diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 similarity index 62% rename from roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 rename to roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index 83eb3c7df..a57df57e2 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/custom/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-go-neb \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ {{ matrix_bot_go_neb_docker_image }} \ -c "go-neb /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-go-neb diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml similarity index 92% rename from roles/matrix-bot-honoroit/defaults/main.yml rename to roles/custom/matrix-bot-honoroit/defaults/main.yml index 7a3e0d190..3510f4732 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.13 +matrix_bot_honoroit_version: v0.9.16 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -88,6 +88,17 @@ matrix_bot_honoroit_loglevel: '' # Disable encryption matrix_bot_honoroit_noencryption: false +# A list of whitelisted users allowed to use/invite honoroit +# If not defined, everyone is allowed. +# Example set of rules: +# matrix_bot_honoroit_allowedusers: +# - @someone:example.com +# - @another:example.com +# - @bot.*:example.com +# - @*:another.com +matrix_bot_honoroit_allowedusers: + - "@*:*" + # Max items in cache matrix_bot_honoroit_cachesize: '' diff --git a/roles/matrix-bot-honoroit/tasks/init.yml b/roles/custom/matrix-bot-honoroit/tasks/init.yml similarity index 100% rename from roles/matrix-bot-honoroit/tasks/init.yml rename to roles/custom/matrix-bot-honoroit/tasks/init.yml diff --git a/roles/matrix-bot-honoroit/tasks/main.yml b/roles/custom/matrix-bot-honoroit/tasks/main.yml similarity index 100% rename from roles/matrix-bot-honoroit/tasks/main.yml rename to roles/custom/matrix-bot-honoroit/tasks/main.yml diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml similarity index 89% rename from roles/matrix-bot-honoroit/tasks/setup_install.yml rename to roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index 9bb979fc2..05dcd7c7c 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -2,13 +2,15 @@ - ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: false -- block: +- when: "matrix_bot_honoroit_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" register: matrix_bot_honoroit_sqlite_database_path_local_stat_result - - block: + - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" @@ -19,13 +21,11 @@ systemd_services_to_stop: ['matrix-bot-honoroit.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_honoroit_requires_restart: true - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_honoroit_database_engine == 'postgres'" - name: Ensure honoroit paths exist ansible.builtin.file: @@ -50,15 +50,15 @@ mode: 0640 - name: Ensure honoroit image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_honoroit_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}" when: "not matrix_bot_honoroit_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure honoroit repository is present on self-build @@ -73,7 +73,7 @@ when: "matrix_bot_honoroit_container_image_self_build | bool" - name: Ensure honoroit image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_honoroit_docker_image }}" source: build force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -87,7 +87,7 @@ - name: Ensure matrix-bot-honoroit.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" mode: 0644 register: matrix_bot_honoroit_systemd_service_result diff --git a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-honoroit/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml index 6ede0d1d2..0fa83a02d 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-honoroit service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" register: matrix_bot_honoroit_service_stat - name: Ensure matrix-honoroit is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-honoroit.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service" state: absent when: "matrix_bot_honoroit_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure honoroit Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_honoroit_docker_image }}" state: absent diff --git a/roles/matrix-bot-honoroit/tasks/validate_config.yml b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-honoroit/tasks/validate_config.yml rename to roles/custom/matrix-bot-honoroit/tasks/validate_config.yml diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/custom/matrix-bot-honoroit/templates/env.j2 similarity index 90% rename from roles/matrix-bot-honoroit/templates/env.j2 rename to roles/custom/matrix-bot-honoroit/templates/env.j2 index c8d10c6a0..0cfd88c1d 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/env.j2 @@ -10,7 +10,8 @@ HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} HONOROIT_IGNORENOTHREAD={{ matrix_bot_honoroit_ignorenothread }} -HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms|join(' ') }} +HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms | join(' ') }} +HONOROIT_ALLOWEDUSERS={{ matrix_bot_honoroit_allowedusers | join(' ') }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_NOENCRYPTION={{ matrix_bot_honoroit_text_noencryption }} diff --git a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 similarity index 51% rename from roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 rename to roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index 2bb141099..2cce62da5 100644 --- a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-honoroit \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ {% endfor %} {{ matrix_bot_honoroit_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/defaults/main.yml rename to roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/tasks/init.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/init.yml diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/tasks/main.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index d4522321e..3838fa079 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -22,15 +22,15 @@ mode: 0640 - name: Ensure matrix-registration-bot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_registration_bot_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-registration-bot repository is present on self-build @@ -45,7 +45,7 @@ when: "matrix_bot_matrix_registration_bot_container_image_self_build | bool" - name: Ensure matrix-registration-bot image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" source: build force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -59,7 +59,7 @@ - name: Ensure matrix-bot-matrix-registration-bot.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" mode: 0644 register: matrix_bot_matrix_registration_bot_systemd_service_result diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml similarity index 83% rename from roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml index 426eefc10..c7ee13652 100644 --- a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-matrix-registration-bot service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" register: matrix_bot_matrix_registration_bot_service_stat - name: Ensure matrix-matrix-registration-bot is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" state: absent when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure matrix-registration-bot Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" state: absent diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml rename to roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml diff --git a/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 similarity index 100% rename from roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 rename to roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 diff --git a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 similarity index 50% rename from roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 rename to roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 index e1aa89548..704c512f0 100644 --- a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \ --log-driver=none \ --cap-drop=ALL \ -e "CONFIG_PATH=/config/config.yml" \ @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reg --network={{ matrix_docker_network }} \ {{ matrix_bot_matrix_registration_bot_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-registration-bot diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/defaults/main.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/init.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/tasks/init.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/init.yml diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/tasks/main.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/main.yml diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml similarity index 90% rename from roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index 0ad895af3..00e25c361 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -3,13 +3,15 @@ - ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: false -- block: +- when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" register: matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result - - block: + - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" @@ -20,13 +22,11 @@ systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_matrix_reminder_bot_requires_restart: true - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'" - name: Ensure matrix-reminder-bot paths exist ansible.builtin.file: @@ -43,15 +43,15 @@ when: "item.when | bool" - name: Ensure matrix-reminder-bot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_reminder_bot_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-reminder-bot repository is present on self-build @@ -66,7 +66,7 @@ when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool" - name: Ensure matrix-reminder-bot image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" source: build force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -88,7 +88,7 @@ - name: Ensure matrix-bot-matrix-reminder-bot.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" mode: 0644 register: matrix_bot_matrix_reminder_bot_systemd_service_result diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml similarity index 83% rename from roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index d8926df75..1b940f32e 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-matrix-reminder-bot service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" register: matrix_bot_matrix_reminder_bot_service_stat - name: Ensure matrix-matrix-reminder-bot is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-matrix-reminder-bot.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-matrix-reminder-bot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service" state: absent when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure matrix-reminder-bot Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}" state: absent diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml rename to roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 b/roles/custom/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 rename to roles/custom/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 similarity index 55% rename from roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 rename to roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index a9cf8bb84..71598232a 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml similarity index 100% rename from roles/matrix-bot-maubot/defaults/main.yml rename to roles/custom/matrix-bot-maubot/defaults/main.yml diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/custom/matrix-bot-maubot/tasks/init.yml similarity index 91% rename from roles/matrix-bot-maubot/tasks/init.yml rename to roles/custom/matrix-bot-maubot/tasks/init.yml index 251d0b4a2..ccb5956e6 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/custom/matrix-bot-maubot/tasks/init.yml @@ -14,13 +14,13 @@ {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-bot-maubot:{{ matrix_bot_maubot_management_interface_port }}/$1"; - proxy_pass http://$backend; + set $backend "matrix-bot-maubot:{{ matrix_bot_maubot_management_interface_port }}"; + proxy_pass http://$backend$request_uri; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_bot_maubot_management_interface_port }}$request_uri; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; {% endif %} @@ -35,7 +35,7 @@ + [matrix_bot_maubot_matrix_nginx_proxy_configuration] }} - when: matrix_bot_maubot_proxy_management_interface|bool + when: matrix_bot_maubot_proxy_management_interface | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bot-maubot/tasks/main.yml b/roles/custom/matrix-bot-maubot/tasks/main.yml similarity index 54% rename from roles/matrix-bot-maubot/tasks/main.yml rename to roles/custom/matrix-bot-maubot/tasks/main.yml index c67e25ee7..773f4b9fa 100644 --- a/roles/matrix-bot-maubot/tasks/main.yml +++ b/roles/custom/matrix-bot-maubot/tasks/main.yml @@ -1,22 +1,22 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/validate_config.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: "run_setup|bool and matrix_bot_maubot_enabled|bool" tags: - setup-all - setup-bot-maubot -- import_tasks: "{{ role_path }}/tasks/setup_install.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup|bool and matrix_bot_maubot_enabled|bool" tags: - setup-all - setup-bot-maubot -- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" when: "run_setup|bool and not matrix_bot_maubot_enabled|bool" tags: - setup-all diff --git a/roles/matrix-bot-maubot/tasks/setup_install.yml b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bot-maubot/tasks/setup_install.yml rename to roles/custom/matrix-bot-maubot/tasks/setup_install.yml index 185a29889..22f53b6fe 100644 --- a/roles/matrix-bot-maubot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml @@ -26,15 +26,15 @@ mode: "u=rwx" - name: Ensure maubot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}" when: "not matrix_bot_maubot_container_image_self_build|bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure maubot repository is present on self-build @@ -49,7 +49,7 @@ when: "matrix_bot_maubot_container_image_self_build|bool" - name: Ensure maubot image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" source: build force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -63,7 +63,7 @@ - name: Ensure matrix-bot-maubot.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" mode: 0644 register: matrix_bot_maubot_systemd_service_result diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml similarity index 67% rename from roles/matrix-bot-maubot/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml index 0be7089ce..33b8fc149 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-maubot service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" register: matrix_bot_maubot_service_stat - name: Ensure matrix-bot-maubot is stopped @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_bot_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists | bool" - name: Ensure matrix-bot-maubot.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" state: absent - when: "matrix_bot_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-bot-maubot.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_bot_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists | bool" - name: Ensure Matrix maubot paths don't exist ansible.builtin.file: @@ -31,6 +31,6 @@ state: absent - name: Ensure maubot Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_maubot_docker_image }}" state: absent diff --git a/roles/matrix-bot-maubot/tasks/validate_config.yml b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-maubot/tasks/validate_config.yml rename to roles/custom/matrix-bot-maubot/tasks/validate_config.yml diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 similarity index 100% rename from roles/matrix-bot-maubot/templates/config/config.yaml.j2 rename to roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 similarity index 57% rename from roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 rename to roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index a9e039869..34c856350 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-maubot \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --read-only \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-maubot diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml similarity index 100% rename from roles/matrix-bot-mjolnir/defaults/main.yml rename to roles/custom/matrix-bot-mjolnir/defaults/main.yml diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/custom/matrix-bot-mjolnir/tasks/init.yml similarity index 100% rename from roles/matrix-bot-mjolnir/tasks/init.yml rename to roles/custom/matrix-bot-mjolnir/tasks/init.yml diff --git a/roles/matrix-bot-mjolnir/tasks/main.yml b/roles/custom/matrix-bot-mjolnir/tasks/main.yml similarity index 100% rename from roles/matrix-bot-mjolnir/tasks/main.yml rename to roles/custom/matrix-bot-mjolnir/tasks/main.yml diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bot-mjolnir/tasks/setup_install.yml rename to roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml index 08ac9d034..995e3b2be 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml @@ -18,15 +18,15 @@ when: "item.when | bool" - name: Ensure mjolnir Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_mjolnir_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" when: "not matrix_bot_mjolnir_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure mjolnir repository is present on self-build @@ -41,7 +41,7 @@ when: "matrix_bot_mjolnir_container_image_self_build | bool" - name: Ensure mjolnir Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_mjolnir_docker_image }}" source: build force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}" @@ -62,7 +62,7 @@ - name: Ensure matrix-bot-mjolnir.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-mjolnir.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" mode: 0644 register: matrix_bot_mjolnir_systemd_service_result diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml index 5c7f4c896..708a7bb01 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-bot-mjolnir service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" register: matrix_bot_mjolnir_service_stat - name: Ensure matrix-bot-mjolnir is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-mjolnir.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service" state: absent when: "matrix_bot_mjolnir_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure mjolnir Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_mjolnir_docker_image }}" state: absent diff --git a/roles/matrix-bot-mjolnir/tasks/validate_config.yml b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-mjolnir/tasks/validate_config.yml rename to roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml diff --git a/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 new file mode 100644 index 000000000..7643d65f7 --- /dev/null +++ b/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2 @@ -0,0 +1,246 @@ +# Endpoint URL that Mjolnir uses to interact with the matrix homeserver (client-server API), +# set this to the pantalaimon URL if you're using that. +homeserverUrl: "{{ matrix_homeserver_url }}" + +# Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +rawHomeserverUrl: "{{ matrix_homeserver_url }}" + +# Matrix Access Token to use, Mjolnir will only use this if pantalaimon.use is false. +accessToken: "{{ matrix_bot_mjolnir_access_token }}" + +# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) +#pantalaimon: +# # Whether or not Mjolnir will use pantalaimon to access the matrix homeserver, +# # set to `true` if you're using pantalaimon. +# # +# # Be sure to point homeserverUrl to the pantalaimon instance. +# # +# # Mjolnir will log in using the given username and password once, +# # then store the resulting access token in a file under dataPath. +# use: false +# +# # The username to login with. +# username: mjolnir +# +# # The password Mjolnir will login with. +# # +# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. +# password: your_password + +# The path Mjolnir will store its state/data in, leave default ("/data/storage") when using containers. +dataPath: "/data" + +# If true (the default), Mjolnir will only accept invites from users present in managementRoom. +autojoinOnlyIfManager: true + +# If `autojoinOnlyIfManager` is false, only the members in this space can invite +# the bot to new rooms. +#acceptInvitesFromSpace: "!example:example.org" + +# Whether Mjolnir should report ignored invites to the management room (if autojoinOnlyIfManager is true). +recordIgnoredInvites: false + +# The room ID (or room alias) of the management room, anyone in this room can issue commands to Mjolnir. +# +# Mjolnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it! +# +# This should be a room alias or room ID - not a matrix.to URL. +# +# Note: By default, Mjolnir is fairly verbose - expect a lot of messages in this room. +# (see verboseLogging to adjust this a bit.) +managementRoom: "{{ matrix_bot_mjolnir_management_room }}" + +# Whether Mjolnir should log a lot more messages in the room, +# mainly involves "all-OK" messages, and debugging messages for when mjolnir checks bans in a room. +verboseLogging: false + +# The log level of terminal (or container) output, +# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. +# +# This should be at INFO or DEBUG in order to get support for Mjolnir problems. +logLevel: "INFO" + +# Whether or not Mjolnir should synchronize policy lists immediately after startup. +# Equivalent to running '!mjolnir sync'. +syncOnStartup: true + +# Whether or not Mjolnir should check moderation permissions in all protected rooms on startup. +# Equivalent to running `!mjolnir verify`. +verifyPermissionsOnStartup: true + +# Whether or not Mjolnir should actually apply bans and policy lists, +# turn on to trial some untrusted configuration or lists. +noop: false + +# Whether Mjolnir should check member lists quicker (by using a different endpoint), +# keep in mind that enabling this will miss invited (but not joined) users. +# +# Turn on if your bot is in (very) large rooms, or in large amounts of rooms. +fasterMembershipChecks: false + +# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for. +# +# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list, +# it will also remove the user's messages automatically. +# +# Typically this is useful to avoid having to give two commands to the bot. +# Advanced: Use asterisks to have the reason match using "globs" +# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting"). +# +# See here for more info: https://www.digitalocean.com/community/tools/glob +# Note: Keep in mind that glob is NOT regex! +automaticallyRedactForReasons: + - "spam" + - "advertising" + +# A list of rooms to protect. Mjolnir will add this to the list it knows from its account data. +# +# It won't, however, add it to the account data. +# Manually add the room via '!mjolnir rooms add' to have it stay protected regardless if this config value changes. +# +# Note: These must be matrix.to URLs +#protectedRooms: +# - "https://matrix.to/#/#yourroom:example.org" + +# Whether or not to add all joined rooms to the "protected rooms" list +# (excluding the management room and watched policy list rooms, see below). +# +# Note that this effectively makes the protectedRooms and associated commands useless +# for regular rooms. +# +# Note: the management room is *excluded* from this condition. +# Explicitly add it as a protected room to protect it. +# +# Note: Ban list rooms the bot is watching but didn't create will not be protected. +# Explicitly add these rooms as a protected room list if you want them protected. +protectAllJoinedRooms: false + +# Increase this delay to have Mjölnir wait longer between two consecutive backgrounded +# operations. The total duration of operations will be longer, but the homeserver won't +# be affected as much. Conversely, decrease this delay to have Mjölnir chain operations +# faster. The total duration of operations will generally be shorter, but the performance +# of the homeserver may be more impacted. +backgroundDelayMS: 500 + +# Server administration commands, these commands will only work if Mjolnir is +# a global server administrator, and the bot's server is a Synapse instance. +#admin: +# # Whether or not Mjolnir can temporarily take control of any eligible account from the local homeserver who's in the room +# # (with enough permissions) to "make" a user an admin. +# # +# # This only works if a local user with enough admin permissions is present in the room. +# enableMakeRoomAdminCommand: false + +# Misc options for command handling and commands +commands: + # Whether or not the `!mjolnir` prefix is necessary to submit commands. + # + # If `true`, will allow commands like `!ban`, `!help`, etc. + # + # Note: Mjolnir can also be pinged by display name instead of having to use + # the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" + # will address only my_moderator_bot. + allowNoPrefix: false + + # Any additional bot prefixes that Mjolnir will listen to. i.e. adding `mod` will allow `!mod help`. + additionalPrefixes: + - "mjolnir_bot" + + # Whether or not commands with a wildcard (*) will require an additional `--force` argument + # in the command to be able to be submitted. + confirmWildcardBan: true + +# Configuration specific to certain toggle-able protections +#protections: +# # Configuration for the wordlist plugin, which can ban users based if they say certain +# # blocked words shortly after joining. +# wordlist: +# # A list of case-insensitive keywords that the WordList protection will watch for from new users. +# # +# # WordList will ban users who use these words when first joining a room, so take caution when selecting them. +# # +# # For advanced usage, regex can also be used, see the following links for more information; +# # - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions +# # - https://regexr.com/ +# # - https://regexone.com/ +# words: +# - "LoReM" +# - "IpSuM" +# - "DoLoR" +# - "aMeT" +# +# # For how long (in minutes) the user is "new" to the WordList plugin. +# # +# # After this time, the user will no longer be banned for using a word in the above wordlist. +# # +# # Set to zero to disable the timeout and make users *always* appear "new". +# # (users will always be banned if they say a bad word) +# minutesBeforeTrusting: 20 + +# Options for advanced monitoring of the health of the bot. +health: + # healthz options. These options are best for use in container environments + # like Kubernetes to detect how healthy the service is. The bot will report + # that it is unhealthy until it is able to process user requests. Typically + # this means that it'll flag itself as unhealthy for a number of minutes + # before saying "Now monitoring rooms" and flagging itself healthy. + # + # Health is flagged through HTTP status codes, defined below. + healthz: + # Whether the healthz integration should be enabled (default false) + enabled: false + + # The port to expose the webserver on. Defaults to 8080. + port: 8080 + + # The address to listen for requests on. Defaults to all addresses. + address: "0.0.0.0" + + # The path to expose the monitoring endpoint at. Defaults to `/healthz` + endpoint: "/healthz" + + # The HTTP status code which reports that the bot is healthy/ready to + # process requests. Typically this should not be changed. Defaults to + # 200. + healthyStatus: 200 + + # The HTTP status code which reports that the bot is not healthy/ready. + # Defaults to 418. + unhealthyStatus: 418 + +# Options for exposing web APIs. +#web: +# # Whether to enable web APIs. +# enabled: false +# +# # The port to expose the webserver on. Defaults to 8080. +# port: 8080 +# +# # The address to listen for requests on. Defaults to only the current +# # computer. +# address: localhost +# +# # Alternative setting to open to the entire web. Be careful, +# # as this will increase your security perimeter: +# # +# # address: "0.0.0.0" +# +# # A web API designed to intercept Matrix API +# # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId} +# # and display readable abuse reports in the moderation room. +# # +# # If you wish to take advantage of this feature, you will need +# # to configure a reverse proxy, see e.g. test/nginx.conf +# abuseReporting: +# # Whether to enable this feature. +# enabled: false + +# Whether or not to actively poll synapse for abuse reports, to be used +# instead of intercepting client calls to synapse's abuse endpoint, when that +# isn't possible/practical. +pollReports: false + +# Whether or not new reports, received either by webapi or polling, +# should be printed to our managementRoom. +displayReports: false diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 similarity index 55% rename from roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 rename to roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 7ea6be378..8ac872b72 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-mjolnir \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-mjolnir diff --git a/roles/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml similarity index 68% rename from roles/matrix-bot-postmoogle/defaults/main.yml rename to roles/custom/matrix-bot-postmoogle/defaults/main.yml index 5272e2f2d..af6c23ac0 100644 --- a/roles/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: latest +matrix_bot_postmoogle_version: v0.9.8 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" @@ -78,11 +78,26 @@ matrix_bot_postmoogle_prefix: '!pm' # Max email size in megabytes, including attachments matrix_bot_postmoogle_maxsize: '1024' -# Allow room settings changes by any room participant -matrix_bot_postmoogle_noowner: false - -# Allow Postmoogle use by users over federation -matrix_bot_postmoogle_federation: false +# DEPRECATED, use !pm users instead +# A list of whitelisted users allowed to use the bridge. +# If not defined, everyone is allowed. +# Example set of rules: +# matrix_bot_postmoogle_users: +# - @someone:example.com +# - @another:example.com +# - @bot.*:example.com +# - @*:another.com +matrix_bot_postmoogle_users: + - "@*:{{ matrix_domain }}" + +# A list of admins +# Example set of rules: +# matrix_bot_postmoogle_admins: +# - @someone:example.com +# - @another:example.com +# - @bot.*:example.com +# - @*:another.com +matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}" # Sentry DSN matrix_bot_postmoogle_sentry: '' @@ -95,11 +110,38 @@ matrix_bot_postmoogle_noencryption: false matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}" -# in-container port +# Password (passphrase) to encrypt account data +matrix_bot_postmoogle_data_secret: "" + +# in-container ports matrix_bot_postmoogle_port: '2525' +matrix_bot_postmoogle_tls_port: '25587' -# on-host port +# on-host ports matrix_bot_postmoogle_smtp_host_bind_port: '25' +matrix_bot_postmoogle_submission_host_bind_port: '587' + +### SSL +## on-host SSL dir +matrix_bot_postmoogle_ssl_path: "" + +## in-container SSL paths +# matrix_bot_postmoogle_tls_cert is the SSL certificate's certificate. +# This is likely set via group_vars/matrix_servers, so you don't need to set it. +# If you do need to set it manually, note that this is an in-container path. +# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path +# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem +matrix_bot_postmoogle_tls_cert: "" + +# matrix_bot_postmoogle_tls_key is the SSL certificate's key. +# This is likely set via group_vars/matrix_servers, so you don't need to set it. +# If you do need to set it manually, note that this is an in-container path. +# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path +# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem +matrix_bot_postmoogle_tls_key: "" + +# Mandatory TLS, even on plain SMTP port +matrix_bot_postmoogle_tls_required: false # Additional environment variables to pass to the postmoogle container # diff --git a/roles/matrix-bot-postmoogle/tasks/init.yml b/roles/custom/matrix-bot-postmoogle/tasks/init.yml similarity index 100% rename from roles/matrix-bot-postmoogle/tasks/init.yml rename to roles/custom/matrix-bot-postmoogle/tasks/init.yml diff --git a/roles/matrix-bot-postmoogle/tasks/main.yml b/roles/custom/matrix-bot-postmoogle/tasks/main.yml similarity index 100% rename from roles/matrix-bot-postmoogle/tasks/main.yml rename to roles/custom/matrix-bot-postmoogle/tasks/main.yml diff --git a/roles/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml similarity index 86% rename from roles/matrix-bot-postmoogle/tasks/setup_install.yml rename to roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml index d7e5dbee9..993cf8e5b 100644 --- a/roles/matrix-bot-postmoogle/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml @@ -1,11 +1,13 @@ --- -- block: +- when: "matrix_bot_postmoogle_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}" register: matrix_bot_postmoogle_sqlite_database_path_local_stat_result - - block: + - when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}" @@ -16,13 +18,11 @@ systemd_services_to_stop: ['matrix-bot-postmoogle.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_bot_postmoogle_requires_restart: true - when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_postmoogle_database_engine == 'postgres'" - name: Ensure postmoogle paths exist ansible.builtin.file: @@ -46,15 +46,15 @@ mode: 0640 - name: Ensure postmoogle image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_postmoogle_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_postmoogle_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_postmoogle_docker_image_force_pull }}" when: "not matrix_bot_postmoogle_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure postmoogle repository is present on self-build @@ -69,7 +69,7 @@ when: "matrix_bot_postmoogle_container_image_self_build | bool" - name: Ensure postmoogle image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_postmoogle_docker_image }}" source: build force_source: "{{ matrix_bot_postmoogle_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -83,7 +83,7 @@ - name: Ensure matrix-bot-postmoogle.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-bot-postmoogle.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-bot-postmoogle.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" mode: 0644 register: matrix_bot_postmoogle_systemd_service_result @@ -91,9 +91,3 @@ ansible.builtin.service: daemon_reload: true when: "matrix_bot_postmoogle_systemd_service_result.changed | bool" - -- name: Ensure matrix-bot-postmoogle.service restarted, if necessary - ansible.builtin.service: - name: "matrix-bot-postmoogle.service" - state: restarted - when: "matrix_bot_postmoogle_systemd_service_result.changed | bool" diff --git a/roles/matrix-bot-postmoogle/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-bot-postmoogle/tasks/setup_uninstall.yml rename to roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml index 64164a860..198df7d78 100644 --- a/roles/matrix-bot-postmoogle/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-postmoogle service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-bot-postmoogle.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" register: matrix_bot_postmoogle_service_stat - name: Ensure matrix-postmoogle is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-bot-postmoogle.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-bot-postmoogle.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" state: absent when: "matrix_bot_postmoogle_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure postmoogle Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_bot_postmoogle_docker_image }}" state: absent diff --git a/roles/matrix-bot-postmoogle/tasks/validate_config.yml b/roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bot-postmoogle/tasks/validate_config.yml rename to roles/custom/matrix-bot-postmoogle/tasks/validate_config.yml diff --git a/roles/matrix-bot-postmoogle/templates/env.j2 b/roles/custom/matrix-bot-postmoogle/templates/env.j2 similarity index 67% rename from roles/matrix-bot-postmoogle/templates/env.j2 rename to roles/custom/matrix-bot-postmoogle/templates/env.j2 index 930681d8d..c81510534 100644 --- a/roles/matrix-bot-postmoogle/templates/env.j2 +++ b/roles/custom/matrix-bot-postmoogle/templates/env.j2 @@ -10,7 +10,11 @@ POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }} POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }} POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }} POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }} -POSTMOOGLE_NOOWNER={{ matrix_bot_postmoogle_noowner }} -POSTMOOGLE_FEDERATION={{ matrix_bot_postmoogle_federation }} +POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }} +POSTMOOGLE_TLS_PORT={{ matrix_bot_postmoogle_tls_port }} +POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }} +POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }} +POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }} +POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }} {{ matrix_bot_postmoogle_environment_variables_extension }} diff --git a/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 new file mode 100644 index 000000000..f2610600c --- /dev/null +++ b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 @@ -0,0 +1,46 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix helpdesk bot +{% for service in matrix_bot_postmoogle_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_postmoogle_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-postmoogle \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_postmoogle_config_path }}/env \ + -p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \ + {% if matrix_bot_postmoogle_ssl_path %} + -p {{ matrix_bot_postmoogle_submission_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \ + {% endif %} + --mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \ + {% if matrix_bot_postmoogle_ssl_path %} + --mount type=bind,src={{ matrix_bot_postmoogle_ssl_path }},dst=/ssl \ + {% endif %} + {% for arg in matrix_bot_postmoogle_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_postmoogle_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-postmoogle + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml similarity index 99% rename from roles/matrix-bridge-appservice-discord/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-discord/defaults/main.yml index 4a3eddabc..9e061d678 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_appservice_discord_enabled: false matrix_appservice_discord_container_image_self_build: false -matrix_appservice_discord_version: v3.0.0 +matrix_appservice_discord_version: v3.1.0 matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_name_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}" matrix_appservice_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else 'ghcr.io/' }}" matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-appservice-discord/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/init.yml diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-discord/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml similarity index 89% rename from roles/matrix-bridge-appservice-discord/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml index af17613c6..f04e7f69e 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -3,13 +3,15 @@ - ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: false -- block: +- when: "matrix_appservice_discord_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_appservice_discord_sqlite_database_path_local }}" register: matrix_appservice_discord_sqlite_database_path_local_stat_result - - block: + - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" @@ -20,23 +22,21 @@ systemd_services_to_stop: ['matrix-appservice-discord.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_appservice_discord_requires_restart: true - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_appservice_discord_database_engine == 'postgres'" - name: Ensure Appservice Discord image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_discord_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure AppService Discord paths exist @@ -93,7 +93,7 @@ # We intentionally suppress Ansible changes. - name: Generate AppService Discord invite link ansible.builtin.shell: >- - {{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg @@ -105,7 +105,7 @@ - name: Ensure matrix-appservice-discord.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" mode: 0644 register: matrix_appservice_discord_systemd_service_result diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 83588d1c1..50d108fa5 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-discord service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" register: matrix_appservice_discord_service_stat - name: Ensure matrix-appservice-discord is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-appservice-discord.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-appservice-discord.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service" state: absent when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml similarity index 89% rename from roles/matrix-bridge-appservice-discord/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml index 901b760bf..e005f162b 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml @@ -22,5 +22,6 @@ - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': ''} - name: Require a valid database engine - ansible.builtin.fail: msg="`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'" + ansible.builtin.fail: + msg: "`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'" when: "matrix_appservice_discord_database_engine not in ['sqlite', 'postgres']" diff --git a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 similarity index 77% rename from roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 index a530af2e5..2309be443 100644 --- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-appservice-discord/templates/config.yaml.j2 @@ -18,6 +18,9 @@ bridge: disableTypingNotifications: false # Disable deleting messages on Discord if a message is redacted on Matrix. disableDeletionForwarding: false + # Disable portal bridging, where Matrix users can search for unbridged Discord + # rooms on their Matrix server. + disablePortalBridging: {{ matrix_appservice_discord_bridge_disablePortalBridging|to_json }} # Enable users to bridge rooms using !discord commands. See # https://t2bot.io/discord for instructions. enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }} @@ -28,10 +31,14 @@ bridge: disableJoinLeaveNotifications: false # Disable Invite echos from matrix disableInviteNotifications: false - # Disable portal briding (automatic room creation) - disablePortalBridging: {{ matrix_appservice_discord_bridge_disablePortalBridging|to_json }} + # Disable Room Topic echos from matrix + disableRoomTopicNotifications: false # Auto-determine the language of code blocks (this can be CPU-intensive) determineCodeLanguage: false + # MXID of an admin user that will be PMd if the bridge experiences problems. Optional + adminMxid: {{ matrix_admin | to_json }} + # The message to send to the bridge admin if the Discord token is not valid + invalidTokenMessage: 'Your Discord bot token seems to be invalid, and the bridge cannot function. Please update it in your bridge settings and restart the bridge' # Authentication configuration for the discord bot. auth: clientID: {{ matrix_appservice_discord_client_id | string|to_json }} @@ -75,20 +82,20 @@ channel: namePattern: "[Discord] :guild :name" # Changes made to rooms when a channel is deleted. deleteOptions: - # Prefix the room name with a string. - #namePrefix: "[Deleted]" - # Prefix the room topic with a string. - #topicPrefix: "This room has been deleted" - # Disable people from talking in the room by raising the event PL to 50 - disableMessaging: false - # Remove the discord alias from the room. - unsetRoomAlias: true - # Remove the room from the directory. - unlistFromDirectory: true - # Set the room to be unavaliable for joining without an invite. - setInviteOnly: true - # Make all the discord users leave the room. - ghostsLeave: true + # Prefix the room name with a string. + #namePrefix: "[Deleted]" + # Prefix the room topic with a string. + #topicPrefix: "This room has been deleted" + # Disable people from talking in the room by raising the event PL to 50 + disableMessaging: false + # Remove the discord alias from the room. + unsetRoomAlias: true + # Remove the room from the directory. + unlistFromDirectory: true + # Set the room to be unavailable for joining without an invite. + setInviteOnly: true + # Make all the discord users leave the room. + ghostsLeave: true limits: # Delay in milliseconds between discord users joining a room. roomGhostJoinDelay: 6000 @@ -98,8 +105,15 @@ limits: # echos = (Copies of a sent message may arrive from discord before we've # fininished handling it, causing us to echo it back to the room) discordSendDelay: 1500 + # Set a maximum of rooms to be bridged. + # roomCount: 20 ghosts: # Pattern for the ghosts nick, available is :nick, :username, :tag and :id nickPattern: ":nick" # Pattern for the ghosts username, available is :username, :tag and :id usernamePattern: ":username#:tag" +# Prometheus-compatible metrics endpoint +metrics: + enable: false + port: 9001 + host: "127.0.0.1" diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 similarity index 60% rename from roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 rename to roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 0a527c0cd..8a7935731 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-discord \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml similarity index 99% rename from roles/matrix-bridge-appservice-irc/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index 93a8e0844..d54a7685d 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -11,10 +11,11 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_irc_version: 0.34.0 +matrix_appservice_irc_version: 0.36.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" +matrix_appservice_irc_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config" diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-appservice-irc/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/init.yml diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-irc/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml similarity index 91% rename from roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index d5f4eefd3..9dda24019 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -30,7 +30,7 @@ - name: Check existence of matrix-appservice-irc service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat - name: Ensure matrix-appservice-irc is stopped @@ -42,7 +42,7 @@ - name: Import appservice-irc NeDB database into Postgres ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -66,9 +66,9 @@ - name: Inject result ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your appservice-irc database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_irc_data_path }}/*.db` to `{{ matrix_appservice_irc_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-appservice-irc/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml index 6b7fc92d9..32d87408d 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -1,6 +1,8 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_openssl_installed - name: Ensure Appservice IRC paths exist ansible.builtin.file: @@ -21,7 +23,8 @@ path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" register: matrix_appservice_irc_stat_passkey -- block: +- when: "matrix_appservice_irc_stat_passkey.stat.exists" + block: - name: (Data relocation) Ensure matrix-appservice-irc.service is stopped ansible.builtin.service: name: matrix-appservice-irc @@ -44,35 +47,34 @@ - rooms.db - users.db failed_when: false - when: "matrix_appservice_irc_stat_passkey.stat.exists" - ansible.builtin.set_fact: matrix_appservice_irc_requires_restart: false -- block: +- when: "matrix_appservice_irc_database_engine == 'postgres'" + block: - name: Check if a nedb database already exists ansible.builtin.stat: path: "{{ matrix_appservice_irc_data_path }}/users.db" register: matrix_appservice_irc_nedb_database_path_local_stat_result - - block: + - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_irc_requires_restart: true - when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool" - when: "matrix_appservice_irc_database_engine == 'postgres'" - name: Ensure Appservice IRC image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_irc_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" when: "matrix_appservice_irc_enabled | bool and not matrix_appservice_irc_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-appservice-irc repository is present when self-building @@ -87,7 +89,7 @@ when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool" - name: Ensure matrix-appservice-irc Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_irc_docker_image }}" source: build force_source: "{{ matrix_appservice_irc_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -147,7 +149,7 @@ # to produce a final registration.yaml file, as we desire. - name: Generate Appservice IRC registration-template.yaml ansible.builtin.shell: >- - {{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-irc-gen --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL -v {{ matrix_appservice_irc_config_path }}:/config:z @@ -193,7 +195,7 @@ - name: Ensure matrix-appservice-irc.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" mode: 0644 register: matrix_appservice_irc_systemd_service_result diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 176317dec..8921d48e1 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-irc service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" register: matrix_appservice_irc_service_stat - name: Ensure matrix-appservice-irc is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-appservice-irc.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-appservice-irc.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service" state: absent when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml similarity index 95% rename from roles/matrix-bridge-appservice-irc/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml index f101e6fea..f0d887c8f 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml @@ -23,7 +23,7 @@ You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers` or by extending the base configuration with additional configuration in `matrix_appservice_irc_configuration_extension_yaml`. Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility. - when: "matrix_appservice_irc_configuration.ircService.servers|length == 0" + when: "matrix_appservice_irc_configuration.ircService.servers | length == 0" - name: (Deprecation) Catch and report renamed appservice-irc variables ansible.builtin.fail: diff --git a/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-irc/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 similarity index 59% rename from roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 rename to roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 4bbda18eb..bd5cbbe3c 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-irc \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-kakaotalk/tasks/init.yml diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-kakaotalk/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml index def73c595..2f5b6be15 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml @@ -9,27 +9,27 @@ when: "matrix_synapse_role_executed | default(False)" - name: Ensure matrix-appservice-kakaotalk image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_kakaotalk_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}" when: not matrix_appservice_kakaotalk_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-appservice-kakaotalk-node image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_kakaotalk_node_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}" when: not matrix_appservice_kakaotalk_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-appservice-kakaotalk paths exist @@ -58,7 +58,7 @@ when: "matrix_appservice_kakaotalk_container_image_self_build | bool" - name: Ensure matrix-appservice-kakaotalk-node Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_kakaotalk_node_docker_image }}" source: build force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -70,7 +70,7 @@ when: "matrix_appservice_kakaotalk_container_image_self_build | bool" - name: Ensure matrix-appservice-kakaotalk Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_kakaotalk_docker_image }}" source: build force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -108,14 +108,14 @@ - name: Ensure matrix-appservice-kakaotalk-node.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk-node.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service" mode: 0644 register: matrix_appservice_kakaotalk_node_systemd_service_result - name: Ensure matrix-appservice-kakaotalk.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" mode: 0644 register: matrix_appservice_kakaotalk_systemd_service_result diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml similarity index 76% rename from roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml index fb11c3833..8e46d80f9 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-kakaotalk service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" register: matrix_appservice_kakaotalk_service_stat - name: Ensure matrix-appservice-kakaotalk is stopped @@ -15,7 +15,7 @@ - name: Check existence of matrix-appservice-kakaotalk-node service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service" register: matrix_appservice_kakaotalk_node_service_stat - name: Ensure matrix-appservice-kakaotalk-node is stopped @@ -31,8 +31,8 @@ path: "{{ item }}" state: absent with_items: - - "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" - - "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service" + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" when: "matrix_appservice_kakaotalk_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 similarity index 100% rename from roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 rename to roles/custom/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 similarity index 51% rename from roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 rename to roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 index 1a526ee61..4161241aa 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kak {{ matrix_appservice_kakaotalk_node_docker_image }} \ node src/main.js --config /config.json -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-kakaotalk-node diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 similarity index 57% rename from roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 rename to roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 index 83a8d4dc9..0c85e7ba6 100644 --- a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-kakaotalk \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kak {{ matrix_appservice_kakaotalk_docker_image }} \ python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-kakaotalk diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml similarity index 99% rename from roles/matrix-bridge-appservice-slack/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index 71fca8e6e..b5fbc13f9 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_slack_version: 1.11.0 +matrix_appservice_slack_version: 2.0.1 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml similarity index 96% rename from roles/matrix-bridge-appservice-slack/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/init.yml index 023b4288f..5d03b24b9 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/init.yml @@ -43,7 +43,10 @@ The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed | default(False)" -- block: +- when: matrix_appservice_slack_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -76,16 +79,13 @@ + [matrix_appservice_slack_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_appservice_slack_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: msg: >- NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy reverse proxy. - Please make sure that you're proxying the `{{ something }}` + Please make sure that you're proxying the `{{ matrix_appservice_slack_public_endpoint }}` URL endpoint to the matrix-appservice-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. when: "matrix_appservice_slack_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/main.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-slack/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml similarity index 93% rename from roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index b9aca080a..0ed3e18b2 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -36,7 +36,7 @@ - name: Import appservice-slack NeDB database into Postgres ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -62,9 +62,9 @@ - name: Inject result ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `{{ matrix_appservice_slack_data_path }}/*.db` to `{{ matrix_appservice_slack_data_path }}/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files." diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml similarity index 90% rename from roles/matrix-bridge-appservice-slack/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml index a2921d980..2c7140851 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -17,30 +17,30 @@ - ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: false -- block: +- when: "matrix_appservice_slack_database_engine == 'postgres'" + block: - name: Check if a nedb database already exists ansible.builtin.stat: path: "{{ matrix_appservice_slack_data_path }}/teams.db" register: matrix_appservice_slack_nedb_database_path_local_stat_result - - block: + - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml" - ansible.builtin.set_fact: matrix_appservice_slack_requires_restart: true - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool" - when: "matrix_appservice_slack_database_engine == 'postgres'" - name: Ensure Appservice Slack image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_slack_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" when: "not matrix_appservice_slack_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-appservice-slack repository is present when self-building @@ -55,7 +55,7 @@ when: "matrix_appservice_slack_container_image_self_build | bool" - name: Ensure matrix-appservice-slack Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_slack_docker_image }}" source: build force_source: "{{ matrix_appservice_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -85,7 +85,7 @@ - name: Ensure matrix-appservice-slack.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" mode: 0644 register: matrix_appservice_slack_systemd_service_result diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index fa1aaf269..434f90676 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-slack service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" register: matrix_appservice_slack_service_stat - name: Ensure matrix-appservice-slack is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-appservice-slack.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-appservice-slack.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" state: absent when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-appservice-slack/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 similarity index 60% rename from roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 rename to roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 017f352f3..0d1009faa 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-slack \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/defaults/main.yml rename to roles/custom/matrix-bridge-appservice-webhooks/defaults/main.yml diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml similarity index 98% rename from roles/matrix-bridge-appservice-webhooks/tasks/init.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml index 7cb2cfd6d..1f8ace9e8 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -36,7 +36,10 @@ The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed | default(False)" -- block: +- when: matrix_appservice_webhooks_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -71,9 +74,6 @@ + [matrix_appservice_webhooks_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_appservice_webhooks_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/main.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/tasks/main.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/main.yml diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 603f9d1d6..734b6e60c 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -15,18 +15,19 @@ when: "item.when | bool" - name: Ensure Appservice webhooks image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_webhooks_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" when: "not matrix_appservice_webhooks_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- block: +- when: "matrix_appservice_webhooks_container_image_self_build | bool" + block: - name: Ensure Appservice webhooks repository is present on self-build ansible.builtin.git: repo: "{{ matrix_appservice_webhooks_container_image_self_build_repo }}" @@ -38,7 +39,7 @@ register: matrix_appservice_webhooks_git_pull_results - name: Ensure Appservice webhooks Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_appservice_webhooks_docker_image }}" source: build force_source: "{{ matrix_appservice_webhooks_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -47,7 +48,6 @@ dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_appservice_webhooks_docker_src_files_path }}" pull: true - when: "matrix_appservice_webhooks_container_image_self_build | bool" - name: Ensure Matrix Appservice webhooks config is installed ansible.builtin.copy: @@ -84,7 +84,7 @@ - name: Ensure matrix-appservice-webhooks.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" mode: 0644 register: matrix_appservice_webhooks_systemd_service_result diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index 2b3c29d5e..960fe58b0 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-appservice-webhooks service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" register: matrix_appservice_webhooks_service_stat - name: Ensure matrix-appservice-webhooks is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-appservice-webhooks.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-appservice-webhooks.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" state: absent when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml b/roles/custom/matrix-bridge-appservice-webhooks/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml rename to roles/custom/matrix-bridge-appservice-webhooks/tasks/validate_config.yml diff --git a/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-appservice-webhooks/templates/database.json.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/database.json.j2 similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/templates/database.json.j2 rename to roles/custom/matrix-bridge-appservice-webhooks/templates/database.json.j2 diff --git a/roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 similarity index 100% rename from roles/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 rename to roles/custom/matrix-bridge-appservice-webhooks/templates/schema.yml.j2 diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 similarity index 61% rename from roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 rename to roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index 556467b4b..a50173690 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/custom/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-webhooks \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-beeper-linkedin/defaults/main.yml rename to roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-beeper-linkedin/tasks/init.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/init.yml diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-beeper-linkedin/tasks/main.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/main.yml diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index f1d7e8fdf..8784b6311 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -23,18 +23,19 @@ - name: Ensure Beeper LinkedIn image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_beeper_linkedin_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" when: "not matrix_beeper_linkedin_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- block: +- when: "matrix_beeper_linkedin_container_image_self_build | bool" + block: - name: Ensure Beeper LinkedIn repository is present on self-build ansible.builtin.git: repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}" @@ -50,7 +51,7 @@ - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image ansible.builtin.command: cmd: | - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --entrypoint=/bin/sh --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work @@ -61,7 +62,7 @@ changed_when: matrix_beeper_linkedin_generate_docker_requirements_result.rc == 0 - name: Ensure Beeper LinkedIn Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_beeper_linkedin_docker_image }}" source: build force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -72,7 +73,6 @@ pull: true args: TARGETARCH: "{{ matrix_architecture }}" - when: "matrix_beeper_linkedin_container_image_self_build | bool" - name: Ensure beeper-linkedin config.yaml installed ansible.builtin.copy: @@ -93,7 +93,7 @@ - name: Ensure matrix-beeper-linkedin.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" mode: 0644 register: matrix_beeper_linkedin_systemd_service_result diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index 25dbf82b0..4a75a4c7a 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-beeper-linkedin service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" register: matrix_beeper_linkedin_service_stat - name: Ensure matrix-beeper-linkedin is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-beeper-linkedin.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" state: absent when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml rename to roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 similarity index 56% rename from roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 rename to roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 37b4f67db..1a63311b9 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedin \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-beeper-linkedin \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-beeper-linkedin diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/defaults/main.yml rename to roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/init.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/tasks/init.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/init.yml diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/tasks/main.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/main.yml diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index 7403ff5c5..68718ccf3 100644 --- a/roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: false -- block: +- when: "matrix_go_skype_bridge_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result - - block: + - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" @@ -29,14 +31,11 @@ pgloader_options: ['--with "quote identifiers"'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_go_skype_bridge_requires_restart: true - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_go_skype_bridge_database_engine == 'postgres'" - - name: Ensure Go Skype Bridge paths exists ansible.builtin.file: @@ -53,15 +52,15 @@ when: item.when | bool - name: Ensure Go Skype Bridge image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_go_skype_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_docker_image_force_pull }}" when: not matrix_go_skype_bridge_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Go Skype Bridge repository is present on self-build @@ -76,7 +75,7 @@ when: "matrix_go_skype_bridge_container_image_self_build | bool" - name: Ensure Go Skype Bridge Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_go_skype_bridge_docker_image }}" source: build force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -133,7 +132,7 @@ - name: Ensure matrix-go-skype-bridge.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-go-skype-bridge.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-go-skype-bridge.service" mode: 0644 register: matrix_go_skype_bridge_systemd_service_result diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml rename to roles/custom/matrix-bridge-go-skype-bridge/tasks/validate_config.yml diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 similarity index 56% rename from roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 rename to roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 index fe5ab2d6f..f7ab10f86 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 +++ b/roles/custom/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridge \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-go-skype-bridge \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridg {{ matrix_go_skype_bridge_docker_image }} \ /usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-go-skype-bridge diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-heisenbridge/defaults/main.yml rename to roles/custom/matrix-bridge-heisenbridge/defaults/main.yml diff --git a/roles/matrix-bridge-heisenbridge/tasks/init.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-heisenbridge/tasks/init.yml rename to roles/custom/matrix-bridge-heisenbridge/tasks/init.yml diff --git a/roles/matrix-bridge-heisenbridge/tasks/main.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-heisenbridge/tasks/main.yml rename to roles/custom/matrix-bridge-heisenbridge/tasks/main.yml diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml similarity index 86% rename from roles/matrix-bridge-heisenbridge/tasks/setup_install.yml rename to roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml index ffcc1c8b9..9a0cac354 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -1,14 +1,14 @@ --- - name: Ensure heisenbridge image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_heisenbridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure heisenbridge paths exist @@ -32,7 +32,7 @@ - name: Ensure matrix-heisenbridge.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" mode: 0644 register: matrix_heisenbridge_systemd_service_result diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index a0232295f..688ff9d47 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-heisenbridge service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" register: matrix_heisenbridge_service_stat - name: Ensure matrix-heisenbridge is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-heisenbridge.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-heisenbridge.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" state: absent when: "matrix_heisenbridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 similarity index 71% rename from roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 rename to roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 index e27b88f1d..49abaf0a5 100644 --- a/roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 +++ b/roles/custom/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-heisenbridge +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-heisenbridge +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-heisenbridge \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \ --listen-port 9898 \ {{ matrix_heisenbridge_homeserver_url }} -ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge -ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-heisenbridge +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-heisenbridge Restart=always RestartSec=30 SyslogIdentifier=matrix-heisenbridge diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml similarity index 98% rename from roles/matrix-bridge-hookshot/defaults/main.yml rename to roles/custom/matrix-bridge-hookshot/defaults/main.yml index 7b927c926..4e6965847 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 2.0.1 +matrix_hookshot_version: 2.4.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -128,9 +128,9 @@ matrix_hookshot_generic_allow_js_transformation_functions: false matrix_hookshot_generic_user_id_prefix: '_webhooks_' -matrix_hookshot_feeds_enabled: false -# polling interval in seconds -matrix_hookshot_feeds_interval: 600 +matrix_hookshot_feeds_enabled: true +matrix_hookshot_feeds_pollIntervalSeconds: 600 # noqa var-naming +matrix_hookshot_feeds_pollTimeoutSeconds: 10 # noqa var-naming # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. diff --git a/roles/matrix-bridge-hookshot/files/.gitkeep b/roles/custom/matrix-bridge-hookshot/files/.gitkeep similarity index 100% rename from roles/matrix-bridge-hookshot/files/.gitkeep rename to roles/custom/matrix-bridge-hookshot/files/.gitkeep diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/custom/matrix-bridge-hookshot/tasks/init.yml similarity index 99% rename from roles/matrix-bridge-hookshot/tasks/init.yml rename to roles/custom/matrix-bridge-hookshot/tasks/init.yml index e6cd1209e..63921f311 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/init.yml @@ -28,7 +28,8 @@ }} when: matrix_hookshot_enabled | bool -- block: +- when: matrix_hookshot_enabled | bool + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -128,7 +129,6 @@ [matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain] }} when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool - when: matrix_hookshot_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-hookshot/tasks/main.yml b/roles/custom/matrix-bridge-hookshot/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-hookshot/tasks/main.yml rename to roles/custom/matrix-bridge-hookshot/tasks/main.yml diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bridge-hookshot/tasks/setup_install.yml rename to roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml index 0c6bfc34b..e13af1986 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml @@ -1,6 +1,8 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_openssl_installed - name: Ensure hookshot paths exist ansible.builtin.file: @@ -15,15 +17,15 @@ when: item.when | bool - name: Ensure hookshot image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_hookshot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" when: not matrix_hookshot_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure hookshot repository is present on self-build @@ -38,7 +40,7 @@ when: "matrix_hookshot_container_image_self_build | bool" - name: Ensure hookshot Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_hookshot_docker_image }}" source: build force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -71,7 +73,7 @@ - name: Validate hookshot config.yml ansible.builtin.command: cmd: | - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name={{ matrix_hookshot_container_url }}-validate --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -106,7 +108,7 @@ - name: Ensure matrix-hookshot.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-hookshot.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" mode: 0644 register: matrix_hookshot_systemd_service_result diff --git a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml index 5aba14de6..2028a34e1 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-hookshot service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" register: matrix_hookshot_service_stat - name: Ensure matrix-hookshot is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-hookshot.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-hookshot.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" state: absent when: "matrix_hookshot_service_stat.stat.exists" diff --git a/roles/matrix-bridge-hookshot/tasks/validate_config.yml b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml similarity index 86% rename from roles/matrix-bridge-hookshot/tasks/validate_config.yml rename to roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml index 0fbcf53c2..3392f1b64 100644 --- a/roles/matrix-bridge-hookshot/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml @@ -58,6 +58,15 @@ with_items: - "matrix_hookshot_provisioning_secret" +- name: (Deprecation) Catch and report renamed Hookshot variables + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'} + - name: (Deprecation) Catch and report old metrics usage ansible.builtin.fail: msg: >- diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 similarity index 95% rename from roles/matrix-bridge-hookshot/templates/config.yml.j2 rename to roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 index 6fbce7709..527afafaf 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 @@ -82,8 +82,9 @@ generic: feeds: # (Optional) Configure this to enable RSS/Atom feed support # - enabled: {{ matrix_hookshot_feeds_enabled }} - pollIntervalSeconds: {{ matrix_hookshot_feeds_interval }} + enabled: {{ matrix_hookshot_feeds_enabled | to_json }} + pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }} + pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }} {% endif %} {% if matrix_hookshot_provisioning_enabled %} provisioning: @@ -108,7 +109,7 @@ metrics: logging: # (Optional) Logging settings. You can have a severity debug,info,warn,error # - level: info + level: warn {% if matrix_hookshot_widgets_enabled %} widgets: # (Optional) EXPERIMENTAL support for complimentary widgets diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 similarity index 100% rename from roles/matrix-bridge-hookshot/templates/registration.yml.j2 rename to roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 diff --git a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 similarity index 62% rename from roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 rename to roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 index 16ff05920..7ebd08b6c 100644 --- a/roles/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} -ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_url }} -ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_co {% endfor %} {{ matrix_hookshot_docker_image }} -ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }} -ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }} +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_hookshot_container_url }} +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_hookshot_container_url }} Restart=always RestartSec=30 SyslogIdentifier={{ matrix_hookshot_container_url }} diff --git a/roles/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml similarity index 97% rename from roles/matrix-bridge-mautrix-discord/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index dbc23031d..7163954a4 100644 --- a/roles/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -140,3 +140,7 @@ matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yam matrix_mautrix_discord_bridge_encryption_allow: false matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" + +# On conduit this option may prevent you from joining spaces created by the bridge. +# Setting this to false fixes the issue. +matrix_mautrix_discord_bridge_restricted_rooms: true diff --git a/roles/matrix-bridge-mautrix-discord/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mautrix-discord/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-discord/tasks/init.yml diff --git a/roles/matrix-bridge-mautrix-discord/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-discord/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-discord/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml similarity index 91% rename from roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml index 7e2ed79ca..06bae8dd0 100644 --- a/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_discord_requires_restart: false -- block: +- when: "matrix_mautrix_discord_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" register: matrix_mautrix_discord_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" @@ -29,14 +31,11 @@ pgloader_options: ['--with "quote identifiers"'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_discord_requires_restart: true - when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_discord_database_engine == 'postgres'" - - name: Ensure Mautrix Discord paths exists ansible.builtin.file: @@ -53,15 +52,15 @@ when: item.when | bool - name: Ensure Mautrix Discord image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_discord_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_docker_image_force_pull }}" when: not matrix_mautrix_discord_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix discord repository is present on self-build @@ -76,7 +75,7 @@ when: "matrix_mautrix_discord_container_image_self_build | bool" - name: Ensure Mautrix discord Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_discord_docker_image }}" source: build force_source: "{{ matrix_mautrix_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -106,7 +105,7 @@ - name: Ensure matrix-mautrix-discord.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-discord.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" mode: 0644 register: matrix_mautrix_discord_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml index 94fef89a2..d75f51647 100644 --- a/roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-discord service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" register: matrix_mautrix_discord_service_stat - name: Ensure matrix-mautrix-discord is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-discord.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-discord.service" state: absent when: "matrix_mautrix_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-discord/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 similarity index 99% rename from roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 index fdd4f788d..039923350 100644 --- a/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -101,7 +101,7 @@ bridge: message_error_notices: true # Should the bridge use space-restricted join rules instead of invite-only for guild rooms? # This can avoid unnecessary invite events in guild rooms when members are synced in. - restricted_rooms: true + restricted_rooms: {{ matrix_mautrix_discord_bridge_restricted_rooms|to_json }} # Should the bridge update the m.direct account data event when double puppeting is enabled. # Note that updating the m.direct event is not atomic (except with mautrix-asmux) # and is therefore prone to race conditions. diff --git a/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 similarity index 57% rename from roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 rename to roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 index 3651840eb..43a166071 100644 --- a/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-discord \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-discord \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-discor {{ matrix_mautrix_discord_docker_image }} \ /usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-discord diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-facebook/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml similarity index 98% rename from roles/matrix-bridge-mautrix-facebook/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml index 3cd7fdc63..bbcecebc7 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -27,7 +27,10 @@ }} when: matrix_mautrix_facebook_enabled | bool -- block: +- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -70,7 +73,3 @@ URL endpoint to the matrix-mautrix-facebook container. You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. when: "not matrix_nginx_proxy_enabled | default(False) | bool" - - tags: - - always - when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-facebook/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 3e7d8f051..50a024270 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: false -- block: +- when: "matrix_mautrix_facebook_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" register: matrix_mautrix_facebook_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" @@ -28,24 +30,22 @@ systemd_services_to_stop: ['matrix-mautrix-facebook.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_facebook_requires_restart: true - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_facebook_database_engine == 'postgres'" - name: Ensure Mautrix Facebook image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_facebook_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}" when: not matrix_mautrix_facebook_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix Facebook paths exist @@ -74,7 +74,7 @@ when: "matrix_mautrix_facebook_container_image_self_build | bool" - name: Ensure Mautrix Facebook Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_facebook_docker_image }}" source: build force_source: "{{ matrix_mautrix_facebook_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -122,7 +122,7 @@ - name: Ensure matrix-mautrix-facebook.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" mode: 0644 register: matrix_mautrix_facebook_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index 2635f1f55..fb235b54a 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-facebook service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" register: matrix_mautrix_facebook_service_stat - name: Ensure matrix-mautrix-facebook is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-facebook.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-facebook.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" state: absent when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml similarity index 82% rename from roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index 4f588b5f5..04e45c319 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -10,15 +10,15 @@ - "matrix_mautrix_facebook_appservice_token" - "matrix_mautrix_facebook_homeserver_token" -- block: +- when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" + block: - name: Inject warning if on an old SQLite-supporting version ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your mautrix-facebook bridge is still on SQLite and on the last version that supported it, before support was dropped. Support has been subsequently re-added in v0.3.2, so we advise you to upgrade (by removing your `matrix_mautrix_facebook_docker_image` definition from vars.yml)" ] }} - when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 similarity index 60% rename from roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 rename to roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 2103dd052..4097111e2 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-facebook \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-googlechat/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml similarity index 98% rename from roles/matrix-bridge-mautrix-googlechat/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml index 2c5bdc10c..c4ae920c4 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -27,7 +27,10 @@ }} when: matrix_mautrix_googlechat_enabled | bool -- block: +- when: matrix_mautrix_googlechat_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -59,9 +62,6 @@ + [matrix_mautrix_googlechat_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_mautrix_googlechat_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-googlechat/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index f2192a342..daadcba24 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: false -- block: +- when: "matrix_mautrix_googlechat_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" @@ -28,24 +30,22 @@ systemd_services_to_stop: ['matrix-mautrix-googlechat.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_googlechat_requires_restart: true - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_googlechat_database_engine == 'postgres'" - name: Ensure Mautrix googlechat image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_googlechat_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}" when: not matrix_mautrix_googlechat_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix googlechat paths exist @@ -74,7 +74,7 @@ when: "matrix_mautrix_googlechat_container_image_self_build | bool" - name: Ensure Mautrix googlechat Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_googlechat_docker_image }}" source: build force_source: "{{ matrix_mautrix_googlechat_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -122,7 +122,7 @@ - name: Ensure matrix-mautrix-googlechat.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" mode: 0644 register: matrix_mautrix_googlechat_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index 104e58a5f..37a4e6751 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-googlechat service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" register: matrix_mautrix_googlechat_service_stat - name: Ensure matrix-mautrix-googlechat is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-googlechat.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-googlechat.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" state: absent when: "matrix_mautrix_googlechat_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-googlechat/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 similarity index 70% rename from roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 rename to roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index 930b58c2a..d52e5d6b5 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-googlechat \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-googlechat \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-hangouts/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/defaults/main.yml diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml similarity index 98% rename from roles/matrix-bridge-mautrix-hangouts/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml index 39b88edbe..380dc4b38 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -27,7 +27,10 @@ }} when: matrix_mautrix_hangouts_enabled | bool -- block: +- when: matrix_mautrix_hangouts_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -59,9 +62,6 @@ + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_mautrix_hangouts_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-hangouts/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml similarity index 92% rename from roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 4087162e2..a846a7b06 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: false -- block: +- when: "matrix_mautrix_hangouts_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" register: matrix_mautrix_hangouts_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" @@ -28,24 +30,22 @@ systemd_services_to_stop: ['matrix-mautrix-hangouts.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_hangouts_requires_restart: true - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_hangouts_database_engine == 'postgres'" - name: Ensure Mautrix Hangouts image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_hangouts_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" when: not matrix_mautrix_hangouts_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix Hangouts paths exist @@ -74,7 +74,7 @@ when: "matrix_mautrix_hangouts_container_image_self_build | bool" - name: Ensure Mautrix Hangouts Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_hangouts_docker_image }}" source: build force_source: "{{ matrix_mautrix_hangouts_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -122,7 +122,7 @@ - name: Ensure matrix-mautrix-hangouts.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" mode: 0644 register: matrix_mautrix_hangouts_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index 2cb676b5c..b7ff72393 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-hangouts service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" register: matrix_mautrix_hangouts_service_stat - name: Ensure matrix-mautrix-hangouts is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-hangouts.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-hangouts.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" state: absent when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 similarity index 60% rename from roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 rename to roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index 10402a517..a24bcf868 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -12,10 +12,10 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' -ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -28,7 +28,7 @@ ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-han # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-hangouts \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml similarity index 99% rename from roles/matrix-bridge-mautrix-instagram/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index bcb6ddb11..dcdf6723d 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}" -matrix_mautrix_instagram_version: v0.1.3 +matrix_mautrix_instagram_version: v0.2.2 # See: https://mau.dev/tulir/mautrix-instagram/container_registry matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mautrix-instagram/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/init.yml diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-instagram/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 88b0286e7..19a2ff9ae 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -8,15 +8,15 @@ when: "matrix_synapse_role_executed | default(False)" - name: Ensure Mautrix instagram image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_instagram_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}" when: not matrix_mautrix_instagram_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix instagram paths exist @@ -45,7 +45,7 @@ when: "matrix_mautrix_instagram_container_image_self_build | bool" - name: Ensure Mautrix instagram Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_instagram_docker_image }}" source: build force_source: "{{ matrix_mautrix_instagram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -75,7 +75,7 @@ - name: Ensure matrix-mautrix-instagram.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" mode: 0644 register: matrix_mautrix_instagram_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index 55d882d32..a029a90ac 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-mautrix-instagram service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" register: matrix_mautrix_instagram_service_stat - name: Ensure matrix-mautrix-instagram is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-instagram.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" state: absent when: "matrix_mautrix_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-instagram/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 similarity index 55% rename from roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 rename to roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index d2a6aece8..808ace40d 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instagram \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-instagram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml similarity index 98% rename from roles/matrix-bridge-mautrix-signal/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index d6d3faa2b..24ba9b39d 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,8 +9,8 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.3.0 -matrix_mautrix_signal_daemon_version: 0.21.1 +matrix_mautrix_signal_version: v0.4.1 +matrix_mautrix_signal_daemon_version: 0.23.0 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mautrix-signal/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/init.yml diff --git a/roles/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-signal/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml index cfc704a82..f5a162a3c 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -9,15 +9,15 @@ when: "matrix_synapse_role_executed | default(False)" - name: Ensure Mautrix Signal image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_signal_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" when: "not matrix_mautrix_signal_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed @@ -33,7 +33,7 @@ when: "matrix_mautrix_signal_container_image_self_build | bool" - name: Ensure Mautrix Signal image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_signal_docker_image }}" source: build force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -46,7 +46,7 @@ - name: Ensure Mautrix Signal Daemon image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_signal_daemon_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -66,7 +66,7 @@ when: "matrix_mautrix_signal_daemon_container_image_self_build | bool" - name: Ensure Mautrix Signal Daemon image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_signal_daemon_docker_image }}" source: build force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -120,14 +120,14 @@ - name: Ensure matrix-mautrix-signal-daemon.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal-daemon.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" mode: 0644 register: matrix_mautrix_signal_daemon_systemd_service_result - name: Ensure matrix-mautrix-signal.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" mode: 0644 register: matrix_mautrix_signal_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml similarity index 78% rename from roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index befbcbec2..d98d28ba7 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -3,7 +3,7 @@ # Signal daemon service - name: Check existence of matrix-mautrix-signal-daemon service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" register: matrix_mautrix_signal_daemon_service_stat - name: Ensure matrix-mautrix-signal-daemon is stopped @@ -16,14 +16,14 @@ - name: Ensure matrix-mautrix-signal-daemon.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal-daemon.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service" state: absent when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" # Bridge service - name: Check existence of matrix-mautrix-signal service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" register: matrix_mautrix_signal_service_stat - name: Ensure matrix-mautrix-signal is stopped @@ -36,7 +36,7 @@ - name: Ensure matrix-mautrix-signal.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-signal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" state: absent when: "matrix_mautrix_signal_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-signal/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-signal/templates/env.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/env.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-signal/templates/env.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/env.j2 diff --git a/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 similarity index 56% rename from roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 31e68ea9b..11a34d8f2 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -13,16 +13,16 @@ Wants={{ service }} [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 # Migration task required by the 0.19.0 upgrade -ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,7 +32,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si --migrate-data # We can't use `--read-only` for this bridge. -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ --env-file={{ matrix_mautrix_signal_daemon_path }}/env \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 similarity index 59% rename from roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 rename to roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index d1ef85f33..7b70cbe44 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -13,14 +13,14 @@ Wants={{ service }} [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal \ --log-driver=none \ --network={{ matrix_docker_network }} \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml similarity index 97% rename from roles/matrix-bridge-mautrix-telegram/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 79c9b7e59..0f52cc222 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -9,14 +9,14 @@ matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git" matrix_telegram_lottieconverter_docker_repo_version: "master" matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src" -matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram +matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.11.3 +matrix_mautrix_telegram_version: v0.12.1 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" @@ -38,6 +38,9 @@ matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' matrix_mautrix_telegram_bot_token: disabled +# Define the filter-mode +matrix_mautrix_telegram_filter_mode: "blacklist" + # Whether or not the public-facing endpoints should be enabled (web-based login) matrix_mautrix_telegram_appservice_public_enabled: true diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml similarity index 98% rename from roles/matrix-bridge-mautrix-telegram/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml index 0093ba3d4..e51808994 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -28,7 +28,10 @@ when: matrix_mautrix_telegram_enabled | bool -- block: +- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -70,7 +73,3 @@ URL endpoint to the matrix-mautrix-telegram container. You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. when: "not matrix_nginx_proxy_enabled | default(False) | bool" - - tags: - - always - when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-telegram/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 6ce396573..ba9c450fa 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: false -- block: +- when: "matrix_mautrix_telegram_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" register: matrix_mautrix_telegram_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" @@ -28,13 +30,11 @@ systemd_services_to_stop: ['matrix-mautrix-telegram.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_telegram_requires_restart: true - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_telegram_database_engine == 'postgres'" - name: Ensure Mautrix Telegram paths exist ansible.builtin.file: @@ -51,15 +51,15 @@ when: item.when | bool - name: Ensure Mautrix Telegram image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_telegram_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" when: "not matrix_mautrix_telegram_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure lottieconverter is present when self-building @@ -74,7 +74,7 @@ when: "matrix_telegram_lottieconverter_container_image_self_build | bool and matrix_mautrix_telegram_container_image_self_build | bool" - name: Ensure lottieconverter Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_telegram_lottieconverter_docker_image }}" source: build force_source: "{{ matrix_telegram_lottieconverter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -97,7 +97,7 @@ when: "matrix_mautrix_telegram_container_image_self_build | bool" - name: Ensure matrix-mautrix-telegram Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_telegram_docker_image }}" source: build force_source: "{{ matrix_mautrix_telegram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -147,7 +147,7 @@ - name: Ensure matrix-mautrix-telegram.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" mode: 0644 register: matrix_mautrix_telegram_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index f4a5f5690..90ca01951 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-telegram service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" register: matrix_mautrix_telegram_service_stat - name: Ensure matrix-mautrix-telegram is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-telegram.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-telegram.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" state: absent when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-telegram/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 similarity index 98% rename from roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index d50be47da..b7af83f57 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -273,12 +273,12 @@ bridge: # Filter mode to use. Either "blacklist" or "whitelist". # If the mode is "blacklist", the listed chats will never be bridged. # If the mode is "whitelist", only the listed chats can be bridged. - mode: blacklist + mode: {{ matrix_mautrix_telegram_filter_mode | to_json }} # The list of group/channel IDs to filter. list: [] # The prefix for commands. Only required in non-management rooms. - command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}" + command_prefix: {{ matrix_mautrix_telegram_command_prefix | to_json }} # Permissions for using the bridge. # Permitted values: @@ -291,7 +291,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: {{ matrix_mautrix_telegram_bridge_permissions|to_json }} + permissions: {{ matrix_mautrix_telegram_bridge_permissions | to_json }} # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 similarity index 60% rename from roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 rename to roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 8b21ee2b4..2948a711c 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-telegram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-twitter/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mautrix-twitter/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/init.yml diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-twitter/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 05887c6d7..c3ab2d4e7 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -12,15 +12,15 @@ matrix_mautrix_twitter_requires_restart: false - name: Ensure Mautrix Twitter image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_twitter_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}" when: matrix_mautrix_twitter_enabled | bool and not matrix_mautrix_twitter_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix Twitter paths exist @@ -49,7 +49,7 @@ when: "matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_container_image_self_build" - name: Ensure Mautrix Twitter Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_twitter_docker_image }}" source: build force_source: "{{ matrix_mautrix_twitter_git_pull_results.changed }}" @@ -78,7 +78,7 @@ - name: Ensure matrix-mautrix-twitter.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" mode: 0644 register: matrix_mautrix_twitter_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml index 5ce64906c..5f6b14916 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-twitter service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" register: matrix_mautrix_twitter_service_stat - name: Ensure matrix-mautrix-twitter is stopped @@ -14,7 +14,7 @@ - name: Ensure matrix-mautrix-twitter.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" state: absent when: "matrix_mautrix_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-twitter/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 similarity index 55% rename from roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 rename to roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index 0ce9a1239..c167eb067 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitter \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-twitter \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml similarity index 96% rename from roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 821f3f283..55b7387f1 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.6.1 +matrix_mautrix_whatsapp_version: v0.7.1 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" @@ -86,10 +86,6 @@ matrix_mautrix_whatsapp_login_shared_secret: '' matrix_mautrix_whatsapp_bridge_login_shared_secret_map: "{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}" -# Servers to always allow double puppeting from -matrix_mautrix_whatsapp_bridge_double_puppet_server_map: - "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" - # Enable End-to-bridge encryption matrix_mautrix_whatsapp_bridge_encryption_allow: false matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/init.yml diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index c3edd6a75..6b376946d 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -11,13 +11,15 @@ - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: false -- block: +- when: "matrix_mautrix_whatsapp_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" register: matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" @@ -29,14 +31,11 @@ pgloader_options: ['--with "quote identifiers"'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mautrix_whatsapp_requires_restart: true - when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_whatsapp_database_engine == 'postgres'" - - name: Ensure Mautrix Whatsapp paths exists ansible.builtin.file: @@ -53,15 +52,15 @@ when: item.when | bool - name: Ensure Mautrix Whatsapp image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_whatsapp_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" when: not matrix_mautrix_whatsapp_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix Whatsapp repository is present on self-build @@ -76,7 +75,7 @@ when: "matrix_mautrix_whatsapp_container_image_self_build | bool" - name: Ensure Mautrix Whatsapp Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mautrix_whatsapp_docker_image }}" source: build force_source: "{{ matrix_mautrix_whatsapp_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -133,7 +132,7 @@ - name: Ensure matrix-mautrix-whatsapp.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" mode: 0644 register: matrix_mautrix_whatsapp_systemd_service_result diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml similarity index 79% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index c531b530e..ff2150011 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-whatsapp service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" register: matrix_mautrix_whatsapp_service_stat - name: Ensure matrix-mautrix-whatsapp is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-whatsapp.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-whatsapp.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-whatsapp.service" state: absent when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 similarity index 94% rename from roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 8073da658..9c0b95e8d 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -5,6 +5,9 @@ homeserver: address: {{ matrix_mautrix_whatsapp_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. @@ -144,6 +147,12 @@ bridge: # provisioning endpoint is used or when a message comes in from that # chat. max_initial_conversations: -1 + # If this value is greater than 0, then if the conversation's last + # message was more than this number of hours ago, then the conversation + # will automatically be marked it as read. + # Conversations that have a last message that is less than this number + # of hours ago will have their unread status synced from WhatsApp. + unread_hours_threshold: 0 # Settings for immediate backfills. These backfills should generally be # small and their main purpose is to populate each of the initial chats # (as configured by max_initial_conversations) with a few messages so @@ -225,7 +234,10 @@ bridge: # manually. login_shared_secret_map: {{ matrix_mautrix_whatsapp_bridge_login_shared_secret_map|to_json }} # Should the bridge explicitly set the avatar and room name for private chat portal rooms? + # This is implicitly enabled in encrypted rooms. private_chat_portal_meta: false + # Should group members be synced in parallel? This makes member sync faster + parallel_member_sync: false # Should Matrix m.notice-type messages be bridged? bridge_notices: true # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. @@ -268,6 +280,9 @@ bridge: # Should the bridge never send alerts to the bridge management room? # These are mostly things like the user being logged out. disable_bridge_alerts: false + # Should the bridge stop if the WhatsApp server says another user connected with the same session? + # This is only safe on single-user bridges. + crash_on_stream_replaced: false # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview, # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews` # key in the event content even if this is disabled. @@ -275,6 +290,9 @@ bridge: # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. # This is currently not supported in most clients. caption_in_message: false + # Should Matrix edits be bridged to WhatsApp edits? + # Official WhatsApp clients don't render edits yet, but once they do, the bridge should work with them right away. + send_whatsapp_edits: false # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration # Null means there's no enforced timeout. message_handling_timeout: @@ -311,6 +329,8 @@ bridge: # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }} + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false # Require encryption, drop any unencrypted messages. require: false # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 similarity index 56% rename from roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 rename to roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index ae44d3420..effa086dc 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/init.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index d60f73f9f..3b119745c 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -27,7 +27,8 @@ path: "{{ matrix_mx_puppet_discord_base_path }}/database.db" register: matrix_mx_puppet_discord_stat_database -- block: +- when: "matrix_mx_puppet_discord_stat_database.stat.exists" + block: - name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped ansible.builtin.service: name: matrix-mx-puppet-discord @@ -40,18 +41,19 @@ cmd: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db" register: matrix_mx_puppet_discord_relocate_database_result changed_when: matrix_mx_puppet_discord_relocate_database_result.rc == 0 - when: "matrix_mx_puppet_discord_stat_database.stat.exists" - ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: false -- block: +- when: "matrix_mx_puppet_discord_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" register: matrix_mx_puppet_discord_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" @@ -62,24 +64,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-discord.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_discord_requires_restart: true - when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_discord_database_engine == 'postgres'" - name: Ensure MX Puppet Discord image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_discord_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" when: matrix_mx_puppet_discord_enabled | bool and not matrix_mx_puppet_discord_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Discord repository is present on self build @@ -94,7 +94,7 @@ when: "matrix_mx_puppet_discord_enabled | bool and matrix_mx_puppet_discord_container_image_self_build" - name: Ensure MX Puppet Discord Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_discord_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 similarity index 56% rename from roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 52b12c3d0..7304054e5 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 15 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-discord \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/init.yml diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml similarity index 94% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 497f0109b..400de9c58 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -43,13 +43,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: false -- block: +- when: "matrix_mx_puppet_groupme_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" @@ -60,24 +62,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-groupme.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_groupme_requires_restart: true - when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_groupme_database_engine == 'postgres'" - name: Ensure MX Puppet Groupme image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_groupme_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" when: matrix_mx_puppet_groupme_enabled | bool and not matrix_mx_puppet_groupme_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Groupme repository is present on self build @@ -92,7 +92,7 @@ when: "matrix_mx_puppet_groupme_enabled | bool and matrix_mx_puppet_groupme_container_image_self_build" - name: Ensure MX Puppet Groupme Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_groupme_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_groupme_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 similarity index 56% rename from roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index afb46ecb7..d9fd49295 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-groupme \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-groupme \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/init.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 7695d88ec..c98535e3b 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -12,13 +12,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: false -- block: +- when: "matrix_mx_puppet_instagram_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" register: matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" @@ -29,24 +31,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-instagram.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_instagram_requires_restart: true - when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_instagram_database_engine == 'postgres'" - name: Ensure mx-puppet-instagram image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_instagram_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" when: matrix_mx_puppet_instagram_enabled | bool and not matrix_mx_puppet_instagram_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure mx-puppet-instagram paths exist @@ -75,7 +75,7 @@ when: "matrix_mx_puppet_instagram_enabled | bool and matrix_mx_puppet_instagram_container_image_self_build | bool" - name: Ensure mx-puppet-instagram Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_instagram_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_instagram_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 similarity index 56% rename from roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 262518fc2..5e3ad3eaa 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml similarity index 98% rename from roles/matrix-bridge-mx-puppet-slack/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml index 506a271d3..9eff170ac 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -27,7 +27,10 @@ }} when: matrix_mx_puppet_slack_enabled | bool -- block: +- when: matrix_mx_puppet_slack_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -60,9 +63,6 @@ + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_mx_puppet_slack_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 70dac9ace..e5d837633 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -39,13 +39,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: false -- block: +- when: "matrix_mx_puppet_slack_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" register: matrix_mx_puppet_slack_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" @@ -56,24 +58,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-slack.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_slack_requires_restart: true - when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_slack_database_engine == 'postgres'" - name: Ensure MX Puppet Slack image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_slack_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" when: matrix_mx_puppet_slack_enabled | bool and not matrix_mx_puppet_slack_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Slack repository is present on self build @@ -88,7 +88,7 @@ when: "matrix_mx_puppet_slack_enabled | bool and matrix_mx_puppet_slack_container_image_self_build" - name: Ensure MX Puppet Slack Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_slack_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 similarity index 60% rename from roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index 118d03696..06d5e10ad 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-slack \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/init.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 804876303..988544691 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -43,13 +43,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: false -- block: +- when: "matrix_mx_puppet_steam_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" register: matrix_mx_puppet_steam_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" @@ -60,24 +62,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-steam.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_steam_requires_restart: true - when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_steam_database_engine == 'postgres'" - name: Ensure MX Puppet Steam image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_steam_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" when: matrix_mx_puppet_steam_enabled | bool and not matrix_mx_puppet_steam_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Steam repository is present on self build @@ -92,7 +92,7 @@ when: "matrix_mx_puppet_steam_enabled | bool and matrix_mx_puppet_steam_container_image_self_build" - name: Ensure MX Puppet Steam Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_steam_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_steam_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 similarity index 56% rename from roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index f1079e3f7..31dd2fae5 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-steam \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-steam \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml similarity index 98% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 444491ea2..a58cd9ac6 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -27,7 +27,10 @@ }} when: matrix_mx_puppet_twitter_enabled | bool -- block: +- when: matrix_mx_puppet_twitter_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -60,9 +63,6 @@ + [matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_mx_puppet_twitter_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/main.yml diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml similarity index 93% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 305cd5dea..d5ebec74e 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -43,13 +43,15 @@ - ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: false -- block: +- when: "matrix_mx_puppet_twitter_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" register: matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result - - block: + - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" @@ -60,24 +62,22 @@ systemd_services_to_stop: ['matrix-mx-puppet-twitter.service'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_mx_puppet_twitter_requires_restart: true - when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mx_puppet_twitter_database_engine == 'postgres'" - name: Ensure MX Puppet Twitter image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_twitter_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" when: matrix_mx_puppet_twitter_enabled | bool and not matrix_mx_puppet_twitter_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure MX Puppet Twitter repository is present on self build @@ -92,7 +92,7 @@ when: "matrix_mx_puppet_twitter_enabled | bool and matrix_mx_puppet_twitter_container_image_self_build" - name: Ensure MX Puppet Twitter Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mx_puppet_twitter_docker_image }}" source: build force_source: "{{ matrix_mx_puppet_twitter_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 similarity index 60% rename from roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 rename to roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index 5d7cfca61..918b06d79 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-twitter diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/custom/matrix-bridge-sms/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-sms/defaults/main.yml rename to roles/custom/matrix-bridge-sms/defaults/main.yml diff --git a/roles/matrix-bridge-sms/tasks/init.yml b/roles/custom/matrix-bridge-sms/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-sms/tasks/init.yml rename to roles/custom/matrix-bridge-sms/tasks/init.yml diff --git a/roles/matrix-bridge-sms/tasks/main.yml b/roles/custom/matrix-bridge-sms/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-sms/tasks/main.yml rename to roles/custom/matrix-bridge-sms/tasks/main.yml diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml similarity index 89% rename from roles/matrix-bridge-sms/tasks/setup_install.yml rename to roles/custom/matrix-bridge-sms/tasks/setup_install.yml index dcc317ba2..2050797af 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-sms/tasks/setup_install.yml @@ -1,12 +1,12 @@ --- - name: Ensure matrix-sms-bridge image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_sms_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-sms-bridge paths exist @@ -49,7 +49,7 @@ - name: Ensure matrix-sms-bridge.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-sms-bridge.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sms-bridge.service" mode: 0644 register: matrix_sms_bridge_systemd_service_result diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-sms/tasks/setup_uninstall.yml similarity index 74% rename from roles/matrix-bridge-sms/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-sms/tasks/setup_uninstall.yml index 322190f91..c7d0011ec 100644 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-sms/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-sms-bridge service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sms-bridge.service" register: matrix_sms_bridge_service_stat - name: Ensure matrix-sms-bridge is stopped @@ -15,6 +15,6 @@ - name: Ensure matrix-sms-bridge.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sms-bridge.service" state: absent when: "matrix_sms_bridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/custom/matrix-bridge-sms/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-sms/tasks/validate_config.yml rename to roles/custom/matrix-bridge-sms/tasks/validate_config.yml diff --git a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 b/roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 similarity index 94% rename from roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 rename to roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 index 46c3463fd..2645d39c1 100644 --- a/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/custom/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 @@ -12,7 +12,7 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge diff --git a/roles/custom/matrix-cactus-comments/defaults/main.yml b/roles/custom/matrix-cactus-comments/defaults/main.yml new file mode 100644 index 000000000..224a53489 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/defaults/main.yml @@ -0,0 +1,60 @@ +--- +# Cactus Comments is a federated comment system built on Matrix +# Project source code URL: https://gitlab.com/cactus-comments/cactus-appservice +# Project source code URL: https://gitlab.com/cactus-comments/cactus-client + +matrix_cactus_comments_enabled: true +matrix_cactus_comments_serve_client_enabled: true +matrix_cactus_comments_container_image_self_build: false +matrix_cactus_comments_docker_repo: "https://gitlab.com/cactus-comments/cactus-appservice.git" +matrix_cactus_comments_docker_repo_version: "{{ matrix_cactus_comments_version if matrix_cactus_comments_version != 'latest' else 'main' }}" +matrix_cactus_comments_docker_src_files_path: "{{ matrix_cactus_comments_base_path }}/docker-src" + + +matrix_cactus_comments_base_path: "{{ matrix_base_data_path }}/cactus-comments" +matrix_cactus_comments_container_tmp_path: "{{ matrix_cactus_comments_base_path }}/tmp" +matrix_cactus_comments_client_path: "{{ matrix_cactus_comments_base_path }}/client" +matrix_cactus_comments_client_file_permissions: "0644" + +matrix_cactus_comments_app_service_config_file: "{{ matrix_cactus_comments_base_path }}/cactus_appservice.yaml" +matrix_cactus_comments_app_service_env_file: "{{ matrix_cactus_comments_base_path }}/cactus.env" + +matrix_cactus_comments_as_token: '' +matrix_cactus_comments_hs_token: '' +matrix_cactus_comments_homeserver_url: "{{ matrix_homeserver_container_url }}" +matrix_cactus_comments_user_id: "bot.cactusbot" +matrix_cactus_comments_tmp_directory_size_mb: 1 + +matrix_cactus_comments_container_port: 5000 + +matrix_cactus_comments_version: 0.9.0 +matrix_cactus_comments_docker_image: "{{ matrix_container_global_registry_prefix }}cactuscomments/cactus-appservice:{{ matrix_cactus_comments_version }}" +matrix_cactus_comments_docker_image_force_pull: "{{ matrix_cactus_comments_docker_image.endswith(':latest') }}" + +# matrix_cactus_comments_client_version specifies the version of the cactus-client release to use. +# For available versions, see: https://gitlab.com/cactus-comments/cactus-client/-/releases +# Also see: `matrix_cactus_comments_client_local_dir` +matrix_cactus_comments_client_version: "0.13.0" + +# matrix_cactus_comments_client_local_dir specifies a local directory (on the Ansible controller, not on the remote server) with cactus-client files to use. +# This is an alternative to `matrix_cactus_comments_client_version`, to be used when you'd like to +# provide the files locally / manually. +matrix_cactus_comments_client_local_dir: '' + +# matrix_cactus_comments_client_nginx_path specifies the path where nginx can access the client files. +# The default value assumes a container setup. If you're running nginx without a container, consider adjusting this path +matrix_cactus_comments_client_nginx_path: "/cactus-comments/" + +# matrix_cactus_comments_client_endpoint specifies where nginx will serve the files in nginx is enabled +matrix_cactus_comments_client_endpoint: "/cactus-comments/" + +# List of systemd services that matrix-cactus-comments.service depends on +matrix_bot_cactus_comments_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-cactus-comments.service wants +matrix_bot_cactus_comments_systemd_wanted_services_list: [] + +# A list of extra arguments to pass to the container +matrix_cactus_comments_container_extra_arguments: [] + +matrix_cactus_comments_environment_variables_extension: '' diff --git a/roles/custom/matrix-cactus-comments/tasks/init.yml b/roles/custom/matrix-cactus-comments/tasks/init.yml new file mode 100644 index 000000000..5067d0254 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/init.yml @@ -0,0 +1,68 @@ +--- + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-cactus-comments.service'] }}" + when: matrix_cactus_comments_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_homeserver_container_runtime_injected_arguments: > + {{ + matrix_homeserver_container_runtime_injected_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_cactus_comments_app_service_config_file }},dst=/matrix-cactus-comments.yaml,ro"] + }} + + matrix_homeserver_app_service_runtime_injected_config_files: > + {{ + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + + + ["/matrix-cactus-comments.yaml"] + }} + when: matrix_cactus_comments_enabled | bool + +- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool + tags: + - always + block: + - name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Cactus Comment's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-cactus-comments role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + + - name: Mount volume + ansible.builtin.set_fact: + matrix_nginx_proxy_container_additional_volumes: > + {{ + matrix_nginx_proxy_container_additional_volumes | default([]) + + + [{"src": "{{ matrix_cactus_comments_client_path }}", "dst": "/cactus-comments/cactus-comments", "options": "ro"}] + }} + + - name: Generate Cactus Comment proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_cactus_comments_nginx_proxy_configuration: | + location {{ matrix_cactus_comments_client_endpoint }} { + root {{ matrix_cactus_comments_client_nginx_path }}; + } + + - name: Register Cactus Comment proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_cactus_comments_nginx_proxy_configuration] + }} + + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled Cactus Comments but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying client files in {{ matrix_cactus_comments_client_path }} correctly + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-cactus-comments/tasks/main.yml b/roles/custom/matrix-cactus-comments/tasks/main.yml new file mode 100644 index 000000000..857e2db19 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml new file mode 100644 index 000000000..8de14d19b --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml @@ -0,0 +1,138 @@ +--- + +- name: Ensure cactus comments paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_cactus_comments_base_path }}", when: true} + - {path: "{{ matrix_cactus_comments_client_path }}", when: true} + - {path: "{{ matrix_cactus_comments_container_tmp_path }}", when: true} + - {path: "{{ matrix_cactus_comments_docker_src_files_path }}", when: matrix_cactus_comments_container_image_self_build} + when: "item.when | bool" + +- name: Ensure cactus comments environment file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_cactus_comments_app_service_env_file }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure cactus comments appservice file created + ansible.builtin.template: + src: "{{ role_path }}/templates/cactus_appservice.yaml.j2" + dest: "{{ matrix_cactus_comments_app_service_config_file }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure cactus comments image is pulled + community.docker.docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_cactus_comments_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_cactus_comments_docker_image_force_pull }}" + when: "not matrix_cactus_comments_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure cactus comments repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_cactus_comments_docker_repo }}" + version: "{{ matrix_cactus_comments_docker_repo_version }}" + dest: "{{ matrix_cactus_comments_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_cactus_comments_git_pull_results + when: "matrix_cactus_comments_container_image_self_build | bool" + +- name: Ensure cactus comments image is built + community.docker.docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + source: build + force_source: "{{ matrix_cactus_comments_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_cactus_comments_docker_src_files_path }}" + pull: true + when: "matrix_cactus_comments_container_image_self_build | bool" + +- when: matrix_cactus_comments_client_local_dir | length == 0 + block: + - name: Download client binary to local folder + ansible.builtin.get_url: + url: "https://gitlab.com/cactus-comments/cactus-client/-/archive/v{{ matrix_cactus_comments_client_version }}/cactus-client-v{{ matrix_cactus_comments_client_version }}.tar.gz" + dest: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz" + mode: '0644' + register: _download_client + until: _download_client is succeeded + retries: 5 + delay: 2 + check_mode: false + + - name: Unpack client + ansible.builtin.unarchive: + src: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz" + dest: "/tmp/" + remote_src: true + mode: 0600 + check_mode: false + + - name: Propagate client javascript file + ansible.builtin.copy: + src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/cactus.js" + remote_src: true + dest: "{{ matrix_cactus_comments_client_path }}/cactus.js" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Propagate client style file + ansible.builtin.copy: + src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/style.css" + remote_src: true + dest: "{{ matrix_cactus_comments_client_path }}/style.css" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- when: matrix_cactus_comments_client_local_dir | length > 0 + block: + - name: Propagate locally distributed client javascreipt + ansible.builtin.copy: + src: "{{ matrix_cactus_comments_client_local_dir }}/src/cactus.js" + dest: "{{ matrix_cactus_comments_client_path }}/cactus.js" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Propagate locally distributed client style.css + ansible.builtin.copy: + src: "{{ matrix_cactus_comments_client_local_dir }}/src/style.css" + dest: "{{ matrix_cactus_comments_client_path }}/style.css" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-cactus-comments.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-cactus-comments.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" + mode: 0644 + register: matrix_cactus_comments_systemd_service_result + +- name: Ensure systemd reloaded after matrix-cactus-comments.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_cactus_comments_systemd_service_result.changed | bool" + +- name: Ensure matrix-cactus-comments.service restarted, if necessary + ansible.builtin.service: + name: "matrix-cactus-comments.service" + state: restarted diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml new file mode 100644 index 000000000..bd46f252b --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-cactus-comments service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" + register: matrix_cactus_comments_service_stat + +- name: Ensure cactus comments is stopped + ansible.builtin.service: + name: matrix-cactus-comments + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure matrix-cactus-comments.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" + state: absent + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure systemd reloaded after matrix-cactus-comments.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure Matrix cactus comments paths don't exist + ansible.builtin.file: + path: "{{ matrix_cactus_comments_base_path }}" + state: absent + +- name: Ensure cactus comments Docker image doesn't exist + community.docker.docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + state: absent diff --git a/roles/custom/matrix-cactus-comments/tasks/validate_config.yml b/roles/custom/matrix-cactus-comments/tasks/validate_config.yml new file mode 100644 index 000000000..094a203df --- /dev/null +++ b/roles/custom/matrix-cactus-comments/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_cactus_comments_as_token" + - "matrix_cactus_comments_hs_token" diff --git a/roles/custom/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 b/roles/custom/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 new file mode 100644 index 000000000..bfcb4bb36 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 @@ -0,0 +1,19 @@ +# A unique, user-defined ID of the application service which will never change. +id: "Cactus Comments" + +# Where the cactus-appservice is hosted: +url: "http://matrix-cactus-comments:{{ matrix_cactus_comments_container_port }}" + +# Unique tokens used to authenticate requests between our service and the +# homeserver (and the other way). Use the sha256 hashes of something random. +# CHANGE THESE VALUES. +as_token: {{ matrix_cactus_comments_as_token | to_json }} +hs_token: {{ matrix_cactus_comments_hs_token | to_json }} + +# The user id of the cactusbot which can be used to register and moderate sites +sender_localpart: "{{ matrix_cactus_comments_user_id }}" + +namespaces: + aliases: + - exclusive: true + regex: "#comments_.*" diff --git a/roles/custom/matrix-cactus-comments/templates/env.j2 b/roles/custom/matrix-cactus-comments/templates/env.j2 new file mode 100644 index 000000000..ab0489612 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/templates/env.j2 @@ -0,0 +1,6 @@ +CACTUS_HS_TOKEN={{ matrix_cactus_comments_hs_token }} +CACTUS_AS_TOKEN={{ matrix_cactus_comments_as_token }} +CACTUS_HOMESERVER_URL={{ matrix_cactus_comments_homeserver_url }} +CACTUS_USER_ID=@{{ matrix_cactus_comments_user_id }}:{{ matrix_domain }} + +{{ matrix_cactus_comments_environment_variables_extension }} diff --git a/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 new file mode 100644 index 000000000..1ad84d5b7 --- /dev/null +++ b/roles/custom/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Cactus Comments +{% for service in matrix_bot_cactus_comments_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_cactus_comments_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-cactus-comments \ + --log-driver=none \ + --cap-drop=ALL \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --env-file {{ matrix_cactus_comments_app_service_env_file }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_cactus_comments_tmp_directory_size_mb }}m \ + --network={{ matrix_docker_network }} \ + {{ matrix_cactus_comments_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-cactus-comments + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml similarity index 98% rename from roles/matrix-client-cinny/defaults/main.yml rename to roles/custom/matrix-client-cinny/defaults/main.yml index 1cb22cd1e..de974eb12 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.1.2 +matrix_client_cinny_version: v2.2.2 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-cinny/tasks/init.yml b/roles/custom/matrix-client-cinny/tasks/init.yml similarity index 100% rename from roles/matrix-client-cinny/tasks/init.yml rename to roles/custom/matrix-client-cinny/tasks/init.yml diff --git a/roles/matrix-client-cinny/tasks/main.yml b/roles/custom/matrix-client-cinny/tasks/main.yml similarity index 100% rename from roles/matrix-client-cinny/tasks/main.yml rename to roles/custom/matrix-client-cinny/tasks/main.yml diff --git a/roles/matrix-client-cinny/tasks/self_check.yml b/roles/custom/matrix-client-cinny/tasks/self_check.yml similarity index 100% rename from roles/matrix-client-cinny/tasks/self_check.yml rename to roles/custom/matrix-client-cinny/tasks/self_check.yml diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/custom/matrix-client-cinny/tasks/setup_install.yml similarity index 91% rename from roles/matrix-client-cinny/tasks/setup_install.yml rename to roles/custom/matrix-client-cinny/tasks/setup_install.yml index 755b872fd..09b117be8 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_install.yml @@ -12,15 +12,15 @@ when: "item.when | bool" - name: Ensure Cinny Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_client_cinny_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Cinny repository is present on self-build @@ -54,7 +54,7 @@ when: "item.src is not none" - name: Ensure Cinny Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_client_cinny_docker_image }}" source: build force_source: "{{ matrix_client_cinny_git_pull_results.changed }}" @@ -67,7 +67,7 @@ - name: Ensure matrix-client-cinny.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-cinny.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-client-cinny.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" mode: 0644 register: matrix_client_cinny_systemd_service_result diff --git a/roles/matrix-client-cinny/tasks/setup_uninstall.yml b/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-client-cinny/tasks/setup_uninstall.yml rename to roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml index e6f71b0bc..5b67e819e 100644 --- a/roles/matrix-client-cinny/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-cinny/tasks/setup_uninstall.yml @@ -1,7 +1,7 @@ --- - name: Check existence of matrix-client-cinny.service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-client-cinny.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" register: matrix_client_cinny_service_stat - name: Ensure matrix-client-cinny is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-client-cinny.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-client-cinny.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-cinny.service" state: absent when: "matrix_client_cinny_service_stat.stat.exists | bool" @@ -30,6 +30,6 @@ state: absent - name: Ensure Cinny Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_client_cinny_docker_image }}" state: absent diff --git a/roles/matrix-client-cinny/tasks/validate_config.yml b/roles/custom/matrix-client-cinny/tasks/validate_config.yml similarity index 100% rename from roles/matrix-client-cinny/tasks/validate_config.yml rename to roles/custom/matrix-client-cinny/tasks/validate_config.yml diff --git a/roles/matrix-client-cinny/templates/config.json.j2 b/roles/custom/matrix-client-cinny/templates/config.json.j2 similarity index 100% rename from roles/matrix-client-cinny/templates/config.json.j2 rename to roles/custom/matrix-client-cinny/templates/config.json.j2 diff --git a/roles/matrix-client-cinny/templates/nginx.conf.j2 b/roles/custom/matrix-client-cinny/templates/nginx.conf.j2 similarity index 100% rename from roles/matrix-client-cinny/templates/nginx.conf.j2 rename to roles/custom/matrix-client-cinny/templates/nginx.conf.j2 diff --git a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 similarity index 55% rename from roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 rename to roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index 3f15ac195..b9a66c74b 100644 --- a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/custom/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-client-cinny \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ {% endfor %} {{ matrix_client_cinny_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-cinny diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml similarity index 99% rename from roles/matrix-client-element/defaults/main.yml rename to roles/custom/matrix-client-element/defaults/main.yml index e462df8ae..a1543b5bb 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.3 +matrix_client_element_version: v1.11.14 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/tasks/init.yml b/roles/custom/matrix-client-element/tasks/init.yml similarity index 100% rename from roles/matrix-client-element/tasks/init.yml rename to roles/custom/matrix-client-element/tasks/init.yml diff --git a/roles/matrix-client-element/tasks/main.yml b/roles/custom/matrix-client-element/tasks/main.yml similarity index 100% rename from roles/matrix-client-element/tasks/main.yml rename to roles/custom/matrix-client-element/tasks/main.yml diff --git a/roles/matrix-client-element/tasks/migrate_riot_web.yml b/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml similarity index 88% rename from roles/matrix-client-element/tasks/migrate_riot_web.yml rename to roles/custom/matrix-client-element/tasks/migrate_riot_web.yml index 23011e93b..bb62b7ce5 100644 --- a/roles/matrix-client-element/tasks/migrate_riot_web.yml +++ b/roles/custom/matrix-client-element/tasks/migrate_riot_web.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-riot-web.service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-riot-web.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-riot-web.service" register: matrix_client_riot_web_service_stat when: "matrix_client_element_enabled | bool" @@ -17,7 +17,7 @@ - name: Ensure matrix-riot-web.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-riot-web.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-riot-web.service" state: absent when: "matrix_client_element_enabled | bool and matrix_client_riot_web_service_stat.stat.exists" diff --git a/roles/matrix-client-element/tasks/prepare_themes.yml b/roles/custom/matrix-client-element/tasks/prepare_themes.yml similarity index 95% rename from roles/matrix-client-element/tasks/prepare_themes.yml rename to roles/custom/matrix-client-element/tasks/prepare_themes.yml index 8185122c6..3f5c9783c 100644 --- a/roles/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/custom/matrix-client-element/tasks/prepare_themes.yml @@ -4,7 +4,11 @@ # Tasks related to setting up Element themes # -- block: +- when: matrix_client_element_themes_enabled | bool + run_once: true + delegate_to: 127.0.0.1 + become: false + block: - name: Ensure Element themes repository is pulled ansible.builtin.git: repo: "{{ matrix_client_element_themes_repository_url }}" @@ -29,12 +33,6 @@ matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming with_items: "{{ matrix_client_element_theme_file_contents.results }}" - run_once: true - delegate_to: 127.0.0.1 - become: false - when: matrix_client_element_themes_enabled | bool - - # # Tasks related to getting rid of Element themes (if it was previously enabled) # diff --git a/roles/matrix-client-element/tasks/self_check.yml b/roles/custom/matrix-client-element/tasks/self_check.yml similarity index 100% rename from roles/matrix-client-element/tasks/self_check.yml rename to roles/custom/matrix-client-element/tasks/self_check.yml diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/custom/matrix-client-element/tasks/setup_install.yml similarity index 93% rename from roles/matrix-client-element/tasks/setup_install.yml rename to roles/custom/matrix-client-element/tasks/setup_install.yml index b21da064d..0edb0b50e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/custom/matrix-client-element/tasks/setup_install.yml @@ -13,15 +13,15 @@ when: "item.when | bool" - name: Ensure Element Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_client_element_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" when: "not matrix_client_element_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Element repository is present on self-build @@ -50,7 +50,7 @@ when: "matrix_client_element_container_image_self_build | bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled | bool" - name: Ensure Element Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_client_element_docker_image }}" source: build force_source: "{{ matrix_client_element_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -93,7 +93,7 @@ - name: Ensure matrix-client-element.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-element.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-client-element.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" mode: 0644 register: matrix_client_element_systemd_service_result diff --git a/roles/matrix-client-element/tasks/setup_uninstall.yml b/roles/custom/matrix-client-element/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-client-element/tasks/setup_uninstall.yml rename to roles/custom/matrix-client-element/tasks/setup_uninstall.yml index b3cdd05e5..3a1de4094 100644 --- a/roles/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-element/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-client-element.service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-client-element.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" register: matrix_client_element_service_stat - name: Ensure matrix-client-element is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-client-element.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-client-element.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-element.service" state: absent when: "matrix_client_element_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Element Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_client_element_docker_image }}" state: absent diff --git a/roles/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml similarity index 100% rename from roles/matrix-client-element/tasks/validate_config.yml rename to roles/custom/matrix-client-element/tasks/validate_config.yml diff --git a/roles/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 similarity index 100% rename from roles/matrix-client-element/templates/config.json.j2 rename to roles/custom/matrix-client-element/templates/config.json.j2 diff --git a/roles/matrix-client-element/templates/nginx.conf.j2 b/roles/custom/matrix-client-element/templates/nginx.conf.j2 similarity index 100% rename from roles/matrix-client-element/templates/nginx.conf.j2 rename to roles/custom/matrix-client-element/templates/nginx.conf.j2 diff --git a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 similarity index 63% rename from roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 rename to roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index 8d3dec570..52f3249a9 100644 --- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-client-element \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element {% endfor %} {{ matrix_client_element_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-element diff --git a/roles/matrix-client-element/templates/welcome.html.j2 b/roles/custom/matrix-client-element/templates/welcome.html.j2 similarity index 100% rename from roles/matrix-client-element/templates/welcome.html.j2 rename to roles/custom/matrix-client-element/templates/welcome.html.j2 diff --git a/roles/matrix-client-element/vars/main.yml b/roles/custom/matrix-client-element/vars/main.yml similarity index 100% rename from roles/matrix-client-element/vars/main.yml rename to roles/custom/matrix-client-element/vars/main.yml diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml similarity index 99% rename from roles/matrix-client-hydrogen/defaults/main.yml rename to roles/custom/matrix-client-hydrogen/defaults/main.yml index 4edfa20c4..80bdb021e 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.3.1 +matrix_client_hydrogen_version: v0.3.4 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/tasks/init.yml b/roles/custom/matrix-client-hydrogen/tasks/init.yml similarity index 100% rename from roles/matrix-client-hydrogen/tasks/init.yml rename to roles/custom/matrix-client-hydrogen/tasks/init.yml diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/custom/matrix-client-hydrogen/tasks/main.yml similarity index 100% rename from roles/matrix-client-hydrogen/tasks/main.yml rename to roles/custom/matrix-client-hydrogen/tasks/main.yml diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/custom/matrix-client-hydrogen/tasks/self_check.yml similarity index 100% rename from roles/matrix-client-hydrogen/tasks/self_check.yml rename to roles/custom/matrix-client-hydrogen/tasks/self_check.yml diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml similarity index 92% rename from roles/matrix-client-hydrogen/tasks/setup_install.yml rename to roles/custom/matrix-client-hydrogen/tasks/setup_install.yml index 4cd445d01..6905081ad 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_install.yml @@ -13,15 +13,15 @@ when: "item.when | bool" - name: Ensure Hydrogen Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Hydrogen repository is present on self-build @@ -58,7 +58,7 @@ # This step MUST come after the steps to install the configuration files because the config files # are currently only read at build time, not at run time like most other components in the playbook - name: Ensure Hydrogen Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" source: build force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" @@ -71,7 +71,7 @@ - name: Ensure matrix-client-hydrogen.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" mode: 0644 register: matrix_client_hydrogen_systemd_service_result diff --git a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-client-hydrogen/tasks/setup_uninstall.yml rename to roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml index d543cbb32..090ce5673 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-client-hydrogen.service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" register: matrix_client_hydrogen_service_stat - name: Ensure matrix-client-hydrogen is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-client-hydrogen.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-client-hydrogen.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-hydrogen.service" state: absent when: "matrix_client_hydrogen_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Hydrogen Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_client_hydrogen_docker_image }}" state: absent diff --git a/roles/matrix-client-hydrogen/tasks/validate_config.yml b/roles/custom/matrix-client-hydrogen/tasks/validate_config.yml similarity index 100% rename from roles/matrix-client-hydrogen/tasks/validate_config.yml rename to roles/custom/matrix-client-hydrogen/tasks/validate_config.yml diff --git a/roles/matrix-client-hydrogen/templates/config.json.j2 b/roles/custom/matrix-client-hydrogen/templates/config.json.j2 similarity index 100% rename from roles/matrix-client-hydrogen/templates/config.json.j2 rename to roles/custom/matrix-client-hydrogen/templates/config.json.j2 diff --git a/roles/matrix-client-hydrogen/templates/nginx.conf.j2 b/roles/custom/matrix-client-hydrogen/templates/nginx.conf.j2 similarity index 100% rename from roles/matrix-client-hydrogen/templates/nginx.conf.j2 rename to roles/custom/matrix-client-hydrogen/templates/nginx.conf.j2 diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 similarity index 53% rename from roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 rename to roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index 0196d35b4..92bfadcb9 100644 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydrogen \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-client-hydrogen \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydroge {% endfor %} {{ matrix_client_hydrogen_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-hydrogen diff --git a/roles/matrix-common-after/defaults/main.yml b/roles/custom/matrix-common-after/defaults/main.yml similarity index 100% rename from roles/matrix-common-after/defaults/main.yml rename to roles/custom/matrix-common-after/defaults/main.yml diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/custom/matrix-common-after/tasks/main.yml similarity index 76% rename from roles/matrix-common-after/tasks/main.yml rename to roles/custom/matrix-common-after/tasks/main.yml index 1b360698d..2cffecb1e 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/custom/matrix-common-after/tasks/main.yml @@ -10,10 +10,6 @@ tags: - stop -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml" - tags: - - always - - ansible.builtin.import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune diff --git a/roles/matrix-common-after/tasks/run_docker_prune.yml b/roles/custom/matrix-common-after/tasks/run_docker_prune.yml similarity index 68% rename from roles/matrix-common-after/tasks/run_docker_prune.yml rename to roles/custom/matrix-common-after/tasks/run_docker_prune.yml index 02dfadc5c..58f0e7933 100644 --- a/roles/matrix-common-after/tasks/run_docker_prune.yml +++ b/roles/custom/matrix-common-after/tasks/run_docker_prune.yml @@ -2,6 +2,6 @@ - name: Run Docker System Prune ansible.builtin.command: - cmd: "{{ matrix_host_command_docker }} system prune -a -f" + cmd: "{{ devture_systemd_docker_base_host_command_docker }} system prune -a -f" register: matrix_common_after_docker_prune_result changed_when: matrix_common_after_docker_prune_result.rc == 0 diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/custom/matrix-common-after/tasks/start.yml similarity index 91% rename from roles/matrix-common-after/tasks/start.yml rename to roles/custom/matrix-common-after/tasks/start.yml index 890eabfab..a781dab75 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/custom/matrix-common-after/tasks/start.yml @@ -34,7 +34,8 @@ delegate_to: 127.0.0.1 become: false -- block: +- when: "ansible_distribution != 'Archlinux'" + block: - name: Populate service facts ansible.builtin.service_facts: @@ -46,13 +47,13 @@ Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. If you're on a slow or overloaded server, it may be that services take a longer time to start and that this error is a false-positive. You can consider raising the value of the `matrix_common_after_systemd_service_start_wait_for_timeout_seconds` variable. - See `roles/matrix-common-after/defaults/main.yml` for more details about that. + See `roles/custom/matrix-common-after/defaults/main.yml` for more details about that. with_items: "{{ matrix_systemd_services_list }}" when: - - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" - when: " ansible_distribution != 'Archlinux'" + - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')" -- block: +- when: "ansible_distribution == 'Archlinux'" + block: # Currently there is a bug in ansible that renders is incompatible with systemd. # service_facts is not collecting the data successfully. # Therefore iterating here manually @@ -70,4 +71,3 @@ Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate. with_items: "{{ systemdstatus.results }}" when: "item.status['ActiveState'] != 'active'" - when: "ansible_distribution == 'Archlinux'" diff --git a/roles/matrix-common-after/tasks/stop.yml b/roles/custom/matrix-common-after/tasks/stop.yml similarity index 100% rename from roles/matrix-common-after/tasks/stop.yml rename to roles/custom/matrix-common-after/tasks/stop.yml diff --git a/roles/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml similarity index 87% rename from roles/matrix-conduit/defaults/main.yml rename to roles/custom/matrix-conduit/defaults/main.yml index 25036939a..366321b9c 100644 --- a/roles/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -36,8 +36,13 @@ matrix_conduit_template_conduit_config: "{{ role_path }}/templates/conduit/condu # Max size for uploads, in bytes matrix_conduit_max_request_size: 20_000_000 +# Maximum number of open files for Conduit's embedded RocksDB database +# See https://github.com/facebook/rocksdb/wiki/RocksDB-Tuning-Guide#tuning-other-options +# By default, Conduit uses a relatively low value of 20. +matrix_conduit_rocksdb_max_open_files: 64 + # Enables registration. If set to false, no users can register on this server. -matrix_conduit_allow_registration: true +matrix_conduit_allow_registration: false matrix_conduit_allow_federation: true diff --git a/roles/custom/matrix-conduit/tasks/conduit/setup.yml b/roles/custom/matrix-conduit/tasks/conduit/setup.yml new file mode 100644 index 000000000..425d0f7e9 --- /dev/null +++ b/roles/custom/matrix-conduit/tasks/conduit/setup.yml @@ -0,0 +1,7 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup_install.yml" + when: "matrix_conduit_enabled | bool" + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup_uninstall.yml" + when: "not matrix_conduit_enabled | bool" diff --git a/roles/matrix-conduit/tasks/conduit/setup_install.yml b/roles/custom/matrix-conduit/tasks/conduit/setup_install.yml similarity index 87% rename from roles/matrix-conduit/tasks/conduit/setup_install.yml rename to roles/custom/matrix-conduit/tasks/conduit/setup_install.yml index ac5be14dd..ebc5447b2 100644 --- a/roles/matrix-conduit/tasks/conduit/setup_install.yml +++ b/roles/custom/matrix-conduit/tasks/conduit/setup_install.yml @@ -1,13 +1,13 @@ --- - name: Ensure Conduit Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_conduit_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_conduit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduit_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Conduit config path exists @@ -37,7 +37,7 @@ - name: Ensure matrix-conduit.service installed ansible.builtin.template: src: "{{ role_path }}/templates/conduit/systemd/matrix-conduit.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-conduit.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" mode: 0644 register: matrix_conduit_systemd_service_result diff --git a/roles/matrix-conduit/tasks/conduit/setup_uninstall.yml b/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml similarity index 79% rename from roles/matrix-conduit/tasks/conduit/setup_uninstall.yml rename to roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml index 3bbbc3a78..efe7d40a0 100644 --- a/roles/matrix-conduit/tasks/conduit/setup_uninstall.yml +++ b/roles/custom/matrix-conduit/tasks/conduit/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-conduit service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-conduit.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" register: matrix_conduit_service_stat - name: Ensure matrix-conduit is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-conduit.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-conduit.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduit.service" state: absent when: "matrix_conduit_service_stat.stat.exists" @@ -25,6 +25,6 @@ when: "matrix_conduit_service_stat.stat.exists" - name: Ensure Conduit Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_conduit_docker_image }}" state: absent diff --git a/roles/matrix-conduit/tasks/init.yml b/roles/custom/matrix-conduit/tasks/init.yml similarity index 100% rename from roles/matrix-conduit/tasks/init.yml rename to roles/custom/matrix-conduit/tasks/init.yml diff --git a/roles/matrix-conduit/tasks/main.yml b/roles/custom/matrix-conduit/tasks/main.yml similarity index 62% rename from roles/matrix-conduit/tasks/main.yml rename to roles/custom/matrix-conduit/tasks/main.yml index c8862bd77..623d04582 100644 --- a/roles/matrix-conduit/tasks/main.yml +++ b/roles/custom/matrix-conduit/tasks/main.yml @@ -1,10 +1,10 @@ --- -- import_tasks: "{{ role_path }}/tasks/init.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" tags: - always -- import_tasks: "{{ role_path }}/tasks/conduit/setup.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/conduit/setup.yml" when: run_setup | bool tags: - setup-all diff --git a/roles/matrix-conduit/templates/conduit/conduit.toml.j2 b/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2 similarity index 94% rename from roles/matrix-conduit/templates/conduit/conduit.toml.j2 rename to roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2 index 6f479084b..156914403 100644 --- a/roles/matrix-conduit/templates/conduit/conduit.toml.j2 +++ b/roles/custom/matrix-conduit/templates/conduit/conduit.toml.j2 @@ -34,6 +34,9 @@ port = {{ matrix_conduit_port_number }} # Max size for uploads max_request_size = {{ matrix_conduit_max_request_size }} +# Max number of open files for the RocksDB database +rocksdb_max_open_files = {{ matrix_conduit_rocksdb_max_open_files }} + # Enables registration. If set to false, no users can register on this server. allow_registration = {{ matrix_conduit_allow_registration | to_json }} diff --git a/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 b/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 similarity index 50% rename from roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 rename to roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 index 51b204f6d..cdaead01d 100644 --- a/roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 +++ b/roles/custom/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 @@ -8,11 +8,11 @@ After={{ service }} [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-conduit 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-conduit 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-conduit \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-conduit \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -27,9 +27,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-conduit \ {% endfor %} {{ matrix_conduit_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-conduit 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-conduit 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec matrix-conduit /bin/sh -c 'kill -HUP 1' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-conduit 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduit 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-conduit /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 SyslogIdentifier=matrix-conduit diff --git a/roles/matrix-conduit/vars/main.yml b/roles/custom/matrix-conduit/vars/main.yml similarity index 100% rename from roles/matrix-conduit/vars/main.yml rename to roles/custom/matrix-conduit/vars/main.yml diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/custom/matrix-corporal/defaults/main.yml similarity index 99% rename from roles/matrix-corporal/defaults/main.yml rename to roles/custom/matrix-corporal/defaults/main.yml index bb1b8fa19..8c391dfbf 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/custom/matrix-corporal/defaults/main.yml @@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.3.0 +matrix_corporal_version: 2.4.0 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/custom/matrix-corporal/tasks/init.yml similarity index 100% rename from roles/matrix-corporal/tasks/init.yml rename to roles/custom/matrix-corporal/tasks/init.yml diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/custom/matrix-corporal/tasks/main.yml similarity index 100% rename from roles/matrix-corporal/tasks/main.yml rename to roles/custom/matrix-corporal/tasks/main.yml diff --git a/roles/matrix-corporal/tasks/self_check_corporal.yml b/roles/custom/matrix-corporal/tasks/self_check_corporal.yml similarity index 100% rename from roles/matrix-corporal/tasks/self_check_corporal.yml rename to roles/custom/matrix-corporal/tasks/self_check_corporal.yml diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/custom/matrix-corporal/tasks/setup_corporal.yml similarity index 88% rename from roles/matrix-corporal/tasks/setup_corporal.yml rename to roles/custom/matrix-corporal/tasks/setup_corporal.yml index 583c27eba..3f6ac86cd 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/custom/matrix-corporal/tasks/setup_corporal.yml @@ -29,7 +29,7 @@ when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool" - name: Ensure Matrix Corporal Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_corporal_docker_image }}" source: build force_source: "{{ matrix_corporal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -41,15 +41,15 @@ when: "matrix_corporal_enabled | bool and matrix_corporal_container_image_self_build | bool" - name: Ensure Matrix Corporal Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_corporal_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" when: "matrix_corporal_enabled | bool and not matrix_corporal_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Matrix Corporal config installed @@ -64,7 +64,7 @@ - name: Ensure matrix-corporal.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-corporal.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" mode: 0644 register: matrix_corporal_systemd_service_result when: matrix_corporal_enabled | bool @@ -81,7 +81,7 @@ - name: Check existence of matrix-corporal service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-corporal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" register: matrix_corporal_service_stat when: "not matrix_corporal_enabled | bool" @@ -96,7 +96,7 @@ - name: Ensure matrix-corporal.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-corporal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" state: absent when: "not matrix_corporal_enabled | bool and matrix_corporal_service_stat.stat.exists" @@ -110,12 +110,12 @@ path: "{{ item }}" state: absent with_items: - - "{{ matrix_systemd_path }}/matrix-corporal.service" + - "{{ devture_systemd_docker_base_systemd_path }}/matrix-corporal.service" - "{{ matrix_corporal_config_dir_path }}/config.json" when: "not matrix_corporal_enabled | bool" - name: Ensure Matrix Corporal Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_corporal_docker_image }}" state: absent when: "not matrix_corporal_enabled | bool" diff --git a/roles/matrix-corporal/tasks/validate_config.yml b/roles/custom/matrix-corporal/tasks/validate_config.yml similarity index 100% rename from roles/matrix-corporal/tasks/validate_config.yml rename to roles/custom/matrix-corporal/tasks/validate_config.yml diff --git a/roles/matrix-corporal/templates/config.json.j2 b/roles/custom/matrix-corporal/templates/config.json.j2 similarity index 100% rename from roles/matrix-corporal/templates/config.json.j2 rename to roles/custom/matrix-corporal/templates/config.json.j2 diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 similarity index 60% rename from roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 rename to roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index d5661b5ab..b5ad685a7 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/custom/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-corporal 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-corporal \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-corporal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml similarity index 99% rename from roles/matrix-coturn/defaults/main.yml rename to roles/custom/matrix-coturn/defaults/main.yml index bc87d6544..b2aff9844 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r14 +matrix_coturn_version: 4.6.0-r0 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/custom/matrix-coturn/tasks/init.yml similarity index 100% rename from roles/matrix-coturn/tasks/init.yml rename to roles/custom/matrix-coturn/tasks/init.yml diff --git a/roles/matrix-coturn/tasks/main.yml b/roles/custom/matrix-coturn/tasks/main.yml similarity index 100% rename from roles/matrix-coturn/tasks/main.yml rename to roles/custom/matrix-coturn/tasks/main.yml diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml similarity index 90% rename from roles/matrix-coturn/tasks/setup_install.yml rename to roles/custom/matrix-coturn/tasks/setup_install.yml index 2a1af7310..31b5446cb 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -18,18 +18,19 @@ when: "item.when | bool" - name: Ensure Coturn image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_coturn_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}" when: "not matrix_coturn_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- block: +- when: "matrix_coturn_container_image_self_build | bool" + block: - name: Ensure Coturn repository is present on self-build ansible.builtin.git: repo: "{{ matrix_coturn_container_image_self_build_repo }}" @@ -41,7 +42,7 @@ register: matrix_coturn_git_pull_results - name: Ensure Coturn Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_coturn_docker_image }}" source: build force_source: "{{ matrix_coturn_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -50,7 +51,6 @@ dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}" path: "{{ matrix_coturn_docker_src_files_path }}" pull: true - when: "matrix_coturn_container_image_self_build | bool" - name: Ensure Coturn configuration path exists ansible.builtin.file: @@ -69,14 +69,14 @@ group: "{{ matrix_user_groupname }}" - name: Ensure Coturn network is created in Docker - docker_network: + community.docker.docker_network: name: "{{ matrix_coturn_docker_network }}" driver: bridge - name: Ensure matrix-coturn.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-coturn.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-coturn.service" mode: 0644 register: matrix_coturn_systemd_service_change_results @@ -86,7 +86,7 @@ - name: Ensure reloading systemd units installed, if necessary ansible.builtin.template: src: "{{ role_path }}/templates/systemd/{{ item }}.j2" - dest: "{{ matrix_systemd_path }}/{{ item }}" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" mode: 0644 register: "matrix_coturn_systemd_service_change_results" when: "matrix_coturn_tls_enabled | bool" diff --git a/roles/matrix-coturn/tasks/setup_uninstall.yml b/roles/custom/matrix-coturn/tasks/setup_uninstall.yml similarity index 89% rename from roles/matrix-coturn/tasks/setup_uninstall.yml rename to roles/custom/matrix-coturn/tasks/setup_uninstall.yml index 5dd2788ef..bf71b90ae 100644 --- a/roles/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-coturn/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-coturn service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-coturn.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-coturn.service" register: matrix_coturn_service_stat when: "not matrix_coturn_enabled | bool" @@ -25,7 +25,7 @@ - name: Ensure systemd units don't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/{{ item }}" + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" state: absent register: matrix_coturn_systemd_unit_uninstallation_result with_items: diff --git a/roles/matrix-coturn/tasks/validate_config.yml b/roles/custom/matrix-coturn/tasks/validate_config.yml similarity index 100% rename from roles/matrix-coturn/tasks/validate_config.yml rename to roles/custom/matrix-coturn/tasks/validate_config.yml diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 similarity index 52% rename from roles/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 rename to roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 index e006e5a06..7d12f6ec8 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 +++ b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.service.j2 @@ -3,4 +3,4 @@ Description=Reloads matrix-coturn so that new SSL certificates can kick in [Service] Type=oneshot -ExecStart={{ matrix_host_command_systemctl }} reload matrix-coturn.service +ExecStart={{ devture_systemd_docker_base_host_command_systemctl }} reload matrix-coturn.service diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 similarity index 100% rename from roles/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 rename to roles/custom/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 similarity index 68% rename from roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 rename to roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 54bd015e7..3a0782bf8 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-coturn 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-coturn \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -43,12 +43,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-coturn 2>/dev/null || true' # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 -ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1 +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-coturn kill -USR2 1 Restart=always RestartSec=30 diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 similarity index 100% rename from roles/matrix-coturn/templates/turnserver.conf.j2 rename to roles/custom/matrix-coturn/templates/turnserver.conf.j2 diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml similarity index 98% rename from roles/matrix-dendrite/defaults/main.yml rename to roles/custom/matrix-dendrite/defaults/main.yml index 50336a111..b9dddfe9b 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.9.5" +matrix_dendrite_docker_image_tag: "v0.10.7" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" @@ -90,7 +90,7 @@ matrix_dendrite_tmp_directory_size_mb: 500 # Rate limits matrix_dendrite_rate_limiting_enabled: true -matrix_dendrite_rate_limiting_threshold: 5 +matrix_dendrite_rate_limiting_threshold: 20 matrix_dendrite_rate_limiting_cooloff_ms: 500 # Controls whether people with access to the homeserver can register by themselves. @@ -138,7 +138,6 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}: matrix_dendrite_database_hostname: "matrix-postgres" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" -matrix_dendrite_appservice_database: "dendrite_appservice" matrix_dendrite_federationapi_database: "dendrite_federationapi" matrix_dendrite_keyserver_database: "dendrite_keyserver" matrix_dendrite_mediaapi_database: "dendrite_mediaapi" diff --git a/roles/matrix-dendrite/tasks/dendrite/setup.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup.yml similarity index 100% rename from roles/matrix-dendrite/tasks/dendrite/setup.yml rename to roles/custom/matrix-dendrite/tasks/dendrite/setup.yml diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml similarity index 93% rename from roles/matrix-dendrite/tasks/dendrite/setup_install.yml rename to roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml index 3052e1010..aec7f77b4 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -18,14 +18,14 @@ when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists" - name: Ensure Dendrite Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_dendrite_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Check if a Dendrite signing key exists @@ -65,7 +65,7 @@ - name: Ensure matrix-dendrite.service installed ansible.builtin.template: src: "{{ role_path }}/templates/dendrite/systemd/matrix-dendrite.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-dendrite.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" mode: 0644 register: matrix_dendrite_systemd_service_result diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml b/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml similarity index 79% rename from roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml rename to roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml index b6d8cfaca..ce3e34769 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_uninstall.yml +++ b/roles/custom/matrix-dendrite/tasks/dendrite/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-dendrite service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-dendrite.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" register: matrix_dendrite_service_stat - name: Ensure matrix-dendrite is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-dendrite.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-dendrite.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dendrite.service" state: absent when: "matrix_dendrite_service_stat.stat.exists" @@ -25,6 +25,6 @@ when: "matrix_dendrite_service_stat.stat.exists" - name: Ensure Dendrite Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_dendrite_docker_image }}" state: absent diff --git a/roles/matrix-dendrite/tasks/init.yml b/roles/custom/matrix-dendrite/tasks/init.yml similarity index 100% rename from roles/matrix-dendrite/tasks/init.yml rename to roles/custom/matrix-dendrite/tasks/init.yml diff --git a/roles/matrix-dendrite/tasks/main.yml b/roles/custom/matrix-dendrite/tasks/main.yml similarity index 100% rename from roles/matrix-dendrite/tasks/main.yml rename to roles/custom/matrix-dendrite/tasks/main.yml diff --git a/roles/matrix-dendrite/tasks/register_user.yml b/roles/custom/matrix-dendrite/tasks/register_user.yml similarity index 100% rename from roles/matrix-dendrite/tasks/register_user.yml rename to roles/custom/matrix-dendrite/tasks/register_user.yml diff --git a/roles/matrix-dendrite/tasks/self_check_client_api.yml b/roles/custom/matrix-dendrite/tasks/self_check_client_api.yml similarity index 100% rename from roles/matrix-dendrite/tasks/self_check_client_api.yml rename to roles/custom/matrix-dendrite/tasks/self_check_client_api.yml diff --git a/roles/matrix-dendrite/tasks/self_check_federation_api.yml b/roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml similarity index 100% rename from roles/matrix-dendrite/tasks/self_check_federation_api.yml rename to roles/custom/matrix-dendrite/tasks/self_check_federation_api.yml diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/custom/matrix-dendrite/tasks/setup_dendrite.yml similarity index 100% rename from roles/matrix-dendrite/tasks/setup_dendrite.yml rename to roles/custom/matrix-dendrite/tasks/setup_dendrite.yml diff --git a/roles/matrix-dendrite/tasks/validate_config.yml b/roles/custom/matrix-dendrite/tasks/validate_config.yml similarity index 100% rename from roles/matrix-dendrite/tasks/validate_config.yml rename to roles/custom/matrix-dendrite/tasks/validate_config.yml diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 similarity index 89% rename from roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 rename to roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 20131c106..86a12d7c2 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -58,6 +58,10 @@ global: # e.g. localhost:443 well_known_server_name: "" + # The server name to delegate client-server communications to, with optional port + # e.g. localhost:443 + well_known_client_name: "" + # Lists of domains that the server will trust as identity servers to verify third # party identifiers such as phone numbers and email addresses. trusted_third_party_id_servers: {{ matrix_dendrite_trusted_id_servers|to_json }} @@ -73,6 +77,25 @@ global: # Whether outbound presence events are allowed, e.g. sending presence events to other servers enable_outbound: false + # Configuration for in-memory caches. Caches can often improve performance by + # keeping frequently accessed items (like events, identifiers etc.) in memory + # rather than having to read them from the database. + cache: + # The estimated maximum size for the global cache in bytes, or in terabytes, + # gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or + # 'kb' suffix is specified. Note that this is not a hard limit, nor is it a + # memory limit for the entire process. A cache that is too small may ultimately + # provide little or no benefit. + max_size_estimated: 1gb + + # The maximum amount of time that a cache entry can live for in memory before + # it will be evicted and/or refreshed from the database. Lower values result in + # easier admission of new cache entries but may also increase database load in + # comparison to higher values, so adjust conservatively. Higher values may make + # it harder for new items to make it into the cache, e.g. if new rooms suddenly + # become popular. + max_age: 1h + # Server notices allows server admins to send messages to all users. server_notices: enabled: false @@ -133,11 +156,6 @@ app_service_api: internal_api: listen: http://0.0.0.0:7777 connect: http://appservice_api:7777 - database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_appservice_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 # Disable the validation of TLS certificates of appservices. This is # not recommended in production since it may allow appservice traffic @@ -191,6 +209,8 @@ client_api: enabled: {{ matrix_dendrite_rate_limiting_enabled|to_json }} threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }} cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }} + exempt_user_ids: + # - "@user:domain.com" # Configuration for the Federation API. federation_api: @@ -329,6 +349,16 @@ sync_api: # a reverse proxy server. # real_ip_header: X-Real-IP real_ip_header: {{ matrix_dendrite_sync_api_real_ip_header|to_json }} + # Configuration for the full-text search engine. + search: + # Whether or not search is enabled. + enabled: false + # The path where the search index will be created in. + index_path: "/matrix-media-store-parent/searchindex" + # The language most likely to be used on the server - used when indexing, to + # ensure the returned results match expectations. A full list of possible languages + # can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang + language: "en" # Configuration for the User API. user_api: diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 similarity index 71% rename from roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 rename to roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 69eca497c..b83f00bc4 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -12,9 +12,9 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' {% if 'matrix-postgres.service' in matrix_dendrite_systemd_required_services_list %} # Dendrite is too quick to start in relation to its matrix-postgres dependency. @@ -22,7 +22,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre={{ matrix_host_command_sleep }} 5 {% endif %} -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dendrite \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -54,9 +54,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ -https-bind-address {{ matrix_dendrite_https_bind_address }} {% endif %} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 SyslogIdentifier=matrix-dendrite diff --git a/roles/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 b/roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 similarity index 96% rename from roles/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 rename to roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 index 507c7012e..edfa521b9 100644 --- a/roles/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" #!/bin/bash -if [ $# -ne 2 ]; then +if [ $# -ne 3 ]; then echo "Usage: "$0" " exit 1 fi diff --git a/roles/matrix-dendrite/vars/main.yml b/roles/custom/matrix-dendrite/vars/main.yml similarity index 100% rename from roles/matrix-dendrite/vars/main.yml rename to roles/custom/matrix-dendrite/vars/main.yml diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/custom/matrix-dimension/defaults/main.yml similarity index 100% rename from roles/matrix-dimension/defaults/main.yml rename to roles/custom/matrix-dimension/defaults/main.yml diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/custom/matrix-dimension/tasks/init.yml similarity index 100% rename from roles/matrix-dimension/tasks/init.yml rename to roles/custom/matrix-dimension/tasks/init.yml diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/custom/matrix-dimension/tasks/main.yml similarity index 100% rename from roles/matrix-dimension/tasks/main.yml rename to roles/custom/matrix-dimension/tasks/main.yml diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml similarity index 93% rename from roles/matrix-dimension/tasks/setup_install.yml rename to roles/custom/matrix-dimension/tasks/setup_install.yml index 7060285a6..2aeb1e2a7 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/custom/matrix-dimension/tasks/setup_install.yml @@ -3,13 +3,15 @@ - ansible.builtin.set_fact: matrix_dimension_requires_restart: false -- block: +- when: "matrix_dimension_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_dimension_sqlite_database_path_local }}" register: matrix_dimension_sqlite_database_path_local_stat_result - - block: + - when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool" + block: # pgloader makes a few columns `smallint`, instead of `boolean`. # We need to fix them up. - ansible.builtin.set_fact: @@ -62,13 +64,11 @@ additional_psql_statements_db_name: "{{ matrix_dimension_database_name }}" - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_dimension_requires_restart: true - when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_dimension_database_engine == 'postgres'" - name: Ensure Dimension base path exists ansible.builtin.file: @@ -87,15 +87,15 @@ group: "{{ matrix_dimension_user_gid }}" - name: Ensure Dimension image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_dimension_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" when: "not matrix_dimension_container_image_self_build | bool" register: matrix_dimension_pull_results - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: matrix_dimension_pull_results is not failed - name: Ensure dimension repository is present on self-build @@ -110,7 +110,7 @@ register: matrix_dimension_git_pull_results - name: Ensure Dimension Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_dimension_docker_image }}" source: build force_source: "{{ matrix_dimension_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -124,7 +124,7 @@ - name: Ensure matrix-dimension.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-dimension.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-dimension.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" mode: 0644 register: matrix_dimension_systemd_service_result diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/custom/matrix-dimension/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-dimension/tasks/setup_uninstall.yml rename to roles/custom/matrix-dimension/tasks/setup_uninstall.yml index 3e2026a11..8a5f5c755 100644 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-dimension/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-dimension service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-dimension.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" register: matrix_dimension_service_stat - name: Ensure matrix-dimension is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-dimension.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-dimension.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dimension.service" state: absent when: "matrix_dimension_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Dimension Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_dimension_docker_image }}" state: absent diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/custom/matrix-dimension/tasks/validate_config.yml similarity index 100% rename from roles/matrix-dimension/tasks/validate_config.yml rename to roles/custom/matrix-dimension/tasks/validate_config.yml diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/custom/matrix-dimension/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-dimension/templates/config.yaml.j2 rename to roles/custom/matrix-dimension/templates/config.yaml.j2 diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 similarity index 62% rename from roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 rename to roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index e514a74a1..07428ffa5 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -12,16 +12,16 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true' # Fixup database ownership if it got changed somehow (during a server migration, etc.) {% if matrix_dimension_database_engine == 'sqlite' %} ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_sqlite_database_path_local }} {% endif %} -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dimension \ --log-driver=none \ --user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ --cap-drop=ALL \ @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-dimension/vars/main.yml b/roles/custom/matrix-dimension/vars/main.yml similarity index 100% rename from roles/matrix-dimension/vars/main.yml rename to roles/custom/matrix-dimension/vars/main.yml diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml similarity index 97% rename from roles/matrix-dynamic-dns/defaults/main.yml rename to roles/custom/matrix-dynamic-dns/defaults/main.yml index 16f6f3ae6..77e01d0ee 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls96 +matrix_dynamic_dns_version: v3.10.0-ls103 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" diff --git a/roles/matrix-dynamic-dns/tasks/init.yml b/roles/custom/matrix-dynamic-dns/tasks/init.yml similarity index 100% rename from roles/matrix-dynamic-dns/tasks/init.yml rename to roles/custom/matrix-dynamic-dns/tasks/init.yml diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/custom/matrix-dynamic-dns/tasks/install.yml similarity index 93% rename from roles/matrix-dynamic-dns/tasks/install.yml rename to roles/custom/matrix-dynamic-dns/tasks/install.yml index e83637bfc..2367e9cb1 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/install.yml @@ -1,15 +1,15 @@ --- - name: Ensure Dynamic DNS image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_dynamic_dns_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" when: matrix_dynamic_dns_enabled | bool and not matrix_dynamic_dns_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Dynamic DNS paths exist @@ -37,7 +37,7 @@ when: "matrix_dynamic_dns_enabled | bool and matrix_dynamic_dns_container_image_self_build | bool" - name: Ensure Dynamic DNS Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_dynamic_dns_docker_image }}" source: build force_source: "{{ matrix_dynamic_dns_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" diff --git a/roles/matrix-dynamic-dns/tasks/main.yml b/roles/custom/matrix-dynamic-dns/tasks/main.yml similarity index 100% rename from roles/matrix-dynamic-dns/tasks/main.yml rename to roles/custom/matrix-dynamic-dns/tasks/main.yml diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/custom/matrix-dynamic-dns/tasks/uninstall.yml similarity index 82% rename from roles/matrix-dynamic-dns/tasks/uninstall.yml rename to roles/custom/matrix-dynamic-dns/tasks/uninstall.yml index 5e6b429cf..7b4e76671 100644 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-dynamic-dns service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service" register: matrix_dynamic_dns_service_stat - name: Ensure matrix-dynamic-dns is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-dynamic-dns.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-dynamic-dns.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-dynamic-dns.service" state: absent when: "matrix_dynamic_dns_service_stat.stat.exists" diff --git a/roles/matrix-dynamic-dns/tasks/validate_config.yml b/roles/custom/matrix-dynamic-dns/tasks/validate_config.yml similarity index 91% rename from roles/matrix-dynamic-dns/tasks/validate_config.yml rename to roles/custom/matrix-dynamic-dns/tasks/validate_config.yml index 610dc2f8c..60adade89 100644 --- a/roles/matrix-dynamic-dns/tasks/validate_config.yml +++ b/roles/custom/matrix-dynamic-dns/tasks/validate_config.yml @@ -4,7 +4,7 @@ ansible.builtin.fail: msg: >- You need to define at least one configuration in `matrix_dynamic_dns_domain_configurations` for using matrix-dynamic-dns. - when: "matrix_dynamic_dns_domain_configurations|length == 0" + when: "matrix_dynamic_dns_domain_configurations | length == 0" - name: Fail if required settings not defined in configuration blocks ansible.builtin.fail: diff --git a/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 b/roles/custom/matrix-dynamic-dns/templates/ddclient.conf.j2 similarity index 100% rename from roles/matrix-dynamic-dns/templates/ddclient.conf.j2 rename to roles/custom/matrix-dynamic-dns/templates/ddclient.conf.j2 diff --git a/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 new file mode 100644 index 000000000..39cb94ca5 --- /dev/null +++ b/roles/custom/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Dynamic DNS +{% for service in matrix_dynamic_dns_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_dynamic_dns_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dynamic-dns \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + -e PUID={{ matrix_user_uid }} \ + -e PGID={{ matrix_user_gid }} \ + -v {{ matrix_dynamic_dns_config_path }}:/config:z \ + {% for arg in matrix_dynamic_dns_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_dynamic_dns_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-dynamic-dns + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/custom/matrix-email2matrix/defaults/main.yml similarity index 100% rename from roles/matrix-email2matrix/defaults/main.yml rename to roles/custom/matrix-email2matrix/defaults/main.yml diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/custom/matrix-email2matrix/tasks/init.yml similarity index 100% rename from roles/matrix-email2matrix/tasks/init.yml rename to roles/custom/matrix-email2matrix/tasks/init.yml diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/custom/matrix-email2matrix/tasks/main.yml similarity index 100% rename from roles/matrix-email2matrix/tasks/main.yml rename to roles/custom/matrix-email2matrix/tasks/main.yml diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/custom/matrix-email2matrix/tasks/setup_install.yml similarity index 91% rename from roles/matrix-email2matrix/tasks/setup_install.yml rename to roles/custom/matrix-email2matrix/tasks/setup_install.yml index 2a782a1a8..740506338 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/custom/matrix-email2matrix/tasks/setup_install.yml @@ -22,15 +22,15 @@ mode: 0640 - name: Ensure Email2Matrix image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_email2matrix_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" when: "not matrix_email2matrix_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Email2Matrix repository is present on self-build @@ -45,7 +45,7 @@ when: "matrix_email2matrix_container_image_self_build | bool" - name: Ensure Email2Matrix Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_email2matrix_docker_image }}" source: build force_source: "{{ matrix_email2matrix_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -59,7 +59,7 @@ - name: Ensure matrix-email2matrix.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-email2matrix.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" mode: 0644 register: matrix_email2matrix_systemd_service_result diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-email2matrix/tasks/setup_uninstall.yml rename to roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml index a713a65ad..c9600d0c9 100644 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-email2matrix/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-email2matrix service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" register: matrix_email2matrix_service_stat - name: Ensure matrix-email2matrix is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-email2matrix.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-email2matrix.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-email2matrix.service" state: absent when: "matrix_email2matrix_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Email2Matrix Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_email2matrix_docker_image }}" state: absent diff --git a/roles/matrix-email2matrix/tasks/validate_config.yml b/roles/custom/matrix-email2matrix/tasks/validate_config.yml similarity index 75% rename from roles/matrix-email2matrix/tasks/validate_config.yml rename to roles/custom/matrix-email2matrix/tasks/validate_config.yml index 59a3581e4..8d89f1d6a 100644 --- a/roles/matrix-email2matrix/tasks/validate_config.yml +++ b/roles/custom/matrix-email2matrix/tasks/validate_config.yml @@ -4,4 +4,4 @@ ansible.builtin.fail: msg: > You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix. - when: "matrix_email2matrix_matrix_mappings|length == 0" + when: "matrix_email2matrix_matrix_mappings | length == 0" diff --git a/roles/matrix-email2matrix/templates/config.json.j2 b/roles/custom/matrix-email2matrix/templates/config.json.j2 similarity index 100% rename from roles/matrix-email2matrix/templates/config.json.j2 rename to roles/custom/matrix-email2matrix/templates/config.json.j2 diff --git a/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 new file mode 100644 index 000000000..270a0c530 --- /dev/null +++ b/roles/custom/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -0,0 +1,34 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Email2Matrix +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-email2matrix \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + -p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \ + --mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \ + {% for arg in matrix_email2matrix_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_email2matrix_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-email2matrix + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/custom/matrix-etherpad/defaults/main.yml similarity index 89% rename from roles/matrix-etherpad/defaults/main.yml rename to roles/custom/matrix-etherpad/defaults/main.yml index 8281f27ff..540b2a518 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/custom/matrix-etherpad/defaults/main.yml @@ -3,6 +3,10 @@ matrix_etherpad_enabled: false +# standalone = etherpad installed on subdomain (etherpad.DOMAIN) and can be used as-is +# dimension = etherpad installed in subdir of dimension (dimension.DOMAIN/etherpad) and can be used with dimension +matrix_etherpad_mode: standalone + matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" matrix_etherpad_version: 1.8.18 @@ -28,10 +32,11 @@ matrix_etherpad_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_etherpad_container_extra_arguments: [] +# Used only when `matrix_etherpad_mode: dimension` matrix_etherpad_public_endpoint: '/etherpad' -# By default, the Etherpad app can be accessed within the Dimension domain -matrix_etherpad_base_url: "https://{{ matrix_server_fqn_dimension }}{{ matrix_etherpad_public_endpoint }}" +# By default, the Etherpad app can be accessed on etherpad subdomain +matrix_etherpad_base_url: "https://{{ matrix_server_fqn_etherpad }}/" # Database-related configuration fields. # @@ -53,6 +58,8 @@ matrix_etherpad_database_connection_string: 'postgres://{{ matrix_etherpad_datab # Variables configuring the etherpad matrix_etherpad_title: 'Etherpad' +matrix_etherpad_abiword: null +matrix_etherpad_soffice: null matrix_etherpad_default_pad_text: | Welcome to Etherpad! diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/custom/matrix-etherpad/tasks/init.yml similarity index 81% rename from roles/matrix-etherpad/tasks/init.yml rename to roles/custom/matrix-etherpad/tasks/init.yml index e16b78dd6..d35ed375e 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/custom/matrix-etherpad/tasks/init.yml @@ -4,7 +4,10 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}" when: matrix_etherpad_enabled | bool -- block: +- when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension' + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -49,16 +52,3 @@ + [matrix_etherpad_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_etherpad_enabled | bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - ansible.builtin.debug: - msg: >- - NOTE: You've enabled the Etherpad tool but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_etherpad_public_endpoint }}` - URL endpoint to the matrix-etherpad container. - You can expose the container's port using the `matrix_etherpad_container_http_host_bind_port` variable. - when: "matrix_etherpad_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/matrix-etherpad/tasks/main.yml b/roles/custom/matrix-etherpad/tasks/main.yml similarity index 100% rename from roles/matrix-etherpad/tasks/main.yml rename to roles/custom/matrix-etherpad/tasks/main.yml index b1c8ab557..caf0dda50 100644 --- a/roles/matrix-etherpad/tasks/main.yml +++ b/roles/custom/matrix-etherpad/tasks/main.yml @@ -4,20 +4,20 @@ tags: - always -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" when: run_setup | bool and matrix_etherpad_enabled | bool tags: - setup-all - setup-etherpad -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: run_setup | bool and not matrix_etherpad_enabled | bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: run_setup | bool and matrix_etherpad_enabled | bool tags: - setup-all - setup-etherpad -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup | bool and matrix_etherpad_enabled | bool +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: run_setup | bool and not matrix_etherpad_enabled | bool tags: - setup-all - setup-etherpad diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/custom/matrix-etherpad/tasks/setup_install.yml similarity index 85% rename from roles/matrix-etherpad/tasks/setup_install.yml rename to roles/custom/matrix-etherpad/tasks/setup_install.yml index 0243e9d7e..bb5e0e53e 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/custom/matrix-etherpad/tasks/setup_install.yml @@ -17,20 +17,20 @@ group: "{{ matrix_etherpad_user_gid }}" - name: Ensure Etherpad image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_etherpad_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-etherpad.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-etherpad.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-etherpad.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" mode: 0644 register: matrix_etherpad_systemd_service_result diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-etherpad/tasks/setup_uninstall.yml rename to roles/custom/matrix-etherpad/tasks/setup_uninstall.yml index 38697366c..7d93b9ab2 100644 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-etherpad/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-etherpad service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-etherpad.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" register: matrix_etherpad_service_stat - name: Ensure matrix-etherpad is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-etherpad.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-etherpad.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-etherpad.service" state: absent when: "matrix_etherpad_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Etherpad Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_etherpad_docker_image }}" state: absent diff --git a/roles/custom/matrix-etherpad/tasks/validate_config.yml b/roles/custom/matrix-etherpad/tasks/validate_config.yml new file mode 100644 index 000000000..10ddc5843 --- /dev/null +++ b/roles/custom/matrix-etherpad/tasks/validate_config.yml @@ -0,0 +1,13 @@ +--- + +- name: Fail if no database is configured for Etherpad + ansible.builtin.fail: + msg: >- + Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname" + when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled + +- name: Fail if wrong mode selected + ansible.builtin.fail: + msg: >- + You're using Etherpad in 'dimension' mode (`matrix_etherpad_serving_mode: dimension`), which tries to host Etherpad at the Dimension subdomain - `{{ matrix_server_fqn_dimension }}`. However, this isn't possible because Dimension is not enabled. To resolve the problem, either enable Dimension (`matrix_dimension_enabled: true`) or switch Etherpad to standalone mode (`matrix_etherpad_mode: standalone`) and have it served on its own domain (`{{ matrix_server_fqn_etherpad }}`). + when: matrix_etherpad_enabled | bool and matrix_etherpad_mode == 'dimension' and not matrix_dimension_enabled | default(False) | bool diff --git a/roles/matrix-etherpad/templates/settings.json.j2 b/roles/custom/matrix-etherpad/templates/settings.json.j2 similarity index 95% rename from roles/matrix-etherpad/templates/settings.json.j2 rename to roles/custom/matrix-etherpad/templates/settings.json.j2 index 0a240f3e0..cc45d1905 100644 --- a/roles/matrix-etherpad/templates/settings.json.j2 +++ b/roles/custom/matrix-etherpad/templates/settings.json.j2 @@ -20,8 +20,8 @@ "editOnly": false, "minify": true, "maxAge": 21600, - "abiword": null, - "soffice": null, + "abiword": {{ matrix_etherpad_abiword|to_json }}, + "soffice": {{ matrix_etherpad_soffice|to_json }}, "tidyHtml": null, "allowUnknownFileEnds": true, "requireAuthentication": false, @@ -103,7 +103,7 @@ "pageUp": true, "pageDown": true }, - "loglevel": "INFO", + "loglevel": "WARN", "logconfig" : { "appenders": [ { "type": "console", diff --git a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 b/roles/custom/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 similarity index 68% rename from roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 rename to roles/custom/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 index d96c42608..e0a104815 100644 --- a/roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 +++ b/roles/custom/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-etherpad +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-etherpad +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-etherpad -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-etherpad \ --log-driver=none \ --user={{ matrix_etherpad_user_uid }}:{{ matrix_etherpad_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \ --sessionkey /data/sessionkey.json --apikey /data/apijey.json -ExecStop=-{{ matrix_host_command_docker }} kill matrix-etherpad -ExecStop=-{{ matrix_host_command_docker }} rm matrix-etherpad +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill matrix-etherpad +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm matrix-etherpad Restart=always RestartSec=30 SyslogIdentifier=matrix-etherpad diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml similarity index 86% rename from roles/matrix-grafana/defaults/main.yml rename to roles/custom/matrix-grafana/defaults/main.yml index 6ef4cb6ab..7c5e8d993 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/custom/matrix-grafana/defaults/main.yml @@ -3,18 +3,14 @@ # See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md # Project source code URL: https://github.com/grafana/grafana -matrix_grafana_enabled: false +matrix_grafana_enabled: true -matrix_grafana_version: 9.1.1 +matrix_grafana_version: 9.2.4 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" -# Not conditional, because when someone disables metrics -# they might still want to look at the old existing data. -# So it would be silly to delete the dashboard in such case. -matrix_grafana_dashboard_download_urls: - - "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json" - - "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json" +# matrix_grafana_dashboard_download_urls holds a list of URLs of dashboards to download +matrix_grafana_dashboard_download_urls: [] matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana" matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config" @@ -50,6 +46,10 @@ matrix_grafana_content_security_policy: true matrix_grafana_content_security_policy_customized: false matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';" +# matrix_grafana_default_home_dashboard_path influences the `default_home_dashboard_path` grafana.ini setting, +# which is an in-container path for the default dashboard. +matrix_grafana_default_home_dashboard_path: /etc/grafana/dashboards/node-exporter-full.json + # A list of extra arguments to pass to the container matrix_grafana_container_extra_arguments: [] diff --git a/roles/matrix-grafana/tasks/init.yml b/roles/custom/matrix-grafana/tasks/init.yml similarity index 100% rename from roles/matrix-grafana/tasks/init.yml rename to roles/custom/matrix-grafana/tasks/init.yml diff --git a/roles/matrix-grafana/tasks/main.yml b/roles/custom/matrix-grafana/tasks/main.yml similarity index 100% rename from roles/matrix-grafana/tasks/main.yml rename to roles/custom/matrix-grafana/tasks/main.yml diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/custom/matrix-grafana/tasks/setup.yml similarity index 86% rename from roles/matrix-grafana/tasks/setup.yml rename to roles/custom/matrix-grafana/tasks/setup.yml index 591c02224..eabd25e5f 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/custom/matrix-grafana/tasks/setup.yml @@ -5,15 +5,15 @@ # - name: Ensure matrix-grafana image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_grafana_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" when: "matrix_grafana_enabled | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure grafana paths exists @@ -68,17 +68,17 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - with_items: "{{ matrix_grafana_dashboard_download_urls_all }}" + with_items: "{{ matrix_grafana_dashboard_download_urls }}" when: matrix_grafana_enabled | bool register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - name: Ensure matrix-grafana.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-grafana.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-grafana.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" mode: 0644 register: matrix_grafana_systemd_service_result when: matrix_grafana_enabled | bool @@ -94,7 +94,7 @@ - name: Check existence of matrix-grafana service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-grafana.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" register: matrix_grafana_service_stat - name: Ensure matrix-grafana is stopped @@ -108,7 +108,7 @@ - name: Ensure matrix-grafana.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-grafana.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-grafana.service" state: absent when: "not matrix_grafana_enabled | bool and matrix_grafana_service_stat.stat.exists" diff --git a/roles/custom/matrix-grafana/tasks/validate_config.yml b/roles/custom/matrix-grafana/tasks/validate_config.yml new file mode 100644 index 000000000..21c44dc83 --- /dev/null +++ b/roles/custom/matrix-grafana/tasks/validate_config.yml @@ -0,0 +1,16 @@ +--- + +- name: Fail if Prometheus not enabled + ansible.builtin.fail: + msg: > + You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana. + when: "not matrix_prometheus_enabled" + +- name: (Deprecation) Catch and report renamed settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_grafana_dashboard_download_urls_all', 'new': 'matrix_grafana_dashboard_download_urls'} diff --git a/roles/matrix-grafana/templates/dashboards.yaml.j2 b/roles/custom/matrix-grafana/templates/dashboards.yaml.j2 similarity index 100% rename from roles/matrix-grafana/templates/dashboards.yaml.j2 rename to roles/custom/matrix-grafana/templates/dashboards.yaml.j2 diff --git a/roles/matrix-grafana/templates/datasources.yaml.j2 b/roles/custom/matrix-grafana/templates/datasources.yaml.j2 similarity index 100% rename from roles/matrix-grafana/templates/datasources.yaml.j2 rename to roles/custom/matrix-grafana/templates/datasources.yaml.j2 diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/custom/matrix-grafana/templates/grafana.ini.j2 similarity index 83% rename from roles/matrix-grafana/templates/grafana.ini.j2 rename to roles/custom/matrix-grafana/templates/grafana.ini.j2 index 1e06683ee..ac609f914 100644 --- a/roles/matrix-grafana/templates/grafana.ini.j2 +++ b/roles/custom/matrix-grafana/templates/grafana.ini.j2 @@ -26,8 +26,4 @@ enabled = {{ matrix_grafana_anonymous_access }} org_name = "{{ matrix_grafana_anonymous_access_org_name }}" [dashboards] -{% if matrix_synapse_metrics_enabled %} -default_home_dashboard_path = /etc/grafana/dashboards/synapse.json -{% else %} -default_home_dashboard_path = /etc/grafana/dashboards/node-exporter-full.json -{% endif %} +default_home_dashboard_path = {{ matrix_grafana_default_home_dashboard_path }} diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/custom/matrix-grafana/templates/systemd/matrix-grafana.service.j2 similarity index 54% rename from roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 rename to roles/custom/matrix-grafana/templates/systemd/matrix-grafana.service.j2 index e0f580765..fd48b01eb 100644 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ b/roles/custom/matrix-grafana/templates/systemd/matrix-grafana.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-grafana 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-grafana \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ {% endfor %} {{ matrix_grafana_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-grafana 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-grafana diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml similarity index 99% rename from roles/matrix-jitsi/defaults/main.yml rename to roles/custom/matrix-jitsi/defaults/main.yml index d94c62f46..e1fcc318a 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/custom/matrix-jitsi/defaults/main.yml @@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7648-3 +matrix_jitsi_version: stable-7882 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/custom/matrix-jitsi/tasks/init.yml similarity index 100% rename from roles/matrix-jitsi/tasks/init.yml rename to roles/custom/matrix-jitsi/tasks/init.yml diff --git a/roles/matrix-jitsi/tasks/main.yml b/roles/custom/matrix-jitsi/tasks/main.yml similarity index 100% rename from roles/matrix-jitsi/tasks/main.yml rename to roles/custom/matrix-jitsi/tasks/main.yml diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml similarity index 81% rename from roles/matrix-jitsi/tasks/setup_jitsi_base.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml index a91949e11..c52c19021 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_base.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_base.yml @@ -1,6 +1,8 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_openssl_installed # # Tasks related to setting up jitsi diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml similarity index 89% rename from roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 8b2ec6a7a..d93953086 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -17,15 +17,15 @@ when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-jicofo Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_jitsi_jicofo_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" when: matrix_jitsi_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure jitsi-jicofo environment variables file created @@ -52,7 +52,7 @@ - name: Ensure matrix-jitsi-jicofo.service installed ansible.builtin.template: src: "{{ role_path }}/templates/jicofo/matrix-jitsi-jicofo.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" mode: 0644 register: matrix_jitsi_jicofo_systemd_service_result when: matrix_jitsi_enabled | bool @@ -68,7 +68,7 @@ - name: Check existence of matrix-jitsi-jicofo service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" register: matrix_jitsi_jicofo_service_stat when: "not matrix_jitsi_enabled | bool" @@ -83,7 +83,7 @@ - name: Ensure matrix-jitsi-jicofo.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jicofo.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jicofo.service" state: absent when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jicofo_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml similarity index 89% rename from roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml index cdb94ebdd..966572af5 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -17,15 +17,15 @@ when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-jvb Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_jitsi_jvb_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure jitsi-jvb configuration files created @@ -52,7 +52,7 @@ - name: Ensure matrix-jitsi-jvb.service installed ansible.builtin.template: src: "{{ role_path }}/templates/jvb/matrix-jitsi-jvb.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" mode: 0644 register: matrix_jitsi_jvb_systemd_service_result when: matrix_jitsi_enabled | bool @@ -68,7 +68,7 @@ - name: Check existence of matrix-jitsi-jvb service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" register: matrix_jitsi_jvb_service_stat when: "not matrix_jitsi_enabled | bool" @@ -83,7 +83,7 @@ - name: Ensure matrix-jitsi-jvb.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-jvb.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-jvb.service" state: absent when: "not matrix_jitsi_enabled | bool and matrix_jitsi_jvb_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml similarity index 89% rename from roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 9383b48b6..1a1656b2c 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -18,15 +18,15 @@ when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-prosody Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_jitsi_prosody_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" when: matrix_jitsi_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure jitsi-prosody environment variables file is created @@ -41,7 +41,7 @@ - name: Ensure matrix-jitsi-prosody.service file is installed ansible.builtin.template: src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" mode: 0644 register: matrix_jitsi_prosody_systemd_service_result when: matrix_jitsi_enabled | bool @@ -65,7 +65,7 @@ - name: Ensure matrix-jitsi-prosody.service file exists ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" register: matrix_jitsi_prosody_service_stat when: "not matrix_jitsi_enabled | bool" @@ -80,7 +80,7 @@ - name: Ensure matrix-jitsi-prosody.service file doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-prosody.service" state: absent when: "not matrix_jitsi_enabled | bool and matrix_jitsi_prosody_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml similarity index 89% rename from roles/matrix-jitsi/tasks/setup_jitsi_web.yml rename to roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml index 1c7daa4b9..b6d3241b5 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/custom/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -19,15 +19,15 @@ when: matrix_jitsi_enabled | bool and item.when - name: Ensure jitsi-web Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_jitsi_web_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" when: matrix_jitsi_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure jitsi-web environment variables file created @@ -54,7 +54,7 @@ - name: Ensure matrix-jitsi-web.service installed ansible.builtin.template: src: "{{ role_path }}/templates/web/matrix-jitsi-web.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" mode: 0644 register: matrix_jitsi_web_systemd_service_result when: matrix_jitsi_enabled | bool @@ -70,7 +70,7 @@ - name: Check existence of matrix-jitsi-web service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" register: matrix_jitsi_web_service_stat when: "not matrix_jitsi_enabled | bool" @@ -85,7 +85,7 @@ - name: Ensure matrix-jitsi-web.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-jitsi-web.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-jitsi-web.service" state: absent when: "not matrix_jitsi_enabled | bool and matrix_jitsi_web_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml b/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml similarity index 81% rename from roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml rename to roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml index d9da9ebe1..4edc5431b 100644 --- a/roles/matrix-jitsi/tasks/util/setup_jitsi_auth.yml +++ b/roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml @@ -15,7 +15,7 @@ # - name: Ensure Jitsi internal authentication users are configured - ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" + ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}" with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}" when: - matrix_jitsi_auth_type == "internal" diff --git a/roles/matrix-jitsi/tasks/validate_config.yml b/roles/custom/matrix-jitsi/tasks/validate_config.yml similarity index 100% rename from roles/matrix-jitsi/tasks/validate_config.yml rename to roles/custom/matrix-jitsi/tasks/validate_config.yml diff --git a/roles/matrix-jitsi/templates/jicofo/env.j2 b/roles/custom/matrix-jitsi/templates/jicofo/env.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jicofo/env.j2 rename to roles/custom/matrix-jitsi/templates/jicofo/env.j2 diff --git a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 b/roles/custom/matrix-jitsi/templates/jicofo/logging.properties.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jicofo/logging.properties.j2 rename to roles/custom/matrix-jitsi/templates/jicofo/logging.properties.j2 diff --git a/roles/custom/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/custom/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 new file mode 100644 index 000000000..1cf08234c --- /dev/null +++ b/roles/custom/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -0,0 +1,33 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix jitsi-jicofo server +{% for service in matrix_jitsi_jicofo_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ + --log-driver=none \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ + --mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \ + {% for arg in matrix_jitsi_jicofo_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_jitsi_jicofo_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-jitsi-jicofo + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 b/roles/custom/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 rename to roles/custom/matrix-jitsi/templates/jicofo/sip-communicator.properties.j2 diff --git a/roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 b/roles/custom/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 rename to roles/custom/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/custom/matrix-jitsi/templates/jvb/env.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jvb/env.j2 rename to roles/custom/matrix-jitsi/templates/jvb/env.j2 diff --git a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 b/roles/custom/matrix-jitsi/templates/jvb/logging.properties.j2 similarity index 100% rename from roles/matrix-jitsi/templates/jvb/logging.properties.j2 rename to roles/custom/matrix-jitsi/templates/jvb/logging.properties.j2 diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/custom/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 similarity index 59% rename from roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 rename to roles/custom/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index f0b141fc0..922d201a7 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/custom/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-jvb \ --log-driver=none \ --network={{ matrix_docker_network }} \ --network-alias=jvb.meet.jitsi \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/custom/matrix-jitsi/templates/prosody/env.j2 similarity index 100% rename from roles/matrix-jitsi/templates/prosody/env.j2 rename to roles/custom/matrix-jitsi/templates/prosody/env.j2 diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 similarity index 54% rename from roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 rename to roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 0c3a3932d..0b2592aed 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/custom/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-prosody \ --log-driver=none \ --network={{ matrix_docker_network }} \ --network-alias={{ matrix_jitsi_xmpp_server }} \ @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/custom-config.js.j2 b/roles/custom/matrix-jitsi/templates/web/custom-config.js.j2 similarity index 100% rename from roles/matrix-jitsi/templates/web/custom-config.js.j2 rename to roles/custom/matrix-jitsi/templates/web/custom-config.js.j2 diff --git a/roles/matrix-jitsi/templates/web/custom-interface_config.js.j2 b/roles/custom/matrix-jitsi/templates/web/custom-interface_config.js.j2 similarity index 100% rename from roles/matrix-jitsi/templates/web/custom-interface_config.js.j2 rename to roles/custom/matrix-jitsi/templates/web/custom-interface_config.js.j2 diff --git a/roles/matrix-jitsi/templates/web/env.j2 b/roles/custom/matrix-jitsi/templates/web/env.j2 similarity index 100% rename from roles/matrix-jitsi/templates/web/env.j2 rename to roles/custom/matrix-jitsi/templates/web/env.j2 diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/custom/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 similarity index 56% rename from roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 rename to roles/custom/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index 8f29bfa82..fcb5f2213 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/custom/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -9,11 +9,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-jitsi-web \ --log-driver=none \ --network={{ matrix_docker_network }} \ --network-alias={{ matrix_jitsi_xmpp_domain }} \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml b/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml new file mode 100644 index 000000000..7ee5a947b --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/defaults/main.yml @@ -0,0 +1,58 @@ +--- +# matrix_ldap_registration_proxy - Want to build a large-scale Matrix server using external registration on LDAP? +# Project source code URL: https://gitlab.com/activism.international/matrix_ldap_registration_proxy + +matrix_ldap_registration_proxy_enabled: true + +matrix_ldap_registration_proxy_docker_image: matrix_ldap_registration_proxy +matrix_ldap_registration_proxy_container_image_self_build_repo: "https://gitlab.com/activism.international/matrix_ldap_registration_proxy.git" +matrix_ldap_registration_proxy_container_image_self_build_branch: "{{ matrix_ldap_registration_proxy_version }}" + +matrix_ldap_registration_proxy_version: "296246afc6a9b3105e67fcf6621cf05ebc74b873" + +matrix_ldap_registration_proxy_base_path: "{{ matrix_base_data_path }}/matrix_ldap_registration_proxy" +# We need the docker src directory to be named matrix_ldap_registration_proxy. +matrix_ldap_registration_proxy_docker_src_files_path: "{{ matrix_ldap_registration_proxy_base_path }}/docker-src/matrix_ldap_registration_proxy" +matrix_ldap_registration_proxy_config_path: "{{ matrix_ldap_registration_proxy_base_path }}/config" + +matrix_ldap_registration_proxy_ldap_uri: "" +matrix_ldap_registration_proxy_ldap_base_dn: "" +matrix_ldap_registration_proxy_ldap_user: "" +matrix_ldap_registration_proxy_ldap_password: "" +matrix_ldap_registration_proxy_matrix_server_name: "{{ matrix_domain }}" +matrix_ldap_registration_proxy_matrix_server_url: "https://{{ matrix_server_fqn_matrix }}" + +matrix_ldap_registration_proxy_registration_endpoint: "/_matrix/client/r0/register" + +# Controls whether the self-check feature should validate SSL certificates. +matrix_matrix_ldap_registration_proxy_self_check_validate_certificates: true + +matrix_ldap_registration_proxy_container_port: 8080 +# Controls whether the matrix_ldap_registration_proxy container exposes its HTTP port (tcp/{{ matrix_ldap_registration_proxy_container_port }} in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8080"), or empty string to not expose. +matrix_ldap_registration_proxy_container_http_host_bind_port: '' + +# `matrix_ldap_registration_proxy_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_ldap_registration_proxy_container_http_host_bind_port`, +# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') +matrix_ldap_registration_proxy_container_http_host_bind_port_number_raw: "{{ '' if matrix_ldap_registration_proxy_container_http_host_bind_port == '' else (matrix_ldap_registration_proxy_container_http_host_bind_port.split(':')[1] if ':' in matrix_ldap_registration_proxy_container_http_host_bind_port else matrix_ldap_registration_proxy_container_http_host_bind_port) }}" + +matrix_ldap_registration_proxy_registration_addr_with_container: "matrix-ldap_registration-proxy:{{ matrix_ldap_registration_proxy_container_http_host_bind_port_number_raw }}" +matrix_ldap_registration_proxy_registration_addr_sans_container: "127.0.0.1:{{ matrix_ldap_registration_proxy_container_http_host_bind_port_number_raw }}" + + +# A list of extra arguments to pass to the container +matrix_ldap_registration_proxy_container_extra_arguments: [] + +# List of systemd services that matrix_ldap_registration_proxy.service depends on +matrix_ldap_registration_proxy_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix_ldap_registration_proxy.service wants +matrix_ldap_registration_proxy_systemd_wanted_services_list: [] + +# Additional environment variables to pass to the LDAP proxy environment variables. +# +# Example: +# matrix_ldap_registration_proxy_env_variables_extension: | +# KEY=value +matrix_ldap_registration_proxy_env_variables_extension: '' diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml new file mode 100644 index 000000000..406236095 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/init.yml @@ -0,0 +1,57 @@ +--- +# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 +# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 +- name: Fail if trying to self-build on Ansible < 2.8 + ansible.builtin.fail: + msg: "To self-build the matrix_ldap_registration_proxy image, you should use Ansible 2.8 or higher. See docs/ansible.md" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_ldap_registration_proxy_container_image_self_build and matrix_ldap_registration_proxy_enabled | bool" + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ldap-registration-proxy.service'] }}" + when: matrix_ldap_registration_proxy_enabled | bool + +- when: matrix_ldap_registration_proxy_enabled | bool + tags: + - always + block: + - name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Matrix LDAP registration proxy's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + + - name: Generate Matrix LDAP registration proxy proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration: | + location {{ matrix_ldap_registration_proxy_registration_endpoint }} { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_ldap_registration_proxy_registration_addr_with_container }}"; + proxy_pass http://$backend/register; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_ldap_registration_proxy_registration_addr_sans_container }}/register; + {% endif %} + } + + - name: Register Matrix LDAP registration proxy proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_ldap_registration_proxy_matrix_nginx_proxy_configuration] + }} + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Matrix LDAP registration proxy bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_ldap_registration_proxy_public_endpoint }}` + URL endpoint to the matrix-ldap-proxy container. + You can expose the container's port using the `matrix_ldap_registration_proxy_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled | default(False) | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml new file mode 100644 index 000000000..5815774ec --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" + tags: + - setup-all + - setup-matrix-ldap-registration-proxy + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_ldap_registration_proxy_enabled | bool" + tags: + - setup-all + - setup-matrix-ldap-registration-proxy + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_ldap_registration_proxy_enabled | bool" + tags: + - setup-all + - setup-matrix-ldap-registration-proxy diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml new file mode 100644 index 000000000..3ac8f9b8d --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_install.yml @@ -0,0 +1,63 @@ +--- + +- name: Ensure matrix_ldap_registration_proxy paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_ldap_registration_proxy_config_path }}", when: true} + - {path: "{{ matrix_ldap_registration_proxy_docker_src_files_path }}", when: true} + when: "item.when | bool" + +- ansible.builtin.set_fact: + matrix_ldap_registration_proxy_requires_restart: false + +- name: Ensure matrix_ldap_registration_proxy repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_ldap_registration_proxy_container_image_self_build_repo }}" + dest: "{{ matrix_ldap_registration_proxy_docker_src_files_path }}" + version: "{{ matrix_ldap_registration_proxy_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_ldap_registration_proxy_git_pull_results + +- name: Ensure matrix_ldap_registration_proxy Docker image is built + community.docker.docker_image: + name: "{{ matrix_ldap_registration_proxy_docker_image }}" + source: build + force_source: "{{ matrix_ldap_registration_proxy_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_ldap_registration_proxy_docker_src_files_path }}" + pull: true + when: true + +- name: Ensure matrix_ldap_registration_proxy config installed + ansible.builtin.template: + src: "{{ role_path }}/templates/ldap-registration-proxy.env.j2" + dest: "{{ matrix_ldap_registration_proxy_config_path }}/ldap-registration-proxy.env" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-ldap-registration-proxy.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-ldap-registration-proxy.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" + mode: 0644 + register: matrix_ldap_registration_proxy_systemd_service_result + +- name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_ldap_registration_proxy_systemd_service_result.changed | bool" + +- name: Ensure matrix-ldap-registration-proxy.service restarted, if necessary + ansible.builtin.service: + name: "matrix-ldap-registration-proxy.service" + state: restarted + when: "matrix_ldap_registration_proxy_requires_restart | bool" diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml new file mode 100644 index 000000000..ed19ad9c1 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-matrix_ldap_registration_proxy service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" + register: matrix_ldap_registration_proxy_service_stat + +- name: Ensure matrix-matrix_ldap_registration_proxy is stopped + ansible.builtin.service: + name: matrix-matrix_ldap_registration_proxy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + +- name: Ensure matrix-ldap-registration-proxy.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ldap-registration-proxy.service" + state: absent + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + +- name: Ensure systemd reloaded after matrix-ldap-registration-proxy.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_ldap_registration_proxy_service_stat.stat.exists | bool" + +- name: Ensure Matrix matrix_ldap_registration_proxy paths don't exist + ansible.builtin.file: + path: "{{ matrix_ldap_registration_proxy_base_path }}" + state: absent + +- name: Ensure matrix_ldap_registration_proxy Docker image doesn't exist + community.docker.docker_image: + name: "{{ matrix_ldap_registration_proxy_docker_image }}" + state: absent diff --git a/roles/custom/matrix-ldap-registration-proxy/tasks/validate_config.yml b/roles/custom/matrix-ldap-registration-proxy/tasks/validate_config.yml new file mode 100644 index 000000000..6b52af9c8 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/tasks/validate_config.yml @@ -0,0 +1,12 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_ldap_registration_proxy_ldap_uri" + - "matrix_ldap_registration_proxy_ldap_base_dn" + - "matrix_ldap_registration_proxy_ldap_user" + - "matrix_ldap_registration_proxy_ldap_password" diff --git a/roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2 b/roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2 new file mode 100644 index 000000000..581a0b0d8 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/templates/ldap-registration-proxy.env.j2 @@ -0,0 +1,35 @@ +# please specify the configuration here +# +# these settings are mandatory + +# The server to connect to. Please note it must be accessible from the Docker network +# example: `ldap://127.0.0.1:389` +LDAP_SERVER={{ matrix_ldap_registration_proxy_ldap_uri }} + +# the base DN used for user creation + +LDAP_BASE_DN={{ matrix_ldap_registration_proxy_ldap_base_dn }} + +# the privileged user used for user creation including it's DN +# example: `uid=admin,cn=users,cn=accounts,dc=example,dc=org` + +LDAP_USER={{ matrix_ldap_registration_proxy_ldap_user }} + +# the password of the `LDAP_USER` used for authentication +LDAP_PASSWORD={{ matrix_ldap_registration_proxy_ldap_password }} + +# the human-readable server name of your Matrix server as used in the Matrix ID +# example: `example.org` +MATRIX_SERVER_NAME={{ matrix_ldap_registration_proxy_matrix_server_name }} + +# the url to access the Matrix server API without trailing `/` +# example: `https://matrix.example.org` +MATRIX_SERVER_URL={{ matrix_ldap_registration_proxy_matrix_server_url }} + +# these settings are optional: + +# Specify the port to listen on. Default to 8080 +LISTEN_PORT={{ matrix_ldap_registration_proxy_container_port }} + +# Use this to extend the configuration with custom variables +{{ matrix_ldap_registration_proxy_env_variables_extension }} diff --git a/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 b/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 new file mode 100644 index 000000000..641e321e2 --- /dev/null +++ b/roles/custom/matrix-ldap-registration-proxy/templates/systemd/matrix-ldap-registration-proxy.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix_ldap_registration_proxy +{% for service in matrix_ldap_registration_proxy_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_ldap_registration_proxy_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ldap-registration-proxy 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true' + +# matrix_ldap_registration_proxy writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, +# so /tmp needs to be mounted with an exec option. +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ldap-registration-proxy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + {% if matrix_ldap_registration_proxy_container_http_host_bind_port %} + -p {{ matrix_ldap_registration_proxy_container_http_host_bind_port }}:{{ matrix_ldap_registration_proxy_container_port }} \ + {% endif %} + --env-file {{ matrix_ldap_registration_proxy_config_path }}/ldap-registration-proxy.env \ + {% for arg in matrix_ldap_registration_proxy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_ldap_registration_proxy_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ldap-registration-proxy 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ldap-registration-proxy 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-ldap-registration-proxy + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/custom/matrix-ma1sd/defaults/main.yml similarity index 100% rename from roles/matrix-ma1sd/defaults/main.yml rename to roles/custom/matrix-ma1sd/defaults/main.yml diff --git a/roles/matrix-ma1sd/tasks/init.yml b/roles/custom/matrix-ma1sd/tasks/init.yml similarity index 100% rename from roles/matrix-ma1sd/tasks/init.yml rename to roles/custom/matrix-ma1sd/tasks/init.yml diff --git a/roles/matrix-ma1sd/tasks/main.yml b/roles/custom/matrix-ma1sd/tasks/main.yml similarity index 100% rename from roles/matrix-ma1sd/tasks/main.yml rename to roles/custom/matrix-ma1sd/tasks/main.yml diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml similarity index 90% rename from roles/matrix-ma1sd/tasks/migrate_mxisd.yml rename to roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml index 7457001c8..ee7228959 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/custom/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -16,7 +16,7 @@ - name: Check existence of old matrix-mxisd service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mxisd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mxisd.service" register: matrix_mxisd_service_stat - name: Ensure matrix-mxisd is stopped @@ -29,7 +29,7 @@ - name: Check existence of matrix-ma1sd service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" register: matrix_ma1sd_service_stat when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" @@ -42,7 +42,8 @@ # We use shell commands for the migration, because the Ansible copy module cannot # recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible. -- block: +- when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" + block: - name: Copy mxisd data files to ma1sd folder ansible.builtin.command: cmd: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}" @@ -66,11 +67,10 @@ cmd: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated" register: matrix_ma1sd_migrate_mxisd_move_directory_result changed_when: matrix_ma1sd_migrate_mxisd_move_directory_result.rc == 0 - when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists" - name: Ensure outdated matrix-mxisd.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mxisd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mxisd.service" state: absent when: "matrix_mxisd_service_stat.stat.exists" diff --git a/roles/matrix-ma1sd/tasks/self_check_ma1sd.yml b/roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml similarity index 100% rename from roles/matrix-ma1sd/tasks/self_check_ma1sd.yml rename to roles/custom/matrix-ma1sd/tasks/self_check_ma1sd.yml diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml similarity index 91% rename from roles/matrix-ma1sd/tasks/setup_install.yml rename to roles/custom/matrix-ma1sd/tasks/setup_install.yml index ef32288fa..b9668a053 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml @@ -21,13 +21,15 @@ - ansible.builtin.set_fact: matrix_ma1sd_requires_restart: false -- block: +- when: "matrix_ma1sd_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_ma1sd_sqlite_database_path_local }}" register: matrix_ma1sd_sqlite_database_path_local_stat_result - - block: + - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_ma1sd_sqlite_database_path_local }}" @@ -39,27 +41,26 @@ pgloader_options: ['--with "quote identifiers"'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_ma1sd_requires_restart: true - when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_ma1sd_database_engine == 'postgres'" - name: Ensure ma1sd image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_ma1sd_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" when: "not matrix_ma1sd_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- block: +- when: "matrix_ma1sd_container_image_self_build | bool" + block: - name: Ensure gradle is installed for self-building (Debian) ansible.builtin.apt: name: @@ -73,13 +74,8 @@ msg: "Installing gradle on RedHat ({{ ansible_distribution }}) is currently not supported, so self-building ma1sd cannot happen at this time" when: ansible_os_family == 'RedHat' - - name: Ensure gradle is installed for self-building (Archlinux) - pacman: - name: - - gradle - state: present - update_cache: true - when: ansible_distribution == 'Archlinux' + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/ensure_gradle_installed_archlinux.yml" + when: "ansible_distribution == 'Archlinux'" - name: Ensure ma1sd repository is present on self-build ansible.builtin.git: @@ -100,7 +96,7 @@ when: matrix_ma1sd_git_pull_results.changed - name: Ensure ma1sd Docker image is tagged correctly - docker_image: + community.docker.docker_image: # The build script always tags the image with 2 tags: # - based on the branch/version: e.g. `ma1uta/ma1sd:2.4.0` (when on `2.4.0`) # or `ma1uta/ma1sd:2.4.0-19-ga71d32b` (when on a given commit for a pre-release) @@ -111,7 +107,6 @@ repository: "{{ matrix_ma1sd_docker_image }}" force_tag: true source: local - when: "matrix_ma1sd_container_image_self_build | bool" - name: Ensure ma1sd config installed ansible.builtin.copy: @@ -162,7 +157,7 @@ - name: Ensure matrix-ma1sd.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-ma1sd.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-ma1sd.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" mode: 0644 register: matrix_ma1sd_systemd_service_result diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-ma1sd/tasks/setup_uninstall.yml rename to roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml index 2bc505b0f..c7e8bf633 100644 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-ma1sd service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" register: matrix_ma1sd_service_stat - name: Ensure matrix-ma1sd is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-ma1sd.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-ma1sd.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ma1sd.service" state: absent when: "matrix_ma1sd_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure ma1sd Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_ma1sd_docker_image }}" state: absent diff --git a/roles/custom/matrix-ma1sd/tasks/util/ensure_gradle_installed_archlinux.yml b/roles/custom/matrix-ma1sd/tasks/util/ensure_gradle_installed_archlinux.yml new file mode 100644 index 000000000..cfe38a8d4 --- /dev/null +++ b/roles/custom/matrix-ma1sd/tasks/util/ensure_gradle_installed_archlinux.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure gradle installed (Archlinux) + community.general.pacman: + name: gradle + state: present diff --git a/roles/matrix-ma1sd/tasks/validate_config.yml b/roles/custom/matrix-ma1sd/tasks/validate_config.yml similarity index 100% rename from roles/matrix-ma1sd/tasks/validate_config.yml rename to roles/custom/matrix-ma1sd/tasks/validate_config.yml diff --git a/roles/matrix-ma1sd/templates/ma1sd.yaml.j2 b/roles/custom/matrix-ma1sd/templates/ma1sd.yaml.j2 similarity index 100% rename from roles/matrix-ma1sd/templates/ma1sd.yaml.j2 rename to roles/custom/matrix-ma1sd/templates/ma1sd.yaml.j2 diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 similarity index 61% rename from roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 rename to roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 427f6c9ff..9dbddbbf1 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -12,13 +12,13 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option. -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ma1sd \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-ma1sd/vars/main.yml b/roles/custom/matrix-ma1sd/vars/main.yml similarity index 100% rename from roles/matrix-ma1sd/vars/main.yml rename to roles/custom/matrix-ma1sd/vars/main.yml diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/custom/matrix-mailer/defaults/main.yml similarity index 100% rename from roles/matrix-mailer/defaults/main.yml rename to roles/custom/matrix-mailer/defaults/main.yml diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/custom/matrix-mailer/tasks/init.yml similarity index 100% rename from roles/matrix-mailer/tasks/init.yml rename to roles/custom/matrix-mailer/tasks/init.yml diff --git a/roles/matrix-mailer/tasks/main.yml b/roles/custom/matrix-mailer/tasks/main.yml similarity index 100% rename from roles/matrix-mailer/tasks/main.yml rename to roles/custom/matrix-mailer/tasks/main.yml diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/custom/matrix-mailer/tasks/setup_mailer.yml similarity index 89% rename from roles/matrix-mailer/tasks/setup_mailer.yml rename to roles/custom/matrix-mailer/tasks/setup_mailer.yml index 2ab39df5d..5d81565a2 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/custom/matrix-mailer/tasks/setup_mailer.yml @@ -35,7 +35,7 @@ when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool" - name: Ensure exim-relay Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_mailer_docker_image }}" source: build force_source: "{{ matrix_mailer_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -47,21 +47,21 @@ when: "matrix_mailer_enabled | bool and matrix_mailer_container_image_self_build | bool" - name: Ensure exim-relay image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_mailer_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" when: "matrix_mailer_enabled | bool and not matrix_mailer_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-mailer.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mailer.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mailer.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" mode: 0644 register: matrix_mailer_systemd_service_result when: matrix_mailer_enabled | bool @@ -77,7 +77,7 @@ - name: Check existence of matrix-mailer service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mailer.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" register: matrix_mailer_service_stat when: "not matrix_mailer_enabled | bool" @@ -92,7 +92,7 @@ - name: Ensure matrix-mailer.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mailer.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mailer.service" state: absent when: "not matrix_mailer_enabled | bool and matrix_mailer_service_stat.stat.exists" @@ -108,7 +108,7 @@ when: "not matrix_mailer_enabled | bool" - name: Ensure mailer Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_mailer_docker_image }}" state: absent when: "not matrix_mailer_enabled | bool" diff --git a/roles/matrix-mailer/templates/env-mailer.j2 b/roles/custom/matrix-mailer/templates/env-mailer.j2 similarity index 100% rename from roles/matrix-mailer/templates/env-mailer.j2 rename to roles/custom/matrix-mailer/templates/env-mailer.j2 diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 similarity index 51% rename from roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 rename to roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index 83cd298ef..469d08172 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/custom/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -7,13 +7,13 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true' # --hostname gives us a friendlier hostname than the default. # The real hostname is passed via a `HOSTNAME` environment variable though. -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mailer \ --log-driver=none \ --user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \ --cap-drop=ALL \ @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mailer 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml similarity index 94% rename from roles/matrix-nginx-proxy/defaults/main.yml rename to roles/custom/matrix-nginx-proxy/defaults/main.yml index 8cf24a228..b7d4819dd 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.23.1-alpine +matrix_nginx_proxy_version: 1.23.2-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but @@ -192,6 +192,10 @@ matrix_nginx_proxy_proxy_matrix_federation_port: 8448 matrix_nginx_proxy_proxy_dimension_enabled: false matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}" +# Controls whether proxying the etherpad domain should be done. +matrix_nginx_proxy_proxy_etherpad_enabled: false +matrix_nginx_proxy_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}" + # Controls whether proxying the goneb domain should be done. matrix_nginx_proxy_proxy_bot_go_neb_enabled: false matrix_nginx_proxy_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}" @@ -252,7 +256,7 @@ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path: "{{ matrix_nginx_proxy_ # when `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` are provided. # This image provides the `htpasswd` tool which we use for generating the htpasswd file protecting `/metrics/*`. # To avoid using this, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead of supplying username/password. -# Learn more in: `roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. +# Learn more in: `roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image: "{{ matrix_container_global_registry_prefix }}httpd:{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag }}" matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag: "2.4.54-alpine3.16" matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag.endswith(':latest') }}" @@ -373,6 +377,9 @@ matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to etherpad's server configuration (matrix-etherpad.conf). +matrix_nginx_proxy_proxy_etherpad_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to GoNEB's server configuration (matrix-bot-go-neb.conf). matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks: [] @@ -547,7 +554,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.28.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.31.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ @@ -572,6 +579,20 @@ matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" matrix_ssl_pre_obtaining_required_service_name: ~ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds: 60 +# matrix_ssl_orphaned_renewal_configs_purging_enabled controls whether the playbook will delete Let's Encryption renewal configuration files (`/matrix/ssl/config/renewal/*.conf) +# for domains that are not part of the `matrix_ssl_domains_to_obtain_certificates_for` list. +# +# As the `matrix_ssl_domains_to_obtain_certificates_for` list changes over time, the playbook obtains certificates for various domains +# and sets up "renewal" configuration files to keep these certificates fresh. +# When a domain disappears from the `matrix_ssl_domains_to_obtain_certificates_for` list (because its associated service had gotten disabled), +# the certificate files and renewal configuration still remain in the filesystem and certbot may try to renewal the certificate for this domain. +# If there's no DNS record for this domain or it doesn't point to this server anymore, the `matrix-ssl-lets-encrypt-certificates-renew.service` systemd service +# won't be able to renew the certificate and will generate an error. +# +# With `matrix_ssl_orphaned_renewal_configs_purging_enabled` enabled, orphaned renewal configurations will be purged on each playbook run. +# Some other leftover files will still remain, but we don't bother purging them because they don't cause troubles. +matrix_ssl_orphaned_renewal_configs_purging_enabled: true + # Nginx Optimize SSL Session # # ssl_session_cache: @@ -623,13 +644,17 @@ matrix_nginx_proxy_synapse_workers_enabled: false matrix_nginx_proxy_synapse_workers_list: [] matrix_nginx_proxy_synapse_generic_worker_client_server_locations: [] matrix_nginx_proxy_synapse_generic_worker_federation_locations: [] +matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: [] matrix_nginx_proxy_synapse_media_repository_locations: [] matrix_nginx_proxy_synapse_user_dir_locations: [] -matrix_nginx_proxy_synapse_frontend_proxy_locations: [] # synapse content caching matrix_nginx_proxy_synapse_cache_enabled: false -matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path+'/synapse-cache' }}" +matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path + '/synapse-cache' }}" matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC" matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m" matrix_nginx_proxy_synapse_cache_inactive_time: "48h" diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/custom/matrix-nginx-proxy/tasks/init.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/init.yml rename to roles/custom/matrix-nginx-proxy/tasks/init.yml diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/custom/matrix-nginx-proxy/tasks/main.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/main.yml rename to roles/custom/matrix-nginx-proxy/tasks/main.yml diff --git a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml similarity index 91% rename from roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml rename to roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml index c511e402c..a72d26f68 100644 --- a/roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml @@ -15,16 +15,17 @@ # See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module # We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. # As a workaround, we run `htpasswd` from an Apache container image. -- block: +- when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' + block: - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - docker_image: + community.docker.docker_image: name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed # We store the password in a file and make the `htpasswd` tool read it from there, @@ -40,7 +41,7 @@ - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -57,4 +58,3 @@ ansible.builtin.file: path: /tmp/matrix-nginx-proxy-metrics-password state: absent - when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml b/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml similarity index 94% rename from roles/matrix-nginx-proxy/tasks/self_check_well_known.yml rename to roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml index 2a5042d5a..e7ed549c6 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known.yml @@ -9,7 +9,8 @@ follow_redirects: "{{ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects }}" validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}" -- block: +- when: matrix_well_known_matrix_server_enabled | bool + block: - ansible.builtin.set_fact: well_known_file_check_matrix_server: path: /.well-known/matrix/server @@ -21,7 +22,6 @@ - name: Determine domains that we require certificates for (ma1sd) ansible.builtin.set_fact: well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}" - when: matrix_well_known_matrix_server_enabled | bool - name: Perform well-known checks ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml" diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/custom/matrix-nginx-proxy/tasks/self_check_well_known_file.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml rename to roles/custom/matrix-nginx-proxy/tasks/self_check_well_known_file.yml diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml similarity index 93% rename from roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml rename to roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 4d93e769c..4a74d3991 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -123,6 +123,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_dimension_enabled | bool +- name: Ensure Matrix nginx-proxy configuration for etherpad domain exists + ansible.builtin.template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-etherpad.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-etherpad.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_etherpad_enabled | bool + - name: Ensure Matrix nginx-proxy configuration for goneb domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2" @@ -193,21 +200,21 @@ # Tasks related to setting up matrix-nginx-proxy # - name: Ensure nginx Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_nginx_proxy_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}" when: matrix_nginx_proxy_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-nginx-proxy.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" mode: 0644 register: matrix_nginx_proxy_systemd_service_result when: matrix_nginx_proxy_enabled | bool @@ -224,7 +231,7 @@ - name: Check existence of matrix-nginx-proxy service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" register: matrix_nginx_proxy_service_stat when: "not matrix_nginx_proxy_enabled | bool" @@ -239,7 +246,7 @@ - name: Ensure matrix-nginx-proxy.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service" state: absent when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists" @@ -314,6 +321,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_ntfy_enabled | bool" +- name: Ensure Matrix nginx-proxy configuration for etherpad domain deleted + ansible.builtin.file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-etherpad.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_etherpad_enabled | bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/tasks/setup_well_known.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_well_known.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/setup_well_known.yml rename to roles/custom/matrix-nginx-proxy/tasks/setup_well_known.yml diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/ssl/main.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/purge_ssl_lets_encrypt_orphaned_configs.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/purge_ssl_lets_encrypt_orphaned_configs.yml new file mode 100644 index 000000000..51fd1f314 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/purge_ssl_lets_encrypt_orphaned_configs.yml @@ -0,0 +1,27 @@ +--- + +- name: Check if a Let's Encrypt renewal configuration directory exists + ansible.builtin.stat: + path: "{{ matrix_ssl_config_dir_path }}/renewal" + register: matrix_ssl_config_renewal_directory_stat_result + +- when: matrix_ssl_config_renewal_directory_stat_result.stat.exists | bool + block: + - name: Determine current Let's Encrypt renewal configs + ansible.builtin.find: + path: "{{ matrix_ssl_config_dir_path }}/renewal" + patterns: ".*.conf$" + use_regex: true + register: matrix_ssl_current_renewal_config_files + + - name: Determine unnecessary Let's Encrypt renewal configs + ansible.builtin.set_fact: + matrix_ssl_current_renewal_config_files_to_purge: "{{ matrix_ssl_current_renewal_config_files_to_purge | default([]) + [item.path] }}" + with_items: "{{ matrix_ssl_current_renewal_config_files.files }}" + when: "item.path | basename | replace('.conf', '') not in matrix_ssl_domains_to_obtain_certificates_for" + + - name: Purge unneceessary Let's Encrypt renewal config files + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: "{{ matrix_ssl_current_renewal_config_files_to_purge | default([]) }}" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml similarity index 82% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 0e5339a9a..77361f3ff 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -16,9 +16,13 @@ # Tasks related to setting up Let's Encrypt's management of certificates # -- block: +- when: "matrix_ssl_retrieval_method == 'lets-encrypt'" + block: + - when: matrix_ssl_orphaned_renewal_configs_purging_enabled | bool + ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/purge_ssl_lets_encrypt_orphaned_configs.yml" + - name: Ensure certbot Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -26,7 +30,7 @@ - name: Obtain Let's Encrypt certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name @@ -39,20 +43,20 @@ - name: Ensure SSL renewal systemd units installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/{{ item.name }}.j2" - dest: "{{ matrix_systemd_path }}/{{ item.name }}" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item.name }}" mode: 0644 when: "item.applicable | bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" - when: "matrix_ssl_retrieval_method == 'lets-encrypt'" # # Tasks related to getting rid of Let's Encrypt's management of certificates # -- block: +- when: "matrix_ssl_retrieval_method != 'lets-encrypt'" + block: - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed ansible.builtin.file: - path: "{{ matrix_systemd_path }}/{{ item.name }}" + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item.name }}" state: absent when: "not item.applicable | bool" with_items: "{{ matrix_ssl_renewal_systemd_units_list }}" @@ -61,4 +65,3 @@ ansible.builtin.file: path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" state: absent - when: "matrix_ssl_retrieval_method != 'lets-encrypt'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml similarity index 95% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index 18cae090e..b10791a7f 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -13,7 +13,8 @@ - ansible.builtin.set_fact: domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}" -- block: +- when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''" + block: - name: Ensure required service for obtaining is started ansible.builtin.service: name: "{{ matrix_ssl_pre_obtaining_required_service_name }}" @@ -24,13 +25,12 @@ ansible.builtin.wait_for: timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}" when: "matrix_ssl_pre_obtaining_required_service_start_result.changed | bool" - when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''" # This will fail if there is something running on port 80 (like matrix-nginx-proxy). # We suppress the error, as we'll try another method below. - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly) ansible.builtin.shell: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name=matrix-certbot --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -59,7 +59,7 @@ # and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`. - name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy) ansible.builtin.shell: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name=matrix-certbot --user={{ matrix_user_uid }}:{{ matrix_user_gid }} diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml similarity index 95% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml index f6fc5a817..769af3235 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml @@ -2,7 +2,7 @@ - name: Verify certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name when: "matrix_ssl_retrieval_method == 'manually-managed'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml similarity index 76% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml index 3a7f19587..7ebdec790 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml @@ -1,11 +1,13 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_openssl_installed when: "matrix_ssl_retrieval_method == 'self-signed'" - name: Generate self-signed certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name when: "matrix_ssl_retrieval_method == 'self-signed'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml similarity index 100% rename from roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml rename to roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml similarity index 98% rename from roles/matrix-nginx-proxy/tasks/validate_config.yml rename to roles/custom/matrix-nginx-proxy/tasks/validate_config.yml index 6c87a4bb2..f7d18c9e4 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml @@ -35,7 +35,8 @@ - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" -- block: +- when: "matrix_ssl_retrieval_method == 'lets-encrypt'" + block: - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: msg: >- @@ -57,7 +58,6 @@ - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container" - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" when: "vars[item] == '' or vars[item] is none" - when: "matrix_ssl_retrieval_method == 'lets-encrypt'" - name: (Deprecation) Catch and report old metrics usage ansible.builtin.fail: diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 similarity index 97% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 index 3aff997db..44978dc40 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 @@ -45,7 +45,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 index 0ce1473be..4f0fd4a8f 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 @@ -24,7 +24,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-bot-buscarron:8080"; proxy_pass http://$backend; {% else %} @@ -51,7 +51,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 index e5589f555..a62ddfc81 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 @@ -18,7 +18,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-bot-go-neb:4050"; proxy_pass http://$backend; {% else %} @@ -44,7 +44,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 index df66349fe..2ec6eb1ba 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-cinny.conf.j2 @@ -24,7 +24,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-client-cinny:8080"; proxy_pass http://$backend; {% else %} @@ -51,7 +51,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 index dea91b212..0beeae52b 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 @@ -26,7 +26,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-client-element:8080"; proxy_pass http://$backend; {% else %} @@ -53,7 +53,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 index e9428c557..7a2e9dfac 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 @@ -24,7 +24,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-client-hydrogen:8080"; proxy_pass http://$backend; {% else %} @@ -51,7 +51,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 similarity index 94% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 index 2106acc48..6e7aca793 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-conduit.conf.j2 @@ -28,7 +28,7 @@ server { location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_conduit_client_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -59,7 +59,7 @@ server { location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_conduit_federation_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 similarity index 94% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 index 939156a31..10eccf373 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 @@ -28,7 +28,7 @@ server { location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -59,7 +59,7 @@ server { location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 index 07347be62..730fc4c1d 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 @@ -21,7 +21,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-dimension:8184"; proxy_pass http://$backend; {% else %} @@ -47,7 +47,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 2895ba14a..63d45bc63 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -62,7 +62,7 @@ location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -80,7 +80,7 @@ location ^~ /_matrix/identity { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -98,7 +98,7 @@ location ^~ /_matrix/client/r0/user_directory/search { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -115,7 +115,7 @@ location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -140,7 +140,7 @@ location ~* ^({{ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes|join('|') }}) { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} @@ -185,7 +185,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} @@ -288,7 +288,7 @@ server { location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container }}"; proxy_pass http://$backend; {% else %} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-etherpad.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-etherpad.conf.j2 new file mode 100644 index 000000000..8cad9ee37 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-etherpad.conf.j2 @@ -0,0 +1,108 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + +{% for configuration_block in matrix_nginx_proxy_proxy_etherpad_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-etherpad:9001"; + proxy_pass http://$backend; + {# These are proxy directives needed specifically by Etherpad #} + proxy_buffering off; + proxy_http_version 1.1; {# recommended with keepalive connections #} + proxy_pass_header Server; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; {# for EP to set secure cookie flag when https is used #} + {# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html #} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% else %} + {# Generic configuration for use outside of our container setup #} + # A good guide for setting up your Etherpad behind nginx: + # https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html + proxy_pass http://127.0.0.1:9001/; + {% endif %} + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_etherpad_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_etherpad_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_etherpad_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_etherpad_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != '' %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_etherpad_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 index def67f666..094180448 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 @@ -28,7 +28,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-grafana:3000"; proxy_pass http://$backend; {% else %} @@ -55,7 +55,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 similarity index 94% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index 54b8ea436..aa4b6b446 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -21,7 +21,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-jitsi-web:80"; proxy_pass http://$backend; {% else %} @@ -36,7 +36,7 @@ # colibri (JVB) websockets location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { {% if matrix_nginx_proxy_enabled %} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-jitsi-jvb:9090"; proxy_pass http://$backend; {% else %} @@ -57,7 +57,7 @@ # XMPP websocket location = /xmpp-websocket { {% if matrix_nginx_proxy_enabled %} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend {{ matrix_jitsi_xmpp_bosh_url_base }}; proxy_pass $backend/xmpp-websocket; {% else %} @@ -89,7 +89,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 similarity index 95% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index 988b3b355..fbae47e17 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -20,8 +20,8 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-ntfy:80"; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "matrix-ntfy:8080"; proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} @@ -49,7 +49,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 similarity index 97% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 index 5bcbeba5b..990269134 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 @@ -36,7 +36,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 similarity index 96% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 index 0f33c0a77..e3c6a461a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 @@ -19,7 +19,7 @@ location / { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-sygnal:6000"; proxy_pass http://$backend; {% else %} @@ -46,7 +46,7 @@ server { location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; {% else %} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 new file mode 100644 index 000000000..da1893299 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -0,0 +1,229 @@ +#jinja2: lstrip_blocks: "True" + +{% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} +{% set stream_writer_typing_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %} +{% set stream_writer_to_device_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %} +{% set stream_writer_account_data_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %} +{% set stream_writer_receipts_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %} +{% set stream_writer_presence_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %} +{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} +{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} + +{% macro render_worker_upstream(name, workers, matrix_nginx_proxy_enabled) %} +{% if workers | length > 0 %} + upstream {{ name }} { + {% for worker in workers %} + {% if matrix_nginx_proxy_enabled %} + server "{{ worker.name }}:{{ worker.port }}"; + {% else %} + server "127.0.0.1:{{ worker.port }}"; + {% endif %} + {% endfor %} + } +{% endif %} +{% endmacro %} + +{% macro render_locations_to_upstream(locations, upstream_name) %} + {% for location in locations %} + location ~ {{ location }} { + proxy_pass http://{{ upstream_name }}$request_uri; + proxy_set_header Host $host; + } + {% endfor %} +{% endmacro %} + +{% if matrix_nginx_proxy_synapse_workers_enabled %} + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; + {% endif %} + # Round Robin "upstream" pools for workers + + {% if generic_workers |length > 0 %} + upstream generic_workers_upstream { + # ensures that requests from the same client will always be passed + # to the same server (except when this server is unavailable) + hash $http_x_forwarded_for; + + {% for worker in generic_workers %} + {% if matrix_nginx_proxy_enabled %} + server "{{ worker.name }}:{{ worker.port }}"; + {% else %} + server "127.0.0.1:{{ worker.port }}"; + {% endif %} + {% endfor %} + } + {% endif %} + + {{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers, matrix_nginx_proxy_enabled) }} + + {{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers, matrix_nginx_proxy_enabled) }} + + {{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers, matrix_nginx_proxy_enabled) }} +{% endif %} + +server { + listen 12080; + {% if matrix_nginx_proxy_enabled %} + server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; + {% endif %} + + server_tokens off; + root /dev/null; + + gzip on; + gzip_types text/plain application/json; + + {% if matrix_nginx_proxy_synapse_workers_enabled %} + {# Workers redirects BEGIN #} + + {% if generic_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }} + {% endif %} + + {% if stream_writer_typing_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_to_device_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_account_data_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_receipts_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_presence_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }} + {% endif %} + + {% if media_repository_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} + location ~ {{ location }} { + proxy_pass http://media_repository_workers_upstream$request_uri; + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} + } + {% endfor %} + {% endif %} + + {% if user_dir_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory + # If matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set, requests may not reach here, + # but could be captured early on (see `matrix-domain.conf.j2`) and forwarded elsewhere (to an identity server, etc.). + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_user_dir_locations, 'user_dir_workers_upstream') }} + {% endif %} + {# Workers redirects END #} + {% endif %} + + + {% for configuration_block in matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + {# Everything else just goes to the API server ##} + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container }}; + {% endif %} + + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + } +} + +{% if matrix_nginx_proxy_proxy_synapse_federation_api_enabled %} +server { + listen 12088; + {% if matrix_nginx_proxy_enabled %} + server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; + {% endif %} + + server_tokens off; + + root /dev/null; + + gzip on; + gzip_types text/plain application/json; + + {% if matrix_nginx_proxy_synapse_workers_enabled %} + {% if generic_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }} + {% endif %} + {% if media_repository_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} + location ~ {{ location }} { + proxy_pass http://media_repository_workers_upstream$request_uri; + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} + } + {% endfor %} + {% endif %} + {% endif %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; + set $backend "{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container }}"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container }}; + {% endif %} + + proxy_set_header Host $host; + + client_body_buffer_size 25M; + client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; + proxy_max_temp_file_size 0; + } +} +{% endif %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/nginx-http.conf.j2 diff --git a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 rename to roles/custom/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 similarity index 64% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 74356ea93..ee32be38e 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-nginx-proxy \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -51,12 +51,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ {{ matrix_nginx_proxy_docker_image }} {% for network in matrix_nginx_proxy_container_additional_networks %} -ExecStartPost={{ matrix_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ matrix_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' +ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' {% endfor %} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 SyslogIdentifier=matrix-nginx-proxy diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 similarity index 68% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 index c14905ce5..c7f372d9a 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 @@ -3,5 +3,5 @@ Description=Renews Let's Encrypt SSL certificates [Service] Type=oneshot -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 similarity index 52% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 index 851655baa..025c5e2d1 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.service.j2 @@ -3,4 +3,4 @@ Description=Reloads matrix-nginx-proxy so that new SSL certificates can kick in [Service] Type=oneshot -ExecStart={{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service +ExecStart={{ devture_systemd_docker_base_host_command_systemctl }} reload matrix-nginx-proxy.service diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 rename to roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 diff --git a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 similarity index 100% rename from roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 rename to roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 diff --git a/roles/matrix-nginx-proxy/vars/main.yml b/roles/custom/matrix-nginx-proxy/vars/main.yml similarity index 100% rename from roles/matrix-nginx-proxy/vars/main.yml rename to roles/custom/matrix-nginx-proxy/vars/main.yml diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml similarity index 98% rename from roles/matrix-ntfy/defaults/main.yml rename to roles/custom/matrix-ntfy/defaults/main.yml index 66bc5be45..8b8a89539 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/custom/matrix-ntfy/defaults/main.yml @@ -7,7 +7,7 @@ matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config" matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" -matrix_ntfy_version: v1.27.2 +matrix_ntfy_version: v1.29.0 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-ntfy/tasks/init.yml b/roles/custom/matrix-ntfy/tasks/init.yml similarity index 100% rename from roles/matrix-ntfy/tasks/init.yml rename to roles/custom/matrix-ntfy/tasks/init.yml diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/custom/matrix-ntfy/tasks/main.yml similarity index 100% rename from roles/matrix-ntfy/tasks/main.yml rename to roles/custom/matrix-ntfy/tasks/main.yml diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/custom/matrix-ntfy/tasks/self_check.yml similarity index 100% rename from roles/matrix-ntfy/tasks/self_check.yml rename to roles/custom/matrix-ntfy/tasks/self_check.yml diff --git a/roles/matrix-ntfy/tasks/setup_install.yml b/roles/custom/matrix-ntfy/tasks/setup_install.yml similarity index 86% rename from roles/matrix-ntfy/tasks/setup_install.yml rename to roles/custom/matrix-ntfy/tasks/setup_install.yml index 9afabc4cd..5ad8e507d 100644 --- a/roles/matrix-ntfy/tasks/setup_install.yml +++ b/roles/custom/matrix-ntfy/tasks/setup_install.yml @@ -1,14 +1,14 @@ --- - name: Ensure matrix-ntfy image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_ntfy_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-ntfy paths exists @@ -34,7 +34,7 @@ - name: Ensure matrix-ntfy.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" mode: 0644 register: matrix_ntfy_systemd_service_result diff --git a/roles/matrix-ntfy/tasks/setup_uninstall.yml b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-ntfy/tasks/setup_uninstall.yml rename to roles/custom/matrix-ntfy/tasks/setup_uninstall.yml index f6d9cc8aa..e0eedfd83 100644 --- a/roles/matrix-ntfy/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-ntfy service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" register: matrix_ntfy_service_stat - name: Ensure matrix-ntfy is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-ntfy.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" state: absent when: "matrix_ntfy_service_stat.stat.exists" @@ -31,6 +31,6 @@ state: absent - name: Ensure ntfy Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_ntfy_docker_image }}" state: absent diff --git a/roles/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 similarity index 81% rename from roles/matrix-ntfy/templates/ntfy/server.yml.j2 rename to roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 index 4cafcd62a..096991a70 100644 --- a/roles/matrix-ntfy/templates/ntfy/server.yml.j2 +++ b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 @@ -1,3 +1,4 @@ base_url: {{ matrix_ntfy_base_url }} behind_proxy: true cache_file: /data/cache.db +listen-http: :8080 diff --git a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 new file mode 100644 index 000000000..a10cb5844 --- /dev/null +++ b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -0,0 +1,38 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-ntfy +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + {% for arg in matrix_ntfy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_ntfy_container_http_host_bind_port %} + -p {{ matrix_ntfy_container_http_host_bind_port }}:8080 \ + {% endif %} + --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ + --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ + {{ matrix_ntfy_docker_image }} \ + serve + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-ntfy + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/custom/matrix-postgres-backup/defaults/main.yml similarity index 62% rename from roles/matrix-postgres-backup/defaults/main.yml rename to roles/custom/matrix-postgres-backup/defaults/main.yml index ed42266f2..abdfa74c5 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/custom/matrix-postgres-backup/defaults/main.yml @@ -24,19 +24,20 @@ matrix_postgres_backup_postgres_data_path: "" matrix_postgres_backup_architecture: amd64 -# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. +# matrix_postgres_backup_docker_image_distro controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. # Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7). # On ARM32, `-alpine` images fail with the following error: # > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault -matrix_postgres_backup_docker_image_suffix: "{{ '-alpine' if matrix_postgres_backup_architecture in ['amd64', 'arm64'] else '' }}" - -matrix_postgres_backup_docker_image_v9: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:9.6{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v10: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:10{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:11{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14{{ matrix_postgres_backup_docker_image_suffix }}" -matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v14 }}" +matrix_postgres_backup_docker_image_distro: "{{ 'alpine' if matrix_postgres_backup_architecture in ['amd64', 'arm64'] else 'debian' }}" + +matrix_postgres_backup_docker_image_v9: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:9.6-{{ matrix_postgres_backup_docker_image_distro }}-2aa03d1" +matrix_postgres_backup_docker_image_v10: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:10-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:11-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_v15: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:15-{{ matrix_postgres_backup_docker_image_distro }}-2cf00a5" +matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v15 }}" # This variable is assigned at runtime. Overriding its value has no effect. matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}' diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/custom/matrix-postgres-backup/tasks/init.yml similarity index 100% rename from roles/matrix-postgres-backup/tasks/init.yml rename to roles/custom/matrix-postgres-backup/tasks/init.yml diff --git a/roles/matrix-postgres-backup/tasks/main.yml b/roles/custom/matrix-postgres-backup/tasks/main.yml similarity index 100% rename from roles/matrix-postgres-backup/tasks/main.yml rename to roles/custom/matrix-postgres-backup/tasks/main.yml diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml similarity index 88% rename from roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml rename to roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml index a62467572..6066ee491 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/custom/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -4,7 +4,7 @@ # Tasks related to setting up postgres backup # - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: detect_existing_postgres_version when: 'matrix_postgres_backup_enabled | bool and matrix_postgres_backup_postgres_data_path != ""' @@ -17,15 +17,15 @@ when: matrix_postgres_backup_enabled | bool - name: Ensure postgres backup Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_postgres_backup_docker_image_to_use }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" when: matrix_postgres_backup_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Postgres backup paths exist @@ -53,7 +53,7 @@ - name: Ensure matrix-postgres-backup.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" mode: 0644 register: matrix_postgres_backup_systemd_service_result when: matrix_postgres_backup_enabled | bool @@ -69,7 +69,7 @@ - name: Check existence of matrix-postgres-backup service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" register: matrix_postgres_backup_service_stat when: "not matrix_postgres_backup_enabled | bool" @@ -83,7 +83,7 @@ - name: Ensure matrix-postgres-backup.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres-backup.service" state: absent when: "not matrix_postgres_backup_enabled | bool and matrix_postgres_backup_service_stat.stat.exists" @@ -101,9 +101,9 @@ # We just want to notify the user. Deleting data is too destructive. - name: Inject warning if matrix-postgres backup data remains ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it." diff --git a/roles/matrix-postgres-backup/tasks/validate_config.yml b/roles/custom/matrix-postgres-backup/tasks/validate_config.yml similarity index 60% rename from roles/matrix-postgres-backup/tasks/validate_config.yml rename to roles/custom/matrix-postgres-backup/tasks/validate_config.yml index 8a2ddb5ad..aab68eafa 100644 --- a/roles/matrix-postgres-backup/tasks/validate_config.yml +++ b/roles/custom/matrix-postgres-backup/tasks/validate_config.yml @@ -16,3 +16,12 @@ - "matrix_postgres_backup_keep_months" - "matrix_postgres_backup_path" - "matrix_postgres_backup_databases" + +- name: (Deprecation) Catch and report renamed settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_postgres_backup_docker_image_suffix', 'new': 'matrix_postgres_backup_docker_image_distro'} diff --git a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2 similarity index 100% rename from roles/matrix-postgres-backup/templates/env-postgres-backup.j2 rename to roles/custom/matrix-postgres-backup/templates/env-postgres-backup.j2 diff --git a/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 new file mode 100644 index 000000000..618eb548e --- /dev/null +++ b/roles/custom/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Automatic Backup of Matrix Postgres server +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} stop matrix-postgres-backup +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-backup \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_postgres_backup_path }}/env-postgres-backup \ + --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ + {{ matrix_postgres_backup_docker_image_to_use }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop matrix-postgres-backup +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-postgres-backup + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/custom/matrix-postgres/defaults/main.yml similarity index 79% rename from roles/matrix-postgres/defaults/main.yml rename to roles/custom/matrix-postgres/defaults/main.yml index 39481f2e7..5a0cdb6c6 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/custom/matrix-postgres/defaults/main.yml @@ -15,6 +15,10 @@ matrix_postgres_db_name: "matrix" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" +# matrix_postgres_systemd_services_to_stop_for_maintenance_list specifies the list of systemd services to stop before vacuuming or upgrading. +# These services will be restarted after the operation completes. +matrix_postgres_systemd_services_to_stop_for_maintenance_list: [] + matrix_postgres_architecture: amd64 # matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. @@ -24,12 +28,13 @@ matrix_postgres_architecture: amd64 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.21{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.16{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.11{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.7{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.4{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.22{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.17{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.12{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.8{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.5{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v15: "{{ matrix_container_global_registry_prefix }}postgres:15.0{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v15 }}" # This variable is assigned at runtime. Overriding its value has no effect. matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}' @@ -67,7 +72,14 @@ matrix_postgres_additional_databases: [] # If a dump file contains the roles and they've also been created beforehand (see `matrix_postgres_additional_databases`), # importing would fail. # We either need to not create them or to ignore the `CREATE ROLE` statements in the dump. -matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username] +matrix_postgres_import_roles_to_ignore: | + {{ + ( + [matrix_postgres_connection_username] + + + matrix_postgres_additional_databases|map(attribute='username') | list + ) | unique + }} # When importing an existing Postgres database (when restoring a backup) or when doing a Postgres upgrade (which dumps & restores), we'd like to avoid: # - creating users (`CREATE ROLE ..`) @@ -78,15 +90,25 @@ matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username] # which is unsupported by default by newer Postgres versions (v14+). # When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+. # If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default. -matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)" # noqa var-spacing +# +# We also allow for the role name to be quoted, which is rare, but might happen for role names which are special keywords (e.g. `default`). +matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE \\\"?({{ matrix_postgres_import_roles_to_ignore | join('|') }})\\\"?(;| WITH)" # noqa jinja[spacing] # A list of databases to avoid creating when importing (or upgrading) the database. # If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`), # importing would fail. # We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump. -matrix_postgres_import_databases_to_ignore: [matrix_postgres_db_name] - -matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s" # noqa var-spacing +matrix_postgres_import_databases_to_ignore: | + {{ + ( + [matrix_postgres_db_name] + + + matrix_postgres_additional_databases|map(attribute='name') | list + ) | unique + }} + +# We also allow for the database name to be quoted, which is rare, but might happen for database names which are special keywords (e.g. `default`). +matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE \\\"?({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\\"?\\s" # noqa jinja[spacing] # The number of seconds to wait after starting `matrix-postgres.service` # and before trying to run queries for creating additional databases/users against it. diff --git a/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml b/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml similarity index 91% rename from roles/matrix-postgres/tasks/detect_existing_postgres_version.yml rename to roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml index 687d5e3a5..1be8291b6 100644 --- a/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml +++ b/roles/custom/matrix-postgres/tasks/detect_existing_postgres_version.yml @@ -68,3 +68,8 @@ ansible.builtin.set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v13 }}" when: "matrix_postgres_detected_version == '13' or matrix_postgres_detected_version.startswith('13.')" + +- name: Determine corresponding Docker image to detected version (use 14.x, if detected) + ansible.builtin.set_fact: + matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v14 }}" + when: "matrix_postgres_detected_version == '14' or matrix_postgres_detected_version.startswith('14.')" diff --git a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml b/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml similarity index 88% rename from roles/matrix-postgres/tasks/import_generic_sqlite_db.yml rename to roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml index 671cb33f5..c3fff5208 100644 --- a/roles/matrix-postgres/tasks/import_generic_sqlite_db.yml +++ b/roles/custom/matrix-postgres/tasks/import_generic_sqlite_db.yml @@ -25,15 +25,16 @@ # We either expect `postgres_db_connection_string` specifying a full Postgres database connection string, # or `postgres_connection_string_variable_name`, specifying a name of a variable, which contains a valid connection string. -- block: +- when: 'postgres_connection_string_variable_name is defined' + block: - name: Fail if postgres_connection_string_variable_name points to an undefined variable - ansible.builtin.fail: msg="postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`" + ansible.builtin.fail: + msg: "postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`" when: "postgres_connection_string_variable_name not in vars" - name: Get Postgres connection string from variable ansible.builtin.set_fact: postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}" - when: 'postgres_connection_string_variable_name is defined' - name: Fail if playbook called incorrectly ansible.builtin.fail: @@ -67,10 +68,10 @@ become: false when: "matrix_postgres_service_start_result.changed | bool" -- name: Import SQLite database from {{ sqlite_database_path }} into Postgres +- name: Import SQLite database from {{ sqlite_database_path }} into Postgres # noqa name[template] ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -83,7 +84,7 @@ register: matrix_postgres_import_generic_sqlite_db_import_result changed_when: matrix_postgres_import_generic_sqlite_db_import_result.rc == 0 -- name: Archive SQLite database ({{ sqlite_database_path }} -> {{ sqlite_database_path }}.backup) +- name: Archive SQLite database ({{ sqlite_database_path }} -> {{ sqlite_database_path }}.backup) # noqa name[template] ansible.builtin.command: cmd: "mv {{ sqlite_database_path }} {{ sqlite_database_path }}.backup" register: matrix_postgres_import_generic_sqlite_db_move_result @@ -91,9 +92,9 @@ - name: Inject result ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your SQLite database file has been imported into Postgres. The original file has been moved from `{{ sqlite_database_path }}` to `{{ sqlite_database_path }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file." diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/custom/matrix-postgres/tasks/import_postgres.yml similarity index 90% rename from roles/matrix-postgres/tasks/import_postgres.yml rename to roles/custom/matrix-postgres/tasks/import_postgres.yml index 53d67436b..d21333adc 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/custom/matrix-postgres/tasks/import_postgres.yml @@ -49,8 +49,10 @@ name: matrix-postgres state: started daemon_reload: true + register: matrix_postgres_import_start_result - name: Wait a bit, so that Postgres can start + when: matrix_postgres_import_start_result.changed | bool ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 @@ -70,7 +72,7 @@ - name: Generate Postgres database import command ansible.builtin.set_fact: matrix_postgres_import_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-import --log-driver=none --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -108,4 +110,5 @@ async: "{{ postgres_import_wait_time }}" poll: 10 register: matrix_postgres_import_postgres_command_result - changed_when: matrix_postgres_import_postgres_command_result.rc == 0 + failed_when: not matrix_postgres_import_postgres_command_result.finished or matrix_postgres_import_postgres_command_result.rc != 0 + changed_when: matrix_postgres_import_postgres_command_result.finished and matrix_postgres_import_postgres_command_result.rc == 0 diff --git a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml b/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml similarity index 98% rename from roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml rename to roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml index a459b6e1d..b885ea975 100644 --- a/roles/matrix-postgres/tasks/import_synapse_sqlite_db.yml +++ b/roles/custom/matrix-postgres/tasks/import_synapse_sqlite_db.yml @@ -83,7 +83,7 @@ --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store --mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db | basename }} - {{ matrix_synapse_docker_image }} + {{ matrix_synapse_docker_image_final }} /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db | basename }} --postgres-config /data/homeserver.yaml register: matrix_postgres_import_synapse_sqlite_db_result changed_when: matrix_postgres_import_synapse_sqlite_db_result.rc == 0 diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/custom/matrix-postgres/tasks/init.yml similarity index 100% rename from roles/matrix-postgres/tasks/init.yml rename to roles/custom/matrix-postgres/tasks/init.yml diff --git a/roles/matrix-postgres/tasks/main.yml b/roles/custom/matrix-postgres/tasks/main.yml similarity index 100% rename from roles/matrix-postgres/tasks/main.yml rename to roles/custom/matrix-postgres/tasks/main.yml diff --git a/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml b/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml similarity index 92% rename from roles/matrix-postgres/tasks/migrate_db_to_postgres.yml rename to roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml index be967d684..dca284ad1 100644 --- a/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml +++ b/roles/custom/matrix-postgres/tasks/migrate_db_to_postgres.yml @@ -31,7 +31,8 @@ msg: "File cannot be found on the server at {{ matrix_postgres_db_migration_request.src }}" when: "not matrix_postgres_db_migration_request_src_stat_result.stat.exists" -- block: +- when: "matrix_postgres_pgloader_container_image_self_build | bool" + block: - name: Ensure pgloader repository is present on self-build ansible.builtin.git: repo: "{{ matrix_postgres_pgloader_container_image_self_build_repo }}" @@ -60,7 +61,7 @@ replace: 'FROM debian:bullseye-slim' - name: Ensure pgloader Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_postgres_pgloader_docker_image }}" source: build force_source: "{{ matrix_postgres_pgloader_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -69,10 +70,9 @@ dockerfile: Dockerfile path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}" pull: true - when: "matrix_postgres_pgloader_container_image_self_build | bool" - name: Ensure pgloader Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_postgres_pgloader_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_postgres_pgloader_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -118,10 +118,10 @@ failed_when: false with_items: "{{ matrix_postgres_db_migration_request.systemd_services_to_stop }}" -- name: Import {{ matrix_postgres_db_migration_request.engine_old }} database from {{ matrix_postgres_db_migration_request.src }} into Postgres +- name: Import {{ matrix_postgres_db_migration_request.engine_old }} database from {{ matrix_postgres_db_migration_request.src }} into Postgres # noqa name[template] ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -134,9 +134,10 @@ register: matrix_postgres_migrate_db_to_postgres_import_result changed_when: matrix_postgres_migrate_db_to_postgres_import_result.rc == 0 -- block: +- when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0" + block: - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: detect_existing_postgres_version - ansible.builtin.set_fact: @@ -145,7 +146,7 @@ - name: Execute additional Postgres SQL migration statements ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -157,9 +158,7 @@ register: matrix_postgres_migrate_db_to_postgres_additional_queries_result changed_when: matrix_postgres_migrate_db_to_postgres_additional_queries_result.rc == 0 - when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([])|length > 0" - -- name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) +- name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) # noqa name[template] ansible.builtin.command: cmd: "mv {{ matrix_postgres_db_migration_request.src }} {{ matrix_postgres_db_migration_request.src }}.backup" register: matrix_postgres_migrate_db_to_postgres_move_result @@ -167,9 +166,9 @@ - name: Inject result ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your {{ matrix_postgres_db_migration_request.engine_old }} database file has been imported into Postgres. The original database file has been moved from `{{ matrix_postgres_db_migration_request.src }}` to `{{ matrix_postgres_db_migration_request.src }}.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete this file." diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml similarity index 95% rename from roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml rename to roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml index fde580f55..062a05c4a 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/custom/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -52,14 +52,14 @@ group: "{{ matrix_user_groupname }}" when: "result_pg_old_data_dir_stat.stat.exists" -- block: +- when: "result_pg_old_data_dir_stat.stat.exists" + block: - name: Relocate Postgres data files from old directory to new ansible.builtin.command: cmd: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}" with_items: "{{ result_pg_old_data_dir_find.files }}" register: matrix_postgres_migrate_postgres_data_directory_move_result changed_when: matrix_postgres_migrate_postgres_data_directory_move_result.rc == 0 - when: "result_pg_old_data_dir_stat.stat.exists" # Intentionally not starting matrix-postgres here. # It likely needs to be updated to point to the new directory. @@ -68,7 +68,7 @@ - name: Ensure outdated matrix-postgres.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-postgres.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" state: absent when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/custom/matrix-postgres/tasks/run_vacuum.yml similarity index 77% rename from roles/matrix-postgres/tasks/run_vacuum.yml rename to roles/custom/matrix-postgres/tasks/run_vacuum.yml index ce2bee6b9..dfa4be7a3 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/custom/matrix-postgres/tasks/run_vacuum.yml @@ -28,8 +28,10 @@ name: matrix-postgres state: started daemon_reload: true + register: matrix_postgres_vacuum_start_result - name: Wait a bit, so that Postgres can start + when: matrix_postgres_vacuum_start_result.changed | bool ansible.builtin.wait_for: timeout: "{{ postgres_start_wait_time }}" delegate_to: 127.0.0.1 @@ -45,7 +47,7 @@ - name: Generate Postgres database vacuum command ansible.builtin.set_fact: matrix_postgres_vacuum_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} @@ -67,25 +69,28 @@ - ansible.builtin.set_fact: matrix_postgres_synapse_was_running: "{{ ansible_facts.services['matrix-synapse.service'] | default(none) is not none and ansible_facts.services['matrix-synapse.service'].state == 'running' }}" -- name: Ensure matrix-synapse is stopped +- name: Ensure services are stopped ansible.builtin.service: - name: matrix-synapse + name: "{{ item }}" state: stopped daemon_reload: true + with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - name: Run Postgres vacuum command ansible.builtin.command: "{{ matrix_postgres_vacuum_command }}" async: "{{ postgres_vacuum_wait_time }}" poll: 10 register: matrix_postgres_synapse_vacuum_result - changed_when: matrix_postgres_synapse_vacuum_result.rc == 0 + failed_when: not matrix_postgres_synapse_vacuum_result.finished or matrix_postgres_synapse_vacuum_result.rc != 0 + changed_when: matrix_postgres_synapse_vacuum_result.finished and matrix_postgres_synapse_vacuum_result.rc == 0 # Intentionally show the results -- ansible.builtin.debug: var="matrix_postgres_synapse_vacuum_result" +- ansible.builtin.debug: + var: "matrix_postgres_synapse_vacuum_result" -- name: Ensure matrix-synapse is started, if it previously was +- name: Ensure services are started ansible.builtin.service: - name: matrix-synapse + name: "{{ item }}" state: started daemon_reload: true - when: "matrix_postgres_synapse_was_running | bool" + with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/custom/matrix-postgres/tasks/setup_postgres.yml similarity index 91% rename from roles/matrix-postgres/tasks/setup_postgres.yml rename to roles/custom/matrix-postgres/tasks/setup_postgres.yml index 49eb3249b..bba0d7989 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/custom/matrix-postgres/tasks/setup_postgres.yml @@ -25,9 +25,9 @@ - name: Inject warning if on an old version of Postgres ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: Your setup is on an old Postgres version ({{ matrix_postgres_docker_image_to_use }}), while {{ matrix_postgres_docker_image_latest }} is supported. You can upgrade using --tags=upgrade-postgres" @@ -37,15 +37,15 @@ # Even if we don't run the internal server, we still need this for running the CLI - name: Ensure postgres Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_postgres_docker_image_to_use }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" when: matrix_postgres_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Postgres paths exist @@ -121,7 +121,7 @@ - name: Ensure matrix-postgres.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-postgres.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-postgres.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" mode: 0644 register: matrix_postgres_systemd_service_result when: matrix_postgres_enabled | bool @@ -146,9 +146,9 @@ - name: Inject warning if backup data remains ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: You have some Postgres backup data in `{{ matrix_postgres_data_path }}-auto-upgrade-backup`, which was created during the last major Postgres update you ran. If your setup works well after this upgrade, feel free to delete this whole directory." @@ -163,7 +163,7 @@ - name: Check existence of matrix-postgres service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-postgres.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" register: matrix_postgres_service_stat when: "not matrix_postgres_enabled | bool" @@ -176,7 +176,7 @@ - name: Ensure matrix-postgres.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-postgres.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-postgres.service" state: absent when: "not matrix_postgres_enabled | bool and matrix_postgres_service_stat.stat.exists" @@ -194,9 +194,9 @@ # We just want to notify the user. Deleting data is too destructive. - name: Inject warning if matrix-postgres local data remains ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [ "NOTE: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it." diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml similarity index 93% rename from roles/matrix-postgres/tasks/upgrade_postgres.yml rename to roles/custom/matrix-postgres/tasks/upgrade_postgres.yml index 2f228a4c2..d5f7e6c37 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/custom/matrix-postgres/tasks/upgrade_postgres.yml @@ -55,10 +55,12 @@ - ansible.builtin.debug: msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}" -- name: Ensure matrix-synapse is stopped +- name: Ensure services are stopped ansible.builtin.service: - name: matrix-synapse + name: "{{ item }}" state: stopped + daemon_reload: true + with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - name: Ensure matrix-postgres is started ansible.builtin.service: @@ -80,7 +82,7 @@ - name: Perform Postgres database dump ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-dump --log-driver=none --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --network={{ matrix_docker_network }} @@ -132,7 +134,7 @@ - name: Generate Postgres database import command ansible.builtin.set_fact: matrix_postgres_import_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres-import --log-driver=none --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL @@ -175,11 +177,12 @@ path: "{{ postgres_dump_dir }}/{{ postgres_dump_name }}" state: absent -- name: Ensure matrix-synapse is started +- name: Ensure services are started ansible.builtin.service: - name: matrix-synapse + name: "{{ item }}" state: started daemon_reload: true + with_items: "{{ matrix_postgres_systemd_services_to_stop_for_maintenance_list }}" - ansible.builtin.debug: msg: "NOTE: Your old Postgres data directory is preserved at `{{ postgres_auto_upgrade_backup_data_path }}`. You might want to get rid of it once you've confirmed that all is well." diff --git a/roles/matrix-postgres/tasks/util/create_additional_database.yml b/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml similarity index 96% rename from roles/matrix-postgres/tasks/util/create_additional_database.yml rename to roles/custom/matrix-postgres/tasks/util/create_additional_database.yml index da95b8704..ce441ee13 100644 --- a/roles/matrix-postgres/tasks/util/create_additional_database.yml +++ b/roles/custom/matrix-postgres/tasks/util/create_additional_database.yml @@ -22,7 +22,7 @@ - name: Execute Postgres additional database initialization SQL file for {{ additional_db.name }} ansible.builtin.command: cmd: >- - {{ matrix_host_command_docker }} run + {{ devture_systemd_docker_base_host_command_docker }} run --rm --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL diff --git a/roles/matrix-postgres/tasks/util/create_additional_databases.yml b/roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml similarity index 100% rename from roles/matrix-postgres/tasks/util/create_additional_databases.yml rename to roles/custom/matrix-postgres/tasks/util/create_additional_databases.yml diff --git a/roles/matrix-postgres/tasks/validate_config.yml b/roles/custom/matrix-postgres/tasks/validate_config.yml similarity index 96% rename from roles/matrix-postgres/tasks/validate_config.yml rename to roles/custom/matrix-postgres/tasks/validate_config.yml index f239b116a..a6225632c 100644 --- a/roles/matrix-postgres/tasks/validate_config.yml +++ b/roles/custom/matrix-postgres/tasks/validate_config.yml @@ -36,4 +36,4 @@ - name: Fail if Postgres password length exceeded ansible.builtin.fail: msg: "The maximum `matrix_postgres_connection_password` length is 99 characters" - when: "matrix_postgres_connection_password|length > 99" + when: "matrix_postgres_connection_password | length > 99" diff --git a/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 b/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 new file mode 100644 index 000000000..220589874 --- /dev/null +++ b/roles/custom/matrix-postgres/templates/env-postgres-psql.j2 @@ -0,0 +1,8 @@ +#jinja2: lstrip_blocks: "True" +PGUSER={{ matrix_postgres_connection_username }} +PGPASSWORD={{ matrix_postgres_connection_password }} +PGDATABASE={{ matrix_postgres_db_name }} +# Prevent errors like this: +# > could not save history to file "//.psql_history": Permission denied +# .. due to Postgres not being able to write to the filesystem. +PSQL_HISTORY=/dev/null diff --git a/roles/matrix-postgres/templates/env-postgres-server.j2 b/roles/custom/matrix-postgres/templates/env-postgres-server.j2 similarity index 100% rename from roles/matrix-postgres/templates/env-postgres-server.j2 rename to roles/custom/matrix-postgres/templates/env-postgres-server.j2 diff --git a/roles/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 b/roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 similarity index 100% rename from roles/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 rename to roles/custom/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2 diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 similarity index 62% rename from roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 rename to roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index b30c5ef21..e63267a3e 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/custom/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -7,15 +7,15 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres 2>/dev/null || true' # We need /dev/shm to be larger than the default to allow VACUUM to work. # See: # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1362 # - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1268 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-postgres \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ {{ matrix_postgres_docker_image_to_use }} \ postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-postgres 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 similarity index 100% rename from roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 rename to roles/custom/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 similarity index 100% rename from roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 rename to roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli-non-interactive.j2 diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 similarity index 100% rename from roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 rename to roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 b/roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 similarity index 100% rename from roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 rename to roles/custom/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml similarity index 91% rename from roles/matrix-prometheus-node-exporter/defaults/main.yml rename to roles/custom/matrix-prometheus-node-exporter/defaults/main.yml index c7d6512f6..9b89519c5 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_node_exporter_enabled: false -matrix_prometheus_node_exporter_version: v1.3.1 +matrix_prometheus_node_exporter_version: v1.4.0 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" @@ -60,3 +60,8 @@ matrix_prometheus_node_exporter_container_http_host_bind_port: '' # If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used # Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" + +# matrix_prometheus_node_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions. +# If the Grafana role is enabled, these dashboards will be downloaded. +matrix_prometheus_node_exporter_dashboard_urls: + - https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml similarity index 96% rename from roles/matrix-prometheus-node-exporter/tasks/init.yml rename to roles/custom/matrix-prometheus-node-exporter/tasks/init.yml index 42f216677..460ab1373 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/init.yml @@ -4,7 +4,8 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}" when: matrix_prometheus_node_exporter_enabled | bool -- block: +- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -38,4 +39,3 @@ + [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] }} - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool diff --git a/roles/matrix-prometheus-node-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml similarity index 100% rename from roles/matrix-prometheus-node-exporter/tasks/main.yml rename to roles/custom/matrix-prometheus-node-exporter/tasks/main.yml diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml similarity index 83% rename from roles/matrix-prometheus-node-exporter/tasks/setup.yml rename to roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml index 0c6e77fcb..0b0c5704a 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/custom/matrix-prometheus-node-exporter/tasks/setup.yml @@ -5,21 +5,21 @@ # - name: Ensure matrix-prometheus-node-exporter image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_prometheus_node_exporter_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" when: "matrix_prometheus_node_exporter_enabled | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-prometheus-node-exporter.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" mode: 0644 register: matrix_prometheus_node_exporter_systemd_service_result when: matrix_prometheus_node_exporter_enabled | bool @@ -35,7 +35,7 @@ - name: Check existence of matrix-prometheus-node-exporter service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" register: matrix_prometheus_node_exporter_service_stat - name: Ensure matrix-prometheus-node-exporter is stopped @@ -49,7 +49,7 @@ - name: Ensure matrix-prometheus-node-exporter.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-prometheus-node-exporter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" state: absent when: "not matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 similarity index 56% rename from roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 rename to roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index d0bfa4cce..82aca453f 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod {{ matrix_prometheus_node_exporter_docker_image }} \ --path.rootfs=/host {{ matrix_prometheus_node_exporter_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-node-exporter diff --git a/roles/matrix-prometheus-node-exporter/vars/main.yml b/roles/custom/matrix-prometheus-node-exporter/vars/main.yml similarity index 100% rename from roles/matrix-prometheus-node-exporter/vars/main.yml rename to roles/custom/matrix-prometheus-node-exporter/vars/main.yml diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml similarity index 96% rename from roles/matrix-prometheus-postgres-exporter/defaults/main.yml rename to roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml index 31ff8b8b4..f0cbfede9 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -58,5 +58,7 @@ matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' # Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" +# matrix_prometheus_postgres_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions. +# If the Grafana role is enabled, these dashboards will be downloaded. matrix_prometheus_postgres_exporter_dashboard_urls: - "https://grafana.com/api/dashboards/9628/revisions/7/download" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml similarity index 97% rename from roles/matrix-prometheus-postgres-exporter/tasks/init.yml rename to roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml index 03fe965c1..20333dce6 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -4,7 +4,8 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}" when: matrix_prometheus_postgres_exporter_enabled | bool -- block: +- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -38,4 +39,3 @@ + [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] }} - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml similarity index 100% rename from roles/matrix-prometheus-postgres-exporter/tasks/main.yml rename to roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml similarity index 83% rename from roles/matrix-prometheus-postgres-exporter/tasks/setup.yml rename to roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml index 00a61df62..1ab157994 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -5,21 +5,21 @@ # - name: Ensure matrix-prometheus-postgres-exporter image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_prometheus_postgres_exporter_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" when: "matrix_prometheus_postgres_exporter_enabled | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-prometheus-postgres-exporter.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" mode: 0644 register: matrix_prometheus_postgres_exporter_systemd_service_result when: matrix_prometheus_postgres_exporter_enabled | bool @@ -35,7 +35,7 @@ - name: Check existence of matrix-prometheus-postgres-exporter service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" register: matrix_prometheus_postgres_exporter_service_stat - name: Ensure matrix-prometheus-postgres-exporter is stopped @@ -49,7 +49,7 @@ - name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-prometheus-postgres-exporter.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" state: absent when: "not matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 similarity index 54% rename from roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 rename to roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 index ff8c2ce45..5c3fbac6f 100644 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ b/roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-pos --pid=host \ {{ matrix_prometheus_postgres_exporter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/vars/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml similarity index 100% rename from roles/matrix-prometheus-postgres-exporter/vars/main.yml rename to roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml similarity index 99% rename from roles/matrix-prometheus/defaults/main.yml rename to roles/custom/matrix-prometheus/defaults/main.yml index 002309ac2..adc903872 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/custom/matrix-prometheus/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.38.0 +matrix_prometheus_version: v2.40.1 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-prometheus/tasks/init.yml b/roles/custom/matrix-prometheus/tasks/init.yml similarity index 100% rename from roles/matrix-prometheus/tasks/init.yml rename to roles/custom/matrix-prometheus/tasks/init.yml diff --git a/roles/matrix-prometheus/tasks/main.yml b/roles/custom/matrix-prometheus/tasks/main.yml similarity index 100% rename from roles/matrix-prometheus/tasks/main.yml rename to roles/custom/matrix-prometheus/tasks/main.yml diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/custom/matrix-prometheus/tasks/setup_install.yml similarity index 84% rename from roles/matrix-prometheus/tasks/setup_install.yml rename to roles/custom/matrix-prometheus/tasks/setup_install.yml index c3aeaa7a6..8c18ce664 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/custom/matrix-prometheus/tasks/setup_install.yml @@ -1,14 +1,14 @@ --- - name: Ensure matrix-prometheus image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_prometheus_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Prometheus paths exists @@ -33,8 +33,8 @@ group: "{{ matrix_user_groupname }}" when: "matrix_prometheus_scraper_synapse_rules_enabled | bool" register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - name: Ensure prometheus.yml installed @@ -48,7 +48,7 @@ - name: Ensure matrix-prometheus.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-prometheus.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-prometheus.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" mode: 0644 register: matrix_prometheus_systemd_service_result diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml similarity index 80% rename from roles/matrix-prometheus/tasks/setup_uninstall.yml rename to roles/custom/matrix-prometheus/tasks/setup_uninstall.yml index 7dd944591..5fe145fc3 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-prometheus/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-prometheus service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-prometheus.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" register: matrix_prometheus_service_stat - name: Ensure matrix-prometheus is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-prometheus.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-prometheus.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus.service" state: absent when: "matrix_prometheus_service_stat.stat.exists | bool" diff --git a/roles/matrix-prometheus/tasks/validate_config.yml b/roles/custom/matrix-prometheus/tasks/validate_config.yml similarity index 100% rename from roles/matrix-prometheus/tasks/validate_config.yml rename to roles/custom/matrix-prometheus/tasks/validate_config.yml diff --git a/roles/matrix-prometheus/templates/prometheus.yml.j2 b/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 similarity index 87% rename from roles/matrix-prometheus/templates/prometheus.yml.j2 rename to roles/custom/matrix-prometheus/templates/prometheus.yml.j2 index f3262f485..83ae8a9a1 100644 --- a/roles/matrix-prometheus/templates/prometheus.yml.j2 +++ b/roles/custom/matrix-prometheus/templates/prometheus.yml.j2 @@ -32,16 +32,17 @@ scrape_configs: static_configs: - targets: {{ matrix_prometheus_scraper_synapse_targets|to_json }} labels: - instance: {{ matrix_domain }} + instance: {{ matrix_domain | to_json }} job: master index: 0 {% for worker in matrix_prometheus_scraper_synapse_workers_enabled_list %} {% if worker.metrics_port != 0 %} - - targets: ['matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}'] + - targets: ['{{ worker.name }}:{{ worker.metrics_port }}'] labels: - instance: {{ matrix_domain }} - job: {{ worker.type }} - index: {{ worker.instanceId }} + instance: {{ matrix_domain | to_json }} + worker_id: {{ worker.id | to_json }} + job: {{ worker.type | to_json }} + app: {{ worker.app | to_json }} {% endif %} {% endfor %} {% endif %} diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 similarity index 55% rename from roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 rename to roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index 56e13c134..584557344 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/custom/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -12,12 +12,12 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% endfor %} {{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus diff --git a/roles/matrix-redis/defaults/main.yml b/roles/custom/matrix-redis/defaults/main.yml similarity index 100% rename from roles/matrix-redis/defaults/main.yml rename to roles/custom/matrix-redis/defaults/main.yml diff --git a/roles/matrix-redis/tasks/init.yml b/roles/custom/matrix-redis/tasks/init.yml similarity index 100% rename from roles/matrix-redis/tasks/init.yml rename to roles/custom/matrix-redis/tasks/init.yml diff --git a/roles/matrix-redis/tasks/main.yml b/roles/custom/matrix-redis/tasks/main.yml similarity index 100% rename from roles/matrix-redis/tasks/main.yml rename to roles/custom/matrix-redis/tasks/main.yml diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/custom/matrix-redis/tasks/setup_redis.yml similarity index 90% rename from roles/matrix-redis/tasks/setup_redis.yml rename to roles/custom/matrix-redis/tasks/setup_redis.yml index 7dd7ea9f2..b1b4c0b5c 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/custom/matrix-redis/tasks/setup_redis.yml @@ -5,15 +5,15 @@ # - name: Ensure redis Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_redis_docker_image_to_use }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" when: matrix_redis_enabled | bool register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure redis paths exist @@ -52,7 +52,7 @@ - name: Ensure matrix-redis.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-redis.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-redis.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" mode: 0644 register: matrix_redis_systemd_service_result when: matrix_redis_enabled | bool @@ -68,7 +68,7 @@ - name: Check existence of matrix-redis service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-redis.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" register: matrix_redis_service_stat when: "not matrix_redis_enabled | bool" @@ -82,7 +82,7 @@ - name: Ensure matrix-redis.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-redis.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-redis.service" state: absent when: "not matrix_redis_enabled | bool and matrix_redis_service_stat.stat.exists" diff --git a/roles/matrix-redis/templates/redis.conf.j2 b/roles/custom/matrix-redis/templates/redis.conf.j2 similarity index 100% rename from roles/matrix-redis/templates/redis.conf.j2 rename to roles/custom/matrix-redis/templates/redis.conf.j2 diff --git a/roles/matrix-redis/templates/systemd/matrix-redis.service.j2 b/roles/custom/matrix-redis/templates/systemd/matrix-redis.service.j2 similarity index 100% rename from roles/matrix-redis/templates/systemd/matrix-redis.service.j2 rename to roles/custom/matrix-redis/templates/systemd/matrix-redis.service.j2 diff --git a/roles/matrix-registration/defaults/main.yml b/roles/custom/matrix-registration/defaults/main.yml similarity index 100% rename from roles/matrix-registration/defaults/main.yml rename to roles/custom/matrix-registration/defaults/main.yml diff --git a/roles/matrix-registration/tasks/generate_token.yml b/roles/custom/matrix-registration/tasks/generate_token.yml similarity index 89% rename from roles/matrix-registration/tasks/generate_token.yml rename to roles/custom/matrix-registration/tasks/generate_token.yml index c910bf63b..aa2b0111f 100644 --- a/roles/matrix-registration/tasks/generate_token.yml +++ b/roles/custom/matrix-registration/tasks/generate_token.yml @@ -41,11 +41,11 @@ {{ matrix_registration_api_result.json }} check_mode: false -- name: Inject result message into matrix_playbook_runtime_results +- name: Inject result message into devture_playbook_runtime_messages_list ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [matrix_registration_api_result_message] }} diff --git a/roles/matrix-registration/tasks/init.yml b/roles/custom/matrix-registration/tasks/init.yml similarity index 98% rename from roles/matrix-registration/tasks/init.yml rename to roles/custom/matrix-registration/tasks/init.yml index 922db0f71..2b43dffdf 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/custom/matrix-registration/tasks/init.yml @@ -10,7 +10,10 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}" when: matrix_registration_enabled | bool -- block: +- when: matrix_registration_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -54,9 +57,6 @@ + [matrix_registration_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_registration_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-registration/tasks/list_tokens.yml b/roles/custom/matrix-registration/tasks/list_tokens.yml similarity index 81% rename from roles/matrix-registration/tasks/list_tokens.yml rename to roles/custom/matrix-registration/tasks/list_tokens.yml index 4bcd14605..1001c4fa2 100644 --- a/roles/matrix-registration/tasks/list_tokens.yml +++ b/roles/custom/matrix-registration/tasks/list_tokens.yml @@ -20,11 +20,11 @@ {{ matrix_registration_api_result.json | to_nice_json }} check_mode: false -- name: Inject result message into matrix_playbook_runtime_results +- name: Inject result message into devture_playbook_runtime_messages_list ansible.builtin.set_fact: - matrix_playbook_runtime_results: | + devture_playbook_runtime_messages_list: | {{ - matrix_playbook_runtime_results | default([]) + devture_playbook_runtime_messages_list | default([]) + [matrix_registration_api_result_message] }} diff --git a/roles/matrix-registration/tasks/main.yml b/roles/custom/matrix-registration/tasks/main.yml similarity index 100% rename from roles/matrix-registration/tasks/main.yml rename to roles/custom/matrix-registration/tasks/main.yml diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml similarity index 91% rename from roles/matrix-registration/tasks/setup_install.yml rename to roles/custom/matrix-registration/tasks/setup_install.yml index d3048337d..04b2db3ef 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/custom/matrix-registration/tasks/setup_install.yml @@ -3,13 +3,15 @@ - ansible.builtin.set_fact: matrix_registration_requires_restart: false -- block: +- when: "matrix_registration_database_engine == 'postgres'" + block: - name: Check if an SQLite database already exists ansible.builtin.stat: path: "{{ matrix_registration_sqlite_database_path_local }}" register: matrix_registration_sqlite_database_path_local_stat_result - - block: + - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool" + block: - ansible.builtin.set_fact: matrix_postgres_db_migration_request: src: "{{ matrix_registration_sqlite_database_path_local }}" @@ -25,13 +27,11 @@ additional_psql_statements_db_name: "{{ matrix_registration_database_name }}" - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: matrix_registration_requires_restart: true - when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_registration_database_engine == 'postgres'" - name: Ensure matrix-registration paths exist ansible.builtin.file: @@ -48,15 +48,15 @@ when: "item.when | bool" - name: Ensure matrix-registration image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_registration_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" when: "not matrix_registration_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-registration repository is present when self-building @@ -79,7 +79,7 @@ when: "matrix_registration_container_image_self_build | bool and matrix_registration_container_image_self_build_python_dependencies_patch_enabled | bool" - name: Ensure matrix-registration Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_registration_docker_image }}" source: build force_source: "{{ matrix_registration_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -101,7 +101,7 @@ - name: Ensure matrix-registration.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-registration.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" mode: 0644 register: matrix_registration_systemd_service_result diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/custom/matrix-registration/tasks/setup_uninstall.yml similarity index 80% rename from roles/matrix-registration/tasks/setup_uninstall.yml rename to roles/custom/matrix-registration/tasks/setup_uninstall.yml index e3d713dc5..623db421e 100644 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-registration/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-registration service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-registration.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" register: matrix_registration_service_stat - name: Ensure matrix-registration is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-registration.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-registration.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-registration.service" state: absent when: "matrix_registration_service_stat.stat.exists | bool" @@ -26,6 +26,6 @@ when: "matrix_registration_service_stat.stat.exists | bool" - name: Ensure matrix-registration Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_registration_docker_image }}" state: absent diff --git a/roles/matrix-registration/tasks/validate_config.yml b/roles/custom/matrix-registration/tasks/validate_config.yml similarity index 100% rename from roles/matrix-registration/tasks/validate_config.yml rename to roles/custom/matrix-registration/tasks/validate_config.yml diff --git a/roles/matrix-registration/templates/config.yaml.j2 b/roles/custom/matrix-registration/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-registration/templates/config.yaml.j2 rename to roles/custom/matrix-registration/templates/config.yaml.j2 diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 similarity index 55% rename from roles/matrix-registration/templates/systemd/matrix-registration.service.j2 rename to roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 index 8acbd3a57..f51d9fb95 100644 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/custom/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-registration \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ {{ matrix_registration_docker_image }} \ serve -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-registration 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-registration diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/custom/matrix-sygnal/defaults/main.yml similarity index 100% rename from roles/matrix-sygnal/defaults/main.yml rename to roles/custom/matrix-sygnal/defaults/main.yml diff --git a/roles/matrix-sygnal/tasks/init.yml b/roles/custom/matrix-sygnal/tasks/init.yml similarity index 100% rename from roles/matrix-sygnal/tasks/init.yml rename to roles/custom/matrix-sygnal/tasks/init.yml diff --git a/roles/matrix-sygnal/tasks/main.yml b/roles/custom/matrix-sygnal/tasks/main.yml similarity index 100% rename from roles/matrix-sygnal/tasks/main.yml rename to roles/custom/matrix-sygnal/tasks/main.yml diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/custom/matrix-sygnal/tasks/setup_install.yml similarity index 86% rename from roles/matrix-sygnal/tasks/setup_install.yml rename to roles/custom/matrix-sygnal/tasks/setup_install.yml index 8f5f69377..27424314f 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/custom/matrix-sygnal/tasks/setup_install.yml @@ -1,14 +1,14 @@ --- - name: Ensure Sygnal image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_sygnal_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Sygnal paths exists @@ -34,7 +34,7 @@ - name: Ensure matrix-sygnal.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-sygnal.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-sygnal.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" mode: 0644 register: matrix_sygnal_systemd_service_result diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml similarity index 82% rename from roles/matrix-sygnal/tasks/setup_uninstall.yml rename to roles/custom/matrix-sygnal/tasks/setup_uninstall.yml index eff4a74b8..e398f7a99 100644 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-sygnal/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-sygnal service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-sygnal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" register: matrix_sygnal_service_stat - name: Ensure matrix-sygnal is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-sygnal.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-sygnal.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-sygnal.service" state: absent when: "matrix_sygnal_service_stat.stat.exists | bool" @@ -31,6 +31,6 @@ state: absent - name: Ensure Sygnal Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_sygnal_docker_image }}" state: absent diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/custom/matrix-sygnal/tasks/validate_config.yml similarity index 71% rename from roles/matrix-sygnal/tasks/validate_config.yml rename to roles/custom/matrix-sygnal/tasks/validate_config.yml index b2c380109..277bd1b2a 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/custom/matrix-sygnal/tasks/validate_config.yml @@ -4,4 +4,4 @@ ansible.builtin.fail: msg: >- Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps` - when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0" + when: "matrix_sygnal_enabled and matrix_sygnal_apps | length == 0" diff --git a/roles/matrix-sygnal/templates/sygnal.yaml.j2 b/roles/custom/matrix-sygnal/templates/sygnal.yaml.j2 similarity index 100% rename from roles/matrix-sygnal/templates/sygnal.yaml.j2 rename to roles/custom/matrix-sygnal/templates/sygnal.yaml.j2 diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 similarity index 55% rename from roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 rename to roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index ae7e889db..646314dfb 100644 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/custom/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-sygnal \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ {% endfor %} {{ matrix_sygnal_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-sygnal diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml similarity index 100% rename from roles/matrix-synapse-admin/defaults/main.yml rename to roles/custom/matrix-synapse-admin/defaults/main.yml diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/custom/matrix-synapse-admin/tasks/init.yml similarity index 98% rename from roles/matrix-synapse-admin/tasks/init.yml rename to roles/custom/matrix-synapse-admin/tasks/init.yml index f934eced2..c2b2d05f2 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/custom/matrix-synapse-admin/tasks/init.yml @@ -10,7 +10,10 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}" when: matrix_synapse_admin_enabled | bool -- block: +- when: matrix_synapse_admin_enabled | bool + tags: + - always + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -45,9 +48,6 @@ + [matrix_synapse_admin_matrix_nginx_proxy_configuration] }} - tags: - - always - when: matrix_synapse_admin_enabled | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-synapse-admin/tasks/main.yml b/roles/custom/matrix-synapse-admin/tasks/main.yml similarity index 100% rename from roles/matrix-synapse-admin/tasks/main.yml rename to roles/custom/matrix-synapse-admin/tasks/main.yml diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/custom/matrix-synapse-admin/tasks/setup.yml similarity index 87% rename from roles/matrix-synapse-admin/tasks/setup.yml rename to roles/custom/matrix-synapse-admin/tasks/setup.yml index 660212724..56cee4987 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/custom/matrix-synapse-admin/tasks/setup.yml @@ -5,15 +5,15 @@ # - name: Ensure matrix-synapse-admin image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_admin_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" when: "matrix_synapse_admin_enabled | bool and not matrix_synapse_admin_container_image_self_build | bool" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure matrix-synapse-admin repository is present when self-building @@ -28,7 +28,7 @@ when: "matrix_synapse_admin_enabled | bool and matrix_synapse_admin_container_image_self_build | bool" - name: Ensure matrix-synapse-admin Docker image is built - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_admin_docker_image }}" source: build force_source: "{{ matrix_synapse_admin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" @@ -42,7 +42,7 @@ - name: Ensure matrix-synapse-admin.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-synapse-admin.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" mode: 0644 register: matrix_synapse_admin_systemd_service_result when: matrix_synapse_admin_enabled | bool @@ -58,7 +58,7 @@ - name: Check existence of matrix-synapse-admin service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" register: matrix_synapse_admin_service_stat - name: Ensure matrix-synapse-admin is stopped @@ -72,7 +72,7 @@ - name: Ensure matrix-synapse-admin.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-synapse-admin.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse-admin.service" state: absent when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" @@ -82,7 +82,7 @@ when: "not matrix_synapse_admin_enabled | bool and matrix_synapse_admin_service_stat.stat.exists" - name: Ensure matrix-synapse-admin Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_admin_docker_image }}" state: absent when: "not matrix_synapse_admin_enabled | bool" diff --git a/roles/matrix-synapse-admin/tasks/validate_config.yml b/roles/custom/matrix-synapse-admin/tasks/validate_config.yml similarity index 100% rename from roles/matrix-synapse-admin/tasks/validate_config.yml rename to roles/custom/matrix-synapse-admin/tasks/validate_config.yml diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 similarity index 52% rename from roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 rename to roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index 6ed9eaae0..9bae6e03f 100644 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -12,11 +12,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-synapse-admin \ --log-driver=none \ --cap-drop=ALL \ --cap-add=CHOWN \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin {% endfor %} {{ matrix_synapse_admin_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse-admin diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml similarity index 60% rename from roles/matrix-synapse/defaults/main.yml rename to roles/custom/matrix-synapse/defaults/main.yml index 6d204b174..54351256a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -7,18 +7,55 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/synapse.git" +# matrix_synapse_container_image_customizations_enabled controls whether a customized Synapse image will be built. +# +# We toggle this variable to `true` when certain features which require a custom build are enabled. +# Feel free to toggle this to `true` yourself and specify build steps in `matrix_synapse_container_image_customizations_dockerfile_body_custom`. +# +# See: +# - `roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2` +# - `matrix_synapse_container_image_customizations_dockerfile_body_custom` +# - `matrix_synapse_docker_image_customized` +# - `matrix_synapse_docker_image_final` +matrix_synapse_container_image_customizations_enabled: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}" + +# Controls whether custom build steps will be added to the Dockerfile for installing s3-storage-provider. +# The version that will be installed is specified in `matrix_synapse_ext_synapse_s3_storage_provider_version`. +matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}" + +# matrix_synapse_container_image_customizations_dockerfile_body contains your custom Dockerfile steps +# for building your customized Synapse image based on the original (upstream) image (`matrix_synapse_docker_image`). +# A `FROM ...` clause is included automatically so you don't have to. +# +# Example: +# matrix_synapse_container_image_customizations_dockerfile_body_custom: | +# RUN echo 'This is a custom step for building the customized Docker image for Synapse.' +# RUN echo 'You can override matrix_synapse_container_image_customizations_dockerfile_body_custom to add your own steps.' +# RUN echo 'You do NOT need to include a FROM clause yourself.' +matrix_synapse_container_image_customizations_dockerfile_body_custom: '' + matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.65.0 +matrix_synapse_version: v1.71.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" +# matrix_synapse_docker_image_customized is the name of the locally built Synapse image +# which adds various customizations on top of the original (upstream) Synapse image. +# This image will be based on the upstream `matrix_synapse_docker_image` image, only if `matrix_synapse_container_image_customizations_enabled: true`. +matrix_synapse_docker_image_customized: "localhost/matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}-customized" + +# matrix_synapse_docker_image_final holds the name of the Synapse image to run depending on whether or not customizations are enabled. +matrix_synapse_docker_image_final: "{{ matrix_synapse_docker_image_customized if matrix_synapse_container_image_customizations_enabled else matrix_synapse_docker_image }} " + matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src" +matrix_synapse_customized_docker_src_files_path: "{{ matrix_synapse_base_path }}/customized-docker-src" matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" +matrix_synapse_ext_s3_storage_provider_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider" matrix_synapse_container_client_api_port: 8008 @@ -148,22 +185,22 @@ matrix_synapse_rc_admin_redaction: matrix_synapse_rc_joins: local: per_second: 0.1 - burst_count: 3 + burst_count: 10 remote: per_second: 0.01 - burst_count: 3 + burst_count: 10 matrix_synapse_rc_invites: per_room: - per_second: 0.5 - burst_count: 5 + per_second: 0.3 + burst_count: 10 per_user: - per_second: 0.004 - burst_count: 3 - per_issuer: - per_second: 0.5 + per_second: 0.003 burst_count: 5 + per_issuer: + per_second: 0.3 + burst_count: 10 matrix_synapse_rc_federation: @@ -257,10 +294,6 @@ matrix_synapse_registrations_require_3pid: [] # pattern: '\+44' matrix_synapse_allowed_local_3pids: [] -# The server to use for email threepid validation. When empty, Synapse does it by itself. -# Otherwise, this should be pointed to an identity server. -matrix_synapse_account_threepid_delegates_email: '' - # The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it. # To make it work, this should be pointed to an identity server. matrix_synapse_account_threepid_delegates_msisdn: '' @@ -369,6 +402,11 @@ matrix_url_preview_accept_language: ['en-US', 'en'] matrix_synapse_metrics_enabled: false matrix_synapse_metrics_port: 9100 +# matrix_synapse_grafana_dashboard_urls contains a list of URLs with Grafana dashboard definitions. +# If the Grafana role is enabled, these dashboards will be downloaded. +matrix_synapse_grafana_dashboard_urls: + - https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json + # Controls whether Synapse metrics should be proxied (exposed) on: # - `matrix.DOMAIN/metrics/synapse/main-process` for the main process # - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process @@ -398,23 +436,31 @@ matrix_synapse_workers_presets: little-federation-helper: generic_workers_count: 0 pusher_workers_count: 0 - appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 0 + appservice_workers_count: 0 user_dir_workers_count: 0 - frontend_proxy_workers_count: 0 + background_workers_count: 0 + stream_writer_events_stream_workers_count: 0 + stream_writer_typing_stream_workers_count: 0 + stream_writer_to_device_stream_workers_count: 0 + stream_writer_account_data_stream_workers_count: 0 + stream_writer_receipts_stream_workers_count: 0 + stream_writer_presence_stream_workers_count: 0 one-of-each: generic_workers_count: 1 pusher_workers_count: 1 - # appservice workers are deprecated since Synapse v1.59. This will be removed. - appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 1 - # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. - # user_dir workers are deprecated since Synapse v1.59. This will be removed. - # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types - user_dir_workers_count: 0 - frontend_proxy_workers_count: 1 + appservice_workers_count: 1 + user_dir_workers_count: 1 + background_workers_count: 1 + stream_writer_events_stream_workers_count: 1 + stream_writer_typing_stream_workers_count: 1 + stream_writer_to_device_stream_workers_count: 1 + stream_writer_account_data_stream_workers_count: 1 + stream_writer_receipts_stream_workers_count: 1 + stream_writer_presence_stream_workers_count: 1 # Controls whether the matrix-synapse container exposes the various worker ports # (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container. @@ -427,38 +473,144 @@ matrix_synapse_workers_generic_workers_count: "{{ matrix_synapse_workers_presets matrix_synapse_workers_generic_workers_port_range_start: 18111 matrix_synapse_workers_generic_workers_metrics_range_start: 19111 -# matrix_synapse_workers_pusher_workers_count can only be 0 or 1 for now. -# More instances are not supported due to a playbook limitation having to do with keeping `pusher_instances` in `homeserver.yaml` updated. -# See https://github.com/matrix-org/synapse/commit/ddfdf945064925eba761ae3748e38f3a1c73c328 +# matrix_synapse_workers_stream_writer_events_stream_workers_count controls how many stream writers that handle the `events` stream to spawn. +# More than 1 worker is also supported of this type. +matrix_synapse_workers_stream_writer_events_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_events_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_typing_stream_workers_count controls how many stream writers that handle the `typing` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_typing_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_typing_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_to_device_stream_workers_count controls how many stream writers that handle the `to_device` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_to_device_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_to_device_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_account_data_stream_workers_count controls how many stream writers that handle the `account_data` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_account_data_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_account_data_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_receipts_stream_workers_count controls how many stream writers that handle the `receipts` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_receipts_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_receipts_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_presence_stream_workers_count controls how many stream writers that handle the `presence` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_presence_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_presence_stream_workers_count'] }}" + +# A list of stream writer workers to enable. This list is built automatically based on other variables. +# You're encouraged to enable/disable stream writer workers by setting `matrix_synapse_workers_stream_writer_*_stream_workers_count` variables, instead of adjusting this list manually. +matrix_synapse_workers_stream_writers: | + {{ + [] + + + ([{'stream': 'events'}] * matrix_synapse_workers_stream_writer_events_stream_workers_count | int) + + + ([{'stream': 'typing'}] * matrix_synapse_workers_stream_writer_typing_stream_workers_count | int) + + + ([{'stream': 'to_device'}] * matrix_synapse_workers_stream_writer_to_device_stream_workers_count | int) + + + ([{'stream': 'account_data'}] * matrix_synapse_workers_stream_writer_account_data_stream_workers_count | int) + + + ([{'stream': 'receipts'}] * matrix_synapse_workers_stream_writer_receipts_stream_workers_count | int) + + + ([{'stream': 'presence'}] * matrix_synapse_workers_stream_writer_presence_stream_workers_count | int) + }} + +# matrix_synapse_stream_writers populates the `stream_writers` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_stream_writers`. +# Adjusting this value manually is generally not necessary. +# +# It's tempting to initialize this like this: +# matrix_synapse_stream_writers: +# - typing: [] +# - events: [] +# - to_device: [] +# - account_data: [] +# - receipts: [] +# - presence: [] +# .. but Synapse does not like empty lists (see https://github.com/matrix-org/synapse/issues/13804) +matrix_synapse_stream_writers: {} + +# `matrix_synapse_workers_stream_writer_workers_` variables control the port numbers of various stream writer workers +# defined in `matrix_synapse_workers_stream_writers`. +# It should be noted that not all of the background worker types will need to expose HTTP services, etc. +matrix_synapse_workers_stream_writer_workers_http_port_range_start: 20011 +matrix_synapse_workers_stream_writer_workers_replication_port_range_start: 25011 +matrix_synapse_workers_stream_writer_workers_metrics_range_start: 19211 + +# matrix_synapse_workers_pusher_workers_count controls the number of pusher workers (workers who push out notifications) to spawn. +# See https://matrix-org.github.io/synapse/latest/workers.html#synapseapppusher matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['pusher_workers_count'] }}" matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 -# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. -# appservice workers are deprecated since Synapse v1.59. This will be removed. -# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types -matrix_synapse_workers_appservice_workers_count: 0 -matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 +# matrix_synapse_federation_pusher_instances populates the `pusher_instances` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_pusher_workers_count` or `matrix_synapse_workers_enabled_list`. +# Adjusting this value manually is generally not necessary. +matrix_synapse_federation_pusher_instances: [] -# matrix_synapse_workers_federation_sender_workers_count can only be 0 or 1 for now. -# More instances are not supported due to a playbook limitation having to do with keeping `federation_sender_instances` in `homeserver.yaml` updated. -# See https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfederation_sender +# matrix_synapse_start_pushers controls if the main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`). +# This is enabled if workers are disabled, or if they are enabled, but there are no pusher workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length == 0) }}" + +# matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn. +# See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}" matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 +# matrix_synapse_federation_sender_instances populates the `federation_sender_instances` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_federation_sender_workers_count` or `matrix_synapse_workers_enabled_list`. +# Adjusting this value manually is generally not necessary. +matrix_synapse_federation_sender_instances: [] + +# matrix_synapse_send_federation controls if the main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`). +# This is allowed if workers are disabled, or they are enabled, but there are no federation sender workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length == 0) }}" + matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}" matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 -# Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. -# user_dir workers are deprecated since Synapse v1.59. This will be removed. -# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types -matrix_synapse_workers_user_dir_workers_count: 0 +# matrix_synapse_enable_media_repo controls if the main Synapse process should serve media repository endpoints or if it should be left to media_repository workers (see `matrix_synapse_workers_media_repository_workers_count`). +# This is enabled if workers are disabled, or if they are enabled, but there are no media repository workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length == 0) }}" + +# matrix_synapse_media_instance_running_background_jobs populates the `media_instance_running_background_jobs` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `media_instance_running_background_jobs` is meant to point to a single media-repository worker, which is dedicated to running background tasks that maintain the media repository. +# Multiple `media_repository` workers may be enabled. We always pick the first one as the background tasks worker. +matrix_synapse_media_instance_running_background_jobs: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) else '' }}" + +# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. +# appservice workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). +# Our implementation uses generic worker services and assigns them to perform appservice work using the `notify_appservices_from_worker` Synapse option. +matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}" +matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 + +# matrix_synapse_notify_appservices_from_worker populates the `notify_appservices_from_worker` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `notify_appservices_from_worker` is meant to point to a worker, which is dedicated to sending output traffic to Application Services. +matrix_synapse_notify_appservices_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list | length > 0) else '' }}" + +# matrix_synapse_workers_user_dir_workers_count can only be 0 or 1. More instances are not supported. +# user_dir workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). +# Our implementation uses generic worker services and assigns them to perform appservice work using the `update_user_directory_from_worker` Synapse option. +matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}" matrix_synapse_workers_user_dir_workers_port_range_start: 18661 matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 -matrix_synapse_workers_frontend_proxy_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['frontend_proxy_workers_count'] }}" -matrix_synapse_workers_frontend_proxy_workers_port_range_start: 18771 -matrix_synapse_workers_frontend_proxy_workers_metrics_range_start: 19771 +# matrix_synapse_update_user_directory_from_worker populates the `update_user_directory_from_worker` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `update_user_directory_from_worker` is meant to point to a worker, which is dedicated to updating the user directory and servicing some user directory URL endpoints (`matrix_synapse_workers_user_dir_worker_client_server_endpoints`). +matrix_synapse_update_user_directory_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list | length > 0) else '' }}" + +# matrix_synapse_workers_background_workers_count can only be 0 or 1. More instances are not supported. +# Our implementation uses a generic worker and assigns Synapse to perform background work on this worker using the `run_background_tasks_on` Synapse option. +matrix_synapse_workers_background_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['background_workers_count'] }}" +matrix_synapse_workers_background_workers_metrics_range_start: 19700 + +# matrix_synapse_run_background_tasks_on populates the `run_background_tasks_on` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `run_background_tasks_on` is meant to point to a worker, which is dedicated to processing background tasks. +matrix_synapse_run_background_tasks_on: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'background') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'background') | list | length > 0) else '' }}" # Default list of workers to spawn. # @@ -473,25 +625,36 @@ matrix_synapse_workers_frontend_proxy_workers_metrics_range_start: 19771 # as certain workers can only be spawned just once. # # Each worker instance in the list defines the following fields: -# - `type` - the type of worker (`generic_worker`, etc.) -# - `instanceId` - a string that identifies the worker. The combination of (`type` + `instanceId`) represents the name of the worker and must be unique. +# - `id` - a string that uniquely identifies the worker +# - `name` - a string that will be used as the container and systemd service name +# - `type` - the type of worker (`generic_worker`, `stream_writer`, `pusher`, etc.) +# - `app` - the Synapse app (https://matrix-org.github.io/synapse/latest/workers.html#available-worker-applications) that powers this worker (`generic_worker`, `federation_sender`, etc.). +# The `app` usually matches the `type`, but not always. For example, `type = stream_writer` workers are served by the `generic_worker` type. # - `port` - an HTTP port where the worker listens for requests (can be `0` for workers that don't do HTTP request processing) # - `metrics_port` - an HTTP port where the worker exports Prometheus metrics +# - `replication_port` - an HTTP port where the worker serves `replication` endpoints (used by stream writers, etc.) +# - `webserving` - tells whether this type of worker serves web (client or federation) requests, so that it can be injected as a dependency to the reverse-proxy # # Example of what this needs to look like, if you're defining it manually: # matrix_synapse_workers_enabled_list: -# - { type: generic_worker, instanceId: '18111', port: 18111, metrics_port: 19111 } -# - { type: generic_worker, instanceId: '18112', port: 18112, metrics_port: 19112 } -# - { type: generic_worker, instanceId: '18113', port: 18113, metrics_port: 19113 } -# - { type: generic_worker, instanceId: '18114', port: 18114, metrics_port: 19114 } -# - { type: generic_worker, instanceId: '18115', port: 18115, metrics_port: 19115 } -# - { type: generic_worker, instanceId: '18116', port: 18116, metrics_port: 19116 } -# - { type: pusher, instanceId: '0', port: 0, metrics_port: 19200 } -# - { type: appservice, instanceId: '0', port: 0, metrics_port: 19300 } -# - { type: federation_sender, instanceId: '0', port: 0, metrics_port: 19400 } -# - { type: media_repository, instanceId: '18551', port: 18551, metrics_port: 19551 } +# - { 'id': 'generic-worker-0', 'name': 'matrix-synapse-worker-generic-0', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18111, 'metrics_port': 19111, 'webserving': true } +# - { 'id': 'generic-worker-1', 'name': 'matrix-synapse-worker-generic-1', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18112, 'metrics_port': 19112, 'webserving': true } +# - { 'id': 'generic-worker-2', 'name': 'matrix-synapse-worker-generic-2', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18113, 'metrics_port': 19113, 'webserving': true } +# - { 'id': 'generic-worker-3', 'name': 'matrix-synapse-worker-generic-3', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18114, 'metrics_port': 19114, 'webserving': true } +# - { 'id': 'generic-worker-4', 'name': 'matrix-synapse-worker-generic-4', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18115, 'metrics_port': 19115, 'webserving': true } +# - { 'id': 'generic-worker-5', 'name': 'matrix-synapse-worker-generic-5', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18116, 'metrics_port': 19116, 'webserving': true } +# - { 'id': 'stream-writer-0-events', 'name': 'matrix-synapse-worker-stream-writer-0-events', 'type': 'stream_writer', 'app': 'generic_worker', 'stream_writer_stream': 'events', 'port': 0, 'replication_port': 25011, metrics_port: 19111, 'webserving': false } +# - { 'id': 'stream-writer-1-typing', 'name': 'matrix-synapse-worker-stream-writer-1-typing', 'type': 'stream_writer', 'app': 'generic_worker', 'stream_writer_stream': 'typing', 'port': 20012, 'replication_port': 25012, metrics_port: 19112, 'webserving': true } +# - { 'id': 'pusher-0', 'name': 'matrix-synapse-worker-pusher-0', 'type': 'pusher', 'app': 'pusher', 'port': 0, 'metrics_port': 19200, 'webserving': false } +# - { 'id': 'appservice-0', 'name': 'matrix-synapse-worker-appservice-0', 'type': 'appservice', 'port': 0, 'metrics_port': 19300, 'webserving': false } +# - { 'id': 'federation-sender-0', 'name': 'matrix-synapse-worker-federation-sender-0', 'type': 'federation_sender', 'port': 0, 'metrics_port': 19400, 'webserving': false } +# - { 'id': 'media-repository-0', 'name': 'matrix-synapse-worker-media-repository-0', 'type': 'media_repository', 'port': 18551, 'metrics_port': 19551, 'webserving': true } matrix_synapse_workers_enabled_list: [] +# matrix_synapse_instance_map holds the instance map used for mapping worker names (for certain generic workers only!) to where they live (host, port which handles replication traffic). +# This is populated automatically based on `matrix_synapse_workers_enabled_list` during runtime, so you're not required to tweak it manually. +matrix_synapse_instance_map: {} + # Redis information matrix_synapse_redis_enabled: false matrix_synapse_redis_host: "" @@ -628,6 +791,32 @@ matrix_synapse_ext_encryption_config_yaml: | patch_power_levels: {{ matrix_synapse_ext_encryption_disabler_patch_power_levels | to_json }} +# matrix_synapse_ext_synapse_s3_storage_provider_enabled controls whether to enable https://github.com/matrix-org/synapse-s3-storage-provider +# Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`). +# Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider. +matrix_synapse_ext_synapse_s3_storage_provider_enabled: false +matrix_synapse_ext_synapse_s3_storage_provider_version: 1.1.2 +# Controls whether media from this (local) server is stored in s3-storage-provider +matrix_synapse_ext_synapse_s3_storage_provider_store_local: true +# Controls whether media from remote servers is stored in s3-storage-provider +matrix_synapse_ext_synapse_s3_storage_provider_store_remote: true +# Controls whether files are stored to S3 at the same time they are stored on the local filesystem. +# For slightly improved reliability, consider setting this to `true`. +# Even with asynchronous uploading to S3 (`false` value), data loss shouldn't be possible, +# because the local filesystem is a reliable data store anyway. +matrix_synapse_ext_synapse_s3_storage_provider_store_synchronous: false +matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD +matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size: 40 +# matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count is a day value (number) for the `s3_media_upload update-db` command. +# It specifies how old files need to have been inactive to be eligible for migration from the local filesystem to the S3 data store. +# By default, we use `0` which says "all files are eligible for migration". +matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0 + matrix_s3_media_store_enabled: false matrix_s3_media_store_custom_endpoint_enabled: false matrix_s3_goofys_docker_image: "ewoutp/goofys:latest" @@ -672,6 +861,30 @@ matrix_synapse_spam_checker: [] # Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime. matrix_synapse_modules: [] +# matrix_synapse_media_storage_providers contains the Synapse `media_storage_providers` configuration setting. +# To add your own custom `media_storage_providers`, use `matrix_synapse_media_storage_providers_custom`. +matrix_synapse_media_storage_providers: "{{ matrix_synapse_media_storage_providers_auto + matrix_synapse_media_storage_providers_custom }}" + +# matrix_synapse_media_storage_providers_auto contains a list of storage providers that are added by the playbook based on other configuration +matrix_synapse_media_storage_providers_auto: | + {{ + [] + + + [ + lookup('ansible.builtin.template', role_path + '/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2') | from_yaml + ] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [] + }} + +# matrix_synapse_media_storage_providers_custom contains your own custom list of storage providers. +# You're meant to define each custom module as valid keys and values, not as a YAML string that needs to be parsed. +# +# Example: +# matrix_synapse_media_storage_providers_custom: +# - module: module.SomeModule +# store_local: True +# # ... +matrix_synapse_media_storage_providers_custom: [] + matrix_synapse_encryption_enabled_by_default_for_room_type: "off" matrix_synapse_trusted_key_servers: diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/encryption-disabler/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml similarity index 90% rename from roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index 00cc1650c..6ba5946d9 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -9,8 +9,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml similarity index 73% rename from roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index 3869f1aa7..5d36a2348 100644 --- a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -1,28 +1,9 @@ --- -- name: Ensure git installed (RedHat) - ansible.builtin.yum: - name: - - git +- name: Ensure git installed + ansible.builtin.package: + name: git state: present - update_cache: false - when: "ansible_os_family == 'RedHat'" - -- name: Ensure git installed (Debian) - ansible.builtin.apt: - name: - - git - state: present - update_cache: false - when: "ansible_os_family == 'Debian'" - -- name: Ensure git installed (Archlinux) - pacman: - name: - - git - state: present - update_cache: false - when: "ansible_distribution == 'Archlinux'" - name: Clone mjolnir-antispam git repository ansible.builtin.git: diff --git a/roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/rest-auth/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml similarity index 91% rename from roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 489f11405..3c4d8cb5d 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -14,8 +14,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml new file mode 100644 index 000000000..008161cb1 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml @@ -0,0 +1,5 @@ +--- + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-s3-storage-provider-migrate.timer'] }}" + when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml new file mode 100644 index 000000000..aefa49fe4 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml @@ -0,0 +1,10 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml" + when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml" + when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml" + when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml new file mode 100644 index 000000000..684fb2c99 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml @@ -0,0 +1,52 @@ +--- + +# We install this into Synapse by making `matrix_synapse_ext_synapse_s3_storage_provider_enabled` influence other variables: +# - `matrix_synapse_media_storage_providers` (via `matrix_synapse_media_storage_providers_auto`) +# - `matrix_synapse_container_image_customizations_enabled` +# - `matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled` +# +# Below are additional tasks for setting up various helper scripts, etc. + +- name: Ensure s3-storage-provider env file installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2" + dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/env" + mode: 0640 + +- name: Ensure s3-storage-provider data path exists + ansible.builtin.file: + path: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure s3-storage-provider database.yaml file installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/database.yaml.j2" + dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data/database.yaml" + mode: 0640 + +- name: Ensure s3-storage-provider scripts installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/usr-local-bin/{{ item }}.j2" + dest: "{{ matrix_local_bin_path }}/{{ item }}" + mode: 0750 + with_items: + - matrix-synapse-s3-storage-provider-shell + - matrix-synapse-s3-storage-provider-migrate + +- name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer are installed + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/systemd/{{ item }}.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" + mode: 0640 + with_items: + - matrix-synapse-s3-storage-provider-migrate.service + - matrix-synapse-s3-storage-provider-migrate.timer + register: matrix_synapse_s3_storage_provider_systemd_service_result + +- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service installation + ansible.builtin.service: + daemon_reload: true + when: matrix_synapse_s3_storage_provider_systemd_service_result.changed | bool diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml new file mode 100644 index 000000000..a828070c9 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer don't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/{{ item }}" + state: absent + with_items: + - matrix-synapse-s3-storage-provider-migrate.timer + - matrix-synapse-s3-storage-provider-migrate.service + register: matrix_synapse_s3_storage_provider_migrate_sevice_removal + +- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service removal + ansible.builtin.service: + daemon_reload: true + when: matrix_synapse_s3_storage_provider_migrate_sevice_removal.changed | bool + +- name: Ensure s3-storage-provider files don't exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-shell" + - "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate" + - "{{ matrix_synapse_ext_s3_storage_provider_path }}" diff --git a/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml new file mode 100644 index 000000000..d71809fe5 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml @@ -0,0 +1,18 @@ +--- + +- name: Fail if required s3-storage-provider settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) for using s3-storage-provider. + when: "vars[item] == ''" + with_items: + - "matrix_synapse_ext_synapse_s3_storage_provider_config_bucket" + - "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name" + - "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id" + - "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key" + +- name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid + ansible.builtin.fail: + msg: >- + `matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url` needs to look like a URL (`http://` or `https://` prefix). + when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url != '' and not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')" diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/custom/matrix-synapse/tasks/ext/setup.yml similarity index 85% rename from roles/matrix-synapse/tasks/ext/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/setup.yml index d944f2574..6cf1afaa4 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/custom/matrix-synapse/tasks/ext/setup.yml @@ -11,3 +11,5 @@ - ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml" - ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup.yml" + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup.yml" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml similarity index 94% rename from roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index 055d671ac..6dead7360 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -19,8 +19,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" register: result - retries: "{{ matrix_geturl_retries_count }}" - delay: "{{ matrix_geturl_retries_delay }}" + retries: "{{ devture_playbook_help_geturl_retries_count }}" + delay: "{{ devture_playbook_help_geturl_retries_delay }}" until: result is not failed - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml rename to roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml similarity index 73% rename from roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml rename to roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 23a382f26..15fe220ab 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -3,31 +3,12 @@ - name: Fail if Synapse Simple Antispam blocked homeservers is not set ansible.builtin.fail: msg: "Synapse Simple Antispam is enabled, but no blocked homeservers have been set in matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers" - when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers|length == 0" + when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers | length == 0" -- name: Ensure git installed (RedHat) - ansible.builtin.yum: - name: - - git +- name: Ensure git installed + ansible.builtin.package: + name: git state: present - update_cache: false - when: "ansible_os_family == 'RedHat'" - -- name: Ensure git installed (Debian) - ansible.builtin.apt: - name: - - git - state: present - update_cache: false - when: "ansible_os_family == 'Debian'" - -- name: Ensure git installed (Archlinux) - pacman: - name: - - git - state: present - update_cache: false - when: "ansible_distribution == 'Archlinux'" - name: Clone synapse-simple-antispam git repository ansible.builtin.git: diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/goofys/setup.yml b/roles/custom/matrix-synapse/tasks/goofys/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/goofys/setup.yml rename to roles/custom/matrix-synapse/tasks/goofys/setup.yml diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml similarity index 84% rename from roles/matrix-synapse/tasks/goofys/setup_install.yml rename to roles/custom/matrix-synapse/tasks/goofys/setup_install.yml index e3c341502..7649beb4c 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,16 +1,18 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_fuse_installed.yml" +- ansible.builtin.import_role: + name: custom/matrix-base + tasks_from: ensure_fuse_installed - name: Ensure Goofys Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_s3_goofys_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_s3_goofys_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed # This will throw a Permission Denied error if already mounted @@ -39,7 +41,7 @@ - name: Ensure matrix-goofys.service installed ansible.builtin.template: src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-goofys.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" mode: 0644 register: matrix_goofys_systemd_service_result diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml similarity index 82% rename from roles/matrix-synapse/tasks/goofys/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml index da78003f5..ddfa5cf60 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-goofys service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-goofys.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" register: matrix_goofys_service_stat - name: Ensure matrix-goofys is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-goofys.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-goofys.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service" state: absent when: "matrix_goofys_service_stat.stat.exists" @@ -31,6 +31,6 @@ state: absent - name: Ensure Goofys Docker image doesn't exist - docker_image: + community.docker.docker_image: name: "{{ matrix_s3_goofys_docker_image }}" state: absent diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/custom/matrix-synapse/tasks/import_media_store.yml similarity index 99% rename from roles/matrix-synapse/tasks/import_media_store.yml rename to roles/custom/matrix-synapse/tasks/import_media_store.yml index 36ab9779b..bdd99ca4d 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/custom/matrix-synapse/tasks/import_media_store.yml @@ -51,7 +51,7 @@ # This can only work with local files, not if the media store is on Amazon S3, # as it won't be accessible in such a case. - name: Ensure provided media store directory is synchronized - synchronize: + ansible.posix.synchronize: src: "{{ server_path_media_store }}/" dest: "{{ matrix_synapse_media_store_path }}" delete: true diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/custom/matrix-synapse/tasks/init.yml similarity index 85% rename from roles/matrix-synapse/tasks/init.yml rename to roles/custom/matrix-synapse/tasks/init.yml index 77696bced..9146936a0 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/custom/matrix-synapse/tasks/init.yml @@ -8,15 +8,15 @@ # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # we'll generate it dynamically. -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" - when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list|length == 0" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" + when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}" when: matrix_synapse_enabled | bool -- name: Ensure systemd services for workers are injected - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml" +- name: Ensure workers are injected into various places + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml" with_items: "{{ matrix_synapse_workers_enabled_list }}" loop_control: loop_var: matrix_synapse_worker_details @@ -26,7 +26,11 @@ matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}" when: matrix_s3_media_store_enabled | bool -- block: +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/init.yml" + when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool + +- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool + block: - name: Fail if matrix-nginx-proxy role already executed ansible.builtin.fail: msg: >- @@ -65,15 +69,15 @@ matrix_synapse_worker_nginx_metrics_configuration_block: | {% for worker in matrix_synapse_workers_enabled_list %} {% if worker.metrics_port != 0 %} - location /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} { + location /metrics/synapse/worker/{{ worker.id }} { resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; + set $backend "{{ worker.name }}:{{ worker.metrics_port }}"; proxy_pass http://$backend/_synapse/metrics; proxy_set_header Host $host; } {% endif %} {% endfor %} - when: matrix_synapse_workers_enabled_list|length > 0 + when: matrix_synapse_workers_enabled_list | length > 0 - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) ansible.builtin.set_fact: @@ -83,5 +87,4 @@ + [matrix_synapse_worker_nginx_metrics_configuration_block] }} - when: matrix_synapse_workers_enabled_list|length > 0 - when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool + when: matrix_synapse_workers_enabled_list | length > 0 diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml similarity index 100% rename from roles/matrix-synapse/tasks/main.yml rename to roles/custom/matrix-synapse/tasks/main.yml diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/custom/matrix-synapse/tasks/register_user.yml similarity index 91% rename from roles/matrix-synapse/tasks/register_user.yml rename to roles/custom/matrix-synapse/tasks/register_user.yml index 8c344b2de..817484495 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/custom/matrix-synapse/tasks/register_user.yml @@ -28,6 +28,6 @@ when: "start_result.changed" - name: Register user - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}" register: matrix_synapse_register_user_result changed_when: matrix_synapse_register_user_result.rc == 0 diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml similarity index 74% rename from roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml rename to roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 221a75700..e5cf8e8ec 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -6,7 +6,7 @@ - name: Generate rust-synapse-compress-state room compression command ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_compress_room_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} @@ -21,14 +21,16 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_compress_room_command_result - changed_when: matrix_synapse_rust_synapse_compress_state_compress_room_command_result.rc == 0 + failed_when: not matrix_synapse_rust_synapse_compress_state_compress_room_command_result.finished or matrix_synapse_rust_synapse_compress_state_compress_room_command_result.rc != 0 + changed_when: matrix_synapse_rust_synapse_compress_state_compress_room_command_result.finished and matrix_synapse_rust_synapse_compress_state_compress_room_command_result.rc == 0 -- ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_compress_room_command_result" +- ansible.builtin.debug: + var: "matrix_synapse_rust_synapse_compress_state_compress_room_command_result" - name: Generate Postgres compression SQL import command ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_psql_import_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} @@ -44,7 +46,8 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_psql_import_command_result - changed_when: matrix_synapse_rust_synapse_compress_state_psql_import_command_result.rc == 0 + failed_when: not matrix_synapse_rust_synapse_compress_state_psql_import_command_result.finished + changed_when: matrix_synapse_rust_synapse_compress_state_psql_import_command_result.finished and matrix_synapse_rust_synapse_compress_state_psql_import_command_result.rc == 0 - name: Clean up ansible.builtin.file: diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml similarity index 89% rename from roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml rename to roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index fcea86064..17124e251 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -43,20 +43,20 @@ group: "{{ matrix_user_groupname }}" - name: Ensure rust-synapse-compress-state image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_rust_synapse_compress_state_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_rust_synapse_compress_state_docker_image_force_pull }}" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Generate rust-synapse-compress-state room find command ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_find_rooms_command: >- - {{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms + {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} @@ -70,6 +70,7 @@ async: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time }}" poll: 10 register: matrix_synapse_rust_synapse_compress_state_find_rooms_command_result + failed_when: not matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.finished changed_when: false # We expect the output to be like this: @@ -85,16 +86,18 @@ # # Row 3 contains a space when there's no result. -- block: - - ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" +- when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines | length != 4" + block: + - ansible.builtin.debug: + var: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result" - name: Fail if room find result is not what we expect ansible.builtin.fail: msg: >- Expecting 4 lines in the "find rooms" result. - when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4" -- block: +- when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '" + block: # matrix_synapse_rust_synapse_compress_state_eligible_rooms is a list # of dictionaries like this: {'room_id': '!some-id', 'count': 2461329} - ansible.builtin.set_fact: @@ -113,7 +116,6 @@ with_items: "{{ matrix_synapse_rust_synapse_compress_state_eligible_rooms }}" loop_control: loop_var: room_details - when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '" - name: Show notice about lack of rooms to compress ansible.builtin.debug: diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/custom/matrix-synapse/tasks/self_check_client_api.yml similarity index 100% rename from roles/matrix-synapse/tasks/self_check_client_api.yml rename to roles/custom/matrix-synapse/tasks/self_check_client_api.yml diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/custom/matrix-synapse/tasks/self_check_federation_api.yml similarity index 100% rename from roles/matrix-synapse/tasks/self_check_federation_api.yml rename to roles/custom/matrix-synapse/tasks/self_check_federation_api.yml diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/custom/matrix-synapse/tasks/setup_synapse.yml similarity index 79% rename from roles/matrix-synapse/tasks/setup_synapse.yml rename to roles/custom/matrix-synapse/tasks/setup_synapse.yml index d4e6ae95a..13a5819e1 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/custom/matrix-synapse/tasks/setup_synapse.yml @@ -11,6 +11,8 @@ - {path: "{{ matrix_synapse_config_dir_path }}", when: true} - {path: "{{ matrix_synapse_ext_path }}", when: true} - {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"} + - {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"} + - {path: "{{ matrix_synapse_ext_s3_storage_provider_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"} # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. diff --git a/roles/matrix-synapse/tasks/synapse/setup.yml b/roles/custom/matrix-synapse/tasks/synapse/setup.yml similarity index 100% rename from roles/matrix-synapse/tasks/synapse/setup.yml rename to roles/custom/matrix-synapse/tasks/synapse/setup.yml diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml similarity index 80% rename from roles/matrix-synapse/tasks/synapse/setup_install.yml rename to roles/custom/matrix-synapse/tasks/synapse/setup_install.yml index e4ec0f670..429179de4 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_install.yml @@ -18,7 +18,8 @@ group: "{{ matrix_user_groupname }}" when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists" -- block: +- when: "matrix_synapse_container_image_self_build | bool" + block: - name: Ensure Synapse repository is present on self-build ansible.builtin.git: repo: "{{ matrix_synapse_container_image_self_build_repo }}" @@ -30,7 +31,7 @@ register: matrix_synapse_git_pull_results - name: Check if Synapse Docker image exists - ansible.builtin.command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" + ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'" register: matrix_synapse_docker_image_check_result changed_when: false @@ -41,27 +42,45 @@ ansible.builtin.shell: chdir: "{{ matrix_synapse_docker_src_files_path }}" cmd: | - {{ matrix_host_command_docker }} build \ + {{ devture_systemd_docker_base_host_command_docker }} build \ -t "{{ matrix_synapse_docker_image }}" \ -f docker/Dockerfile \ . environment: DOCKER_BUILDKIT: 1 when: "matrix_synapse_git_pull_results.changed | bool or matrix_synapse_docker_image_check_result.stdout == ''" - when: "matrix_synapse_container_image_self_build | bool" - name: Ensure Synapse Docker image is pulled - docker_image: + community.docker.docker_image: name: "{{ matrix_synapse_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}" when: "not matrix_synapse_container_image_self_build" register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed +- when: "matrix_synapse_container_image_customizations_enabled | bool" + block: + - name: Ensure customizations Dockerfile is created + ansible.builtin.template: + src: "{{ role_path }}/templates/synapse/customizations/Dockerfile.j2" + dest: "{{ matrix_synapse_customized_docker_src_files_path }}/Dockerfile" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + + - name: Ensure customized Docker image for Synapse is built + community.docker.docker_image: + name: "{{ matrix_synapse_docker_image_customized }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_synapse_customized_docker_src_files_path }}" + pull: true + - name: Check if a Synapse signing key exists ansible.builtin.stat: path: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.key" @@ -106,7 +125,7 @@ - name: Ensure matrix-synapse.service installed ansible.builtin.template: src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-synapse.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" mode: 0644 register: matrix_synapse_systemd_service_result diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml similarity index 75% rename from roles/matrix-synapse/tasks/synapse/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml index 17b1b8c45..17fa8a4fa 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-synapse service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-synapse.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" register: matrix_synapse_service_stat - name: Ensure matrix-synapse is stopped @@ -16,7 +16,7 @@ - name: Ensure matrix-synapse.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-synapse.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service" state: absent when: "matrix_synapse_service_stat.stat.exists" @@ -26,9 +26,12 @@ when: "matrix_synapse_service_stat.stat.exists" - name: Ensure Synapse Docker image doesn't exist - docker_image: - name: "{{ matrix_synapse_docker_image }}" + community.docker.docker_image: + name: "{{ item }}" state: absent + with_items: + - "{{ matrix_synapse_docker_image_final }}" + - "{{ matrix_synapse_docker_image }}" - name: Ensure sample prometheus.yml for external scraping is deleted ansible.builtin.file: diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml new file mode 100644 index 000000000..d88884d09 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml @@ -0,0 +1,152 @@ +--- +# Below is a huge hack for dynamically building a list of workers and finally assigning it to `matrix_synapse_workers_enabled_list`. +# +# set_fact within a loop does not work reliably in Ansible (it only executes on the first iteration for some reason), +# so we're forced to do something much uglier. + +- name: Build generic workers + ansible.builtin.set_fact: + worker: + id: "generic-worker-{{ item }}" + name: "matrix-synapse-worker-generic-{{ item }}" + type: 'generic_worker' + app: 'generic_worker' + webserving: true + port: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" + metrics_port: "{{ matrix_synapse_workers_generic_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_generic_workers" + loop: "{{ range(0, matrix_synapse_workers_generic_workers_count | int) | list }}" + +- name: Build stream writer workers + ansible.builtin.set_fact: + worker: + id: "stream-writer-{{ idx }}-{{ item.stream }}" + # Names must not include understores. Certain stream writer streams (to_device, account_data, ..) do, so we fix them up. + name: "matrix-synapse-worker-stream-writer-{{ idx }}-{{ item.stream | replace('_', '-') }}" + type: 'stream_writer' + app: "generic_worker" + webserving: "{{ item.stream in matrix_synapse_workers_webserving_stream_writer_types }}" + stream_writer_stream: "{{ item.stream }}" + port: "{{ matrix_synapse_workers_stream_writer_workers_http_port_range_start + idx }}" + replication_port: "{{ matrix_synapse_workers_stream_writer_workers_replication_port_range_start + idx }}" + metrics_port: "{{ matrix_synapse_workers_stream_writer_workers_metrics_range_start + idx }}" + register: "matrix_synapse_workers_list_results_stream_writer_workers" + loop: "{{ matrix_synapse_workers_stream_writers }}" + loop_control: + index_var: idx + +- name: Populate matrix_synapse_stream_writers from enabled stream writer workers list + ansible.builtin.set_fact: + matrix_synapse_stream_writers: "{{ matrix_synapse_stream_writers | combine({item.ansible_facts.worker.stream_writer_stream: [item.ansible_facts.worker.name]}, list_merge='append') }}" + with_items: "{{ matrix_synapse_workers_list_results_stream_writer_workers.results }}" + +- name: Build federation sender workers + ansible.builtin.set_fact: + worker: + id: "federation-sender-{{ item }}" + name: "matrix-synapse-worker-federation-sender-{{ item }}" + type: 'federation_sender' + app: 'federation_sender' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_federation_sender_workers" + loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count | int) | list }}" + +- name: Populate matrix_synapse_federation_sender_instances from enabled federation sender workers list + ansible.builtin.set_fact: + matrix_synapse_federation_sender_instances: "{{ matrix_synapse_federation_sender_instances + [item.ansible_facts.worker.name] }}" + with_items: "{{ matrix_synapse_workers_list_results_federation_sender_workers.results }}" + +# This type of worker can only have a count of 1, at most +- name: Build pusher workers + ansible.builtin.set_fact: + worker: + id: "pusher-{{ item }}" + name: "matrix-synapse-worker-pusher-{{ item }}" + type: 'pusher' + app: 'pusher' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_pusher_workers" + loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count | int) | list }}" + +# This type of worker can only have a count of 1, at most +- name: Build appservice workers + ansible.builtin.set_fact: + worker: + id: "appservice-{{ item }}" + name: "matrix-synapse-worker-appservice-{{ item }}" + type: 'appservice' + app: 'generic_worker' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_appservice_workers" + loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count | int) | list }}" + +# This type of worker can only have a count of 1, at most +- name: Build user_dir workers + ansible.builtin.set_fact: + worker: + id: "user-dir-{{ item }}" + name: "matrix-synapse-worker-user-dir-{{ item }}" + type: 'user_dir' + app: 'generic_worker' + webserving: true + port: "{{ matrix_synapse_workers_user_dir_workers_port_range_start + item }}" + metrics_port: "{{ matrix_synapse_workers_user_dir_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_user_dir_workers" + loop: "{{ range(0, matrix_synapse_workers_user_dir_workers_count | int) | list }}" + +# This type of worker can only have a count of 1, at most +- name: Build background workers + ansible.builtin.set_fact: + worker: + id: "background-{{ item }}" + name: "matrix-synapse-worker-background-{{ item }}" + type: 'background' + app: 'generic_worker' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_background_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_background_workers" + loop: "{{ range(0, matrix_synapse_workers_background_workers_count | int) | list }}" + +- name: Build media_repository workers + ansible.builtin.set_fact: + worker: + id: "media-repository-{{ item }}" + name: "matrix-synapse-worker-media-repository-{{ item }}" + type: 'media_repository' + app: 'media_repository' + webserving: true + port: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" + metrics_port: "{{ matrix_synapse_workers_media_repository_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_media_repository_workers" + loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count | int) | list }}" + +- ansible.builtin.set_fact: + matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list | default([]) + [item.ansible_facts.worker] }}" + with_items: | + {{ + matrix_synapse_workers_list_results_generic_workers.results + + + matrix_synapse_workers_list_results_stream_writer_workers.results + + + matrix_synapse_workers_list_results_federation_sender_workers.results + + + matrix_synapse_workers_list_results_pusher_workers.results + + + matrix_synapse_workers_list_results_appservice_workers.results + + + matrix_synapse_workers_list_results_user_dir_workers.results + + + matrix_synapse_workers_list_results_media_repository_workers.results + + + matrix_synapse_workers_list_results_background_workers.results + }} + +- ansible.builtin.set_fact: + matrix_synapse_workers_enabled_list: "{{ matrix_synapse_dynamic_workers_list }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml similarity index 90% rename from roles/matrix-synapse/tasks/synapse/workers/setup.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml index 836d5a668..1458cc0a2 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup.yml @@ -4,7 +4,7 @@ # This is a temporary cleanup for people who ran that version. - name: Ensure old matrix-synapse.service.wants directory is gone ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-synapse.service.wants" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service.wants" state: absent # Same. This was part of a previous version of the worker setup. diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml similarity index 96% rename from roles/matrix-synapse/tasks/synapse/workers/setup_install.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml index c264805ae..74ca6c358 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_install.yml @@ -16,7 +16,7 @@ - name: Determine current worker systemd services ansible.builtin.find: - path: "{{ matrix_systemd_path }}" + path: "{{ devture_systemd_docker_base_systemd_path }}" patterns: "matrix-synapse-worker.*.service" use_regex: true register: matrix_synapse_workers_current_systemd_services diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml similarity index 95% rename from roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index 98c81a2e5..2b0d21df4 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -25,7 +25,7 @@ - name: Find worker systemd services to be cleaned ansible.builtin.find: - path: "{{ matrix_systemd_path }}" + path: "{{ devture_systemd_docker_base_systemd_path }}" patterns: "matrix-synapse-worker.*.service" use_regex: true register: matrix_synapse_workers_current_systemd_services diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml new file mode 100644 index 000000000..4542f19c1 --- /dev/null +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml @@ -0,0 +1,70 @@ +--- +# The tasks below run before `validate_config.yml`. +# To avoid failing with a cryptic error message, we'll do validation here. +# +# This check is mostly relevant to people who explicitly define `matrix_synapse_workers_enabled_list` +# (Synapse Workers users from the earlier days of this PR - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456). +# +# In the future, it should be possible to remove this check. +# Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right. +- name: Fail if required property not defined for worker + ansible.builtin.fail: + msg: "Synapse workers (like {{ matrix_synapse_worker_details | to_json }}) need to define a `{{ item }}` property" + with_items: + - id + - name + - type + - app + - port + - webserving + when: "item not in matrix_synapse_worker_details" + +# Names are used for container names and systemd services. +# Routing happens based on container names, so Synapse processes that try to route to workers with underscores in the name will complain. Example: +# > InvalidCodepoint Codepoint U+005F at position 46 of 'matrix-synapse-worker-stream-writer-3-account_data' not allowed +- name: Fail if worker name includes underscore + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `name`: `{{ matrix_synapse_worker_details.name }}`. It must not include underscores" + when: "'_' in matrix_synapse_worker_details.name" + +- name: Fail if worker type unknown + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `type`: `{{ matrix_synapse_worker_details.type }}`. Supported types are: {{ matrix_synapse_known_worker_types | join(', ') }}" + when: "matrix_synapse_worker_details.type not in matrix_synapse_known_worker_types" + +- name: Fail if worker app unknown + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `app`: `{{ matrix_synapse_worker_details.app }}`. Supported types are: {{ matrix_synapse_workers_avail_list | join(', ') }}" + when: "matrix_synapse_worker_details.app not in matrix_synapse_workers_avail_list" + +- when: "matrix_synapse_worker_details.type == 'stream_writer'" + block: + - name: Fail if stream_writer_stream not defined for stream_writer worker + ansible.builtin.fail: + msg: >- + Synapse stream_writer workers (such as {{ item }}) need to define a valid `stream_writer_stream` property + (not `{{ matrix_synapse_worker_details.stream_writer_stream | default('undefined') }}`). + Supported types are: {{ matrix_synapse_workers_known_stream_writer_stream_types | join(', ') }} + when: "'stream_writer_stream' not in matrix_synapse_worker_details or matrix_synapse_worker_details.stream_writer_stream not in matrix_synapse_workers_known_stream_writer_stream_types" + + - name: Fail if replication_port not defined for stream_writer worker + ansible.builtin.fail: + msg: "Synapse background workers of type stream_writer (such as {{ item }}) need to define a valid `replication_port` property" + when: "'replication_port' not in matrix_synapse_worker_details" + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" + +- ansible.builtin.set_fact: + matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" + when: matrix_synapse_worker_details.webserving | bool + +# Inject stream writers into the instance map. +- ansible.builtin.set_fact: + matrix_synapse_instance_map: "{{ matrix_synapse_instance_map | combine({matrix_synapse_worker_details.name: {'host': matrix_synapse_worker_details.name, 'port': matrix_synapse_worker_details.replication_port}}) }}" + when: matrix_synapse_worker_details.type in matrix_synapse_known_instance_map_eligible_worker_types + +# Inject pusher instances. +- ansible.builtin.set_fact: + matrix_synapse_federation_pusher_instances: "{{ matrix_synapse_federation_pusher_instances + [matrix_synapse_worker_details.name] }}" + when: matrix_synapse_worker_details.type == 'pusher' diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml similarity index 63% rename from roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml rename to roles/custom/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml index d6d4924fb..6910445e2 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml @@ -1,13 +1,9 @@ --- - ansible.builtin.set_fact: - matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}" - -- ansible.builtin.set_fact: - matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_systemd_service_name }}" - -- ansible.builtin.set_fact: - matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.type }}_{{ matrix_synapse_worker_details.instanceId }}.yaml" + matrix_synapse_worker_systemd_service_name: "{{ matrix_synapse_worker_details.name }}" + matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_details.name }}" + matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.name }}.yaml" - name: Ensure configuration exists for {{ matrix_synapse_worker_systemd_service_name }} ansible.builtin.template: @@ -20,5 +16,5 @@ - name: Ensure systemd service exists for {{ matrix_synapse_worker_systemd_service_name }} ansible.builtin.template: src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse-worker.service.j2" - dest: "{{ matrix_systemd_path }}/{{ matrix_synapse_worker_systemd_service_name }}.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_synapse_worker_systemd_service_name }}.service" mode: 0644 diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/custom/matrix-synapse/tasks/update_user_password.yml similarity index 84% rename from roles/matrix-synapse/tasks/update_user_password.yml rename to roles/custom/matrix-synapse/tasks/update_user_password.yml index 586bf51b3..3ddc4b8de 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/custom/matrix-synapse/tasks/update_user_password.yml @@ -36,11 +36,11 @@ when: "start_result.changed or postgres_start_result.changed" - name: Generate password hash - ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" + ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password | quote }}" register: password_hash changed_when: false - name: Update user password hash - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username | quote }} {{ password_hash.stdout | quote }}" register: matrix_synapse_update_user_password_result changed_when: matrix_synapse_update_user_password_result.rc == 0 diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml similarity index 75% rename from roles/matrix-synapse/tasks/validate_config.yml rename to roles/custom/matrix-synapse/tasks/validate_config.yml index ba60abf8a..0758c88fb 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/custom/matrix-synapse/tasks/validate_config.yml @@ -12,26 +12,20 @@ - "matrix_synapse_database_password" - "matrix_synapse_database_database" -- name: Fail if asking to configure deprecaed workers (appservice, userdir) - ansible.builtin.fail: - msg: >- - `{{ item }}` cannot be more than 0. - This type of worker has been deprecated since Synapse v1.59. - Please remove your `{{ item }}` configuration to solve this problem. - See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types - when: "vars[item]|int != 0" - with_items: - - "matrix_synapse_workers_appservice_workers_count" - - "matrix_synapse_workers_user_dir_workers_count" - - name: Fail if asking for more than 1 instance of single-instance workers ansible.builtin.fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. - when: "vars[item]|int > 1" + when: "vars[item] | int > 1" with_items: - - "matrix_synapse_workers_pusher_workers_count" - - "matrix_synapse_workers_federation_sender_workers_count" + - "matrix_synapse_workers_appservice_workers_count" + - "matrix_synapse_workers_user_dir_workers_count" + - "matrix_synapse_workers_background_workers_count" + - "matrix_synapse_workers_stream_writer_typing_stream_workers_count" + - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count" + - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count" + - "matrix_synapse_workers_stream_writer_receipts_stream_workers_count" + - "matrix_synapse_workers_stream_writer_presence_stream_workers_count" - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: @@ -61,6 +55,10 @@ - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} - {'old': 'matrix_synapse_version_arm64', 'new': ''} - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} + - {'old': 'matrix_synapse_account_threepid_delegates_email', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_count', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml ansible.builtin.fail: diff --git a/roles/matrix-synapse/templates/goofys/env-goofys.j2 b/roles/custom/matrix-synapse/templates/goofys/env-goofys.j2 similarity index 100% rename from roles/matrix-synapse/templates/goofys/env-goofys.j2 rename to roles/custom/matrix-synapse/templates/goofys/env-goofys.j2 diff --git a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 similarity index 71% rename from roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 rename to roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index df4a4f23a..a1174bced 100644 --- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -7,11 +7,11 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill %n -ExecStartPre=-{{ matrix_host_command_docker }} rm %n +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} kill %n +ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm %n -ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name %n \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \ @@ -27,9 +27,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' TimeoutStartSec=5min -ExecStop=-{{ matrix_host_command_docker }} stop %n -ExecStop=-{{ matrix_host_command_docker }} kill %n -ExecStop=-{{ matrix_host_command_docker }} rm %n +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} stop %n +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} kill %n +ExecStop=-{{ devture_systemd_docker_base_host_command_docker }} rm %n ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_s3_media_store_path }} Restart=always RestartSec=5 diff --git a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 new file mode 100644 index 000000000..3919e9557 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 @@ -0,0 +1,7 @@ +FROM {{ matrix_synapse_docker_image }} + +{% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled %} +RUN pip install synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }} +{% endif %} + +{{ matrix_synapse_container_image_customizations_dockerfile_body_custom }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/database.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/database.yaml.j2 new file mode 100644 index 000000000..ed11645eb --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/database.yaml.j2 @@ -0,0 +1,5 @@ +user: {{ matrix_synapse_database_user | to_json }} +password: {{ matrix_synapse_database_password | to_json }} +database: {{ matrix_synapse_database_database | to_json }} +host: {{ matrix_synapse_database_host | to_json }} +port: {{ matrix_synapse_database_port | to_json }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 new file mode 100644 index 000000000..6dfcbe418 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 @@ -0,0 +1,11 @@ +AWS_ACCESS_KEY_ID={{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id }} +AWS_SECRET_ACCESS_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key }} +AWS_DEFAULT_REGION={{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name }} + +ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url }} +BUCKET={{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket }} +STORAGE_CLASS={{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class }} + +MEDIA_PATH=/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }} + +UPDATE_DB_DURATION={{ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count }}d diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 new file mode 100644 index 000000000..97b0f5f2b --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 @@ -0,0 +1,14 @@ +module: s3_storage_provider.S3StorageProviderBackend +store_local: {{ matrix_synapse_ext_synapse_s3_storage_provider_store_local | to_json }} +store_remote: {{ matrix_synapse_ext_synapse_s3_storage_provider_store_remote | to_json }} +store_synchronous: {{ matrix_synapse_ext_synapse_s3_storage_provider_store_synchronous | to_json }} +config: + bucket: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket | to_json }} + region_name: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name | to_json }} + endpoint_url: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url | to_json }} + access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }} + secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }} + + storage_class: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class | to_json }} + + threadpool_size: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size | to_json }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 new file mode 100644 index 000000000..159681a0e --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.service.j2 @@ -0,0 +1,7 @@ +[Unit] +Description=Migrates locally-stored Synapse media store files to S3 + +[Service] +Type=oneshot +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStart={{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.timer.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.timer.j2 new file mode 100644 index 000000000..5013c7a81 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/systemd/matrix-synapse-s3-storage-provider-migrate.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Migrates locally-stored Synapse media store files to S3 + +[Timer] +Unit=matrix-synapse-s3-storage-provider-migrate.service +OnCalendar=*-*-* 05:00:00 + +[Install] +WantedBy=timers.target diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 new file mode 100644 index 000000000..d48ae1229 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 @@ -0,0 +1,13 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +{{ devture_systemd_docker_base_host_command_docker }} run \ + --rm \ + --env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \ + --mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ + --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \ + --workdir=/data \ + --network={{ matrix_docker_network }} \ + --entrypoint=/bin/bash \ + {{ matrix_synapse_docker_image_final }} \ + -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT' diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 new file mode 100644 index 000000000..b46e89b73 --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-shell.j2 @@ -0,0 +1,13 @@ +#jinja2: lstrip_blocks: "True" +#!/bin/bash + +{{ devture_systemd_docker_base_host_command_docker }} run \ + -it \ + --rm \ + --env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \ + --mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ + --mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \ + --workdir=/data \ + --network={{ matrix_docker_network }} \ + --entrypoint=/bin/bash \ + {{ matrix_synapse_docker_image_final }} diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 similarity index 98% rename from roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 rename to roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 07c5ec89d..9b02346cf 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -349,19 +349,6 @@ listeners: # c.f. https://github.com/matrix-org/synapse/tree/master/contrib/systemd-with-workers/README.md worker_app: synapse.app.homeserver - -# thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ -# reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list %} -send_federation: false -{% endif %} -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list %} -enable_media_repo: false -{% endif %} -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list %} -start_pushers: false -{% endif %} - daemonize: false {% endif %} @@ -1023,6 +1010,7 @@ federation_rr_transactions_per_room_per_second: {{ matrix_synapse_federation_rr_ # following if you are using a separate media store worker. # #enable_media_repo: false +enable_media_repo: {{ matrix_synapse_enable_media_repo | to_json }} # Directory where uploaded images and attachments are stored. # @@ -1041,6 +1029,7 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # store_synchronous: false # config: # directory: /mnt/some/other/directory +media_storage_providers: {{ matrix_synapse_media_storage_providers | to_json }} # The largest allowed upload size in bytes # @@ -1419,14 +1408,10 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # #default_identity_server: https://matrix.org -# Handle threepid (email/phone etc) registration and password resets through a set of +# Handle threepid (phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to # reset passwords for accounts! # -# Be aware that if `email` is not set, and SMTP options have not been -# configured in the email config block, registration and user password resets via -# email will be globally disabled. -# # Additionally, if `msisdn` is not set, registration and password resets via msisdn # will be disabled regardless, and users will not be able to associate an msisdn # identifier to their account. This is due to Synapse currently not supporting @@ -1441,7 +1426,6 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # https://matrix.org/docs/spec/identity_service/latest # account_threepid_delegates: - email: {{ matrix_synapse_account_threepid_delegates_email|to_json }} msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }} # Whether users are allowed to change their displayname after it has @@ -2856,6 +2840,7 @@ opentracing: # Uncomment if using a federation sender worker. # #send_federation: false +send_federation: {{ matrix_synapse_send_federation | to_json }} # It is possible to run multiple federation sender workers, in which case the # work is balanced across them. @@ -2867,6 +2852,14 @@ opentracing: # #federation_sender_instances: # - federation_sender1 +{% if matrix_synapse_federation_sender_instances | length > 0 %} +federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_json }} +{% endif %} + +{% if matrix_synapse_federation_pusher_instances | length > 0 %} +pusher_instances: {{ matrix_synapse_federation_pusher_instances | to_json }} +{% endif %} +start_pushers: {{ matrix_synapse_start_pushers | to_json }} # When using workers this should be a map from `worker_name` to the # HTTP replication listener of the worker, if configured. @@ -2875,6 +2868,7 @@ opentracing: # worker1: # host: localhost # port: 8034 +instance_map: {{ matrix_synapse_instance_map | to_json }} # Experimental: When using workers you can define which workers should # handle event persistence and typing notifications. Any worker @@ -2883,11 +2877,27 @@ opentracing: #stream_writers: # events: worker1 # typing: worker1 +stream_writers: {{ matrix_synapse_stream_writers | to_json }} + +{% if matrix_synapse_notify_appservices_from_worker != '' %} +notify_appservices_from_worker: {{ matrix_synapse_notify_appservices_from_worker | to_json }} +{% endif %} + +{% if matrix_synapse_update_user_directory_from_worker != '' %} +update_user_directory_from_worker: {{ matrix_synapse_update_user_directory_from_worker | to_json }} +{% endif %} # The worker that is used to run background tasks (e.g. cleaning up expired # data). If not provided this defaults to the main process. # #run_background_tasks_on: worker1 +{% if matrix_synapse_run_background_tasks_on != '' %} +run_background_tasks_on: {{ matrix_synapse_run_background_tasks_on | to_json }} +{% endif %} + +{% if matrix_synapse_media_instance_running_background_jobs != '' %} +media_instance_running_background_jobs: {{ matrix_synapse_media_instance_running_background_jobs | to_json }} +{% endif %} # A shared secret used by the replication APIs to authenticate HTTP requests # from workers. diff --git a/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 b/roles/custom/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 similarity index 89% rename from roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 rename to roles/custom/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 index b194c3c2d..1501697d7 100644 --- a/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 @@ -24,8 +24,8 @@ scrape_configs: job: "master" index: "0" {% for worker in matrix_synapse_workers_enabled_list %} - - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' - metrics_path: /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} + - job_name: '{{ worker.name }}' + metrics_path: /metrics/synapse/worker/{{ worker.id }} scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: @@ -35,6 +35,7 @@ scrape_configs: static_configs: - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: + worker_id: {{ worker.id }} job: "{{ worker.type }}" - index: "{{ worker.instanceId }}" + app: {{ worker.app }} {% endfor %} diff --git a/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 b/roles/custom/matrix-synapse/templates/synapse/synapse.log.config.j2 similarity index 100% rename from roles/matrix-synapse/templates/synapse/synapse.log.config.j2 rename to roles/custom/matrix-synapse/templates/synapse/synapse.log.config.j2 diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 similarity index 64% rename from roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 rename to roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index c7ef13fa9..3d50ac9bc 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -6,15 +6,15 @@ After=matrix-synapse.service [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' # Intentional delay, so that the homeserver can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_worker_container_name }} \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_synapse_worker_container_name }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -42,14 +42,14 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor {% for arg in matrix_synapse_container_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_synapse_docker_image }} \ - run -m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} + {{ matrix_synapse_docker_image_final }} \ + run -m synapse.app.{{ matrix_synapse_worker_details.app }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} -ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 SyslogIdentifier={{ matrix_synapse_worker_container_name }} diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 similarity index 73% rename from roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 rename to roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 027114fb3..7f6c2336a 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -12,7 +12,7 @@ Wants={{ service }} {% if matrix_synapse_workers_enabled %} {% for matrix_synapse_worker_details in matrix_synapse_workers_enabled_list %} -Wants=matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.port }}.service +Wants={{ matrix_synapse_worker_details.name }}.service {% endfor %} {% endif %} @@ -20,9 +20,9 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse 2>/dev/null || true' {% if matrix_s3_media_store_enabled %} # Allow for some time before starting, so that media store can mount. # Mounting can happen later too, but if we start writing, @@ -30,7 +30,7 @@ ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} ExecStartPre={{ matrix_host_command_sleep }} 3 {% endif %} -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-synapse \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -60,12 +60,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {% for arg in matrix_synapse_container_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_synapse_docker_image }} \ + {{ matrix_synapse_docker_image_final }} \ run -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' -ExecReload={{ matrix_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse 2>/dev/null || true' +ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse diff --git a/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 b/roles/custom/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 similarity index 100% rename from roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 rename to roles/custom/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 diff --git a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 new file mode 100644 index 000000000..2b0df98dd --- /dev/null +++ b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -0,0 +1,64 @@ +#jinja2: lstrip_blocks: "True" +worker_app: synapse.app.{{ matrix_synapse_worker_details.app }} +worker_name: {{ matrix_synapse_worker_details.name }} + +worker_daemonize: false +worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config + +{% if matrix_synapse_replication_listener_enabled %} +worker_replication_host: matrix-synapse +worker_replication_http_port: {{ matrix_synapse_replication_http_port }} +{% endif %} + +{% if matrix_synapse_worker_details.type == 'generic_worker' %} +worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} +{% endif %} + +{% set http_resources = [] %} + +{% if matrix_synapse_worker_details.type == 'user_dir' %} + {% set http_resources = http_resources + ['client'] %} +{% endif %} +{% if matrix_synapse_worker_details.type == 'generic_worker' %} + {% set http_resources = http_resources + ['client', 'federation'] %} +{% endif %} +{# + None of the background workers need to handle federation traffic. + Only some of the stream writers need to handle client traffic. +#} +{% if matrix_synapse_worker_details.type == 'stream_writer' and matrix_synapse_worker_details.webserving %} + {% set http_resources = http_resources + ['client'] %} +{% endif %} +{% if matrix_synapse_worker_details.type == 'media_repository' %} + {% set http_resources = http_resources + ['media'] %} +{% endif %} + +{% set replication_http_resources = [] %} +{% if matrix_synapse_worker_details.type == 'stream_writer' %} + {# All background workers need to handle replication traffic. #} + {% set replication_http_resources = replication_http_resources + ['replication'] %} +{% endif %} + +{% if http_resources|length > 0 or matrix_synapse_metrics_enabled or replication_http_resources|length > 0 %} +worker_listeners: +{% if http_resources|length > 0 %} + - type: http + bind_addresses: ['::'] + x_forwarded: true + port: {{ matrix_synapse_worker_details.port }} + resources: + - names: {{ http_resources|to_json }} +{% endif %} +{% if matrix_synapse_metrics_enabled %} + - type: metrics + bind_addresses: ['0.0.0.0'] + port: {{ matrix_synapse_worker_details.metrics_port }} +{% endif %} +{% if replication_http_resources|length > 0 %} + - type: http + bind_addresses: ['::'] + port: {{ matrix_synapse_worker_details.replication_port }} + resources: + - names: {{ replication_http_resources|to_json }} +{% endif %} +{% endif %} diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml new file mode 100644 index 000000000..4da284106 --- /dev/null +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -0,0 +1,241 @@ +--- + +matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" +matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" + +# Tells whether this role had executed or not. Toggled to `true` during runtime. +matrix_synapse_role_executed: false + +matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" + +# A Synapse generic worker can handle both federation and client-server API endpoints. +# We wish to split these, as we normally serve federation separately and don't want them mixed up. +# +# This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), +# which takes a list of various strings and removes the ones NOT containing `/_matrix/client` anywhere in them. +# +# We intentionally don't do a diff between everything possible (`matrix_synapse_workers_generic_worker_endpoints`) and `matrix_synapse_workers_generic_worker_federation_endpoints`, +# because `matrix_synapse_workers_generic_worker_endpoints` also contains things like `/_synapse/client/`, etc. +# While /_synapse/client/ endpoints are somewhat client-server API-related, they're: +# - neither part of the client-server API spec (and are thus, different) +# - nor always OK to forward to a worker (we're supposed to obey `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_client_api_enabled`) +# +# It's also not too many of these APIs (only `^/_synapse/client/password_reset/email/submit_token$` at the time of this writing / 2021-01-24), +# so it's not that important whether we forward them or not. +# +# Basically, we aim to cover most things. Skipping `/_synapse/client` or a few other minor things doesn't matter too much. +matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*') | list | difference([none]) }}" + +# A Synapse generic worker can handle both federation and client-server API endpoints. +# We wish to split these, as we normally serve federation separately and don't want them mixed up. +# +# This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), +# which takes a list of various strings and removes the ones NOT containing `/_matrix/federation` or `/_matrix/key` anywhere in them. +matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', matrix_synapse_workers_generic_worker_federation_endpoints_regex) | list | difference([none]) }}" + +# matrix_synapse_workers_generic_worker_federation_endpoints_regex contains the regex used in matrix_synapse_workers_generic_worker_federation_endpoints. +# It's intentionally put in a separate variable, to avoid tripping ansible-lint's jinja[spacing] rule. +matrix_synapse_workers_generic_worker_federation_endpoints_regex: '.*(/_matrix/federation|/_matrix/key).*' + +# matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints contains the endpoints serviced by the `typing` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream +matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints: + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing + +# matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints contains the endpoints serviced by the `to_device` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream +matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + +# matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints contains the endpoints serviced by the `account_data` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream +matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/.*/tags + - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + +# matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints contains the endpoints serviced by the `recepts` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream +matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + +# matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints contains the endpoints serviced by the `presence` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream +matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints: + - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + +# matrix_synapse_workers_user_dir_worker_client_server_endpoints contains the endpoints serviced by the `type = user_dir` (`app = generic_worker`) worker. +# See: https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory +matrix_synapse_workers_user_dir_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + +# matrix_synapse_workers_known_stream_writer_stream_types contains the list of stream writer stream types that the playbook recognizes. +# This is used for validation purposes. If adding support for a new type, besides adding it to this list, +# don't forget to actually configure it where appropriate (see worker.yaml.j2`, the nginx proxy configuration, etc). +matrix_synapse_workers_known_stream_writer_stream_types: ['events', 'typing', 'to_device', 'account_data', 'receipts', 'presence'] + +# matrix_synapse_workers_webserving_stream_writer_types contains a list of stream writer types that serve web (client) requests. +# Not all stream writers serve web requests. Some just perform background tasks. +matrix_synapse_workers_webserving_stream_writer_types: ['typing', 'to_device', 'account_data', 'receipts', 'presence'] + +# matrix_synapse_workers_systemd_services_list contains a list of systemd services (one for each worker systemd service which serves web requests). +# This list is built during runtime. +# Not all workers serve web requests. Those that don't won't be injected here. +matrix_synapse_webserving_workers_systemd_services_list: [] + +# matrix_synapse_known_worker_types contains the list of known worker types. +# +# A worker type is different than a worker app (e.g. `generic_worker`). +# For example, the `stream_writer` worker type is served by the `generic_worker` app, but is a separate type that we recognize. +# +# Some other types (`appservice` and `user_dir`) used to be Synapse worker apps, which got subsequently deprecated. +# We still allow these types of workers and map them to the `generic_worker` app, +# which is why we make sure they're part of the list below. +# We use the `unique` filter because they're part of `matrix_synapse_workers_avail_list` too (for now; scheduled for removal). +matrix_synapse_known_worker_types: | + {{ + ( + matrix_synapse_workers_avail_list + + + ['stream_writer'] + + + ['appservice'] + + + ['user_dir'] + + + ['background'] + ) | unique + }} + +# matrix_synapse_known_instance_map_eligible_worker_types contains the list of worker types that are to be injected into `matrix_synapse_instance_map`. +matrix_synapse_known_instance_map_eligible_worker_types: + - stream_writer + +# The following section contains content that had previously been generated by a script (`workers-doc-to-yaml.awk`) processing https://github.com/matrix-org/synapse/raw/master/docs/workers.md, +# but is now maintained manually due to: +# - the script being tripped up by the content and generating somewhat inaccurate definitions, which had to be fixed up manually. +# - the script being complicated and unmaintainable +### workers:start +matrix_synapse_workers_generic_worker_endpoints: + # Sync requests + - ^/_matrix/client/(r0|v3)/sync$ + - ^/_matrix/client/(api/v1|r0|v3)/events$ + - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ + - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ + + # Federation requests + - ^/_matrix/federation/v1/event/ + - ^/_matrix/federation/v1/state/ + - ^/_matrix/federation/v1/state_ids/ + - ^/_matrix/federation/v1/backfill/ + - ^/_matrix/federation/v1/get_missing_events/ + - ^/_matrix/federation/v1/publicRooms + - ^/_matrix/federation/v1/query/ + - ^/_matrix/federation/v1/make_join/ + - ^/_matrix/federation/v1/make_leave/ + - ^/_matrix/federation/(v1|v2)/send_join/ + - ^/_matrix/federation/(v1|v2)/send_leave/ + - ^/_matrix/federation/(v1|v2)/invite/ + - ^/_matrix/federation/v1/event_auth/ + - ^/_matrix/federation/v1/exchange_third_party_invite/ + - ^/_matrix/federation/v1/user/devices/ + - ^/_matrix/key/v2/query + - ^/_matrix/federation/v1/hierarchy/ + + # Inbound federation transaction request + - ^/_matrix/federation/v1/send/ + + # Client API requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ + - ^/_matrix/client/v1/rooms/.*/hierarchy$ + - ^/_matrix/client/(v1|unstable)/rooms/.*/relations/ + - ^/_matrix/client/v1/rooms/.*/threads$ + - ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ + - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ + - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(r0|v3|unstable)/account/whoami$ + - ^/_matrix/client/(r0|v3|unstable)/devices$ + - ^/_matrix/client/versions$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ + + # Encryption requests + # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri` + - ^/_matrix/client/(r0|v3|unstable)/keys/query$ + - ^/_matrix/client/(r0|v3|unstable)/keys/changes$ + - ^/_matrix/client/(r0|v3|unstable)/keys/claim$ + - ^/_matrix/client/(r0|v3|unstable)/room_keys/ + - ^/_matrix/client/(r0|v3|unstable)/keys/upload/ + + # Registration/login requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ + - ^/_matrix/client/(r0|v3|unstable)/register$ + - ^/_matrix/client/v1/register/m.login.registration_token/validity$ + + # Event sending requests + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ + + # Start of intentionally-ignored-endpoints + # + # We ignore these below, because they're better sent to dedicated workers (various stream writers). + # If a stream writer is enabled, the endpoint should be routed to the stream writer, not to a generic worker. + # If a stream writer of a given type is not enabled, then a generic worker may process it. + # Because it's difficult to handle these individually based on which stream writer is enabled and which isn't, + # we just disable them here. + # + # # Account data requests + # - ^/_matrix/client/(r0|v3|unstable)/.*/tags + # - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + # + # # Receipts requests + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + # - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + # + # # Presence requests + # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + # + # # User directory search requests + # - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + # End of intentionally-ignored-endpoints + + +matrix_synapse_workers_media_repository_endpoints: + # Handles the media repository. It can handle all endpoints starting with: + + - ^/_matrix/media/ + + # ... and the following regular expressions matching media-specific administration APIs: + + - ^/_synapse/admin/v1/purge_media_cache$ + - ^/_synapse/admin/v1/room/.*/media.*$ + - ^/_synapse/admin/v1/user/.*/media.*$ + - ^/_synapse/admin/v1/media/.*$ + - ^/_synapse/admin/v1/quarantine_media/.*$ + - ^/_synapse/admin/v1/users/.*/media$ + +matrix_synapse_workers_user_dir_endpoints: + # Handles searches in the user directory. It can handle REST endpoints matching + # the following regular expressions: + + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + +matrix_synapse_workers_avail_list: + - appservice + - federation_sender + - generic_worker + - media_repository + - pusher + - user_dir +### workers:end diff --git a/roles/custom/matrix-user-creator/defaults/main.yml b/roles/custom/matrix-user-creator/defaults/main.yml new file mode 100644 index 000000000..5c90a1e0f --- /dev/null +++ b/roles/custom/matrix-user-creator/defaults/main.yml @@ -0,0 +1,22 @@ +--- + +# matrix-user-creator is a role that aims to automate initial Matrix user account creation. +# +# This role only supports initial user account creation and will not manage subsequent user-type changes +# or password changes. +# +# The playbook registers various bot user accounts automatically using this role by injecting +# user creation definitions into the `matrix_user_creator_users_auto` variable. +# +# To get started creating your own Matrix user accounts, use the `matrix_user_creator_users_additional` variable. + +# matrix_user_creator_users_auto holds a list of users that should be created on the Matrix homeserver. +# The playbook adds some user definitions here to have them end up in `matrix_user_creator_users` (see `vars/main.yml`) and get automatically created. +# This value is influenced by the playbook and will be overwritten elsewhere (`group_vars/`, etc.) +# To add your own user definitions, use the `matrix_user_creator_users_additional` variable. +matrix_user_creator_users_auto: [] + +# matrix_user_creator_users_additional holds a list of users that should be created on the Matrix homeserver. +# Add your own users here to have them end up in `matrix_user_creator_users` (see `vars/main.yml`) and get automatically created. +# For example syntax for this variable, see the documentation for `matrix_user_creator_users` in `vars/main.yml`. +matrix_user_creator_users_additional: [] diff --git a/roles/custom/matrix-user-creator/tasks/main.yml b/roles/custom/matrix-user-creator/tasks/main.yml new file mode 100644 index 000000000..ba20504f7 --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- when: matrix_user_creator_users | length > 0 + ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml" + tags: + # This role intentionally doesn't do work on a `setup-all` tag. + # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data, + # which would make importing a database dump problematic. + - ensure-matrix-users-created diff --git a/roles/custom/matrix-user-creator/tasks/setup.yml b/roles/custom/matrix-user-creator/tasks/setup.yml new file mode 100644 index 000000000..73dfd4548 --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/setup.yml @@ -0,0 +1,33 @@ +--- + +- name: Validate Matrix users to create + ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/validate_user.yml" + with_items: "{{ matrix_user_creator_users }}" + loop_control: + loop_var: user + # Suppress logging to avoid dumping the credentials to the shell + no_log: true + +- name: Ensure systemd is reloaded before starting the homeserver + ansible.builtin.service: + daemon_reload: true + +- name: Ensure homeserver is started before creating Matrix users + ansible.builtin.service: + name: "matrix-{{ matrix_homeserver_implementation }}.service" + state: started + daemon_reload: true + register: matrix_user_registrator_homeserver_start_result + +- name: Wait a while, so that the homeserver can manage to start before creating Matrix users + ansible.builtin.pause: + seconds: 7 + when: matrix_user_registrator_homeserver_start_result.changed | bool + +- name: Ensure Matrix users are created + ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/ensure_user_registered_{{ matrix_homeserver_implementation }}.yml" + with_items: "{{ matrix_user_creator_users }}" + loop_control: + loop_var: user + # Suppress logging to avoid dumping the credentials to the shell + no_log: true diff --git a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduit.yml b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduit.yml new file mode 100644 index 000000000..8bbd147b5 --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_conduit.yml @@ -0,0 +1,5 @@ +--- + +- name: Ensure Conduit user registered - {{ user.username | quote }} + ansible.builtin.debug: + msg: "Not registering user. To register Conduit users, message the Conduit bot" diff --git a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_dendrite.yml b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_dendrite.yml new file mode 100644 index 000000000..2fede49f8 --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_dendrite.yml @@ -0,0 +1,17 @@ +--- + +- name: Ensure Dendrite user registered - {{ user.username | quote }} + ansible.builtin.command: + cmd: |- + {{ devture_systemd_docker_base_host_command_docker }} exec matrix-dendrite + create-account + -config /data/dendrite.yaml + -username {{ user.username | quote }} + -password {{ user.initial_password | quote }} + {% if user.initial_type == 'admin' %} + -admin + {% endif %} + -url http://localhost:{{ matrix_dendrite_http_bind_port }} + register: matrix_dendrite_register_user_result + changed_when: matrix_dendrite_register_user_result.rc == 0 and 'Desired user ID is already taken' not in matrix_dendrite_register_user_result.stderr + failed_when: matrix_dendrite_register_user_result.rc != 0 and 'Desired user ID is already taken' not in matrix_dendrite_register_user_result.stderr diff --git a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml new file mode 100644 index 000000000..00189e5c5 --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml @@ -0,0 +1,22 @@ +--- + +- name: Ensure Synapse user registered - {{ user.username | quote }} + ansible.builtin.command: + cmd: |- + {{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse + register_new_matrix_user + -u {{ user.username | quote }} + -p {{ user.initial_password | quote }} + -c /data/homeserver.yaml + {% if user.initial_type == 'admin' %} + --admin + {% else %} + --no-admin + {% if user.initial_type != 'user' %} + --user_type={{ user.initial_type | quote }} + {% endif %} + {% endif %} + http://localhost:{{ matrix_synapse_container_client_api_port }} + register: matrix_synapse_register_user_result + changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout + failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout diff --git a/roles/custom/matrix-user-creator/tasks/util/validate_user.yml b/roles/custom/matrix-user-creator/tasks/util/validate_user.yml new file mode 100644 index 000000000..e35475d4e --- /dev/null +++ b/roles/custom/matrix-user-creator/tasks/util/validate_user.yml @@ -0,0 +1,16 @@ +--- + +- name: Fail if invalid username + ansible.builtin.fail: + msg: "Empty usernames values are not allowed ({{ user }})" + when: not (user.username | default('')) + +- name: Fail if invalid initial_password for user - {{ user.username }} + ansible.builtin.fail: + msg: "Empty initial_password values are not allowed" + when: not (user.initial_password | default('')) + +- name: Fail if invalid initial_type for user - {{ user.username }} + ansible.builtin.fail: + msg: "User initial_type `{{ user.initial_type | default('undefined') }}` is not supported" + when: user.initial_type | default('undefined') not in ['admin', 'user', 'bot', 'support'] diff --git a/roles/custom/matrix-user-creator/vars/main.yml b/roles/custom/matrix-user-creator/vars/main.yml new file mode 100644 index 000000000..7b65bb8aa --- /dev/null +++ b/roles/custom/matrix-user-creator/vars/main.yml @@ -0,0 +1,34 @@ +--- + +# matrix_user_creator_users holds a list of users that should be created on the Matrix homeserver. +# +# Removing a user from this list will not automatically delete/disable the Matrix user on the homeserver. +# +# As the `initial_password` / `initial_type` field names indicate, these are just initial values. +# Changing the password or type values subsequently will not update the already existing user's details. +# +# The known user types are: 'admin', 'user', 'bot', 'support'. +# These are inspired by Synapse's user types. +# 'admin' and 'user' types are generally recognized across homeservers. +# Other homeservers may not support 'bot' and 'support'. Such homeservers will fall back to whatever types they do support. +# +# Example: +# matrix_user_creator_users: +# - username: root +# initial_password: some-password +# initial_type: admin +# +# - username: john +# initial_password: some-password +# initial_type: user +# +# - username: bot.matrix-reminder-bot +# initial_password: some-password +# initial_type: bot +# +# - username: bot.matrix-reminder-bot +# initial_password: some-password +# initial_type: support +# +# To create you own users, use the `matrix_user_creator_users_additional` variable. +matrix_user_creator_users: "{{ matrix_user_creator_users_auto + matrix_user_creator_users_additional }}" diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml new file mode 100644 index 000000000..c346a759b --- /dev/null +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -0,0 +1,5 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + tags: + - setup-all diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml new file mode 100644 index 000000000..0b738a57a --- /dev/null +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -0,0 +1,26 @@ +--- + +- name: (Deprecation) Catch and report renamed Matrix playbook settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_vars_yml_snapshotting_enabled', 'new': 'devture_playbook_state_preserver_vars_preservation_enabled'} + - {'old': 'matrix_vars_yml_snapshotting_src', 'new': 'devture_playbook_state_preserver_vars_preservation_src'} + - {'old': 'matrix_playbook_commit_hash_preservation_enabled', 'new': 'devture_playbook_state_preserver_commit_hash_preservation_enabled'} + + - {'old': 'matrix_ntpd_package', 'new': 'devture_timesync_ntpd_package'} + - {'old': 'matrix_ntpd_service', 'new': 'devture_timesync_ntpd_service'} + + - {'old': 'matrix_systemd_unit_home_path', 'new': 'devture_systemd_docker_base_systemd_unit_home_path'} + - {'old': 'matrix_systemd_path', 'new': 'devture_systemd_docker_base_systemd_path'} + - {'old': 'matrix_host_command_docker', 'new': 'devture_systemd_docker_base_host_command_docker'} + - {'old': 'matrix_host_command_sh', 'new': 'devture_systemd_docker_base_host_command_sh'} + - {'old': 'matrix_host_command_systemctl', 'new': 'devture_systemd_docker_base_host_command_systemctl'} + + - {'old': 'matrix_container_retries_count', 'new': 'devture_playbook_help_container_retries_count'} + - {'old': 'matrix_container_retries_delay', 'new': 'devture_playbook_help_container_retries_delay'} + - {'old': 'matrix_geturl_retries_count', 'new': 'devture_playbook_help_geturl_retries_count'} + - {'old': 'matrix_geturl_retries_delay', 'new': 'devture_playbook_help_geturl_retries_delay'} diff --git a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml b/roles/matrix-base/tasks/util/ensure_fuse_installed.yml deleted file mode 100644 index 47d2d9e85..000000000 --- a/roles/matrix-base/tasks/util/ensure_fuse_installed.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# This is for both RedHat 7 and 8 -- name: Ensure fuse installed (RedHat) - ansible.builtin.yum: - name: - - fuse - state: present - when: ansible_os_family == 'RedHat' - -# This is for both Debian and Raspbian -- name: Ensure fuse installed (Debian/Raspbian) - ansible.builtin.apt: - name: - - fuse - state: present - when: ansible_os_family == 'Debian' - -- name: Ensure fuse installed (Archlinux) - pacman: - name: - - fuse3 - state: present - when: ansible_distribution == 'Archlinux' diff --git a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml b/roles/matrix-base/tasks/util/ensure_openssl_installed.yml deleted file mode 100644 index ae22fb495..000000000 --- a/roles/matrix-base/tasks/util/ensure_openssl_installed.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# This is for both RedHat 7 and 8 -- name: Ensure openssl installed (RedHat) - ansible.builtin.yum: - name: - - openssl - state: present - when: ansible_os_family == 'RedHat' - -# This is for both Debian and Raspbian -- name: Ensure openssl installed (Debian/Raspbian) - ansible.builtin.apt: - name: - - openssl - state: present - when: ansible_os_family == 'Debian' - -- name: Ensure openssl installed (Archlinux) - pacman: - name: - - openssl - state: present - when: ansible_distribution == 'Archlinux' diff --git a/roles/matrix-bot-mjolnir/templates/production.yaml.j2 b/roles/matrix-bot-mjolnir/templates/production.yaml.j2 deleted file mode 100644 index e5eb3aeae..000000000 --- a/roles/matrix-bot-mjolnir/templates/production.yaml.j2 +++ /dev/null @@ -1,162 +0,0 @@ -# Where the homeserver is located (client-server URL). This should point at -# pantalaimon if you're using that. -homeserverUrl: "{{ matrix_homeserver_url }}" - -# The access token for the bot to use. Do not populate if using Pantalaimon. -accessToken: "{{ matrix_bot_mjolnir_access_token }}" - -# Pantalaimon options (https://github.com/matrix-org/pantalaimon) -#pantalaimon: -# # If true, accessToken above is ignored and the username/password below will be -# # used instead. The access token of the bot will be stored in the dataPath. -# use: false -# -# # The username to login with. -# username: mjolnir -# -# # The password to login with. Can be removed after the bot has logged in once and -# # stored the access token. -# password: your_password - -# The directory the bot should store various bits of information in -dataPath: "/data" - -# If true (the default), only users in the `managementRoom` can invite the bot -# to new rooms. -autojoinOnlyIfManager: true - -# If `autojoinOnlyIfManager` is false, only the members in this group can invite -# the bot to new rooms. -#acceptInvitesFromGroup: '+example:example.org' - -# If the bot is invited to a room and it won't accept the invite (due to the -# conditions above), report it to the management room. Defaults to disabled (no -# reporting). -recordIgnoredInvites: false - -# The room ID where people can use the bot. The bot has no access controls, so -# anyone in this room can use the bot - secure your room! -# This should be a room alias or room ID - not a matrix.to URL. -# Note: Mjolnir is fairly verbose - expect a lot of messages from it. -managementRoom: "{{ matrix_bot_mjolnir_management_room }}" - -# Set to false to make the management room a bit quieter. -verboseLogging: false - -# The log level for the logs themselves. One of DEBUG, INFO, WARN, and ERROR. -# This should be at INFO or DEBUG in order to get support for Mjolnir problems. -logLevel: "INFO" - -# Set to false to disable synchronizing the ban lists on startup. If true, this -# is the same as running !mjolnir sync immediately after startup. -syncOnStartup: true - -# Set to false to prevent Mjolnir from checking its permissions on startup. This -# is recommended to be left as "true" to catch room permission problems (state -# resets, etc) before Mjolnir is needed. -verifyPermissionsOnStartup: true - -# If true, Mjolnir won't actually ban users or apply server ACLs, but will -# think it has. This is useful to see what it does in a scenario where the -# bot might not be trusted fully, yet. Default false (do bans/ACLs). -noop: false - -# Set to true to use /joined_members instead of /state to figure out who is -# in the room. Using /state is preferred because it means that users are -# banned when they are invited instead of just when they join, though if your -# server struggles with /state requests then set this to true. -fasterMembershipChecks: false - -# A case-insensitive list of ban reasons to automatically redact a user's -# messages for. Typically this is useful to avoid having to type two commands -# to the bot. Use asterisks to represent globs (ie: "spam*testing" would match -# "spam for testing" as well as "spamtesting"). -automaticallyRedactForReasons: - - "spam" - - "advertising" - -# A list of rooms to protect (matrix.to URLs) -#protectedRooms: -# - "https://matrix.to/#/#yourroom:example.org" - -# Set this option to true to protect every room the bot is joined to. Note that -# this effectively makes the protectedRooms and associated commands useless because -# the bot by nature must be joined to the room to protect it. -# -# Note: the management room is *excluded* from this condition. Add it to the -# protected rooms to protect it. -# -# Note: ban list rooms the bot is watching but didn't create will not be protected. -# Manually add these rooms to the protected rooms list if you want them protected. -protectAllJoinedRooms: false - -# Misc options for command handling and commands -commands: - # If true, Mjolnir will respond to commands like !help and !ban instead of - # requiring a prefix. This is useful if Mjolnir is the only bot running in - # your management room. - # - # Note that Mjolnir can be pinged by display name instead of having to use - # the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" - # will ban a user. - allowNoPrefix: false - - # In addition to the bot's display name, !mjolnir, and optionally no prefix - # above, the bot will respond to these names. The items here can be used either - # as display names or prefixed with exclamation points. - additionalPrefixes: - - "mjolnir_bot" - - # If true, ban commands that use wildcard characters require confirmation with - # an extra `--force` argument - confirmWildcardBan: true - -# Configuration specific to certain toggleable protections -#protections: -# # Configuration for the wordlist plugin, which can ban users based if they say certain -# # blocked words shortly after joining. -# wordlist: -# # A list of words which should be monitored by the bot. These will match if any part -# # of the word is present in the message in any case. e.g. "hello" also matches -# # "HEllO". Additionally, regular expressions can be used. -# words: -# - "CaSe" -# - "InSeNsAtIve" -# - "WoRd" -# - "LiSt" -# -# # How long after a user joins the server should the bot monitor their messages. After -# # this time, users can say words from the wordlist without being banned automatically. -# # Set to zero to disable (users will always be banned if they say a bad word) -# minutesBeforeTrusting: 20 - -# Options for monitoring the health of the bot -health: - # healthz options. These options are best for use in container environments - # like Kubernetes to detect how healthy the service is. The bot will report - # that it is unhealthy until it is able to process user requests. Typically - # this means that it'll flag itself as unhealthy for a number of minutes - # before saying "Now monitoring rooms" and flagging itself healthy. - # - # Health is flagged through HTTP status codes, defined below. - healthz: - # Whether the healthz integration should be enabled (default false) - enabled: false - - # The port to expose the webserver on. Defaults to 8080. - port: 8080 - - # The address to listen for requests on. Defaults to all addresses. - address: "0.0.0.0" - - # The path to expose the monitoring endpoint at. Defaults to `/healthz` - endpoint: "/healthz" - - # The HTTP status code which reports that the bot is healthy/ready to - # process requests. Typically this should not be changed. Defaults to - # 200. - healthyStatus: 200 - - # The HTTP status code which reports that the bot is not healthy/ready. - # Defaults to 418. - unhealthyStatus: 418 diff --git a/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 b/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 deleted file mode 100644 index 38eb89a65..000000000 --- a/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 +++ /dev/null @@ -1,40 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix helpdesk bot -{% for service in matrix_bot_postmoogle_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_bot_postmoogle_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-postmoogle \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - --env-file={{ matrix_bot_postmoogle_config_path }}/env \ - -p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \ - --mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \ - {% for arg in matrix_bot_postmoogle_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_bot_postmoogle_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-bot-postmoogle - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-common-after/tasks/dump_runtime_results.yml b/roles/matrix-common-after/tasks/dump_runtime_results.yml deleted file mode 100644 index 4074a625d..000000000 --- a/roles/matrix-common-after/tasks/dump_runtime_results.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Ansible outputs the message in the `item=` field. -# It's unnecessary to output it again in the actual message, so we don't. -- ansible.builtin.debug: - msg: "" - with_items: "{{ matrix_playbook_runtime_results }}" - when: "matrix_playbook_runtime_results is defined and matrix_playbook_runtime_results|length > 0" diff --git a/roles/matrix-conduit/tasks/conduit/setup.yml b/roles/matrix-conduit/tasks/conduit/setup.yml deleted file mode 100644 index fa095f669..000000000 --- a/roles/matrix-conduit/tasks/conduit/setup.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- import_tasks: "{{ role_path }}/tasks/conduit/setup_install.yml" - when: "matrix_conduit_enabled | bool" - -- import_tasks: "{{ role_path }}/tasks/conduit/setup_uninstall.yml" - when: "not matrix_conduit_enabled | bool" diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 deleted file mode 100644 index 6f2ff1011..000000000 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ /dev/null @@ -1,36 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix Dynamic DNS -{% for service in matrix_dynamic_dns_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_dynamic_dns_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - -e PUID={{ matrix_user_uid }} \ - -e PGID={{ matrix_user_gid }} \ - -v {{ matrix_dynamic_dns_config_path }}:/config:z \ - {% for arg in matrix_dynamic_dns_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_dynamic_dns_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-dynamic-dns - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 deleted file mode 100644 index 47c151172..000000000 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ /dev/null @@ -1,34 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Email2Matrix -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - -p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \ - --mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \ - {% for arg in matrix_email2matrix_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_email2matrix_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-email2matrix - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-etherpad/tasks/validate_config.yml b/roles/matrix-etherpad/tasks/validate_config.yml deleted file mode 100644 index bf78c36fc..000000000 --- a/roles/matrix-etherpad/tasks/validate_config.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Fail if Etherpad is enabled without the Dimension integrations manager - ansible.builtin.fail: - msg: >- - To integrate Etherpad notes with Matrix rooms you need to set "matrix_dimension_enabled" to true - when: "not matrix_dimension_enabled | bool" - -- name: Fail if no database is configured for Etherpad - ansible.builtin.fail: - msg: >- - Etherpad requires a dedicated Postgres database. Please enable the built in one, or configure an external DB by redefining "matrix_etherpad_database_hostname" - when: matrix_etherpad_database_hostname == "matrix-postgres" and not matrix_postgres_enabled diff --git a/roles/matrix-grafana/tasks/validate_config.yml b/roles/matrix-grafana/tasks/validate_config.yml deleted file mode 100644 index cc48c5596..000000000 --- a/roles/matrix-grafana/tasks/validate_config.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Fail if Prometheus not enabled - ansible.builtin.fail: - msg: > - You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana. - when: "not matrix_prometheus_enabled" diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 deleted file mode 100644 index 694fdc7f2..000000000 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ /dev/null @@ -1,33 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Matrix jitsi-jicofo server -{% for service in matrix_jitsi_jicofo_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ - --log-driver=none \ - --network={{ matrix_docker_network }} \ - --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ - --mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \ - {% for arg in matrix_jitsi_jicofo_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - {{ matrix_jitsi_jicofo_docker_image }} - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-jitsi-jicofo - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 deleted file mode 100644 index 735f45383..000000000 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ /dev/null @@ -1,233 +0,0 @@ -#jinja2: lstrip_blocks: "True" - -{% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} -{% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} -{% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} -{% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'frontend_proxy') | list %} -{% if matrix_nginx_proxy_synapse_workers_enabled %} - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; - {% endif %} - # Round Robin "upstream" pools for workers - - {% if generic_workers %} - upstream generic_worker_upstream { - # ensures that requests from the same client will always be passed - # to the same server (except when this server is unavailable) - hash $http_x_forwarded_for; - - {% for worker in generic_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} - - {% if frontend_proxy_workers %} - upstream frontend_proxy_upstream { - {% for worker in frontend_proxy_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} - - {% if media_repository_workers %} - upstream media_repository_upstream { - {% for worker in media_repository_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} - - {% if user_dir_workers %} - upstream user_dir_upstream { - {% for worker in user_dir_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} -{% endif %} - -server { - listen 12080; - {% if matrix_nginx_proxy_enabled %} - server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; - {% endif %} - - server_tokens off; - root /dev/null; - - gzip on; - gzip_types text/plain application/json; - - {% if matrix_nginx_proxy_synapse_workers_enabled %} - {# Workers redirects BEGIN #} - - {% if generic_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker - {% for location in matrix_nginx_proxy_synapse_generic_worker_client_server_locations %} - location ~ {{ location }} { - proxy_pass http://generic_worker_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% endif %} - - {% if media_repository_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository - {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} - location ~ {{ location }} { - proxy_pass http://media_repository_upstream$request_uri; - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_buffering on; - proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; - proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; - proxy_force_ranges on; - add_header X-Cache-Status $upstream_cache_status; - {% endif %} - } - {% endfor %} - {% endif %} - - {% if user_dir_workers %} - # FIXME: obsolete if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappuser_dir - {% for location in matrix_nginx_proxy_synapse_user_dir_locations %} - location ~ {{ location }} { - proxy_pass http://user_dir_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% endif %} - - {% if frontend_proxy_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfrontend_proxy - {% for location in matrix_nginx_proxy_synapse_frontend_proxy_locations %} - location ~ {{ location }} { - proxy_pass http://frontend_proxy_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% if matrix_nginx_proxy_synapse_presence_disabled %} - # FIXME: keep in sync with synapse workers documentation manually - location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status { - proxy_pass http://frontend_proxy_upstream$request_uri; - proxy_set_header Host $host; - } - {% endif %} - {% endif %} - {# Workers redirects END #} - {% endif %} - - - {% for configuration_block in matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks %} - {{- configuration_block }} - {% endfor %} - - {# Everything else just goes to the API server ##} - location / { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - } -} - -{% if matrix_nginx_proxy_proxy_synapse_federation_api_enabled %} -server { - listen 12088; - {% if matrix_nginx_proxy_enabled %} - server_name {{ matrix_nginx_proxy_proxy_synapse_hostname }}; - {% endif %} - - server_tokens off; - - root /dev/null; - - gzip on; - gzip_types text/plain application/json; - - {% if matrix_nginx_proxy_synapse_workers_enabled %} - {% if generic_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker - {% for location in matrix_nginx_proxy_synapse_generic_worker_federation_locations %} - location ~ {{ location }} { - proxy_pass http://generic_worker_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% endif %} - {% if media_repository_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository - {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} - location ~ {{ location }} { - proxy_pass http://media_repository_upstream$request_uri; - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - - {% if matrix_nginx_proxy_synapse_cache_enabled %} - proxy_buffering on; - proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; - proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; - proxy_force_ranges on; - add_header X-Cache-Status $upstream_cache_status; - {% endif %} - } - {% endfor %} - {% endif %} - {% endif %} - - location / { - {% if matrix_nginx_proxy_enabled %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container }}"; - proxy_pass http://$backend; - {% else %} - {# Generic configuration for use outside of our container setup #} - proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container }}; - {% endif %} - - proxy_set_header Host $host; - - client_body_buffer_size 25M; - client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; - proxy_max_temp_file_size 0; - } -} -{% endif %} diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 deleted file mode 100644 index da292e5ce..000000000 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ /dev/null @@ -1,38 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-ntfy -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - {% for arg in matrix_ntfy_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_ntfy_container_http_host_bind_port %} - -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ - {% endif %} - --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ - --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ - {{ matrix_ntfy_docker_image }} \ - serve - -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-ntfy - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml deleted file mode 100644 index 877e5934d..000000000 --- a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- - -# This utility aims to determine if there is some existing Postgres version in use or not. -# If there is, it also tries to detect the Docker image that corresponds to that version. - -- name: Initialize Postgres version determination variables (default to empty) - ansible.builtin.set_fact: - matrix_postgres_backup_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" - matrix_postgres_backup_detected_existing: false - matrix_postgres_backup_detected_version: "" - matrix_postgres_backup_detected_version_corresponding_docker_image: "" - -- name: Determine existing Postgres version (check PG_VERSION file) - ansible.builtin.stat: - path: "{{ matrix_postgres_backup_detection_pg_version_path }}" - register: result_pg_version_stat - -- ansible.builtin.set_fact: - matrix_postgres_backup_detected_existing: true - when: "result_pg_version_stat.stat.exists" - -- name: Determine existing Postgres version (read PG_VERSION file) - ansible.builtin.slurp: - src: "{{ matrix_postgres_backup_detection_pg_version_path }}" - register: result_pg_version - when: matrix_postgres_backup_detected_existing | bool - -- name: Determine existing Postgres version (make sense of PG_VERSION file) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version: "{{ result_pg_version['content'] | b64decode | replace('\n', '') }}" - when: matrix_postgres_backup_detected_existing | bool - -- name: Determine corresponding Docker image to detected version (assume default of latest) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_latest }}" - when: "matrix_postgres_backup_detected_version != ''" - -- name: Determine corresponding Docker image to detected version (use 9.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v9 }}" - when: "matrix_postgres_backup_detected_version.startswith('9.')" - -- name: Determine corresponding Docker image to detected version (use 10.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v10 }}" - when: "matrix_postgres_backup_detected_version == '10' or matrix_postgres_backup_detected_version.startswith('10.')" - -- name: Determine corresponding Docker image to detected version (use 11.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v11 }}" - when: "matrix_postgres_backup_detected_version == '11' or matrix_postgres_backup_detected_version.startswith('11.')" - -- name: Determine corresponding Docker image to detected version (use 12.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v12 }}" - when: "matrix_postgres_backup_detected_version == '12' or matrix_postgres_backup_detected_version.startswith('12.')" - -- name: Determine corresponding Docker image to detected version (use 13.x, if detected) - ansible.builtin.set_fact: - matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v13 }}" - when: "matrix_postgres_backup_detected_version == '13' or matrix_postgres_backup_detected_version.startswith('13.')" diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 deleted file mode 100644 index 4ecf3745e..000000000 --- a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ /dev/null @@ -1,31 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=Automatic Backup of Matrix Postgres server -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' - -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backup \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --network={{ matrix_docker_network }} \ - --env-file={{ matrix_postgres_backup_path }}/env-postgres-backup \ - --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ - {{ matrix_postgres_backup_docker_image_to_use }} - -ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-postgres-backup - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-postgres/templates/env-postgres-psql.j2 b/roles/matrix-postgres/templates/env-postgres-psql.j2 deleted file mode 100644 index c61927a3e..000000000 --- a/roles/matrix-postgres/templates/env-postgres-psql.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#jinja2: lstrip_blocks: "True" -PGUSER={{ matrix_postgres_connection_username }} -PGPASSWORD={{ matrix_postgres_connection_password }} -PGDATABASE={{ matrix_postgres_db_name }} \ No newline at end of file diff --git a/roles/matrix-synapse/files/workers-doc-to-yaml.awk b/roles/matrix-synapse/files/workers-doc-to-yaml.awk deleted file mode 100755 index 5b99d3964..000000000 --- a/roles/matrix-synapse/files/workers-doc-to-yaml.awk +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/awk -# Hackish approach to get a machine-readable list of current matrix -# synapse REST API endpoints from the official documentation at -# https://github.com/matrix-org/synapse/raw/master/docs/workers.md -# -# invoke in shell with: -# URL=https://github.com/matrix-org/synapse/raw/master/docs/workers.md -# curl -L ${URL} | awk -f workers-doc-to-yaml.awk - - -function worker_stanza_append(string) { - worker_stanza = worker_stanza string -} - -function line_is_endpoint_url(line) { - # probably API endpoint if it starts with white-space and ^ or / - return (line ~ /^ +[\^\/].*\//) -} - -# Put YAML marker at beginning of file. -BEGIN { - print "---" - endpoint_conditional_comment = " # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually\n" -} - -# Enable further processing after the introductory text. -# Read each synapse worker section as record and its lines as fields. -/Available worker applications/ { - enable_parsing = 1 - # set record separator to markdown section header - RS = "\n### " - # set field separator to newline - FS = "\n" -} - -# Once parsing is active, this will process each section as record. -enable_parsing { - # Each worker section starts with a synapse.app.X headline - if ($1 ~ /synapse\.app\./) { - - # get rid of the backticks and extract worker type from headline - gsub("`", "", $1) - gsub("synapse.app.", "", $1) - worker_type = $1 - - # initialize empty worker stanza - worker_stanza = "" - - # track if any endpoints are mentioned in a specific section - worker_has_urls = 0 - - # some endpoint descriptions contain flag terms - endpoints_seem_conditional = 0 - - # also, collect a list of available workers - workers = (workers ? workers "\n" : "") " - " worker_type - - # loop through the lines (2 - number of fields in record) - for (i = 2; i < NF + 1; i++) { - # copy line for gsub replacements - line = $i - - # end all lines but the last with a linefeed - linefeed = (i < NF - 1) ? "\n" : "" - - # line starts with white-space and a hash: endpoint block headline - if (line ~ /^ +#/) { - - # copy to output verbatim, normalizing white-space - gsub(/^ +/, "", line) - worker_stanza_append(" " line linefeed) - - } else if (line_is_endpoint_url(line)) { - - # mark section for special output formatting - worker_has_urls = 1 - - # remove leading white-space - gsub(/^ +/, "", line) - api_endpoint_regex = line - - # FIXME: https://github.com/matrix-org/synapse/issues/new - # munge inconsistent media_repository endpoint notation - if (api_endpoint_regex == "/_matrix/media/") { - api_endpoint_regex = "^" line - } - - # FIXME: https://github.com/matrix-org/synapse/issues/7530 - # https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456#issuecomment-719015911 - if (api_endpoint_regex == "^/_matrix/client/(r0|v3|unstable)/auth/.*/fallback/web$") { - worker_stanza_append(" # FIXME: possible bug with SSO and multiple generic workers\n") - worker_stanza_append(" # see https://github.com/matrix-org/synapse/issues/7530\n") - worker_stanza_append(" # " api_endpoint_regex linefeed) - continue - } - - # disable endpoints which specify complications - if (endpoints_seem_conditional) { - # only add notice if previous line didn't match - if (!line_is_endpoint_url($(i - 1))) { - worker_stanza_append(endpoint_conditional_comment) - } - worker_stanza_append(" # " api_endpoint_regex linefeed) - } else { - # output endpoint regex - worker_stanza_append(" - " api_endpoint_regex linefeed) - } - - # white-space only line? - } else if (line ~ /^ *$/) { - - if (i > 3 && i < NF) { - # print white-space lines unless 1st or last line in section - worker_stanza_append(line linefeed) - } - - # nothing of the above: the line is regular documentation text - } else { - - # include this text line as comment - worker_stanza_append(" # " line linefeed) - - # and take note of words hinting at additional conditions to be met - if (line ~ /(^[Ii]f|care must be taken|can be handled for)/) { - endpoints_seem_conditional = 1 - } - } - } - - if (worker_has_urls) { - print "\nmatrix_synapse_workers_" worker_type "_endpoints:" - print worker_stanza - } else { - # include workers without endpoints as well for reference - print "\n# " worker_type " worker (no API endpoints) [" - print worker_stanza - print "# ]" - } - } -} - -END { - print "\nmatrix_synapse_workers_avail_list:" - print workers | "sort" -} - -# vim: tabstop=4 shiftwidth=4 expandtab autoindent diff --git a/roles/matrix-synapse/files/workers-doc-to-yaml.sh b/roles/matrix-synapse/files/workers-doc-to-yaml.sh deleted file mode 100755 index 5981523b5..000000000 --- a/roles/matrix-synapse/files/workers-doc-to-yaml.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -# Fetch the synapse worker documentation and extract endpoint URLs -# matrix-org/synapse master branch points to current stable release - -URL=https://github.com/matrix-org/synapse/raw/master/docs/workers.md -curl -L ${URL} | awk -f workers-doc-to-yaml.awk > ../vars/workers.yml diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml deleted file mode 100644 index 4b007bc30..000000000 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -# Below is a huge hack for dynamically building a list of workers and finally assigning it to `matrix_synapse_workers_enabled_list`. -# -# set_fact within a loop does not work reliably in Ansible (it only executes on the first iteration for some reason), -# so we're forced to do something much uglier. - -- name: Build generic workers - ansible.builtin.set_fact: - worker: - type: 'generic_worker' - instanceId: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" - port: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" - metrics_port: "{{ matrix_synapse_workers_generic_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_generic_workers" - loop: "{{ range(0, matrix_synapse_workers_generic_workers_count | int) | list }}" - -- name: Build federation sender workers - ansible.builtin.set_fact: - worker: - type: 'federation_sender' - instanceId: "{{ item }}" - port: 0 - metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_federation_sender_workers" - loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count | int) | list }}" - -# This type of worker can only have a count of 1, at most -- name: Build pusher workers - ansible.builtin.set_fact: - worker: - type: 'pusher' - instanceId: "{{ item }}" - port: 0 - metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_pusher_workers" - loop: "{{ range(0, matrix_synapse_workers_pusher_workers_count | int) | list }}" - -# This type of worker can only have a count of 1, at most -- name: Build appservice workers - ansible.builtin.set_fact: - worker: - type: 'appservice' - instanceId: "{{ item }}" - port: 0 - metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_appservice_workers" - loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count | int) | list }}" - -- name: Build media_repository workers - ansible.builtin.set_fact: - worker: - type: 'media_repository' - instanceId: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" - port: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" - metrics_port: "{{ matrix_synapse_workers_media_repository_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_media_repository_workers" - loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count | int) | list }}" - -- name: Build frontend_proxy workers - ansible.builtin.set_fact: - worker: - type: 'frontend_proxy' - instanceId: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" - port: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" - metrics_port: "{{ matrix_synapse_workers_frontend_proxy_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_frontend_proxy_workers" - loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count | int) | list }}" - -- ansible.builtin.set_fact: - matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list | default([]) + [item.ansible_facts.worker] }}" - with_items: | - {{ - matrix_synapse_workers_list_results_generic_workers.results - + - matrix_synapse_workers_list_results_federation_sender_workers.results - + - matrix_synapse_workers_list_results_pusher_workers.results - + - matrix_synapse_workers_list_results_appservice_workers.results - + - matrix_synapse_workers_list_results_media_repository_workers.results - + - matrix_synapse_workers_list_results_frontend_proxy_workers.results - }} - -- ansible.builtin.set_fact: - matrix_synapse_workers_enabled_list: "{{ matrix_synapse_dynamic_workers_list }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml deleted file mode 100644 index 2ecb3f2bf..000000000 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# The tasks below run before `validate_config.yml`. -# To avoid failing with a cryptic error message, we'll do validation here. -# -# This check is mostly relevant to people who explicitly define `matrix_synapse_workers_enabled_list` -# (Synapse Workers users from the earlier days of this PR - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456). -# -# In the future, it should be possible to remove this check. -# Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right. -- name: Fail if instanceId not defined for worker - ansible.builtin.fail: - msg: "Synapse workers (like {{ matrix_synapse_worker_details | to_json }}) need to define an instanceId property (type + instanceId must be unique)" - when: "'instanceId' not in matrix_synapse_worker_details" - -- ansible.builtin.set_fact: - matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}.service" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_systemd_service_name] }}" diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 deleted file mode 100644 index 239de1f21..000000000 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ /dev/null @@ -1,46 +0,0 @@ -#jinja2: lstrip_blocks: "True" -worker_app: synapse.app.{{ matrix_synapse_worker_details.type }} -worker_name: {{ matrix_synapse_worker_details.type ~ ':' ~ matrix_synapse_worker_details.port }} - -{% if matrix_synapse_replication_listener_enabled %} -worker_replication_host: matrix-synapse -worker_replication_http_port: {{ matrix_synapse_replication_http_port }} -{% endif %} - -{% set has_listeners = (matrix_synapse_worker_details.type not in [ 'appservice', 'federation_sender', 'pusher' ] or matrix_synapse_metrics_enabled) %} - -{% set http_resources = [] %} - -{% if matrix_synapse_worker_details.type in ['generic_worker', 'frontend_proxy', 'user_dir'] %} - {% set http_resources = http_resources + ['client'] %} -{% endif %} -{% if matrix_synapse_worker_details.type in ['generic_worker'] %} - {% set http_resources = http_resources+ ['federation'] %} -{% endif %} -{% if matrix_synapse_worker_details.type in ['media_repository'] %} - {% set http_resources = http_resources + ['media'] %} -{% endif %} - -{% if http_resources|length > 0 or matrix_synapse_metrics_enabled %} -worker_listeners: -{% if http_resources|length > 0 %} - - type: http - bind_addresses: ['::'] - x_forwarded: true - port: {{ matrix_synapse_worker_details.port }} - resources: - - names: {{ http_resources|to_json }} -{% endif %} -{% if matrix_synapse_metrics_enabled %} - - type: metrics - bind_addresses: ['0.0.0.0'] - port: {{ matrix_synapse_worker_details.metrics_port }} -{% endif %} -{% endif %} - -{% if matrix_synapse_worker_details.type == 'frontend_proxy' %} -worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} -{% endif %} - -worker_daemonize: false -worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml deleted file mode 100644 index 2d9b62cf7..000000000 --- a/roles/matrix-synapse/vars/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- - -matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" -matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" - -# Tells whether this role had executed or not. Toggled to `true` during runtime. -matrix_synapse_role_executed: false - -matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" - -# A Synapse generic worker can handle both federation and client-server API endpoints. -# We wish to split these, as we normally serve federation separately and don't want them mixed up. -# -# This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), -# which takes a list of various strings and removes the ones NOT containing `/_matrix/client` anywhere in them. -# -# We intentionally don't do a diff between everything possible (`matrix_synapse_workers_generic_worker_endpoints`) and `matrix_synapse_workers_generic_worker_federation_endpoints`, -# because `matrix_synapse_workers_generic_worker_endpoints` also contains things like `/_synapse/client/`, etc. -# While /_synapse/client/ endpoints are somewhat client-server API-related, they're: -# - neither part of the client-server API spec (and are thus, different) -# - nor always OK to forward to a worker (we're supposed to obey `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_client_api_enabled`) -# -# It's also not too many of these APIs (only `^/_synapse/client/password_reset/email/submit_token$` at the time of this writing / 2021-01-24), -# so it's not that important whether we forward them or not. -# -# Basically, we aim to cover most things. Skipping `/_synapse/client` or a few other minor things doesn't matter too much. -matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*') | list | difference([none]) }}" - -# A Synapse generic worker can handle both federation and client-server API endpoints. -# We wish to split these, as we normally serve federation separately and don't want them mixed up. -# -# This is some ugly Ansible/Jinja2 hack (seen here: https://stackoverflow.com/a/47831492), -# which takes a list of various strings and removes the ones NOT containing `/_matrix/federation` or `/_matrix/key` anywhere in them. -matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', matrix_synapse_workers_generic_worker_federation_endpoints_regex) | list | difference([none]) }}" - -# matrix_synapse_workers_generic_worker_federation_endpoints_regex contains the regex used in matrix_synapse_workers_generic_worker_federation_endpoints. -# It's intentionally put in a separate variable, to avoid tripping ansible-lint's var-spacing rule. -matrix_synapse_workers_generic_worker_federation_endpoints_regex: '.*(/_matrix/federation|/_matrix/key).*' diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml deleted file mode 100644 index e535d2ccc..000000000 --- a/roles/matrix-synapse/vars/workers.yml +++ /dev/null @@ -1,467 +0,0 @@ ---- - -matrix_synapse_workers_generic_worker_endpoints: - # This worker can handle API requests matching the following regular expressions. - # These endpoints can be routed to any worker. If a worker is set up to handle a - # stream then, for maximum efficiency, additional endpoints should be routed to that - # worker: refer to the [stream writers](#stream-writers) section below for further - # information. - - # Sync requests - - ^/_matrix/client/(r0|v3)/sync$ - - ^/_matrix/client/(api/v1|r0|v3)/events$ - - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ - - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ - - # Federation requests - - ^/_matrix/federation/v1/event/ - - ^/_matrix/federation/v1/state/ - - ^/_matrix/federation/v1/state_ids/ - - ^/_matrix/federation/v1/backfill/ - - ^/_matrix/federation/v1/get_missing_events/ - - ^/_matrix/federation/v1/publicRooms - - ^/_matrix/federation/v1/query/ - - ^/_matrix/federation/v1/make_join/ - - ^/_matrix/federation/v1/make_leave/ - - ^/_matrix/federation/(v1|v2)/send_join/ - - ^/_matrix/federation/(v1|v2)/send_leave/ - - ^/_matrix/federation/(v1|v2)/invite/ - - ^/_matrix/federation/v1/event_auth/ - - ^/_matrix/federation/v1/exchange_third_party_invite/ - - ^/_matrix/federation/v1/user/devices/ - - ^/_matrix/key/v2/query - - ^/_matrix/federation/v1/hierarchy/ - - # Inbound federation transaction request - - ^/_matrix/federation/v1/send/ - - # Client API requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - - ^/_matrix/client/v1/rooms/.*/hierarchy$ - - ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$ - - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - - ^/_matrix/client/(r0|v3|unstable)/account/3pid$ - - ^/_matrix/client/(r0|v3|unstable)/account/whoami$ - - ^/_matrix/client/(r0|v3|unstable)/devices$ - - ^/_matrix/client/versions$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ - - # Encryption requests - - ^/_matrix/client/(r0|v3|unstable)/keys/query$ - - ^/_matrix/client/(r0|v3|unstable)/keys/changes$ - - ^/_matrix/client/(r0|v3|unstable)/keys/claim$ - - ^/_matrix/client/(r0|v3|unstable)/room_keys/ - - # Registration/login requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ - - ^/_matrix/client/(r0|v3|unstable)/register$ - - ^/_matrix/client/v1/register/m.login.registration_token/validity$ - - # Event sending requests - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ - - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ - -# These appear to be conditional and should not be enabled by default. -# We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them. -# For now, they've been commented out manually. -# # Account data requests -# - ^/_matrix/client/(r0|v3|unstable)/.*/tags -# - ^/_matrix/client/(r0|v3|unstable)/.*/account_data -# -# # Receipts requests -# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt -# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers -# -# # Presence requests -# - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ - - # User directory search requests - - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - - # Additionally, the following REST endpoints can be handled for GET requests: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/ - - # Pagination requests can also be handled, but all requests for a given - # room must be routed to the same instance. Additionally, care must be taken to - # ensure that the purge history admin API is not used while pagination requests - # for the room are in flight: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/messages$ - - # Additionally, the following endpoints should be included if Synapse is configured - # to use SSO (you only need to include the ones for whichever SSO provider you're - # using): - - # for all SSO providers - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect - # ^/_synapse/client/pick_idp$ - # ^/_synapse/client/pick_username - # ^/_synapse/client/new_user_consent$ - # ^/_synapse/client/sso_register$ - - # OpenID Connect requests. - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_synapse/client/oidc/callback$ - - # SAML requests. - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_synapse/client/saml2/authn_response$ - - # CAS requests. - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$ - - # Ensure that all SSO logins go to a single process. - # For multiple workers not handling the SSO endpoints properly, see - # [#7530](https://github.com/matrix-org/synapse/issues/7530) and - # [#9427](https://github.com/matrix-org/synapse/issues/9427). - - # Note that a HTTP listener with `client` and `federation` resources must be - # configured in the `worker_listeners` option in the worker config. - - # #### Load balancing - - # It is possible to run multiple instances of this worker app, with incoming requests - # being load-balanced between them by the reverse-proxy. However, different endpoints - # have different characteristics and so admins - # may wish to run multiple groups of workers handling different endpoints so that - # load balancing can be done in different ways. - - # For `/sync` and `/initialSync` requests it will be more efficient if all - # requests from a particular user are routed to a single instance. Extracting a - # user ID from the access token or `Authorization` header is currently left as an - # exercise for the reader. Admins may additionally wish to separate out `/sync` - # requests that have a `since` query parameter from those that don't (and - # `/initialSync`), as requests that don't are known as "initial sync" that happens - # when a user logs in on a new device and can be *very* resource intensive, so - # isolating these requests will stop them from interfering with other users ongoing - # syncs. - - # Federation and client requests can be balanced via simple round robin. - - # The inbound federation transaction request `^/_matrix/federation/v1/send/` - # should be balanced by source IP so that transactions from the same remote server - # go to the same process. - - # Registration/login requests can be handled separately purely to help ensure that - # unexpected load doesn't affect new logins and sign ups. - - # Finally, event sending requests can be balanced by the room ID in the URI (or - # the full URI, or even just round robin), the room ID is the path component after - # `/rooms/`. If there is a large bridge connected that is sending or may send lots - # of events, then a dedicated set of workers can be provisioned to limit the - # effects of bursts of events from that bridge on events sent by normal users. - - # #### Stream writers - - # Additionally, the writing of specific streams (such as events) can be moved off - # of the main process to a particular worker. - # (This is only supported with Redis-based replication.) - - # To enable this, the worker must have a HTTP replication listener configured, - # have a `worker_name` and be listed in the `instance_map` config. The same worker - # can handle multiple streams, but unless otherwise documented, each stream can only - # have a single writer. - - # For example, to move event persistence off to a dedicated worker, the shared - # configuration would include: - - # ```yaml - # instance_map: - # event_persister1: - # host: localhost - # port: 8034 - - # stream_writers: - # events: event_persister1 - # ``` - - # An example for a stream writer instance: - - # ```yaml - # {{#include systemd-with-workers/workers/event_persister.yaml}} - # ``` - - # Some of the streams have associated endpoints which, for maximum efficiency, should - # be routed to the workers handling that stream. See below for the currently supported - # streams and the endpoints associated with them: - - # ##### The `events` stream - - # The `events` stream experimentally supports having multiple writers, where work - # is sharded between them by room ID. Note that you *must* restart all worker - # instances when adding or removing event persisters. An example `stream_writers` - # configuration with multiple writers: - - # ```yaml - # stream_writers: - # events: - # - event_persister1 - # - event_persister2 - # ``` - - # ##### The `typing` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `typing` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing - - # ##### The `to_device` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `to_device` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ - - # ##### The `account_data` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `account_data` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(r0|v3|unstable)/.*/tags - # ^/_matrix/client/(r0|v3|unstable)/.*/account_data - - # ##### The `receipts` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `receipts` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt - # ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers - - # ##### The `presence` stream - - # The following endpoints should be routed directly to the worker configured as - # the stream writer for the `presence` stream: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ - - # #### Background tasks - - # There is also support for moving background tasks to a separate - # worker. Background tasks are run periodically or started via replication. Exactly - # which tasks are configured to run depends on your Synapse configuration (e.g. if - # stats is enabled). - - # To enable this, the worker must have a `worker_name` and can be configured to run - # background tasks. For example, to move background tasks to a dedicated worker, - # the shared configuration would include: - - # ```yaml - # run_background_tasks_on: background_worker - # ``` - - # You might also wish to investigate the `update_user_directory_from_worker` and - # `media_instance_running_background_jobs` settings. - - # An example for a dedicated background worker instance: - - # ```yaml - # {{#include systemd-with-workers/workers/background_worker.yaml}} - # ``` - - # #### Updating the User Directory - - # You can designate one generic worker to update the user directory. - - # Specify its name in the shared configuration as follows: - - # ```yaml - # update_user_directory_from_worker: worker_name - # ``` - - # This work cannot be load-balanced; please ensure the main process is restarted - # after setting this option in the shared configuration! - - # User directory updates allow REST endpoints matching the following regular - # expressions to work: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - - # The above endpoints can be routed to any worker, though you may choose to route - # it to the chosen user directory worker. - - # This style of configuration supersedes the legacy `synapse.app.user_dir` - # worker application type. - - - # #### Notifying Application Services - - # You can designate one generic worker to send output traffic to Application Services. - - # Specify its name in the shared configuration as follows: - - # ```yaml - # notify_appservices_from_worker: worker_name - # ``` - - # This work cannot be load-balanced; please ensure the main process is restarted - # after setting this option in the shared configuration! - - # This style of configuration supersedes the legacy `synapse.app.appservice` - # worker application type. - - -# pusher worker (no API endpoints) [ - # Handles sending push notifications to sygnal and email. Doesn't handle any - # REST endpoints itself, but you should set `start_pushers: False` in the - # shared configuration file to stop the main synapse sending push notifications. - - # To run multiple instances at once the `pusher_instances` option should list all - # pusher instances by their worker name, e.g.: - - # ```yaml - # pusher_instances: - # - pusher_worker1 - # - pusher_worker2 - # ``` - -# ] - -# appservice worker (no API endpoints) [ - # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the - # `notify_appservices_from_worker` option instead.](#notifying-application-services) - - # Handles sending output traffic to Application Services. Doesn't handle any - # REST endpoints itself, but you should set `notify_appservices: False` in the - # shared configuration file to stop the main synapse sending appservice notifications. - - # Note this worker cannot be load-balanced: only one instance should be active. - -# ] - -# federation_sender worker (no API endpoints) [ - # Handles sending federation traffic to other servers. Doesn't handle any - # REST endpoints itself, but you should set `send_federation: False` in the - # shared configuration file to stop the main synapse sending this traffic. - - # If running multiple federation senders then you must list each - # instance in the `federation_sender_instances` option by their `worker_name`. - # All instances must be stopped and started when adding or removing instances. - # For example: - - # ```yaml - # federation_sender_instances: - # - federation_sender1 - # - federation_sender2 - # ``` -# ] - -matrix_synapse_workers_media_repository_endpoints: - # Handles the media repository. It can handle all endpoints starting with: - - - ^/_matrix/media/ - - # ... and the following regular expressions matching media-specific administration APIs: - - - ^/_synapse/admin/v1/purge_media_cache$ - - ^/_synapse/admin/v1/room/.*/media.*$ - - ^/_synapse/admin/v1/user/.*/media.*$ - - ^/_synapse/admin/v1/media/.*$ - - ^/_synapse/admin/v1/quarantine_media/.*$ - - ^/_synapse/admin/v1/users/.*/media$ - - # You should also set `enable_media_repo: False` in the shared configuration - # file to stop the main synapse running background jobs related to managing the - # media repository. Note that doing so will prevent the main process from being - # able to handle the above endpoints. - - # In the `media_repository` worker configuration file, configure the http listener to - # expose the `media` resource. For example: - - # ```yaml - # worker_listeners: - # - type: http - # port: 8085 - # resources: - # - names: - # - media - # ``` - - # Note that if running multiple media repositories they must be on the same server - # and you must configure a single instance to run the background tasks, e.g.: - - # ```yaml - # media_instance_running_background_jobs: "media-repository-1" - # ``` - - # Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately). - -matrix_synapse_workers_user_dir_endpoints: - # **Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the - # `update_user_directory_from_worker` option instead.](#updating-the-user-directory) - - # Handles searches in the user directory. It can handle REST endpoints matching - # the following regular expressions: - - - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ - - # When using this worker you must also set `update_user_directory: false` in the - # shared configuration file to stop the main synapse running background - # jobs related to updating the user directory. - - # Above endpoint is not *required* to be routed to this worker. By default, - # `update_user_directory` is set to `true`, which means the main process - # will handle updates. All workers configured with `client` can handle the above - # endpoint as long as either this worker or the main process are configured to - # handle it, and are online. - - # If `update_user_directory` is set to `false`, and this worker is not running, - # the above endpoint may give outdated results. - -matrix_synapse_workers_frontend_proxy_endpoints: - # Proxies some frequently-requested client endpoints to add caching and remove - # load from the main synapse. It can handle REST endpoints matching the following - # regular expressions: - - - ^/_matrix/client/(r0|v3|unstable)/keys/upload - - # If `use_presence` is False in the homeserver config, it can also handle REST - # endpoints matching the following regular expressions: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status - - # This "stub" presence handler will pass through `GET` request but make the - # `PUT` effectively a no-op. - - # It will proxy any requests it cannot handle to the main synapse instance. It - # must therefore be configured with the location of the main instance, via - # the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration - # file. For example: - - # ```yaml - # worker_main_http_uri: http://127.0.0.1:8008 - # ``` - -matrix_synapse_workers_avail_list: - - appservice - - federation_sender - - frontend_proxy - - generic_worker - - media_repository - - pusher - - user_dir diff --git a/setup.yml b/setup.yml index 3b7d235d3..2e648732a 100755 --- a/setup.yml +++ b/setup.yml @@ -3,71 +3,93 @@ hosts: "{{ target if target is defined else 'matrix_servers' }}" become: true - vars_files: - - roles/matrix-synapse/vars/workers.yml - roles: - - matrix-base - - matrix-dynamic-dns - - matrix-mailer - - matrix-postgres - - matrix-redis - - matrix-corporal - - matrix-bridge-appservice-discord - - matrix-bridge-appservice-slack - - matrix-bridge-appservice-webhooks - - matrix-bridge-appservice-irc - - matrix-bridge-appservice-kakaotalk - - matrix-bridge-beeper-linkedin - - matrix-bridge-go-skype-bridge - - matrix-bridge-mautrix-facebook - - matrix-bridge-mautrix-twitter - - matrix-bridge-mautrix-hangouts - - matrix-bridge-mautrix-googlechat - - matrix-bridge-mautrix-instagram - - matrix-bridge-mautrix-signal - - matrix-bridge-mautrix-telegram - - matrix-bridge-mautrix-whatsapp - - matrix-bridge-mautrix-discord - - matrix-bridge-mx-puppet-discord - - matrix-bridge-mx-puppet-groupme - - matrix-bridge-mx-puppet-steam - - matrix-bridge-mx-puppet-slack - - matrix-bridge-mx-puppet-twitter - - matrix-bridge-mx-puppet-instagram - - matrix-bridge-sms - - matrix-bridge-heisenbridge - - matrix-bridge-hookshot - - matrix-bot-matrix-reminder-bot - - matrix-bot-matrix-registration-bot - - matrix-bot-maubot - - matrix-bot-buscarron - - matrix-bot-honoroit - - matrix-bot-postmoogle - - matrix-bot-go-neb - - matrix-bot-mjolnir - - matrix-synapse - - matrix-dendrite - - matrix-conduit - - matrix-synapse-admin - - matrix-prometheus-node-exporter - - matrix-prometheus-postgres-exporter - - matrix-prometheus - - matrix-grafana - - matrix-registration - - matrix-client-element - - matrix-client-hydrogen - - matrix-client-cinny - - matrix-jitsi - - matrix-ma1sd - - matrix-dimension - - matrix-etherpad - - matrix-email2matrix - - matrix-sygnal - - matrix-ntfy - - matrix-nginx-proxy - - matrix-coturn - - matrix-aux - - matrix-postgres-backup - - matrix-backup-borg - - matrix-common-after + # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`). + - role: galaxy/com.devture.ansible.role.playbook_help + + - role: galaxy/com.devture.ansible.role.systemd_docker_base + + - role: custom/matrix_playbook_migration + + - when: devture_timesync_installation_enabled | bool + role: galaxy/com.devture.ansible.role.timesync + tags: + - setup-timesync + - setup-all + + - custom/matrix-base + - custom/matrix-dynamic-dns + - custom/matrix-mailer + - custom/matrix-postgres + - custom/matrix-redis + - custom/matrix-corporal + - custom/matrix-bridge-appservice-discord + - custom/matrix-bridge-appservice-slack + - custom/matrix-bridge-appservice-webhooks + - custom/matrix-bridge-appservice-irc + - custom/matrix-bridge-appservice-kakaotalk + - custom/matrix-bridge-beeper-linkedin + - custom/matrix-bridge-go-skype-bridge + - custom/matrix-bridge-mautrix-facebook + - custom/matrix-bridge-mautrix-twitter + - custom/matrix-bridge-mautrix-hangouts + - custom/matrix-bridge-mautrix-googlechat + - custom/matrix-bridge-mautrix-instagram + - custom/matrix-bridge-mautrix-signal + - custom/matrix-bridge-mautrix-telegram + - custom/matrix-bridge-mautrix-whatsapp + - custom/matrix-bridge-mautrix-discord + - custom/matrix-bridge-mx-puppet-discord + - custom/matrix-bridge-mx-puppet-groupme + - custom/matrix-bridge-mx-puppet-steam + - custom/matrix-bridge-mx-puppet-slack + - custom/matrix-bridge-mx-puppet-twitter + - custom/matrix-bridge-mx-puppet-instagram + - custom/matrix-bridge-sms + - custom/matrix-bridge-heisenbridge + - custom/matrix-bridge-hookshot + - custom/matrix-bot-matrix-reminder-bot + - custom/matrix-bot-matrix-registration-bot + - custom/matrix-bot-maubot + - custom/matrix-bot-buscarron + - custom/matrix-bot-honoroit + - custom/matrix-bot-postmoogle + - custom/matrix-bot-go-neb + - custom/matrix-bot-mjolnir + - custom/matrix-cactus-comments + - custom/matrix-synapse + - custom/matrix-dendrite + - custom/matrix-conduit + - custom/matrix-synapse-admin + - custom/matrix-prometheus-node-exporter + - custom/matrix-prometheus-postgres-exporter + - custom/matrix-prometheus + - custom/matrix-grafana + - custom/matrix-registration + - custom/matrix-client-element + - custom/matrix-client-hydrogen + - custom/matrix-client-cinny + - custom/matrix-jitsi + - custom/matrix-ldap-registration-proxy + - custom/matrix-ma1sd + - custom/matrix-dimension + - custom/matrix-etherpad + - custom/matrix-email2matrix + - custom/matrix-sygnal + - custom/matrix-ntfy + - custom/matrix-nginx-proxy + - custom/matrix-coturn + - custom/matrix-aux + - custom/matrix-postgres-backup + - custom/matrix-backup-borg + - custom/matrix-user-creator + - custom/matrix-common-after + + # This is pretty much last, because we want it to better serve as a "last known good configuration". + # See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601 + - when: devture_playbook_state_preserver_enabled | bool + role: galaxy/com.devture.ansible.role.playbook_state_preserver + tags: + - setup-all + + - role: galaxy/com.devture.ansible.role.playbook_runtime_messages