Merge pull request #386 from hooger/raspberry-pi

Raspberry pi

CHANGELOG.md

@@ -1,3 +1,13 @@
+# 2020-03-15
+
+## Raspberry Pi support
+
+The playbook supports installing to a Raspberry Pi server, for at least some of the services.
+
+Since most ready-made container images do not support that architecture, we achieve this by building images locally on the device itself.
+See our [Self-building documentation page](docs/self-building.md) for how to get started.
+
+
 # 2020-02-26
 
 ## Riot-web themes are here

docs/prerequisites.md

@@ -1,6 +1,6 @@
 # Prerequisites
 
-- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+) or **Ubuntu** (16.04+). This playbook doesn't support running on ARM so it won't work on a Raspberry Pi. We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
+- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+) or **Ubuntu** (16.04+). This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Self-Building](self-building.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
 
 - [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).
 

docs/self-building.md

@@ -0,0 +1,19 @@
+# Self-building
+
+The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for mxisd).
+
+To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file:
+```yaml
+matrix_container_images_self_build = true
+```
+Setting that variable will self-build every role which supports self-building. Self-building can be set on a per-role basis as well.
+
+List of roles where self-building the docker image is currently possible:
+- synapse
+- riot-web
+- coturn
+- mxisd
+- matrix-bridge-mautrix-facebook
+- matrix-bridge-mautrix-hangouts
+
+Adding self-building support to other roles is welcome. Feel free to contribute!

group_vars/matrix_servers

@@ -172,6 +172,8 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key |
 # We don't enable bridges by default.
 matrix_mautrix_facebook_enabled: false
 
+matrix_mautrix_facebook_container_image_self_build: "{{ matrix_container_images_self_build }}"
+
 matrix_mautrix_facebook_systemd_required_services_list: |
   {{
     ['docker.service']
@@ -201,6 +203,8 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro
 # We don't enable bridges by default.
 matrix_mautrix_hangouts_enabled: false
 
+matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_container_images_self_build }}"
+
 matrix_mautrix_hangouts_systemd_required_services_list: |
   {{
     ['docker.service']
@@ -329,6 +333,8 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
 
 matrix_coturn_enabled: true
 
+matrix_coturn_container_image_self_build: "{{ matrix_container_images_self_build }}"
+
 matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
 
 matrix_coturn_tls_enabled: true
@@ -415,6 +421,8 @@ matrix_mailer_enabled: true
 # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
 matrix_mxisd_enabled: true
 
+matrix_mxisd_container_image_self_build: "{{ matrix_container_images_self_build }}"
+
 # Normally, matrix-nginx-proxy is enabled and nginx can reach mxisd over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
 # mxisd's web-server port.
@@ -559,6 +567,8 @@ matrix_postgres_db_name: "homeserver"
 # If you wish to connect to your Matrix server by other means, you may wish to disable this.
 matrix_riot_web_enabled: true
 
+matrix_riot_web_container_image_self_build: "{{ matrix_container_images_self_build }}"
+
 # Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
 # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
 # the riot-web HTTP port to the local host.
@@ -600,6 +610,8 @@ matrix_riot_web_welcome_user_id: ~
 #
 ######################################################################
 
+matrix_synapse_container_image_self_build: "{{ matrix_container_images_self_build }}"
+
 # When mxisd is enabled, we can use it instead of the default public Identity servers.
 matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
 

roles/matrix-base/defaults/main.yml

@@ -66,3 +66,7 @@ run_setup: true
 run_self_check: true
 run_start: true
 run_stop: true
+
+# Building every docker image from source on the target host
+# Controlling docker image build is possible on a per unit base
+matrix_container_images_self_build: false

roles/matrix-base/tasks/server_base/setup.yml

@@ -4,7 +4,10 @@
   when: ansible_distribution == 'CentOS'
 
 - include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml"
-  when: ansible_os_family == 'Debian'
+  when: (ansible_os_family == 'Debian') and (ansible_lsb.id != 'Raspbian') 
+
+- include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
+  when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian') 
 
 - name: Ensure Docker is started and autoruns
   service:

roles/matrix-base/tasks/server_base/setup_raspbian.yml

@@ -0,0 +1,42 @@
+---
+
+- name: Ensure APT usage dependencies are installed
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+    state: present
+    update_cache: yes
+
+- name: Ensure Docker's APT key is trusted
+  apt_key:
+    url: https://download.docker.com/linux/raspbian/gpg
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    state: present
+  register: add_repository_key
+  ignore_errors: true
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker repository is enabled
+  apt_repository:
+    repo: "deb [arch=armhf] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
+    state: present
+    update_cache: yes
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure APT packages are installed
+  apt:
+    name:
+      - bash-completion
+      - python-docker
+      - ntp
+      - fuse
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  apt:
+    name:
+      - "{{ matrix_docker_package_name }}"
+    state: latest
+  when: matrix_docker_installation_enabled|bool

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -3,6 +3,8 @@
 
 matrix_mautrix_facebook_enabled: true
 
+matrix_mautrix_facebook_container_image_self_build: false
+
 # See: https://mau.dev/tulir/mautrix-facebook/container_registry
 matrix_mautrix_facebook_docker_image: "dock.mau.dev/tulir/mautrix-facebook:latest"
 matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
@@ -10,6 +12,7 @@ matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_doc
 matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
 matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/config"
 matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data"
+matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src"
 
 matrix_mautrix_facebook_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}'

roles/matrix-bridge-mautrix-facebook/tasks/init.yml

@@ -14,3 +14,10 @@
       +
       {{ ["/matrix-mautrix-facebook-registration.yaml"] }}
   when: matrix_mautrix_facebook_enabled|bool
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Mautrix Facebook image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build"

roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml

@@ -14,6 +14,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}"
+  when: matrix_mautrix_facebook_enabled|bool and not matrix_mautrix_facebook_container_image_self_build
 
 - name: Ensure Mautrix Facebook paths exist
   file:
@@ -26,6 +27,25 @@
     - "{{ matrix_mautrix_facebook_base_path }}"
     - "{{ matrix_mautrix_facebook_config_path }}"
     - "{{ matrix_mautrix_facebook_data_path }}"
+    - { src: "{{ matrix_mautrix_facebook_docker_src_files_path }}", when: "{{ matrix_mautrix_facebook_container_image_self_build }}" }
+
+- name: Ensure Mautrix Facebook repository is present on self-build
+  git:
+    repo: https://github.com/tulir/mautrix-facebook.git
+    dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
+#    version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
+    force: "yes"
+  when: "matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_container_image_self_build"
+
+- name: Ensure Mautrix Facebook Docker image is built
+  docker_image:
+    name: "{{ matrix_mautrix_facebook_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_container_image_self_build"
 
 - name: Check if an old database file already exists
   stat:

roles/matrix-bridge-mautrix-hangouts/defaults/main.yml

@@ -3,6 +3,8 @@
 
 matrix_mautrix_hangouts_enabled: true
 
+matrix_mautrix_hangouts_container_image_self_build: false
+
 # See: https://mau.dev/tulir/mautrix-hangouts/container_registry
 matrix_mautrix_hangouts_docker_image: "dock.mau.dev/tulir/mautrix-hangouts:latest"
 matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}"
@@ -10,6 +12,7 @@ matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_doc
 matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts"
 matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config"
 matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data"
+matrix_mautrix_hangouts_docker_src_files_path: "{{ matrix_mautrix_hangouts_base_path }}/docker-src"
 
 matrix_mautrix_hangouts_public_endpoint: '/mautrix-hangouts'
 

roles/matrix-bridge-mautrix-hangouts/tasks/init.yml

@@ -59,4 +59,11 @@
       Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}`
       URL endpoint to the matrix-mautrix-hangouts container.
       You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable.
-  when: "matrix_mautrix_hangouts_enabled|bool and matrix_nginx_proxy_enabled is not defined"
+  when: "matrix_mautrix_hangouts_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)"
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Mautrix Hangouts image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build"

roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml

@@ -14,6 +14,7 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}"
+  when: matrix_mautrix_hangouts_enabled|bool and not matrix_mautrix_hangouts_container_image_self_build
 
 - name: Ensure Mautrix Hangouts paths exist
   file:
@@ -26,6 +27,26 @@
     - "{{ matrix_mautrix_hangouts_base_path }}"
     - "{{ matrix_mautrix_hangouts_config_path }}"
     - "{{ matrix_mautrix_hangouts_data_path }}"
+    - { src: "{{ matrix_mautrix_hangouts_docker_src_files_path }}", when: "{{ matrix_mautrix_hangouts_container_image_self_build }}" }
+
+  when: matrix_mautrix_hangouts_enabled|bool and not matrix_mautrix_hangouts_container_image_self_build
+
+- name: Ensure Mautrix Hangots repository is present on self build
+  git:
+    repo: https://github.com/tulir/mautrix-hangouts.git
+    dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}"
+    force: "yes"
+  when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build"
+
+- name: Ensure Mautrix Hangouts Docker image is built
+  docker_image:
+    name: "{{ matrix_mautrix_hangouts_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build"
 
 - name: Check if an old database file already exists
   stat:

roles/matrix-coturn/defaults/main.yml

@@ -1,5 +1,7 @@
 matrix_coturn_enabled: true
 
+matrix_coturn_container_image_self_build: false
+
 matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.1"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
 
@@ -13,6 +15,7 @@ matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith('
 matrix_coturn_docker_network: "matrix-coturn"
 
 matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
+matrix_coturn_docker_src_files_path: "{{ matrix_coturn_base_path }}/docker-src"
 matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
 
 # List of systemd services that matrix-coturn.service depends on

roles/matrix-coturn/tasks/init.yml

@@ -1,3 +1,10 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn'] }}"
   when: matrix_coturn_enabled|bool
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Coturn image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_coturn_container_image_self_build"

roles/matrix-coturn/tasks/setup_coturn.yml

@@ -4,13 +4,42 @@
 # Tasks related to setting up Coturn
 #
 
+- name: Ensure Matrix Coturn path exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  with_items:
+    - { src: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"}
+  when: matrix_riot_web_enabled|bool
+
 - name: Ensure Coturn image is pulled
   docker_image:
     name: "{{ matrix_coturn_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}"
-  when: matrix_coturn_enabled|bool
+  when: matrix_coturn_enabled|bool and not matrix_coturn_container_image_self_build
+
+- name: Ensure Coturn repository is present on self-build
+  git:
+    repo: https://github.com/instrumentisto/coturn-docker-image.git
+    dest: "{{ matrix_coturn_docker_src_files_path }}"
+    version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
+    force: "yes"
+  when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build"
+
+- name: Ensure Coturn Docker image is built
+  docker_image:
+    name: "{{ matrix_coturn_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_coturn_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build"
 
 - name: Ensure Coturn configuration path exists
   file:

roles/matrix-mxisd/defaults/main.yml

@@ -3,10 +3,13 @@
 
 matrix_mxisd_enabled: true
 
+matrix_mxisd_container_image_self_build: false
+
 matrix_mxisd_docker_image: "kamax/mxisd:1.4.6"
 matrix_mxisd_docker_image_force_pull: "{{ matrix_mxisd_docker_image.endswith(':latest') }}"
 
 matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd"
+matrix_mxisd_docker_src_files_path: "{{ matrix_mxisd_base_path }}/docker-src"
 matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config"
 matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
 

roles/matrix-mxisd/tasks/init.yml

@@ -1,3 +1,10 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mxisd'] }}"
   when: matrix_mxisd_enabled|bool
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Mxisd image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mxisd_container_image_self_build"

roles/matrix-mxisd/tasks/setup_mxisd.yml

@@ -14,6 +14,7 @@
   with_items:
     - "{{ matrix_mxisd_config_path }}"
     - "{{ matrix_mxisd_data_path }}"
+    - { src: "{{ matrix_mxisd_docker_src_files_path }}", when: "{{ matrix_mxisd_container_image_self_build }}"}
   when: matrix_mxisd_enabled|bool
 
 - name: Ensure mxisd image is pulled
@@ -22,7 +23,34 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_mxisd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mxisd_docker_image_force_pull }}"
-  when: matrix_mxisd_enabled|bool
+  when: matrix_mxisd_enabled|bool and not matrix_mxisd_container_image_self_build
+
+- block:
+  - name: Ensure gradle is installed for self-building
+    apt:
+      name:
+        - gradle
+      state: present
+      update_cache: yes
+    when: (ansible_os_family == 'Debian')
+
+  - name: Ensure gradle is installed for self-building
+    fail:
+      msg: "Installing gradle on CentOS is currently not supported, so self-building mxisd cannot happen at this time"
+    when: ansible_distribution == 'CentOS'
+
+  - name: Ensure mxisd repository is present on self-build
+    git:
+      repo: https://github.com/kamax-matrix/mxisd.git
+      dest: "{{ matrix_mxisd_docker_src_files_path }}"
+      version: "v{{ matrix_mxisd_docker_image.split(':')[1] }}"
+      force: "yes"
+
+  - name: Ensure mxisd Docker image is built
+    shell: "./gradlew dockerBuild"
+    args:
+      chdir: "{{ matrix_mxisd_docker_src_files_path }}"
+  when: "matrix_mxisd_enabled|bool and matrix_mxisd_container_image_self_build"
 
 - name: Ensure mxisd config installed
   copy:

roles/matrix-riot-web/defaults/main.yml

@@ -1,9 +1,12 @@
 matrix_riot_web_enabled: true
 
+matrix_riot_web_container_image_self_build: false
+
 matrix_riot_web_docker_image: "vectorim/riot-web:v1.5.12"
 matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
 
 matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
+matrix_riot_web_docker_src_files_path: "{{ matrix_riot_web_data_path }}/docker-src"
 
 # Controls whether the matrix-riot-web container exposes its HTTP port (tcp/8080 in the container).
 #

roles/matrix-riot-web/tasks/init.yml

@@ -1,3 +1,10 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-riot-web'] }}"
   when: matrix_riot_web_enabled|bool
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Riot Web image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_riot_web_container_image_self_build"

roles/matrix-riot-web/tasks/setup_riot_web.yml

@@ -6,11 +6,14 @@
 
 - name: Ensure Matrix riot-web path exists
   file:
-    path: "{{ matrix_riot_web_data_path }}"
+    path: "{{ item }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
+  with_items:
+    - "{{ matrix_riot_web_data_path }}"
+    - { src: "{{ matrix_riot_web_docker_src_files_path }}", when: "{{ matrix_riot_web_container_image_self_build }}" }
   when: matrix_riot_web_enabled|bool
 
 - name: Ensure riot-web Docker image is pulled
@@ -19,7 +22,25 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_riot_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_riot_web_docker_image_force_pull }}"
-  when: matrix_riot_web_enabled|bool
+  when: matrix_riot_web_enabled|bool and not matrix_riot_web_container_image_self_build
+
+- name: Ensure Riot Web repository is present on self-build
+  git:
+    repo: https://github.com/vector-im/riot-web.git
+    dest: "{{ matrix_riot_web_docker_src_files_path }}"
+    version: "{{ matrix_riot_web_docker_image.split(':')[1] }}"
+    force: "yes"
+  when: "matrix_riot_web_enabled|bool and matrix_riot_web_container_image_self_build"
+
+- name: Ensure Riot Web Docker image is built
+  docker_image:
+    name: "{{ matrix_riot_web_docker_image }}"
+    source: build
+    build:
+      dockerfile: Dockerfile
+      path: "{{ matrix_riot_web_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_riot_web_enabled|bool and matrix_riot_web_container_image_self_build"
 
 - name: Ensure Matrix riot-web configuration installed
   copy:

roles/matrix-synapse/defaults/main.yml

@@ -3,10 +3,13 @@
 
 matrix_synapse_enabled: true
 
+matrix_synapse_container_image_self_build: false
+
 matrix_synapse_docker_image: "matrixdotorg/synapse:v1.11.1"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
+matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src"
 matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
 matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run"
 matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"

roles/matrix-synapse/tasks/init.yml

@@ -5,3 +5,10 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys'] }}"
   when: matrix_s3_media_store_enabled|bool
+
+# ansible lower than 2.8, does not support docker_image build parameters
+# for self buildig it is explicitly needed, so we rather fail here
+- name: Fail if running on Ansible lower than 2.8 and trying self building
+  fail:
+    msg: "To self build Synapse image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
+  when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build"

roles/matrix-synapse/tasks/setup_synapse.yml

@@ -11,6 +11,7 @@
     - "{{ matrix_synapse_config_dir_path }}"
     - "{{ matrix_synapse_run_path }}"
     - "{{ matrix_synapse_ext_path }}"
+    - { src: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}" }
     # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml),
     # because if it's using Goofys and it's already mounted (from before),
     # trying to chown/chmod it here will cause trouble.

roles/matrix-synapse/tasks/synapse/setup_install.yml

@@ -18,12 +18,31 @@
     group: "{{ matrix_user_username }}"
   when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
 
+- name: Ensure Synapse repository is present on self-build
+  git:
+    repo: https://github.com/matrix-org/synapse.git
+    dest: "{{ matrix_synapse_docker_src_files_path }}"
+    version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
+    force: "yes"
+  when: "matrix_synapse_container_image_self_build"
+
+- name: Ensure Synapse Docker image is built
+  docker_image:
+    name: "{{ matrix_synapse_docker_image }}"
+    source: build
+    build:
+      dockerfile: docker/Dockerfile
+      path: "{{ matrix_synapse_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_synapse_container_image_self_build"
+
 - name: Ensure Synapse Docker image is pulled
   docker_image:
     name: "{{ matrix_synapse_docker_image }}"
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}"
+  when: "not matrix_synapse_container_image_self_build"
 
 - name: Check if a Synapse signing key exists
   stat: