Просмотр исходного кода
Remove roles/custom/matrix-conduwuit
Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
pull/4913/head
Suguru Hirahara
3 недель назад
Не найден GPG ключ соответствующий данной подписи
Идентификатор GPG ключа: E4F9743DAB4B7B75
16 измененных файлов: 0 добавлений и 2263 удалений
-
+0 -194roles/custom/matrix-conduwuit/defaults/main.yml
-
+0 -64roles/custom/matrix-conduwuit/tasks/install.yml
-
+0 -34roles/custom/matrix-conduwuit/tasks/main.yml
-
+0 -28roles/custom/matrix-conduwuit/tasks/self_check_client_api.yml
-
+0 -32roles/custom/matrix-conduwuit/tasks/self_check_federation_api.yml
-
+0 -63roles/custom/matrix-conduwuit/tasks/setup_install.yml
-
+0 -23roles/custom/matrix-conduwuit/tasks/setup_uninstall.yml
-
+0 -23roles/custom/matrix-conduwuit/tasks/uninstall.yml
-
+0 -15roles/custom/matrix-conduwuit/tasks/validate_config.yml
-
+0 -1546roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2
-
+0 -1roles/custom/matrix-conduwuit/templates/env.j2
-
+0 -3roles/custom/matrix-conduwuit/templates/env.j2.license
-
+0 -173roles/custom/matrix-conduwuit/templates/labels.j2
-
+0 -51roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2
-
+0 -4roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2.license
-
+0 -9roles/custom/matrix-conduwuit/vars/main.yml
+ 0
- 194
roles/custom/matrix-conduwuit/defaults/main.yml
Просмотреть файл
| @@ -1,194 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | |||
| # SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| # conduwuit is a very cool, featureful fork of conduit (https://gitlab.com/famedly/conduit). | |||
| # Project source code URL: https://github.com/girlbossceo/conduwuit | |||
| # See: https://conduwuit.puppyirl.gay/ | |||
| matrix_conduwuit_enabled: true | |||
| matrix_conduwuit_hostname: '' | |||
| matrix_conduwuit_docker_image: "{{ matrix_conduwuit_docker_image_registry_prefix }}girlbossceo/conduwuit:{{ matrix_conduwuit_docker_image_tag }}" | |||
| matrix_conduwuit_docker_image_tag: v0.4.6-8f7ade4c22533a3177bfd8f175e178573ba6c1d4 | |||
| matrix_conduwuit_docker_image_force_pull: "{{ matrix_conduwuit_docker_image.endswith(':latest') }}" | |||
| matrix_conduwuit_docker_image_registry_prefix: "{{ matrix_conduwuit_docker_image_registry_prefix_upstream }}" | |||
| matrix_conduwuit_docker_image_registry_prefix_upstream: "{{ matrix_conduwuit_docker_image_registry_prefix_upstream_default }}" | |||
| matrix_conduwuit_docker_image_registry_prefix_upstream_default: ghcr.io/ | |||
| matrix_conduwuit_base_path: "{{ matrix_base_data_path }}/conduwuit" | |||
| matrix_conduwuit_config_path: "{{ matrix_conduwuit_base_path }}/config" | |||
| matrix_conduwuit_data_path: "{{ matrix_conduwuit_base_path }}/data" | |||
| matrix_conduwuit_config_port_number: 6167 | |||
| matrix_conduwuit_tmp_directory_size_mb: 500 | |||
| # List of systemd services that matrix-conduwuit.service depends on | |||
| matrix_conduwuit_systemd_required_services_list: "{{ matrix_conduwuit_systemd_required_services_list_default + matrix_conduwuit_systemd_required_services_list_auto + matrix_conduwuit_systemd_required_services_list_custom }}" | |||
| matrix_conduwuit_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}" | |||
| matrix_conduwuit_systemd_required_services_list_auto: [] | |||
| matrix_conduwuit_systemd_required_services_list_custom: [] | |||
| # List of systemd services that matrix-conduwuit.service wants | |||
| matrix_conduwuit_systemd_wanted_services_list: [] | |||
| # Controls how long to sleep for after starting the matrix-synapse container. | |||
| # | |||
| # Delaying, so that the homeserver can manage to fully start and various services | |||
| # that depend on it (`matrix_conduwuit_systemd_required_services_list` and `matrix_conduwuit_systemd_wanted_services_list`) | |||
| # may only start after the homeserver is up and running. | |||
| # | |||
| # This can be set to 0 to remove the delay. | |||
| matrix_conduwuit_systemd_service_post_start_delay_seconds: 3 | |||
| # The base container network. It will be auto-created by this role if it doesn't exist already. | |||
| matrix_conduwuit_container_network: "" | |||
| # A list of additional container networks that the container would be connected to. | |||
| # The role does not create these networks, so make sure they already exist. | |||
| # Use this to expose this container to another reverse proxy, which runs in a different container network. | |||
| matrix_conduwuit_container_additional_networks: "{{ matrix_conduwuit_container_additional_networks_auto + matrix_conduwuit_container_additional_networks_custom }}" | |||
| matrix_conduwuit_container_additional_networks_auto: [] | |||
| matrix_conduwuit_container_additional_networks_custom: [] | |||
| # matrix_conduwuit_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. | |||
| # See `../templates/labels.j2` for details. | |||
| # | |||
| # To inject your own other container labels, see `matrix_conduwuit_container_labels_additional_labels`. | |||
| matrix_conduwuit_container_labels_traefik_enabled: true | |||
| matrix_conduwuit_container_labels_traefik_docker_network: "{{ matrix_conduwuit_container_network }}" | |||
| matrix_conduwuit_container_labels_traefik_entrypoints: web-secure | |||
| matrix_conduwuit_container_labels_traefik_tls_certResolver: default # noqa var-naming | |||
| # Controls whether labels will be added for handling the root (/) path on a public Traefik entrypoint. | |||
| matrix_conduwuit_container_labels_public_client_root_enabled: true | |||
| matrix_conduwuit_container_labels_public_client_root_traefik_hostname: "{{ matrix_conduwuit_hostname }}" | |||
| matrix_conduwuit_container_labels_public_client_root_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_root_traefik_hostname }}`) && Path(`/`)" | |||
| matrix_conduwuit_container_labels_public_client_root_traefik_priority: 0 | |||
| matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}" | |||
| matrix_conduwuit_container_labels_public_client_root_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints != 'web' }}" | |||
| matrix_conduwuit_container_labels_public_client_root_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| matrix_conduwuit_container_labels_public_client_root_redirection_enabled: false | |||
| matrix_conduwuit_container_labels_public_client_root_redirection_url: "" | |||
| # Controls whether labels will be added that expose the Client-Server API on a public Traefik entrypoint. | |||
| matrix_conduwuit_container_labels_public_client_api_enabled: true | |||
| matrix_conduwuit_container_labels_public_client_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}" | |||
| matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix: /_matrix | |||
| matrix_conduwuit_container_labels_public_client_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}`)" | |||
| matrix_conduwuit_container_labels_public_client_api_traefik_priority: 0 | |||
| matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}" | |||
| matrix_conduwuit_container_labels_public_client_api_traefik_tls: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints != 'web' }}" | |||
| matrix_conduwuit_container_labels_public_client_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the Client-Server API on the internal Traefik entrypoint. | |||
| # This is similar to `matrix_conduwuit_container_labels_public_client_api_enabled`, but the entrypoint and intent is different. | |||
| matrix_conduwuit_container_labels_internal_client_api_enabled: false | |||
| matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_path_prefix }}" | |||
| matrix_conduwuit_container_labels_internal_client_api_traefik_rule: "PathPrefix(`{{ matrix_conduwuit_container_labels_internal_client_api_traefik_path_prefix }}`)" | |||
| matrix_conduwuit_container_labels_internal_client_api_traefik_priority: "{{ matrix_conduwuit_container_labels_public_client_api_traefik_priority }}" | |||
| matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints: "" | |||
| # Controls whether labels will be added that expose the Server-Server API (Federation API) on a public Traefik entrypoint. | |||
| matrix_conduwuit_container_labels_public_federation_api_enabled: "{{ matrix_conduwuit_config_allow_federation }}" | |||
| matrix_conduwuit_container_labels_public_federation_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}" | |||
| matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix: /_matrix | |||
| matrix_conduwuit_container_labels_public_federation_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_federation_api_traefik_path_prefix }}`)" | |||
| matrix_conduwuit_container_labels_public_federation_api_traefik_priority: 0 | |||
| matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints: '' | |||
| # TLS is force-enabled here, because the spec (https://spec.matrix.org/v1.9/server-server-api/#tls) says that the federation API must use HTTPS. | |||
| matrix_conduwuit_container_labels_public_federation_api_traefik_tls: true | |||
| matrix_conduwuit_container_labels_public_federation_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # Controls whether labels will be added that expose the `/_conduwuit` path prefix on a public Traefik entrypoint. | |||
| matrix_conduwuit_container_labels_public_conduwuit_api_enabled: true | |||
| matrix_conduwuit_container_labels_public_conduwuit_api_traefik_hostname: "{{ matrix_conduwuit_hostname }}" | |||
| matrix_conduwuit_container_labels_public_conduwuit_api_traefik_path_prefix: /_conduwuit | |||
| matrix_conduwuit_container_labels_public_conduwuit_api_traefik_rule: "Host(`{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_hostname }}`) && PathPrefix(`{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_path_prefix }}`)" | |||
| matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority: 0 | |||
| matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints: "{{ matrix_conduwuit_container_labels_traefik_entrypoints }}" | |||
| matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls: "{{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints != 'web' }}" | |||
| matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls_certResolver: "{{ matrix_conduwuit_container_labels_traefik_tls_certResolver }}" # noqa var-naming | |||
| # matrix_conduwuit_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. | |||
| # See `../templates/labels.j2` for details. | |||
| # | |||
| # Example: | |||
| # matrix_conduwuit_container_labels_additional_labels: | | |||
| # my.label=1 | |||
| # another.label="here" | |||
| matrix_conduwuit_container_labels_additional_labels: '' | |||
| # Extra arguments for the Docker container | |||
| matrix_conduwuit_container_extra_arguments: [] | |||
| # Specifies which template files to use when configuring conduwuit. | |||
| # If you'd like to have your own different configuration, feel free to copy and paste | |||
| # the original files into your inventory (e.g. in `inventory/host_vars/matrix.example.com/`) | |||
| # and then change the specific host's `vars.yml` file like this: | |||
| # matrix_conduwuit_template_conduwuit_config: "{{ playbook_dir }}/inventory/host_vars/matrix.example.com/conduwuit.toml.j2" | |||
| matrix_conduwuit_template_conduwuit_config: "{{ role_path }}/templates/conduwuit.toml.j2" | |||
| # Max size for uploads, in bytes | |||
| matrix_conduwuit_config_server_name: "{{ matrix_domain }}" | |||
| # Max size for uploads, in bytes | |||
| matrix_conduwuit_config_max_request_size: 20_000_000 | |||
| # Enables registration. If set to false, no users can register on this server. | |||
| matrix_conduwuit_config_allow_registration: false | |||
| # Controls the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting. | |||
| # This is only used when `matrix_conduwuit_config_allow_registration` is set to true and no registration token is configured. | |||
| matrix_conduwuit_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: false | |||
| # Controls the `registration_token` setting. | |||
| # When registration is enabled (`matrix_conduwuit_config_allow_registration`) you: | |||
| # - either need to set a token to protect registration from abuse | |||
| # - or you need to enable the `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` setting | |||
| # (see `matrix_conduwuit_config_yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`), | |||
| # to allow registration without any form of 2nd-step. | |||
| matrix_conduwuit_config_registration_token: '' | |||
| # Controls the `new_user_displayname_suffix` setting. | |||
| # This is the suffix that will be added to the displayname of new users. | |||
| # Upstream defaults this to "🏳️⚧️", but we keep this consistent across all homeserver implementations and do not enable a suffix. | |||
| matrix_conduwuit_config_new_user_displayname_suffix: "" | |||
| # Controls the `allow_check_for_updates` setting. | |||
| matrix_conduwuit_config_allow_check_for_updates: false | |||
| # Controls the `emergency_password` setting. | |||
| matrix_conduwuit_config_emergency_password: '' | |||
| # Controls the `allow_federation` setting. | |||
| matrix_conduwuit_config_allow_federation: true | |||
| matrix_conduwuit_trusted_servers: | |||
| - "matrix.org" | |||
| matrix_conduwuit_config_log: "info,state_res=warn,rocket=off,_=off,sled=off" | |||
| # TURN integration. | |||
| # See: https://conduwuit.puppyirl.gay/turn.html | |||
| matrix_conduwuit_config_turn_uris: [] | |||
| matrix_conduwuit_config_turn_secret: '' | |||
| matrix_conduwuit_config_turn_username: '' | |||
| matrix_conduwuit_config_turn_password: '' | |||
| # Controls whether the self-check feature should validate SSL certificates. | |||
| matrix_conduwuit_self_check_validate_certificates: true | |||
| # Additional environment variables to pass to the container. | |||
| # | |||
| # Environment variables take priority over settings in the configuration file. | |||
| # | |||
| # Example: | |||
| # matrix_conduwuit_environment_variables_extension: | | |||
| # CONDUWUIT_MAX_REQUEST_SIZE=50000000 | |||
| # CONDUWUIT_REQUEST_TIMEOUT=60 | |||
| matrix_conduwuit_environment_variables_extension: '' | |||
+ 0
- 64
roles/custom/matrix-conduwuit/tasks/install.yml
Просмотреть файл
| @@ -1,64 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| - name: Ensure conduwuit config path exists | |||
| ansible.builtin.file: | |||
| path: "{{ matrix_conduwuit_config_path }}" | |||
| state: directory | |||
| mode: 0750 | |||
| owner: "{{ matrix_user_name }}" | |||
| group: "{{ matrix_group_name }}" | |||
| - name: Ensure conduwuit data path exists | |||
| ansible.builtin.file: | |||
| path: "{{ matrix_conduwuit_data_path }}" | |||
| state: directory | |||
| mode: 0770 | |||
| owner: "{{ matrix_user_name }}" | |||
| group: "{{ matrix_group_name }}" | |||
| - name: Ensure conduwuit configuration installed | |||
| ansible.builtin.template: | |||
| src: "{{ matrix_conduwuit_template_conduwuit_config }}" | |||
| dest: "{{ matrix_conduwuit_config_path }}/conduwuit.toml" | |||
| mode: 0644 | |||
| owner: "{{ matrix_user_name }}" | |||
| group: "{{ matrix_group_name }}" | |||
| - name: Ensure conduwuit support files installed | |||
| ansible.builtin.template: | |||
| src: "{{ role_path }}/templates/{{ item }}.j2" | |||
| dest: "{{ matrix_conduwuit_base_path }}/{{ item }}" | |||
| mode: 0640 | |||
| owner: "{{ matrix_user_name }}" | |||
| group: "{{ matrix_group_name }}" | |||
| with_items: | |||
| - labels | |||
| - env | |||
| - name: Ensure conduwuit container network is created | |||
| community.general.docker_network: | |||
| enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" | |||
| name: "{{ matrix_conduwuit_container_network }}" | |||
| driver: bridge | |||
| driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" | |||
| - name: Ensure conduwuit container image is pulled | |||
| community.docker.docker_image: | |||
| name: "{{ matrix_conduwuit_docker_image }}" | |||
| source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | |||
| force_source: "{{ matrix_conduwuit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | |||
| force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduwuit_docker_image_force_pull }}" | |||
| register: result | |||
| retries: "{{ devture_playbook_help_container_retries_count }}" | |||
| delay: "{{ devture_playbook_help_container_retries_delay }}" | |||
| until: result is not failed | |||
| - name: Ensure matrix-conduwuit.service installed | |||
| ansible.builtin.template: | |||
| src: "{{ role_path }}/templates/systemd/matrix-conduwuit.service.j2" | |||
| dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" | |||
| mode: 0644 | |||
+ 0
- 34
roles/custom/matrix-conduwuit/tasks/main.yml
Просмотреть файл
| @@ -1,34 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | |||
| # SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| - tags: | |||
| - setup-all | |||
| - setup-conduwuit | |||
| - install-all | |||
| - install-conduwuit | |||
| block: | |||
| - when: matrix_conduwuit_enabled | bool | |||
| ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" | |||
| - when: matrix_conduwuit_enabled | bool | |||
| ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" | |||
| - tags: | |||
| - setup-all | |||
| - setup-conduwuit | |||
| block: | |||
| - when: not matrix_conduwuit_enabled | bool | |||
| ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" | |||
| - tags: | |||
| - self-check | |||
| block: | |||
| - when: matrix_conduwuit_enabled | bool | |||
| ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" | |||
| - when: matrix_conduwuit_enabled | bool | |||
| ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" | |||
+ 0
- 28
roles/custom/matrix-conduwuit/tasks/self_check_client_api.yml
Просмотреть файл
| @@ -1,28 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| # SPDX-FileCopyrightText: 2025 Suguru Hirahara | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| - name: Check Matrix Client API | |||
| ansible.builtin.uri: | |||
| url: "{{ matrix_conduwuit_client_api_url_endpoint_public }}" | |||
| follow_redirects: none | |||
| validate_certs: "{{ matrix_conduwuit_self_check_validate_certificates }}" | |||
| register: result_matrix_conduwuit_client_api | |||
| ignore_errors: true | |||
| check_mode: false | |||
| when: matrix_conduwuit_enabled | bool | |||
| delegate_to: 127.0.0.1 | |||
| become: false | |||
| - name: Fail if Matrix Client API not working | |||
| ansible.builtin.fail: | |||
| msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_conduwuit_client_api_url_endpoint_public }}`). Is conduwuit running? Is port 443 open in your firewall? Full error: {{ result_matrix_conduwuit_client_api }}" | |||
| when: "matrix_conduwuit_enabled | bool and (result_matrix_conduwuit_client_api.failed or 'json' not in result_matrix_conduwuit_client_api)" | |||
| - name: Report working Matrix Client API | |||
| ansible.builtin.debug: | |||
| msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_conduwuit_client_api_url_endpoint_public }}`) is working" | |||
| when: matrix_conduwuit_enabled | bool | |||
+ 0
- 32
roles/custom/matrix-conduwuit/tasks/self_check_federation_api.yml
Просмотреть файл
| @@ -1,32 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| - name: Check Matrix Federation API | |||
| ansible.builtin.uri: | |||
| url: "{{ matrix_synapse_federation_api_url_endpoint_public }}" | |||
| follow_redirects: none | |||
| validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" | |||
| register: result_matrix_synapse_federation_api | |||
| ignore_errors: true | |||
| check_mode: false | |||
| when: matrix_synapse_enabled | bool | |||
| delegate_to: 127.0.0.1 | |||
| become: false | |||
| - name: Fail if Matrix Federation API not working | |||
| ansible.builtin.fail: | |||
| msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" | |||
| when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" | |||
| - name: Fail if Matrix Federation API unexpectedly enabled | |||
| ansible.builtin.fail: | |||
| msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." | |||
| when: "matrix_synapse_enabled | bool and not matrix_synapse_federation_enabled | bool and not result_matrix_synapse_federation_api.failed" | |||
| - name: Report working Matrix Federation API | |||
| ansible.builtin.debug: | |||
| msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" | |||
| when: "matrix_synapse_enabled | bool and matrix_synapse_federation_enabled | bool" | |||
+ 0
- 63
roles/custom/matrix-conduwuit/tasks/setup_install.yml
Просмотреть файл
| @@ -1,63 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| - name: Ensure conduwuit config path exists | |||
| ansible.builtin.file: | |||
| path: "{{ matrix_conduwuit_config_path }}" | |||
| state: directory | |||
| mode: 0750 | |||
| owner: "{{ matrix_user_name }}" | |||
| group: "{{ matrix_group_name }}" | |||
| - name: Ensure conduwuit data path exists | |||
| ansible.builtin.file: | |||
| path: "{{ matrix_conduwuit_data_path }}" | |||
| state: directory | |||
| mode: 0770 | |||
| owner: "{{ matrix_user_name }}" | |||
| group: "{{ matrix_group_name }}" | |||
| - name: Ensure conduwuit configuration installed | |||
| ansible.builtin.template: | |||
| src: "{{ matrix_conduwuit_template_conduwuit_config }}" | |||
| dest: "{{ matrix_conduwuit_config_path }}/conduwuit.toml" | |||
| mode: 0644 | |||
| owner: "{{ matrix_user_name }}" | |||
| group: "{{ matrix_group_name }}" | |||
| - name: Ensure conduwuit support files installed | |||
| ansible.builtin.template: | |||
| src: "{{ role_path }}/templates/{{ item }}.j2" | |||
| dest: "{{ matrix_conduwuit_base_path }}/{{ item }}" | |||
| mode: 0640 | |||
| owner: "{{ matrix_user_name }}" | |||
| group: "{{ matrix_group_name }}" | |||
| with_items: | |||
| - labels | |||
| - name: Ensure conduwuit container network is created | |||
| community.general.docker_network: | |||
| enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}" | |||
| name: "{{ matrix_conduwuit_container_network }}" | |||
| driver: bridge | |||
| driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}" | |||
| - name: Ensure conduwuit container image is pulled | |||
| community.docker.docker_image: | |||
| name: "{{ matrix_conduwuit_docker_image }}" | |||
| source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | |||
| force_source: "{{ matrix_conduwuit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | |||
| force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduwuit_docker_image_force_pull }}" | |||
| register: result | |||
| retries: "{{ devture_playbook_help_container_retries_count }}" | |||
| delay: "{{ devture_playbook_help_container_retries_delay }}" | |||
| until: result is not failed | |||
| - name: Ensure matrix-conduwuit.service installed | |||
| ansible.builtin.template: | |||
| src: "{{ role_path }}/templates/systemd/matrix-conduwuit.service.j2" | |||
| dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" | |||
| mode: 0644 | |||
+ 0
- 23
roles/custom/matrix-conduwuit/tasks/setup_uninstall.yml
Просмотреть файл
| @@ -1,23 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| - name: Check existence of matrix-conduwuit service | |||
| ansible.builtin.stat: | |||
| path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" | |||
| register: matrix_conduwuit_service_stat | |||
| - when: matrix_conduwuit_service_stat.stat.exists | bool | |||
| block: | |||
| - name: Ensure matrix-conduwuit is stopped | |||
| ansible.builtin.systemd: | |||
| name: matrix-conduwuit | |||
| state: stopped | |||
| daemon_reload: true | |||
| - name: Ensure matrix-conduwuit.service doesn't exist | |||
| ansible.builtin.file: | |||
| path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" | |||
| state: absent | |||
+ 0
- 23
roles/custom/matrix-conduwuit/tasks/uninstall.yml
Просмотреть файл
| @@ -1,23 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| - name: Check existence of matrix-conduwuit service | |||
| ansible.builtin.stat: | |||
| path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" | |||
| register: matrix_conduwuit_service_stat | |||
| - when: matrix_conduwuit_service_stat.stat.exists | bool | |||
| block: | |||
| - name: Ensure matrix-conduwuit is stopped | |||
| ansible.builtin.systemd: | |||
| name: matrix-conduwuit | |||
| state: stopped | |||
| daemon_reload: true | |||
| - name: Ensure matrix-conduwuit.service doesn't exist | |||
| ansible.builtin.file: | |||
| path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-conduwuit.service" | |||
| state: absent | |||
+ 0
- 15
roles/custom/matrix-conduwuit/tasks/validate_config.yml
Просмотреть файл
| @@ -1,15 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| - name: Fail if required conduwuit settings not defined | |||
| ansible.builtin.fail: | |||
| msg: >- | |||
| You need to define a required configuration setting (`{{ item.name }}`). | |||
| when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0" | |||
| with_items: | |||
| - {'name': 'matrix_conduwuit_hostname', when: true} | |||
| - {'name': 'matrix_conduwuit_container_network', when: true} | |||
| - {'name': 'matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints', when: "{{ matrix_conduwuit_container_labels_internal_client_api_enabled }}"} | |||
+ 0
- 1546
roles/custom/matrix-conduwuit/templates/conduwuit.toml.j2
Разница между файлами не показана из-за своего большого размера
Просмотреть файл
+ 0
- 1
roles/custom/matrix-conduwuit/templates/env.j2
Просмотреть файл
| @@ -1 +0,0 @@ | |||
| {{ matrix_conduwuit_environment_variables_extension }} | |||
+ 0
- 3
roles/custom/matrix-conduwuit/templates/env.j2.license
Просмотреть файл
| @@ -1,3 +0,0 @@ | |||
| SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| SPDX-License-Identifier: AGPL-3.0-or-later | |||
+ 0
- 173
roles/custom/matrix-conduwuit/templates/labels.j2
Просмотреть файл
| @@ -1,173 +0,0 @@ | |||
| {# | |||
| SPDX-FileCopyrightText: 2025 MDAD project contributors | |||
| SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| SPDX-FileCopyrightText: 2025 Suguru Hirahara | |||
| SPDX-License-Identifier: AGPL-3.0-or-later | |||
| #} | |||
| {% if matrix_conduwuit_container_labels_traefik_enabled %} | |||
| traefik.enable=true | |||
| {% if matrix_conduwuit_container_labels_traefik_docker_network %} | |||
| traefik.docker.network={{ matrix_conduwuit_container_labels_traefik_docker_network }} | |||
| {% endif %} | |||
| traefik.http.services.matrix-conduwuit.loadbalancer.server.port={{ matrix_conduwuit_config_port_number }} | |||
| {% if matrix_conduwuit_container_labels_public_client_root_enabled %} | |||
| ############################################################ | |||
| # # | |||
| # Public Root path (/) # | |||
| # # | |||
| ############################################################ | |||
| {% set client_root_middlewares = [] %} | |||
| {% if matrix_conduwuit_container_labels_public_client_root_redirection_enabled %} | |||
| {% set client_root_middlewares = client_root_middlewares + ['matrix-conduwuit-client-root-redirect'] %} | |||
| traefik.http.middlewares.matrix-conduwuit-client-root-redirect.redirectregex.regex=(.*) | |||
| traefik.http.middlewares.matrix-conduwuit-client-root-redirect.redirectregex.replacement={{ matrix_conduwuit_container_labels_public_client_root_redirection_url }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduwuit-public-client-root.rule={{ matrix_conduwuit_container_labels_public_client_root_traefik_rule }} | |||
| traefik.http.routers.matrix-conduwuit-public-client-root.middlewares={{ client_root_middlewares | join(',') }} | |||
| {% if matrix_conduwuit_container_labels_public_client_root_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduwuit-public-client-root.priority={{ matrix_conduwuit_container_labels_public_client_root_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduwuit-public-client-root.service=matrix-conduwuit | |||
| traefik.http.routers.matrix-conduwuit-public-client-root.entrypoints={{ matrix_conduwuit_container_labels_public_client_root_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduwuit-public-client-root.tls={{ matrix_conduwuit_container_labels_public_client_root_traefik_tls | to_json }} | |||
| {% if matrix_conduwuit_container_labels_public_client_root_traefik_tls %} | |||
| traefik.http.routers.matrix-conduwuit-public-client-root.tls.certResolver={{ matrix_conduwuit_container_labels_public_client_root_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| ############################################################ | |||
| # # | |||
| # /Public Root path (/) # | |||
| # # | |||
| ############################################################ | |||
| {% endif %} | |||
| {% if matrix_conduwuit_container_labels_public_client_api_enabled %} | |||
| ############################################################ | |||
| # # | |||
| # Public Client-API (/_matrix) # | |||
| # # | |||
| ############################################################ | |||
| traefik.http.routers.matrix-conduwuit-public-client-api.rule={{ matrix_conduwuit_container_labels_public_client_api_traefik_rule }} | |||
| {% if matrix_conduwuit_container_labels_public_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduwuit-public-client-api.priority={{ matrix_conduwuit_container_labels_public_client_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduwuit-public-client-api.service=matrix-conduwuit | |||
| traefik.http.routers.matrix-conduwuit-public-client-api.entrypoints={{ matrix_conduwuit_container_labels_public_client_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduwuit-public-client-api.tls={{ matrix_conduwuit_container_labels_public_client_api_traefik_tls | to_json }} | |||
| {% if matrix_conduwuit_container_labels_public_client_api_traefik_tls %} | |||
| traefik.http.routers.matrix-conduwuit-public-client-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_client_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| ############################################################ | |||
| # # | |||
| # /Public Client-API (/_matrix) # | |||
| # # | |||
| ############################################################ | |||
| {% endif %} | |||
| {% if matrix_conduwuit_container_labels_internal_client_api_enabled %} | |||
| ############################################################ | |||
| # # | |||
| # Internal Client-API (/_matrix) # | |||
| # # | |||
| ############################################################ | |||
| traefik.http.routers.matrix-conduwuit-internal-client-api.rule={{ matrix_conduwuit_container_labels_internal_client_api_traefik_rule }} | |||
| {% if matrix_conduwuit_container_labels_internal_client_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduwuit-internal-client-api.priority={{ matrix_conduwuit_container_labels_internal_client_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduwuit-internal-client-api.service=matrix-conduwuit | |||
| traefik.http.routers.matrix-conduwuit-internal-client-api.entrypoints={{ matrix_conduwuit_container_labels_internal_client_api_traefik_entrypoints }} | |||
| ############################################################ | |||
| # # | |||
| # /Internal Client-API (/_matrix) # | |||
| # # | |||
| ############################################################ | |||
| {% endif %} | |||
| {% if matrix_conduwuit_container_labels_public_federation_api_enabled %} | |||
| ############################################################ | |||
| # # | |||
| # Public Federation-API (/_matrix) # | |||
| # # | |||
| ############################################################ | |||
| traefik.http.routers.matrix-conduwuit-public-federation-api.rule={{ matrix_conduwuit_container_labels_public_federation_api_traefik_rule }} | |||
| {% if matrix_conduwuit_container_labels_public_federation_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduwuit-public-federation-api.priority={{ matrix_conduwuit_container_labels_public_federation_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduwuit-public-federation-api.service=matrix-conduwuit | |||
| traefik.http.routers.matrix-conduwuit-public-federation-api.entrypoints={{ matrix_conduwuit_container_labels_public_federation_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduwuit-public-federation-api.tls={{ matrix_conduwuit_container_labels_public_federation_api_traefik_tls | to_json }} | |||
| {% if matrix_conduwuit_container_labels_public_federation_api_traefik_tls %} | |||
| traefik.http.routers.matrix-conduwuit-public-federation-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_federation_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| ############################################################ | |||
| # # | |||
| # /Public Federation-API (/_matrix) # | |||
| # # | |||
| ############################################################ | |||
| {% endif %} | |||
| {% if matrix_conduwuit_container_labels_public_conduwuit_api_enabled %} | |||
| ############################################################ | |||
| # # | |||
| # Public conduwuit-API (/_conduwuit) # | |||
| # # | |||
| ############################################################ | |||
| traefik.http.routers.matrix-conduwuit-public-conduwuit-api.rule={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_rule }} | |||
| {% if matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority | int > 0 %} | |||
| traefik.http.routers.matrix-conduwuit-public-conduwuit-api.priority={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_priority }} | |||
| {% endif %} | |||
| traefik.http.routers.matrix-conduwuit-public-conduwuit-api.service=matrix-conduwuit | |||
| traefik.http.routers.matrix-conduwuit-public-conduwuit-api.entrypoints={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_entrypoints }} | |||
| traefik.http.routers.matrix-conduwuit-public-conduwuit-api.tls={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls | to_json }} | |||
| {% if matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls %} | |||
| traefik.http.routers.matrix-conduwuit-public-conduwuit-api.tls.certResolver={{ matrix_conduwuit_container_labels_public_conduwuit_api_traefik_tls_certResolver }} | |||
| {% endif %} | |||
| ############################################################ | |||
| # # | |||
| # /Public conduwuit-API (/_conduwuit) # | |||
| # # | |||
| ############################################################ | |||
| {% endif %} | |||
| {% endif %} | |||
| {{ matrix_conduwuit_container_labels_additional_labels }} | |||
+ 0
- 51
roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2
Просмотреть файл
| @@ -1,51 +0,0 @@ | |||
| #jinja2: lstrip_blocks: True | |||
| [Unit] | |||
| Description=conduwuit Matrix homeserver | |||
| {% for service in matrix_conduwuit_systemd_required_services_list %} | |||
| Requires={{ service }} | |||
| After={{ service }} | |||
| {% endfor %} | |||
| [Service] | |||
| Type=simple | |||
| Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" | |||
| ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduwuit 2>/dev/null || true' | |||
| ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduwuit 2>/dev/null || true' | |||
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ | |||
| --rm \ | |||
| --name=matrix-conduwuit \ | |||
| --log-driver=none \ | |||
| --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | |||
| --cap-drop=ALL \ | |||
| --read-only \ | |||
| --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_conduwuit_tmp_directory_size_mb }}m \ | |||
| --network={{ matrix_conduwuit_container_network }} \ | |||
| --env CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml \ | |||
| --label-file={{ matrix_conduwuit_base_path }}/labels \ | |||
| --mount type=bind,src={{ matrix_conduwuit_data_path }},dst=/var/lib/conduwuit \ | |||
| --mount type=bind,src={{ matrix_conduwuit_config_path }},dst=/etc/conduwuit,ro \ | |||
| {% for arg in matrix_conduwuit_container_extra_arguments %} | |||
| {{ arg }} \ | |||
| {% endfor %} | |||
| {{ matrix_conduwuit_docker_image }} | |||
| {% for network in matrix_conduwuit_container_additional_networks %} | |||
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-conduwuit | |||
| {% endfor %} | |||
| ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-conduwuit | |||
| {% if matrix_conduwuit_systemd_service_post_start_delay_seconds != 0 %} | |||
| ExecStartPost=-{{ matrix_host_command_sleep }} {{ matrix_conduwuit_systemd_service_post_start_delay_seconds }} | |||
| {% endif %} | |||
| ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-conduwuit 2>/dev/null || true' | |||
| ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-conduwuit 2>/dev/null || true' | |||
| ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-conduwuit /bin/sh -c 'kill -HUP 1' | |||
| Restart=always | |||
| RestartSec=30 | |||
| SyslogIdentifier=matrix-conduwuit | |||
| [Install] | |||
| WantedBy=multi-user.target | |||
+ 0
- 4
roles/custom/matrix-conduwuit/templates/systemd/matrix-conduwuit.service.j2.license
Просмотреть файл
| @@ -1,4 +0,0 @@ | |||
| SPDX-FileCopyrightText: 2025 MDAD project contributors | |||
| SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| SPDX-License-Identifier: AGPL-3.0-or-later | |||
+ 0
- 9
roles/custom/matrix-conduwuit/vars/main.yml
Просмотреть файл
| @@ -1,9 +0,0 @@ | |||
| # SPDX-FileCopyrightText: 2025 MDAD project contributors | |||
| # SPDX-FileCopyrightText: 2025 Slavi Pantaleev | |||
| # | |||
| # SPDX-License-Identifier: AGPL-3.0-or-later | |||
| --- | |||
| matrix_conduwuit_client_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduwuit_hostname }}/_matrix/client/versions" | |||
| matrix_conduwuit_federation_api_url_endpoint_public: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}://{{ matrix_conduwuit_hostname }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" | |||