overmind
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Browse Source

Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 

# Conflicts:
#	setup.yml
pull/4247/head
Georg Glas 1 year ago
parent
cfca16f7a7 ba04bace6d
commit
597738e640
No known key found for this signature in database GPG Key ID: 155A74F427A1E404
32 changed files with 3396 additions and 117 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +9
    -0
      CHANGELOG.md
  2. +1
    -0
      README.md
  3. +4
    -2
      docs/configuring-playbook-matrix-media-repo.md
  4. +1
    -0
      docs/configuring-playbook-prometheus-grafana.md
  5. +26
    -0
      docs/configuring-playbook-synapse-usage-exporter.md
  6. +3
    -1
      docs/configuring-playbook-synapse.md
  7. +2
    -0
      docs/configuring-playbook.md
  8. +48
    -5
      group_vars/matrix_servers
  9. +1
    -1
      requirements.yml
  10. +12
    -1
      roles/custom/matrix-bot-buscarron/defaults/main.yml
  11. +7
    -0
      roles/custom/matrix-bot-buscarron/templates/env.j2
  12. +1
    -1
      roles/custom/matrix-bot-honoroit/defaults/main.yml
  13. +1
    -1
      roles/custom/matrix-bot-postmoogle/defaults/main.yml
  14. +1
    -1
      roles/custom/matrix-client-cinny/defaults/main.yml
  15. +12
    -8
      roles/custom/matrix-client-cinny/templates/nginx.conf.j2
  16. +1
    -1
      roles/custom/matrix-coturn/defaults/main.yml
  17. +47
    -0
      roles/custom/matrix-media-repo/defaults/main.yml
  18. +60
    -61
      roles/custom/matrix-media-repo/templates/grafana/media-repo.json
  19. +38
    -0
      roles/custom/matrix-media-repo/templates/media-repo/labels.j2
  20. +33
    -0
      roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2
  21. +20
    -0
      roles/custom/matrix-prometheus-services-connect/defaults/main.yml
  22. +84
    -0
      roles/custom/matrix-synapse-usage-exporter/defaults/main.yml
  23. +17
    -0
      roles/custom/matrix-synapse-usage-exporter/tasks/main.yml
  24. +77
    -0
      roles/custom/matrix-synapse-usage-exporter/tasks/setup_install.yml
  25. +24
    -0
      roles/custom/matrix-synapse-usage-exporter/tasks/setup_uninstall.yml
  26. +3
    -0
      roles/custom/matrix-synapse-usage-exporter/templates/env.j2
  27. +2746
    -0
      roles/custom/matrix-synapse-usage-exporter/templates/grafana/synapse-usage-exporter.json
  28. +38
    -0
      roles/custom/matrix-synapse-usage-exporter/templates/labels.j2
  29. +47
    -0
      roles/custom/matrix-synapse-usage-exporter/templates/systemd/matrix-synapse-usage-exporter.service.j2
  30. +3
    -0
      roles/custom/matrix-synapse/defaults/main.yml
  31. +1
    -0
      roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
  32. +28
    -34
      setup.yml

+ 9
- 0
CHANGELOG.md View File

@@ -1,3 +1,12 @@
# 2024-07-25

## synapse-usage-exporter support

Thanks to [Michael Hollister](https://github.com/Michael-Hollister) from [FUTO](https://www.futo.org/), the creators of the [Circles app](https://circu.li/), the playbook can now set up [synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) - a small [Flask](https://flask.palletsprojects.com)-based webservice which can capture usage statistics from Synapse (via HTTP `PUT`) and then make them available for Prometheus to scrape.

To learn more see our [Enabling synapse-usage-exporter for Synapse usage statistics](docs/configuring-playbook-synapse-usage-exporter.md) documentation page.


# 2024-07-06

## matrix-alertmanager-receiver support


+ 1
- 0
README.md View File

@@ -157,6 +157,7 @@ Services that help you in administrating and monitoring your matrix installation
| Metrics and Graphs | x | Consists of the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI | [Link](docs/configuring-playbook-prometheus-grafana.md) |
| [Borg](https://borgbackup.org) | x | Backups | [Link](docs/configuring-playbook-backup-borg.md) |
| [Rageshake](https://github.com/matrix-org/rageshake) | x | Bug report server | [Link](docs/configuring-playbook-rageshake.md) |
| [synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) | x | Export the usage statistics of a Synapse homeserver to be scraped by Prometheus. | [Link](docs/configuring-playbook-synapse-usage-exporter.md) |

### Misc



+ 4
- 2
docs/configuring-playbook-matrix-media-repo.md View File

@@ -23,9 +23,11 @@ matrix_media_repo_enabled: true
# matrix_media_repo_metrics_enabled: true
```

The repo is pre-configured for integrating with the Postgres database, NGINX proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles).
The repo is pre-configured for integrating with the Postgres database, Traefik proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles).

By default, the media-repo will use the local filesystem for data storage. Additional options include `s3` and `IPFS` (experimental). Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
By default, the media-repo will use the local filesystem for data storage. You can alternatively use a `s3` cloud backend as well. Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.

**Note:** If you want to use authenticated media endpoints ([MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916)), you must configure a signing key for your MMR instance to authorize outbound federation requests. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/ for more details on how to configure your server with a signing key.

## Configuring the media-repo



+ 1
- 0
docs/configuring-playbook-prometheus-grafana.md View File

@@ -121,6 +121,7 @@ scrape_configs:

## More information

- [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)
- [Understanding Synapse Performance Issues Through Grafana Graphs](https://element-hq.github.io/synapse/latest/usage/administration/understanding_synapse_through_grafana_graphs.html) at the Synapse Github Wiki
- [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2)
- [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana)


+ 26
- 0
docs/configuring-playbook-synapse-usage-exporter.md View File

@@ -0,0 +1,26 @@
# Setting up synapse-usage-exporter (optional)

[synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) allows you to export the usage statistics of a Synapse homeserver to this container service and for the collected metrics to later be scraped by Prometheus.

Synapse does not include usage statistics in its Prometheus metrics. They can be reported to an HTTP `PUT` endpoint 5 minutes after startup and from then on at a fixed interval of once every three hours. This role integrates a simple [Flask](https://flask.palletsprojects.com) project that offers an HTTP `PUT` endpoint and holds the most recent received record available to be scraped by Prometheus.

Enabling this service will automatically:

- install the synapse-usage-exporter service
- re-configure Synapse to push (via HTTP `PUT`) usage statistics information to synapse-usage-exporter
- re-configure [Prometheus](./configuring-playbook-prometheus-grafana.md) (if Prometheus is enabled), to periodically scrape metrics from synapse-usage-exporter
- add a new [Grafana](./configuring-playbook-prometheus-grafana.md) dashboard (if Grafana is enabled) containing Synapse usage statistics

## Quickstart

Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file and [re-run the installation process](./installing.md) for the playbook:

```yaml
matrix_synapse_usage_exporter_enabled: true

# (Optional) Expose endpoint if you want to collect statistics from outside (from other homeservers).
# If enabled, synapse-usage-exporter will be exposed publicly at `matrix.DOMAIN/report-usage-stats/push`.
# When collecting usage statistics for Synapse running on the same host, you don't need to enable this.
# You can adjust the hostname and path via `matrix_synapse_usage_exporter_hostname` and `matrix_synapse_usage_exporter_path_prefix`.
# matrix_synapse_usage_exporter_proxying_enabled: true
```

+ 3
- 1
docs/configuring-playbook-synapse.md View File

@@ -161,4 +161,6 @@ Due to this, it's recommended to only store and maintain template files in your

This playbook allows you to enable Synapse metrics, which can provide insight into the performance and activity of Synapse.

To enable Synapse metrics see [`configuring-playbook-prometheus-grafana.md`](./configuring-playbook-prometheus-grafana.md)
To enable Synapse runtime metrics see: [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md)

To enable Synapse usage metrics, see: [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)

+ 2
- 0
docs/configuring-playbook.md View File

@@ -42,6 +42,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins

- [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) (optional)

- [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md) (optional)

### Core service adjustments

- Homeserver configuration:


+ 48
- 5
group_vars/matrix_servers View File

@@ -441,6 +441,8 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
+
([{'name': (matrix_synapse_usage_exporter_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'synapse-usage-exporter']}] if matrix_synapse_usage_exporter_enabled else [])
+
([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'synapse-reverse-proxy-companion', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
+
([{'name': 'matrix-user-verification-service.service', 'priority': 800, 'groups': ['matrix', 'matrix-user-verification-service']}] if matrix_user_verification_service_enabled else [])
@@ -3611,6 +3613,12 @@ matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "{{ matri
matrix_media_repo_container_labels_traefik_internal_matrix_client_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
matrix_media_repo_container_labels_traefik_internal_matrix_client_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"

matrix_media_repo_metrics_proxying_enabled: "{{ matrix_media_repo_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_media_repo_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_media_repo_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix }}/matrix-media-repo"
matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

matrix_media_repo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_media_repo_database_username: matrix_media_repo
matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}"
@@ -3644,6 +3652,11 @@ matrix_media_repo_homeservers_auto:
# to "matrix", most functionality requiring the admin API will not work.
adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else ('dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix') }}"

# The signing key to use for authorizing outbound federation requests. If not specified,
# requests will not be authorized. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/
# for details.
signingKeyPath: ""

matrix_media_repo_homeserver_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"

######################################################################
@@ -4454,6 +4467,10 @@ matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_
# Disable creation of media repository Synapse worker when using media-repo
matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"

# Enable Synapse statistics reporting when using synapse-usage-exporter
matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_synapse_report_stats_endpoint: "http://{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}/report-usage-stats/push"

######################################################################
#
# /matrix-synapse
@@ -4586,6 +4603,28 @@ matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_trae
#
######################################################################

######################################################################
#
# matrix-synapse-usage-exporter
#
######################################################################

matrix_synapse_usage_exporter_enabled: false

matrix_synapse_usage_exporter_container_network: "{{ matrix_monitoring_container_network }}"

matrix_synapse_usage_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"

matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}"
matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"

######################################################################
#
# /matrix-synapse-usage-exporter
#
######################################################################

######################################################################
#
@@ -4744,6 +4783,8 @@ prometheus_container_additional_networks_auto: |
([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
+
([matrix_media_repo_container_network] if matrix_prometheus_services_connect_scraper_media_repo_enabled and matrix_media_repo_container_network != prometheus_container_network else [])
+
([matrix_synapse_usage_exporter_container_network] if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled and matrix_synapse_usage_exporter_container_network != prometheus_container_network else [])
) | unique
}}

@@ -4768,6 +4809,8 @@ prometheus_config_scrape_configs_auto: |
(matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs if matrix_prometheus_services_connect_scraper_nginxlog_enabled else [])
+
(matrix_prometheus_services_connect_scraper_media_repo_scrape_configs if matrix_prometheus_services_connect_scraper_media_repo_enabled else [])
+
(matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_configs if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled else [])
}}

######################################################################
@@ -4806,6 +4849,9 @@ matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ m
matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}"
matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}"

matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled: "{{ matrix_synapse_usage_exporter_enabled }}"
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs_target: "{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}"

######################################################################
#
# /matrix-prometheus-services-connect
@@ -4872,6 +4918,8 @@ grafana_dashboard_download_urls: |
(matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else [])
+
(matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else [])
+
(matrix_synapse_usage_exporter_dashboard_urls if matrix_synapse_usage_exporter_enabled else [])
}}

grafana_provisioning_dashboard_template_files: |
@@ -4880,11 +4928,6 @@ grafana_provisioning_dashboard_template_files: |
'path': 'roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json',
'name': 'nginx-proxy.json',
}] if matrix_prometheus_nginxlog_exporter_enabled else [])
+
([{
'path': 'roles/custom/matrix-media-repo/templates/grafana/media-repo.json',
'name': 'media-repo.json',
}] if matrix_media_repo_metrics_enabled else [])
}}

grafana_default_home_dashboard_path: |-


+ 1
- 1
requirements.yml View File

@@ -22,7 +22,7 @@
version: v4.98-r0-0-0
name: exim_relay
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
version: v11.1.0-0
version: v11.1.3-1
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v9584-1


+ 12
- 1
roles/custom/matrix-bot-buscarron/defaults/main.yml View File

@@ -6,7 +6,7 @@
matrix_bot_buscarron_enabled: true

# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/buscarron
matrix_bot_buscarron_version: v1.4.1
matrix_bot_buscarron_version: v1.4.2

# The hostname at which Buscarron is served.
matrix_bot_buscarron_hostname: ''
@@ -50,6 +50,17 @@ matrix_bot_buscarron_metrics_password: ''
# /metrics allowed ips
matrix_bot_buscarron_metrics_ips: []

# healthchecks.io integration
matrix_bot_buscarron_hc_url: '' # default is https://hc-ping.com (healthchecks.io)
matrix_bot_buscarron_hc_uuid: '' # check UUID

# redmine integration
matrix_bot_buscarron_redmine_host: '' # e.g. https://redmine.example.com
matrix_bot_buscarron_redmine_apikey: ''
matrix_bot_buscarron_redmine_project: '' # project identifier (e.g., my-project)
matrix_bot_buscarron_redmine_trackerid: '' # task tracker ID (e.g., 1)
matrix_bot_buscarron_redmine_statusid: '' # task status ID (e.g., 1)


# matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.


+ 7
- 0
roles/custom/matrix-bot-buscarron/templates/env.j2 View File

@@ -5,6 +5,8 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }}
BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }}
BUSCARRON_SPAMLIST={{ matrix_bot_buscarron_spamlist|join(" ") }}
BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
BUSCARRON_HC_URL={{ matrix_bot_buscarron_hc_url }}
BUSCARRON_HC_UUID={{ matrix_bot_buscarron_hc_uuid }}
BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
BUSCARRON_BAN_LIST={{ matrix_bot_buscarron_ban_list|default('')|join(' ') }}
@@ -16,6 +18,11 @@ BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }}
BUSCARRON_METRICS_LOGIN={{ matrix_bot_buscarron_metrics_login }}
BUSCARRON_METRICS_PASSWORD={{ matrix_bot_buscarron_metrics_password }}
BUSCARRON_METRICS_IPS={{ matrix_bot_buscarron_metrics_ips|default([])|join(" ") }}
BUSCARRON_REDMINE_HOST={{ matrix_bot_buscarron_redmine_host }}
BUSCARRON_REDMINE_APIKEY={{ matrix_bot_buscarron_redmine_apikey }}
BUSCARRON_REDMINE_PROJECT={{ matrix_bot_buscarron_redmine_project }}
BUSCARRON_REDMINE_TRACKERID={{ matrix_bot_buscarron_redmine_trackerid }}
BUSCARRON_REDMINE_STATUSID={{ matrix_bot_buscarron_redmine_statusid }}
{% set forms = [] %}
{% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}


+ 1
- 1
roles/custom/matrix-bot-honoroit/defaults/main.yml View File

@@ -21,7 +21,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"

# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/honoroit
matrix_bot_honoroit_version: v0.9.22
matrix_bot_honoroit_version: v0.9.24
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"


+ 1
- 1
roles/custom/matrix-bot-postmoogle/defaults/main.yml View File

@@ -10,7 +10,7 @@ matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_v
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"

# renovate: datasource=docker depName=registry.gitlab.com/etke.cc/postmoogle
matrix_bot_postmoogle_version: v0.9.18
matrix_bot_postmoogle_version: v0.9.20
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"


+ 1
- 1
roles/custom/matrix-client-cinny/defaults/main.yml View File

@@ -7,7 +7,7 @@ matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"

# renovate: datasource=docker depName=ajbura/cinny
matrix_client_cinny_version: v3.2.0
matrix_client_cinny_version: v4.0.3
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"


+ 12
- 8
roles/custom/matrix-client-cinny/templates/nginx.conf.j2 View File

@@ -51,16 +51,20 @@ http {
root /usr/share/nginx/html;

location / {
index index.html index.htm;
}

location ~* ^/(config(.+)?\.json$|(.+)\.html$|i18n) {
expires -1;
}
# Inspired by: https://raw.githubusercontent.com/cinnyapp/cinny/dev/docker-nginx.conf

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;

rewrite ^/config.json$ /config.json break;
rewrite ^/manifest.json$ /manifest.json break;

rewrite ^.*/olm.wasm$ /olm.wasm break;
rewrite ^/pdf.worker.min.js$ /pdf.worker.min.js break;

rewrite ^/public/(.*)$ /public/$1 break;
rewrite ^/assets/(.*)$ /assets/$1 break;

rewrite ^(.+)$ /index.html break;
}
}
}

+ 1
- 1
roles/custom/matrix-coturn/defaults/main.yml View File

@@ -9,7 +9,7 @@ matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"

# renovate: datasource=docker depName=coturn/coturn
matrix_coturn_version: 4.6.2-r10
matrix_coturn_version: 4.6.2-r11
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"


+ 47
- 0
roles/custom/matrix-media-repo/defaults/main.yml View File

@@ -44,6 +44,11 @@ matrix_media_repo_container_network: "{{ matrix_media_repo_identifier }}"
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_media_repo_container_additional_networks: []

# Controls whether media repo metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/matrix-media-repo`
matrix_media_repo_metrics_proxying_enabled: false
matrix_media_repo_metrics_proxying_hostname: ""
matrix_media_repo_metrics_proxying_path: "/metrics/matrix-media-repo"

# Controls whether the matrix-media-repo container exposes its HTTP port (tcp/8000 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8000"), or empty string to not expose.
@@ -134,6 +139,18 @@ matrix_media_repo_container_labels_traefik_t2bot_entrypoints: "{{ matrix_media_r
matrix_media_repo_container_labels_traefik_t2bot_tls: "{{ matrix_media_repo_container_labels_traefik_t2bot_entrypoints != 'web' }}"
matrix_media_repo_container_labels_traefik_t2bot_tls_certResolver: default # noqa var-naming

# Controls whether labels will be added that expose the media repo metrics endpoint
matrix_media_repo_container_labels_traefik_metrics_enabled: "{{ matrix_media_repo_metrics_enabled and matrix_media_repo_metrics_proxying_enabled }}"
matrix_media_repo_container_labels_traefik_metrics_rule: "Host(`{{ matrix_media_repo_metrics_proxying_hostname }}`) && PathPrefix(`{{ matrix_media_repo_metrics_proxying_path }}`)"
matrix_media_repo_container_labels_traefik_metrics_priority: 0
matrix_media_repo_container_labels_traefik_metrics_entrypoints: "{{ matrix_media_repo_container_labels_traefik_entrypoints }}"
matrix_media_repo_container_labels_traefik_metrics_tls: "{{ matrix_media_repo_container_labels_traefik_t2bot_entrypoints != 'web' }}"
matrix_media_repo_container_labels_traefik_metrics_tls_certResolver: default # noqa var-naming

matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: false
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: ''

# Traefik labels handling the old `/_matrix/media` endpoints on the federation entrypint.
# These are being superseded by `/_matrix/federation/VERSION/media` endpoints - see `matrix_media_repo_container_labels_traefik_federation_matrix_federation_media_*`.
matrix_media_repo_container_labels_traefik_media_federation_enabled: true
@@ -450,6 +467,11 @@ matrix_media_repo_datastore_s3_opts_bucket_name: "your-media-bucket"
# before redirection if present).
matrix_media_repo_datastore_s3_opts_redirect_when_cached: true

# The size of the prefix (path component) to use when storing media in S3. This can
# help improve download speeds in some S3 providers. Should not be set to higher than
# 16 to avoid future incompatibilities with MMR. Defaults to zero (no prefix).
matrix_media_repo_datastore_s3_opts_prefix_length: 0

# Options for controlling archives. Archives are exports of a particular user's content for
# the purpose of GDPR or moving media to a different server.

@@ -725,6 +747,31 @@ matrix_media_repo_rate_limit_requests_per_second: 1
# The number of requests an IP can send at once before the rate limit is actually considered.
matrix_media_repo_rate_limit_burst: 10

# The 'leaky bucket' configurations for MMR. Leaky buckets are limited in size and have a slow
# drain rate, minimizing the ability for a user to consume large amounts of resources.
#
# Buckets are checked and applied after the requests per second configuration above. Buckets are
# disabled when rate limiting is disabled.
#
# Note: buckets are *not* shared across processes. If download requests could end up at two different
# processes, two different buckets may be filled. This behaviour may change in the future.

# The download bucket applies to both download requests and thumbnail requests. Each anonymous
# user is assigned a single bucket from their IP address. Authenticated requests (when supported)
# will use the authenticated entity as the subject - either a user or remote server.

# The maximum size of each bucket.
matrix_media_repo_rate_limit_buckets_download_capacity_bytes: 524288000 # 500mb default

# The number of bytes to "drain" from the bucket every minute.
matrix_media_repo_rate_limit_buckets_download_drain_bytes_per_minute: 5242880 # 5mb default

# The number of bytes a requester can go over the capacity, once. This is used to give some
# buffer to allow a single file to be downloaded when the caller is near the limit. This
# should be set to either your max remote download size or 30% of the capacityBytes, whichever
# is smaller.
matrix_media_repo_rate_limit_buckets_download_overflow_limit_bytes: 104857600 # 100mb default (the same as the default remote download maxBytes)

# Identicons are generated avatars for a given username. Some clients use these to give users a
# default avatar after signing up. Identicons are not part of the official matrix spec, therefore
# this feature is completely optional.


+ 60
- 61
roles/custom/matrix-media-repo/templates/grafana/media-repo.json View File

@@ -1,59 +1,16 @@
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.1.0"
},
{
"type": "panel",
"id": "heatmap",
"name": "Heatmap",
"version": ""
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
"type": "grafana",
"uid": "${DS_PROMETHEUS}"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
@@ -153,7 +110,7 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "rate(media_http_requests_total[2m])",
"expr": "rate(media_http_requests_total{host=\"$host\"}[2m])",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ '{{host}}: {{method}} {{action}}' }}",
@@ -166,7 +123,7 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "rate(media_invalid_http_requests_total[2m])",
"expr": "rate(media_invalid_http_requests_total{host=\"$host\"}[2m])",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ 'Invalid Host: {{method}} {{action}}' }}",
@@ -265,7 +222,7 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "rate(media_http_responses_total[2m])",
"expr": "rate(media_http_responses_total{host=\"$host\"}[2m])",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ '{{host}}: {{method}} {{action}} {{statusCode}}' }}",
@@ -278,7 +235,7 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "rate(media_invalid_http_requests_total[2m])",
"expr": "rate(media_invalid_http_requests_total{host=\"$host\"}[2m])",
"format": "time_series",
"hide": false,
"intervalFactor": 1,
@@ -369,7 +326,7 @@
},
"editorMode": "code",
"exemplar": false,
"expr": "sum(rate(media_http_response_time_seconds_bucket{action=~\"download|thumbnail\"}[2m])) by (le)",
"expr": "sum(rate(media_http_response_time_seconds_bucket{action=~\"download|thumbnail\", host=\"$host\"}[2m])) by (le)",
"format": "heatmap",
"instant": false,
"interval": "",
@@ -460,7 +417,7 @@
},
"editorMode": "code",
"exemplar": false,
"expr": "sum(rate(media_http_response_time_seconds_bucket{action=\"upload\"}[2m])) by (le)",
"expr": "sum(rate(media_http_response_time_seconds_bucket{action=\"upload\", host=\"$host\"}[2m])) by (le)",
"format": "heatmap",
"instant": false,
"legendFormat": "{{ '{{method}} {{action}} - {{le}}' }}",
@@ -560,7 +517,7 @@
},
"editorMode": "code",
"exemplar": true,
"expr": "go_memstats_alloc_bytes{job=\"media_repo\"}",
"expr": "go_memstats_alloc_bytes",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
@@ -574,7 +531,7 @@
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "go_memstats_sys_bytes{job=\"media_repo\"}",
"expr": "go_memstats_sys_bytes",
"interval": "",
"legendFormat": "memory usage (sys)",
"refId": "C"
@@ -585,7 +542,7 @@
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "go_memstats_heap_alloc_bytes{job=\"media_repo\"}",
"expr": "go_memstats_heap_alloc_bytes",
"interval": "",
"legendFormat": "heap usage (alloc)",
"refId": "A"
@@ -596,7 +553,7 @@
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "go_memstats_heap_idle_bytes{job=\"media_repo\"}",
"expr": "go_memstats_heap_idle_bytes",
"interval": "",
"legendFormat": "heap usage (idle)",
"refId": "D"
@@ -607,7 +564,7 @@
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "go_memstats_heap_inuse_bytes{job=\"media_repo\"}",
"expr": "go_memstats_heap_inuse_bytes",
"interval": "",
"legendFormat": "heap usage (used)",
"refId": "E"
@@ -619,7 +576,7 @@
},
"editorMode": "code",
"exemplar": true,
"expr": "go_memstats_heap_released_bytes{job=\"media_repo\"}",
"expr": "go_memstats_heap_released_bytes",
"hide": false,
"legendFormat": "heap usage (released)",
"range": true,
@@ -718,7 +675,7 @@
},
"editorMode": "code",
"exemplar": true,
"expr": "go_goroutines{job=\"media_repo\"}",
"expr": "go_goroutines",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
@@ -733,7 +690,7 @@
},
"editorMode": "code",
"exemplar": true,
"expr": "go_threads{job=\"media_repo\"}",
"expr": "go_threads",
"format": "time_series",
"hide": false,
"interval": "",
@@ -1263,9 +1220,51 @@
"refresh": "1m",
"schemaVersion": 38,
"style": "dark",
"tags": [],
"tags": [
"matrix"
],
"templating": {
"list": []
"list": [
{
"current": {},
"hide": 0,
"includeAll": false,
"label": "Datasource",
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
},
{
"current": {},
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"definition": "label_values(media_http_response_time_seconds_bucket,host)",
"hide": 0,
"includeAll": false,
"label": "Host",
"multi": false,
"name": "host",
"options": [],
"query": {
"qryType": 1,
"query": "label_values(media_http_response_time_seconds_bucket,host)",
"refId": "PrometheusVariableQueryEditor-VariableQuery"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-1h",


+ 38
- 0
roles/custom/matrix-media-repo/templates/media-repo/labels.j2 View File

@@ -6,6 +6,7 @@ traefik.docker.network={{ matrix_media_repo_container_labels_traefik_docker_netw
{% endif %}

traefik.http.services.matrix-media-repo.loadbalancer.server.port={{ matrix_media_repo_port }}
traefik.http.services.matrix-media-repo-metrics.loadbalancer.server.port={{ matrix_media_repo_metrics_port }}

{% set middlewares = [] %}

@@ -243,6 +244,43 @@ traefik.http.routers.matrix-media-repo-public-t2bot.tls.certResolver={{ matrix_m
{% endif %}


{% if matrix_media_repo_container_labels_traefik_metrics_enabled %}
############################################################
# #
# Metrics #
# #
############################################################

{% set metricsMiddlewares = ['matrix-media-repo-metrics-replace-path'] %}
traefik.http.middlewares.matrix-media-repo-metrics-replace-path.replacepath.path=/metrics

{% if matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled %}
{% set metricsMiddlewares = metricsMiddlewares + ['matrix-media-repo-metrics-basic-auth'] %}
traefik.http.middlewares.matrix-media-repo-metrics-basic-auth.basicauth.users={{ matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users }}
{% endif %}

traefik.http.routers.matrix-media-repo-metrics.rule={{ matrix_media_repo_container_labels_traefik_metrics_rule }}
traefik.http.routers.matrix-media-repo-metrics.middlewares={{ metricsMiddlewares | join(',') }}

{% if matrix_media_repo_container_labels_traefik_metrics_priority | int > 0 %}
traefik.http.routers.matrix-media-repo-metrics.priority={{ matrix_media_repo_container_labels_traefik_metrics_priority }}
{% endif %}

traefik.http.routers.matrix-media-repo-metrics.service=matrix-media-repo-metrics
traefik.http.routers.matrix-media-repo-metrics.entrypoints={{ matrix_media_repo_container_labels_traefik_metrics_entrypoints }}

traefik.http.routers.matrix-media-repo-metrics.tls={{ matrix_media_repo_container_labels_traefik_metrics_tls | to_json }}
{% if matrix_media_repo_container_labels_traefik_metrics_tls %}
traefik.http.routers.matrix-media-repo-metrics.tls.certResolver={{ matrix_media_repo_container_labels_traefik_metrics_tls_certResolver }}
{% endif %}

############################################################
# #
# /Metrics #
# #
############################################################
{% endif %}

{% if matrix_media_repo_homeserver_federation_enabled %}
# Matrix Federation



+ 33
- 0
roles/custom/matrix-media-repo/templates/media-repo/media-repo.yaml.j2 View File

@@ -97,6 +97,11 @@ database:
# # admin status. This should be set to one of "synapse", "dendrite", or "matrix". When set
# # to "matrix", most functionality requiring the admin API will not work.
# adminApiKind: "synapse"
#
# # The signing key to use for authorizing outbound federation requests. If not specified,
# # requests will not be authorized. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/
# # for details.
# #signingKeyPath: "/data/example.org.key"
homeservers:
{{ matrix_media_repo_homeservers | to_json | from_json
| to_nice_yaml(indent=2, width=999999, sort_keys=false) | indent(width=2, first=true) }}
@@ -253,6 +258,10 @@ datastores:
# when `publicBaseUrl` is unset. Defaults to false (cached media will be served by MMR
# before redirection if present).
redirectWhenCached: {{ matrix_media_repo_datastore_s3_opts_redirect_when_cached | to_json }}
# The size of the prefix (path component) to use when storing media in S3. This can
# help improve download speeds in some S3 providers. Should not be set to higher than
# 16 to avoid future incompatibilities with MMR. Defaults to zero (no prefix).
prefixLength: {{ matrix_media_repo_datastore_s3_opts_prefix_length | to_json }}
{% endif %}

# Options for controlling archives. Archives are exports of a particular user's content for
@@ -483,6 +492,30 @@ rateLimit:
# The number of requests an IP can send at once before the rate limit is actually considered.
burst: {{ matrix_media_repo_rate_limit_burst | to_json }}

# The 'leaky bucket' configurations for MMR. Leaky buckets are limited in size and have a slow
# drain rate, minimizing the ability for a user to consume large amounts of resources.
#
# Buckets are checked and applied after the requests per second configuration above. Buckets are
# disabled when rate limiting is disabled.
#
# Note: buckets are *not* shared across processes. If download requests could end up at two different
# processes, two different buckets may be filled. This behaviour may change in the future.
buckets:
# The download bucket applies to both download requests and thumbnail requests. Each anonymous
# user is assigned a single bucket from their IP address. Authenticated requests (when supported)
# will use the authenticated entity as the subject - either a user or remote server.
downloads:
# The maximum size of each bucket.
capacityBytes: {{ matrix_media_repo_rate_limit_buckets_download_capacity_bytes | to_json }} # 500mb default
# The number of bytes to "drain" from the bucket every minute.
drainBytesPerMinute: {{ matrix_media_repo_rate_limit_buckets_download_drain_bytes_per_minute | to_json }} # 5mb default
# The number of bytes a requester can go over the capacity, once. This is used to give some
# buffer to allow a single file to be downloaded when the caller is near the limit. This
# should be set to either your max remote download size or 30% of the capacityBytes, whichever
# is smaller.
overflowLimitBytes: {{ matrix_media_repo_rate_limit_buckets_download_overflow_limit_bytes | to_json }} # 100mb default (the same as the default remote download maxBytes)


# Identicons are generated avatars for a given username. Some clients use these to give users a
# default avatar after signing up. Identicons are not part of the official matrix spec, therefore
# this feature is completely optional.


+ 20
- 0
roles/custom/matrix-prometheus-services-connect/defaults/main.yml View File

@@ -162,3 +162,23 @@ matrix_prometheus_services_connect_scraper_media_repo_scrape_configs: |
'static_configs': matrix_prometheus_services_connect_scraper_media_repo_static_configs,
}]
}}

# Controls whether synapse-usage-exporter shall be scraped
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled: false
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_job_name: synapse-usage-exporter
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_metrics_path: /metrics
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_interval: 300s
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_timeout: 300s
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs: "{{ [{'targets': [matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs_target]}] }}"
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs_target: ''
# The final scrape config for the synapse-usage-exporter scraper
matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_configs: |
{{
[{
'job_name': matrix_prometheus_services_connect_scraper_synapse_usage_exporter_job_name,
'metrics_path': matrix_prometheus_services_connect_scraper_synapse_usage_exporter_metrics_path,
'scrape_interval': matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_interval,
'scrape_timeout': matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_timeout,
'static_configs': matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs,
}]
}}

+ 84
- 0
roles/custom/matrix-synapse-usage-exporter/defaults/main.yml View File

@@ -0,0 +1,84 @@
---

# Synapse Usage Exporter
# Project source code URL: https://github.com/loelkes/synapse-usage-exporter

matrix_synapse_usage_exporter_enabled: false

# Controls the hostname and path that this component exposes its web services on.
# Only used if `matrix_synapse_usage_exporter_proxying_enabled` is true.
matrix_synapse_usage_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
matrix_synapse_usage_exporter_path_prefix: /report-usage-stats/push

# matrix_synapse_usage_exporter_identifier controls the identifier of this synapse-usage-exporter instance, which influences:
# - the default storage path
# - the names of systemd services and containers
matrix_synapse_usage_exporter_identifier: matrix-synapse-usage-exporter
matrix_synapse_usage_exporter_container_port: 5000

# No docker images are currently hosted for the repo, so defaulting to true
matrix_synapse_usage_exporter_container_image_self_build: true
matrix_synapse_usage_exporter_container_image_self_build_repo: "https://github.com/loelkes/synapse-usage-exporter.git"

matrix_synapse_usage_exporter_container_image_path: "loelkes/synapse-usage-exporter"
matrix_synapse_usage_exporter_container_image: "{{ matrix_synapse_usage_exporter_container_image_name_prefix }}{{ matrix_synapse_usage_exporter_container_image_path }}:{{ matrix_synapse_usage_exporter_container_image_tag }}"
matrix_synapse_usage_exporter_container_image_name_prefix: "{{ 'localhost/' if matrix_synapse_usage_exporter_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_usage_exporter_container_image_tag: "{{ 'main' if matrix_synapse_usage_exporter_container_image_self_build else 'latest' }}"
matrix_synapse_usage_exporter_container_image_force_pull: "{{ matrix_synapse_usage_exporter_container_image.endswith(':latest') }}"

matrix_synapse_usage_exporter_base_path: "{{ matrix_base_data_path }}/{{ matrix_synapse_usage_exporter_identifier }}"
matrix_synapse_usage_exporter_docker_src_files_path: "{{ matrix_synapse_usage_exporter_base_path }}/docker-src"

# List of systemd services that synapse-usage-exporter.service depends on
matrix_synapse_usage_exporter_systemd_required_services_list: "{{ matrix_synapse_usage_exporter_systemd_required_services_list_default + matrix_synapse_usage_exporter_systemd_required_services_list_auto + matrix_synapse_usage_exporter_systemd_required_services_list_custom }}"
matrix_synapse_usage_exporter_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
matrix_synapse_usage_exporter_systemd_required_services_list_auto: []
matrix_synapse_usage_exporter_systemd_required_services_list_custom: []

# List of systemd services that synapse-usage-exporter.service wants
matrix_synapse_usage_exporter_systemd_wanted_services_list: []

# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_synapse_usage_exporter_container_network: "{{ matrix_synapse_usage_exporter_identifier }}"

# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_synapse_usage_exporter_container_additional_networks: []

# Extra arguments for the Docker container
matrix_synapse_usage_exporter_container_extra_arguments: []

# Controls whether the synapse-usage-exporter's web services should be proxied (exposed publicly).
#
# Exposure happens on `matrix.DOMAIN/report-usage-stats/push` by default.
# See: `matrix_synapse_usage_exporter_hostname` and `matrix_synapse_usage_exporter_path_prefix`.
matrix_synapse_usage_exporter_proxying_enabled: false

# matrix_synapse_usage_exporter_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_synapse_usage_exporter_container_labels_additional_labels`.
matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}"
matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_synapse_usage_exporter_container_network }}"

matrix_synapse_usage_exporter_container_labels_traefik_path_prefix: "{{ matrix_synapse_usage_exporter_path_prefix }}"
matrix_synapse_usage_exporter_container_labels_traefik_rule: "Host(`{{ matrix_synapse_usage_exporter_hostname }}`) && PathPrefix(`{{ matrix_synapse_usage_exporter_container_labels_traefik_path_prefix }}`)"
matrix_synapse_usage_exporter_container_labels_traefik_priority: 0
matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "web-secure"
matrix_synapse_usage_exporter_container_labels_traefik_tls: "{{ matrix_synapse_usage_exporter_container_labels_traefik_entrypoints != 'web' }}"
matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: default # noqa var-naming

# matrix_synapse_usage_exporter_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_synapse_usage_exporter_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_synapse_usage_exporter_container_labels_additional_labels: ''

# matrix_synapse_usage_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
# If the Grafana role is enabled, these dashboards will be downloaded.
matrix_synapse_usage_exporter_dashboard_urls:
- https://raw.githubusercontent.com/spantaleev/matrix-docker-ansible-deploy/master/roles/custom/matrix-synapse-usage-exporter/templates/grafana/synapse-usage-exporter.json

+ 17
- 0
roles/custom/matrix-synapse-usage-exporter/tasks/main.yml View File

@@ -0,0 +1,17 @@
---

- tags:
- setup-all
- setup-synapse-usage-exporter
- install-all
- install-synapse-usage-exporter
block:
- when: matrix_synapse_usage_exporter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"

- tags:
- setup-all
- setup-synapse-usage-exporter
block:
- when: not matrix_synapse_usage_exporter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

+ 77
- 0
roles/custom/matrix-synapse-usage-exporter/tasks/setup_install.yml View File

@@ -0,0 +1,77 @@
---

- name: Ensure synapse-usage-exporter paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- path: "{{ matrix_synapse_usage_exporter_base_path }}"
when: true
- path: "{{ matrix_synapse_usage_exporter_docker_src_files_path }}"
when: "{{ matrix_synapse_usage_exporter_container_image_self_build }}"
when: "item.when | bool"

- name: Ensure synapse-usage-exporter support files installed
ansible.builtin.template:
src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_synapse_usage_exporter_base_path }}/{{ item }}"
mode: 0640
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- env
- labels

- name: Ensure synapse-usage-exporter Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_synapse_usage_exporter_container_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_synapse_usage_exporter_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_usage_exporter_container_image_force_pull }}"
when: "not matrix_synapse_usage_exporter_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed

- when: "matrix_synapse_usage_exporter_container_image_self_build | bool"
block:
- name: Ensure synapse-usage-exporter repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_synapse_usage_exporter_container_image_self_build_repo }}"
dest: "{{ matrix_synapse_usage_exporter_docker_src_files_path }}"
version: "{{ matrix_synapse_usage_exporter_container_image.split(':')[1] }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_synapse_usage_exporter_git_pull_results

- name: Check if synapse-usage-exporter Docker image exists
ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_usage_exporter_container_image }}'"
register: matrix_synapse_usage_exporter_container_image_check_result
changed_when: false

# Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,
# because the latter does not support BuildKit.
# See: https://github.com/ansible-collections/community.general/issues/514
- name: Ensure synapse-usage-exporter Docker image is built
ansible.builtin.command:
cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_synapse_usage_exporter_container_image }} -f {{ matrix_synapse_usage_exporter_docker_src_files_path }}/docker/Dockerfile {{ matrix_synapse_usage_exporter_docker_src_files_path }}"
environment:
DOCKER_BUILDKIT: 1
changed_when: true
when: "matrix_synapse_usage_exporter_git_pull_results.changed | bool or matrix_synapse_usage_exporter_container_image_check_result.stdout == ''"

- name: Ensure synapse-usage-exporter container network is created
community.general.docker_network:
name: "{{ matrix_synapse_usage_exporter_container_network }}"
driver: bridge

- name: Ensure synapse-usage-exporter service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-synapse-usage-exporter.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_synapse_usage_exporter_identifier }}.service"
mode: 0640

+ 24
- 0
roles/custom/matrix-synapse-usage-exporter/tasks/setup_uninstall.yml View File

@@ -0,0 +1,24 @@
---

- name: Check existence of synapse-usage-exporter service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_synapse_usage_exporter_identifier }}.service"
register: matrix_synapse_usage_exporter_service_stat

- when: matrix_synapse_usage_exporter_service_stat.stat.exists | bool
block:
- name: Ensure synapse-usage-exporter is stopped
ansible.builtin.systemd:
name: "{{ matrix_synapse_usage_exporter_identifier }}"
state: stopped
daemon_reload: true

- name: Ensure synapse-usage-exporter service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_synapse_usage_exporter_identifier }}.service"
state: absent

- name: Ensure synapse-usage-exporter files deleted
ansible.builtin.file:
path: "{{ matrix_synapse_usage_exporter_base_path }}"
state: absent

+ 3
- 0
roles/custom/matrix-synapse-usage-exporter/templates/env.j2 View File

@@ -0,0 +1,3 @@
PROMETHEUS_MULTIPROC_DIR=/tmp/prometheus
WERKZEUG_LOG_LEVEL=INFO
APP_LOG_LEVEL=INFO

+ 2746
- 0
roles/custom/matrix-synapse-usage-exporter/templates/grafana/synapse-usage-exporter.json
File diff suppressed because it is too large
View File


+ 38
- 0
roles/custom/matrix-synapse-usage-exporter/templates/labels.j2 View File

@@ -0,0 +1,38 @@
{% if matrix_synapse_usage_exporter_container_labels_traefik_enabled %}
traefik.enable=true

{% if matrix_synapse_usage_exporter_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_synapse_usage_exporter_container_labels_traefik_docker_network }}
{% endif %}

traefik.http.services.matrix-synapse-usage-exporter.loadbalancer.server.port={{ matrix_synapse_usage_exporter_container_port }}

############################################################
# #
# Report Usage Stats (/report-usage-stats/push) #
# #
############################################################

traefik.http.routers.matrix-synapse-usage-exporter.rule={{ matrix_synapse_usage_exporter_container_labels_traefik_rule }}

{% if matrix_synapse_usage_exporter_container_labels_traefik_priority | int > 0 %}
traefik.http.routers.matrix-synapse-usage-exporter.priority={{ matrix_synapse_usage_exporter_container_labels_traefik_priority }}
{% endif %}

traefik.http.routers.matrix-synapse-usage-exporter.service=matrix-synapse-usage-exporter
traefik.http.routers.matrix-synapse-usage-exporter.entrypoints={{ matrix_synapse_usage_exporter_container_labels_traefik_entrypoints }}

traefik.http.routers.matrix-synapse-usage-exporter.tls={{ matrix_synapse_usage_exporter_container_labels_traefik_tls | to_json }}
{% if matrix_synapse_usage_exporter_container_labels_traefik_tls %}
traefik.http.routers.matrix-synapse-usage-exporter.tls.certResolver={{ matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver }}
{% endif %}

############################################################
# #
# /Report Usage Stats (/report-usage-stats/push) #
# #
############################################################

{% endif %}

{{ matrix_synapse_usage_exporter_container_labels_additional_labels }}

+ 47
- 0
roles/custom/matrix-synapse-usage-exporter/templates/systemd/matrix-synapse-usage-exporter.service.j2 View File

@@ -0,0 +1,47 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix synapse-usage-exporter
{% for service in matrix_synapse_usage_exporter_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_synapse_usage_exporter_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no

[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_synapse_usage_exporter_identifier }} 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_synapse_usage_exporter_identifier }} 2>/dev/null || true'

ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name={{ matrix_synapse_usage_exporter_identifier }} \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_synapse_usage_exporter_container_network }} \
--env-file={{ matrix_synapse_usage_exporter_base_path }}/env \
--label-file={{ matrix_synapse_usage_exporter_base_path }}/labels \
{% for arg in matrix_synapse_usage_exporter_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_synapse_usage_exporter_container_image }}

{% for network in matrix_synapse_usage_exporter_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_synapse_usage_exporter_identifier }}
{% endfor %}

ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach {{ matrix_synapse_usage_exporter_identifier }}

ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} {{ matrix_synapse_usage_exporter_identifier }} 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_synapse_usage_exporter_identifier }} 2>/dev/null || true'
ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec {{ matrix_synapse_usage_exporter_identifier }} /bin/sh -c 'kill -HUP 1'
Restart=always
RestartSec=30
SyslogIdentifier={{ matrix_synapse_usage_exporter_identifier }}

[Install]
WantedBy=multi-user.target

+ 3
- 0
roles/custom/matrix-synapse/defaults/main.yml View File

@@ -462,6 +462,9 @@ matrix_synapse_federation_listener_resource_names: "{{ ['federation'] if matrix_
# (things like number of users, number of messages sent, uptime, load, etc.)
matrix_synapse_report_stats: false

# The endpoint to report homeserver usage statistics to.
matrix_synapse_report_stats_endpoint: "https://matrix.org/report-usage-stats/push"

# Controls whether the Matrix server will track presence status (online, offline, unavailable) for users.
# If users participate in large rooms with many other servers,
# disabling this will decrease server load significantly.


+ 1
- 0
roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 View File

@@ -1604,6 +1604,7 @@ report_stats: {{ matrix_synapse_report_stats|to_json }}
#
#report_stats_endpoint: https://example.com/report-usage-stats/push

report_stats_endpoint: {{ matrix_synapse_report_stats_endpoint|to_json }}

## API Configuration ##



+ 28
- 34
setup.yml View File

@@ -20,17 +20,17 @@
__common_etckeeper_role_exists: "{{ lookup('ansible.builtin.first_found', ['../ansible/roles/org-eu-glas.common-etckeeper/meta/main.yml', '/etc/ansible/roles/org-eu-glas.common-etckeeper/meta/main.yml'], skip=true) }}"
roles:
# Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `just roles` command (see `justfile`).
- role: playbook_help
- role: galaxy/playbook_help
tags:
- setup-all
- install-all

- role: systemd_docker_base
- role: galaxy/systemd_docker_base

- role: custom/matrix_playbook_migration

- when: matrix_playbook_docker_installation_enabled | bool
role: docker
role: galaxy/docker
vars:
docker_install_compose: false
docker_install_compose_plugin: false
@@ -41,7 +41,7 @@
- install-all

- when: devture_docker_sdk_for_python_installation_enabled | bool
role: docker_sdk_for_python
role: galaxy/docker_sdk_for_python
tags:
- setup-docker
- setup-all
@@ -49,7 +49,7 @@
- install-all

- when: devture_timesync_installation_enabled | bool
role: timesync
role: galaxy/timesync
tags:
- setup-timesync
- setup-all
@@ -58,19 +58,12 @@

- custom/matrix-base
- custom/matrix-dynamic-dns
- exim_relay

- role: postgres
apply:
tags:
- setup-all
- setup-postgres
- install-all
- install-postgres
- "{% if server_path_postgres_dump is defined %}import-postgres{% endif %}"

- redis
- keydb
- galaxy/exim_relay

- role: galaxy/postgres

- galaxy/redis
- galaxy/keydb
- custom/matrix-corporal
- custom/matrix-appservice-draupnir-for-all
- custom/matrix-alertmanager-receiver
@@ -124,56 +117,57 @@
- custom/matrix-dendrite
- custom/matrix-conduit
- custom/matrix-synapse-admin
- prometheus_node_exporter
- prometheus_postgres_exporter
- custom/matrix-synapse-usage-exporter
- galaxy/prometheus_node_exporter
- galaxy/prometheus_postgres_exporter
- custom/matrix-prometheus-nginxlog-exporter
- prometheus
- grafana
- galaxy/prometheus
- galaxy/grafana
- custom/matrix-prometheus-services-connect
- custom/matrix-registration
- custom/matrix-client-element
- custom/matrix-client-hydrogen
- custom/matrix-client-cinny
- custom/matrix-client-schildichat
- jitsi
- galaxy/jitsi
- custom/matrix-user-verification-service
- custom/matrix-ldap-registration-proxy
- custom/matrix-ma1sd
- custom/matrix-dimension
- etherpad
- galaxy/etherpad
- custom/matrix-sliding-sync
- custom/matrix-email2matrix
- custom/matrix-sygnal
- ntfy
- galaxy/ntfy
- custom/matrix-static-files
- custom/matrix-coturn
- custom/matrix-media-repo
- custom/matrix-pantalaimon

- role: postgres_backup
- role: galaxy/postgres_backup

- role: backup_borg
- role: galaxy/backup_borg

- custom/matrix-user-creator
- custom/matrix-common-after

- role: container_socket_proxy
- role: galaxy/container_socket_proxy

- role: traefik
- role: galaxy/traefik

- role: traefik_certs_dumper
- role: galaxy/traefik_certs_dumper

- role: auxiliary
- role: galaxy/auxiliary

- when: devture_systemd_service_manager_enabled | bool
role: systemd_service_manager
role: galaxy/systemd_service_manager

# This is pretty much last, because we want it to better serve as a "last known good configuration".
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1301487601
- when: devture_playbook_state_preserver_enabled | bool
role: playbook_state_preserver
role: galaxy/playbook_state_preserver
tags:
- setup-all
- install-all

- role: playbook_runtime_messages
- role: galaxy/playbook_runtime_messages

Write Preview
Loading…
Cancel
Save