Merge pull request #681 from scottcrossen/slc/ddclient

Dynamic DNS

docs/configuring-playbook-dynamic-dns.md

@@ -0,0 +1,26 @@
+# Dynamic DNS
+
+## Setup
+
+Most cloud providers / ISPs will charge you extra for a static IP address. If you're
+not hosting a highly reliable homeserver you can workaround this via dynamic DNS. To
+set this up, you'll need to get the username/password from your DNS provider. For
+google domains, this process is described [here](https://support.google.com/domains/answer/6147083).
+After you've gotten the proper credentials you can add the following config to your inventory/host_vars/matrix.DOMAIN/vars.yml:
+
+```yaml
+matrix_dynamic_dns_enabled: true
+
+matrix_dynamic_dns_domain_configurations:
+  - provider: domains.google.com
+    protocol: dyndn2
+    username: XXXXXXXXXXXXXXXX
+    password: XXXXXXXXXXXXXXXX
+    domain: "{{ matrix_domain }}"
+```
+
+## Additional Reading
+
+Additional resources:
+
+- https://matrix.org/docs/guides/free-small-matrix-server

docs/configuring-playbook.md

@@ -33,6 +33,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional)
 
+- [Setting Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional)
 
 ### Core service adjustments
 

group_vars/matrix_servers

@@ -619,6 +619,23 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{ 8048 if mat
 ######################################################################
 
 
+
+######################################################################
+#
+# matrix-dynamic-dns
+#
+######################################################################
+
+matrix_dynamic_dns_enabled: false
+
+######################################################################
+#
+# /matrix-dynamic-dns
+#
+######################################################################
+
+
+
 ######################################################################
 #
 # matrix-email2matrix
@@ -837,6 +854,8 @@ matrix_ssl_architecture: "{{
 	}[matrix_architecture]
 }}"
 
+matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}
+
 ######################################################################
 #
 # /matrix-nginx-proxy

roles/matrix-dynamic-dns/defaults/main.yml

@@ -0,0 +1,43 @@
+# Whether dynamic dns is enabled
+matrix_dynamic_dns_enabled: true
+
+# The dynamic dns daemon interval
+matrix_dynamic_dns_daemon_interval: '300'
+
+# The docker container to use when in mode
+matrix_dynamic_dns_docker_image: 'linuxserver/ddclient:v3.9.1-ls45'
+
+# The image to force pull
+matrix_dynamic_dns_docker_image_force_pull: "{{ matrix_dynamic_dns_docker_image.endswith(':latest') }}"
+
+# List of extra arguments to pass to the ontainer mode
+matrix_dynamic_dns_container_extra_arguments: []
+
+# List of wanted services when running in mode
+matrix_dynamic_dns_systemd_wanted_services_list: []
+
+# List of required services when running in mode
+matrix_dynamic_dns_systemd_required_services_list: ['docker.service']
+
+# Build the container from source when running in mode
+matrix_dynamic_dns_container_image_self_build: false
+
+# Config paths
+matrix_dynamic_dns_base_path: "{{ matrix_base_data_path }}/dynamic-dns"
+matrix_dynamic_dns_config_path: "{{ matrix_dynamic_dns_base_path }}/config"
+matrix_dynamic_dns_docker_src_files_path: "{{ matrix_dynamic_dns_base_path }}/docker-src"
+
+# Holds the configurations (the domains to update DNS for, the providers they use, etc.)
+#
+# Example:
+# matrix_dynamic_dns_domain_configurations:
+#   - provider: domains.google.com
+#     protocol: dyndn2
+#     username: XXXXXXXXXXXXXXXX
+#     password: XXXXXXXXXXXXXXXX
+#     domain: "{{ matrix_domain }}"
+matrix_dynamic_dns_domain_configurations: []
+
+# Config options
+matrix_dynamic_dns_additional_configuration_blocks: []
+matrix_dynamic_dns_use: "web"

roles/matrix-dynamic-dns/tasks/init.yml

@@ -0,0 +1,3 @@
+- set_fact:
+    matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dynamic-dns'] }}"
+  when: "matrix_dynamic_dns_enabled|bool"

roles/matrix-dynamic-dns/tasks/install.yml

@@ -0,0 +1,59 @@
+---
+
+- name: Ensure Dynamic DNS image is pulled
+  docker_image:
+    name: "{{ matrix_dynamic_dns_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}"
+  when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build
+
+- name: Ensure Dynamic DNS paths exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0751
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - { path: "{{ matrix_dynamic_dns_base_path }}", when: true }
+    - { path: "{{ matrix_dynamic_dns_config_path }}", when: true }
+    - { path: "{{ matrix_dynamic_dns_docker_src_files_path }}", when: "{{ matrix_dynamic_dns_container_image_self_build }}" }
+  when: matrix_dynamic_dns_enabled|bool and item.when|bool
+
+- name: Ensure Dynamic DNS repository is present on self build
+  git:
+    repo: https://github.com/linuxserver/docker-ddclient.git
+    dest: "{{ matrix_dynamic_dns_docker_src_files_path }}"
+    force: "yes"
+  when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build"
+
+- name: Ensure Dynamic DNS Docker image is built
+  docker_image:
+    name: "{{ matrix_dynamic_dns_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_dynamic_dns_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build"
+
+- name: Ensure Dynamic DNS ddclient.conf installed
+  template:
+    src: "{{ role_path }}/templates/ddclient.conf.j2"
+    dest: "{{ matrix_dynamic_dns_config_path }}/ddclient.conf"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure matrix-dynamic-dns.service installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix-dynamic-dns.service.j2"
+    dest: "/etc/systemd/system/matrix-dynamic-dns.service"
+    mode: 0644
+  register: matrix_dynamic_dns_systemd_service_result
+
+- name: Ensure systemd reloaded after matrix-dynamic-dns.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_dynamic_dns_systemd_service_result.changed"

roles/matrix-dynamic-dns/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup|bool and matrix_dynamic_dns_enabled|bool"
+  tags:
+    - setup-all
+    - setup-dynamic-dns
+
+- import_tasks: "{{ role_path }}/tasks/install.yml"
+  when: "run_setup|bool and matrix_dynamic_dns_enabled|bool"
+  tags:
+    - setup-all
+    - setup-dynamic-dns
+
+- import_tasks: "{{ role_path }}/tasks/uninstall.yml"
+  when: "run_setup|bool and not matrix_dynamic_dns_enabled|bool"
+  tags:
+    - setup-all
+    - setup-dynamic-dns

roles/matrix-dynamic-dns/tasks/uninstall.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Check existence of matrix-dynamic-dns service
+  stat:
+    path: "{{ systemd_path }}/matrix-dynamic-dns.service"
+  register: matrix_dynamic_dns_service_stat
+
+- name: Ensure matrix-dynamic-dns is stopped
+  service:
+    name: matrix-dynamic-dns
+    state: stopped
+    daemon_reload: yes
+  when: "matrix_dynamic_dns_service_stat.stat.exists"
+
+- name: Ensure matrix-dynamic-dns.service doesn't exist
+  file:
+    path: "{{ systemd_path }}/matrix-dynamic-dns.service"
+    state: absent
+  when: "matrix_dynamic_dns_service_stat.stat.exists"
+
+- name: Ensure systemd reloaded after matrix-dynamic-dns.service removal
+  service:
+    daemon_reload: yes
+  when: "matrix_dynamic_dns_service_stat.stat.exists"

roles/matrix-dynamic-dns/tasks/validate_config.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Fail if no configurations specified
+  fail:
+    msg: >-
+      You need to define at least one configuration in `matrix_dynamic_dns_domain_configurations` for using matrix-dynamic-dns.
+  when: "matrix_dynamic_dns_domain_configurations|length == 0"
+
+- name: Fail if required settings not defined in configuration blocks
+  fail:
+    msg: >-
+      One of the configurations in matrix_dynamic_dns_domain_configurations is missing a required key (domain, provider, protocol).
+  when: "'domain' not in configuration or 'provider' not in configuration or 'protocol' not in configuration"
+  with_items: "{{ matrix_dynamic_dns_domain_configurations }}"
+  loop_control:
+    loop_var: configuration

roles/matrix-dynamic-dns/templates/ddclient.conf.j2

@@ -0,0 +1,26 @@
+daemon={{ matrix_dynamic_dns_daemon_interval }}
+syslog=no
+pid=/var/run/ddclient/ddclient.pid
+ssl=yes
+use={{ matrix_dynamic_dns_use }}
+
+{% for dynamic_dns_domain_configuration in matrix_dynamic_dns_domain_configurations %}
+protocol={{ dynamic_dns_domain_configuration.protocol }}
+server={{ dynamic_dns_domain_configuration.provider }} {% if 'username' in dynamic_dns_domain_configuration %}
+login='{{ dynamic_dns_domain_configuration.username }}' {% endif %} {% if 'password' in dynamic_dns_domain_configuration %}
+password='{{ dynamic_dns_domain_configuration.password }}' {% endif %} {% if 'static' in dynamic_dns_domain_configuration %}
+static=yes {% endif %} {% if 'custom' in dynamic_dns_domain_configuration %}
+custom=yes {% endif %} {% if 'zone' in dynamic_dns_domain_configuration %}
+zone={{ dynamic_dns_domain_configuration.zone }} {% endif %} {% if 'ttl' in dynamic_dns_domain_configuration %}
+ttl={{ dynamic_dns_domain_configuration.ttl }} {% endif %} {% if 'mx' in dynamic_dns_domain_configuration %}
+mx={{ dynamic_dns_domain_configuration.mx }} {% endif %} {% if 'wildcard' in dynamic_dns_domain_configuration %}
+wildcard=yes {% endif %}
+{{ dynamic_dns_domain_configuration.domain }}
+
+{% endfor %}
+
+
+{% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %}
+{{ matrix_dynamic_dns_additional_configuration }}
+
+{% endfor %}

roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2

@@ -0,0 +1,34 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix Dynamic DNS
+{% for service in matrix_dynamic_dns_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_dynamic_dns_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+
+[Service]
+Type=simple
+ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dynamic-dns
+ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dynamic-dns
+ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \
+			--log-driver=none \
+			--network={{ matrix_docker_network }} \
+  			-e PUID={{ matrix_user_uid }} \
+  			-e PGID={{ matrix_user_gid }} \
+			-v {{ matrix_dynamic_dns_config_path }}:/config:z \
+			{% for arg in matrix_dynamic_dns_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_dynamic_dns_docker_image }}
+
+ExecStop=-{{ matrix_host_command_docker }} kill matrix-dynamic-dns
+ExecStop=-{{ matrix_host_command_docker }} rm matrix-dynamic-dns
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-dynamic-dns
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-nginx-proxy/defaults/main.yml

@@ -275,6 +275,10 @@ matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
 
+# If you'd like to start some service before a certificate is obtained, specify it here.
+# This could be something like `matrix-dynamic-dns`, etc.
+matrix_ssl_pre_obtaining_required_service_name: ~
+matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds: 60
 
 # nginx status page configurations.
 matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml

@@ -12,6 +12,19 @@
 - set_fact:
     domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}"
 
+- block:
+  - name: Ensure required service for obtaining is started
+    service:
+      name: "{{ matrix_ssl_pre_obtaining_required_service_name }}"
+      state: started
+    register: matrix_ssl_pre_obtaining_required_service_start_result
+
+  - name: Wait some time, so that the required service for obtaining can start
+    wait_for:
+      timeout: "{{ matrix_ssl_service_to_start_before_obtaining_start_wait_time_seconds }}"
+    when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool"
+  when: "domain_name_needs_cert|bool and matrix_ssl_pre_obtaining_required_service_name != ''"
+
 # This will fail if there is something running on port 80 (like matrix-nginx-proxy).
 # We suppress the error, as we'll try another method below.
 - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)

setup.yml

@@ -5,6 +5,7 @@
 
   roles:
     - matrix-base
+    - matrix-dynamic-dns
     - matrix-mailer
     - matrix-postgres
     - matrix-corporal