Slavi Pantaleev
hace 4 años
Se han modificado 3 ficheros con 45 adiciones y 28 borrados
Unificar vista
Opciones de diferencias
-
+8 -8group_vars/matrix_servers
-
+26 -15roles/matrix-dendrite/defaults/main.yml
-
+11 -5roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
+ 8
- 8
group_vars/matrix_servers
Ver fichero
| @@ -1415,10 +1415,10 @@ matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-syn | |||||
| matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" | matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" | ||||
| matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" | matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" | ||||
| matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_container_client_api_port }}" | |||||
| matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" | |||||
| matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_container_federation_api_plain_port|string }}" | |||||
| matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_container_federation_api_plain_port|string }}" | |||||
| matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" | |||||
| matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port|string }}" | |||||
| matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" | |||||
| matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port|string }}" | |||||
| # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. | # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. | ||||
| matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" | matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" | ||||
| @@ -2209,11 +2209,11 @@ matrix_postgres_backup_databases: | | |||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, | # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, | ||||
| # you can expose Dendrite's ports to the host. | # you can expose Dendrite's ports to the host. | ||||
| # | # | ||||
| # For exposing the Matrix Client API's port (plain HTTP) to the local host. | |||||
| matrix_dendrite_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" | |||||
| # For exposing Dendrite's plain HTTP server to the local host. | |||||
| matrix_dendrite_container_http_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_dendrite_http_bind_port|string) }}" | |||||
| # | # | ||||
| # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. | |||||
| matrix_dendrite_container_federation_api_tls_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else matrix_federation_public_port }}" | |||||
| # For exposing Dendrite's HTTPS server to the local host. | |||||
| matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_enabled or not matrix_dendrite_https_bind_port else ('127.0.0.1:' + matrix_dendrite_https_bind_port|string) }}" | |||||
| matrix_dendrite_registration_shared_secret: "{{ matrix_dendrite_generic_secret_key | password_hash('sha512', 'dendrite.rss') | to_uuid }}" | matrix_dendrite_registration_shared_secret: "{{ matrix_dendrite_generic_secret_key | password_hash('sha512', 'dendrite.rss') | to_uuid }}" | ||||
+ 26
- 15
roles/matrix-dendrite/defaults/main.yml
Ver fichero
| @@ -14,31 +14,42 @@ matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage" | |||||
| matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store" | matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store" | ||||
| matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" | matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" | ||||
| matrix_dendrite_container_http_bind_port: 8008 | |||||
| # By default, we make Dendrite only serve HTTP (not HTTPS). | |||||
| # HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`). | |||||
| # | |||||
| # To enable HTTPS serving by Dendrite (directly): | |||||
| # - `matrix_dendrite_https_bind_port` must be set | |||||
| # - `-tls-cert` and `-tls-key` must be passed to Dendrite via `matrix_dendrite_process_extra_arguments` | |||||
| # - the TLS certificate files must be mounted into the container using `matrix_dendrite_container_additional_volumes` | |||||
| matrix_dendrite_http_bind_port: 8008 | |||||
| matrix_dendrite_https_bind_port: ~ | |||||
| # This is passed as a flag `-http-bind-address` flag to the Dendrite server in the container | |||||
| matrix_dendrite_container_http_bind_address: ":{{ matrix_dendrite_container_http_bind_port }}" | |||||
| # This is passed as an `-http-bind-address` flag to the Dendrite server in the container | |||||
| matrix_dendrite_http_bind_address: "{{ (':' + matrix_dendrite_http_bind_port|string) if matrix_dendrite_http_bind_port else '' }}" | |||||
| # Dendrite monolith exposes both the Client API and the Federation API on the same port | |||||
| matrix_dendrite_container_client_api_port: "{{ matrix_dendrite_container_http_bind_port }}" | |||||
| matrix_dendrite_container_federation_api_plain_port: "{{ matrix_dendrite_container_http_bind_port }}" | |||||
| # This is passed as an `-https-bind-address` flag to the Dendrite server in the container | |||||
| matrix_dendrite_https_bind_address: "{{ (':' + matrix_dendrite_https_bind_port|string) if matrix_dendrite_https_bind_port else '' }}" | |||||
| # Controls whether the matrix-dendrite container exposes the Client/Server API port (tcp/8008 in the container). | |||||
| # Controls whether the matrix-dendrite container exposes the HTTP port (tcp/{{ matrix_dendrite_http_bind_port }} in the container). | |||||
| # | # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose. | # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose. | ||||
| matrix_dendrite_container_client_api_host_bind_port: "" | |||||
| matrix_dendrite_container_http_host_bind_address: "" | |||||
| # Controls whether the matrix-dendrite container exposes the tls (encrypted) Server/Server (Federation) API port (tcp/8448 in the container). | |||||
| # | |||||
| # Takes effect only if federation is enabled (matrix_dendrite_federation_enabled) | |||||
| # and TLS support is enabled (matrix_dendrite_tls_federation_listener_enabled). | |||||
| # Controls whether the matrix-dendrite container exposes the HTTPS port (tcp/{{ matrix_dendrite_https_bind_port }} in the container). | |||||
| # | # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "8448"), or empty string to not expose. | |||||
| matrix_dendrite_container_federation_api_tls_host_bind_port: "" | |||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8448"), or empty string to not expose. | |||||
| matrix_dendrite_container_https_host_bind_address: "" | |||||
| # A list of extra arguments to pass to the container | |||||
| # A list of extra arguments to pass to the container (`docker run` command) | |||||
| matrix_dendrite_container_extra_arguments: [] | matrix_dendrite_container_extra_arguments: [] | ||||
| # A list of extra arguments to pass to the container process (`dendrite-monolith` command) | |||||
| # Example: | |||||
| # matrix_dendrite_process_extra_arguments: | |||||
| # - "-tls-cert /some/path.crt" | |||||
| # - "-tls-key /some/path.pem" | |||||
| matrix_dendrite_process_extra_arguments: [] | |||||
| # List of systemd services that matrix-dendrite.service depends on | # List of systemd services that matrix-dendrite.service depends on | ||||
| matrix_dendrite_systemd_required_services_list: ["docker.service"] | matrix_dendrite_systemd_required_services_list: ["docker.service"] | ||||
+ 11
- 5
roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
Ver fichero
| @@ -29,11 +29,11 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ | |||||
| --read-only \ | --read-only \ | ||||
| --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_dendrite_tmp_directory_size_mb }}m \ | --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_dendrite_tmp_directory_size_mb }}m \ | ||||
| --network={{ matrix_docker_network }} \ | --network={{ matrix_docker_network }} \ | ||||
| {% if matrix_dendrite_container_client_api_host_bind_port %} | |||||
| -p {{ matrix_dendrite_container_client_api_host_bind_port }}:8008 \ | |||||
| {% if matrix_dendrite_container_http_host_bind_address and matrix_dendrite_http_bind_port %} | |||||
| -p {{ matrix_dendrite_container_http_host_bind_address }}:{{ matrix_dendrite_http_bind_port }} \ | |||||
| {% endif %} | {% endif %} | ||||
| {% if matrix_dendrite_container_federation_api_tls_host_bind_port %} | |||||
| -p {{ matrix_dendrite_container_federation_api_tls_host_bind_port }}:8448 \ | |||||
| {% if matrix_dendrite_container_https_host_bind_address and matrix_dendrite_https_bind_port %} | |||||
| -p {{ matrix_dendrite_container_https_host_bind_address }}:{{ matrix_dendrite_https_bind_port }} \ | |||||
| {% endif %} | {% endif %} | ||||
| --mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \ | --mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \ | ||||
| --mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ | --mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ | ||||
| @@ -45,7 +45,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ | |||||
| {% endfor %} | {% endfor %} | ||||
| {{ matrix_dendrite_docker_image }} \ | {{ matrix_dendrite_docker_image }} \ | ||||
| -config /data/dendrite.yaml \ | -config /data/dendrite.yaml \ | ||||
| -http-bind-address {{ matrix_dendrite_container_http_bind_address }} | |||||
| {% if matrix_dendrite_http_bind_address %} | |||||
| -http-bind-address {{ matrix_dendrite_http_bind_address }} | |||||
| {% endif %} | |||||
| {% if matrix_dendrite_https_bind_address %} | |||||
| -https-bind-address {{ matrix_dendrite_https_bind_address }} | |||||
| {% endif %} | |||||
| {{ matrix_dendrite_process_extra_arguments|join(' ') }} | |||||
| ExecStop=-{{ matrix_host_command_docker }} kill matrix-dendrite | ExecStop=-{{ matrix_host_command_docker }} kill matrix-dendrite | ||||
| ExecStop=-{{ matrix_host_command_docker }} rm matrix-dendrite | ExecStop=-{{ matrix_host_command_docker }} rm matrix-dendrite | ||||