Updates to reviewer comments

docs/configuring-playbook-budget-builds.md → docs/configuring-playbook-dynamic-dns.md

@@ -1,6 +1,6 @@
-# Tips for deploying Matrix on a Budget
+# Dynamic DNS
 
-## Dynamic DNS
+## Setup
 
 Most cloud providers / ISPs will charge you extra for a static IP address. If you're
 not hosting a highly reliable homeserver you can workaround this via dynamic DNS. To
@@ -9,13 +9,14 @@ google domains, this process is described [here](https://support.google.com/doma
 After you've gotten the proper credentials you can add the following config to your inventory/host_vars/matrix.DOMAIN/vars.yml:
 
 ```
-matrix_dynamic_dns_username: XXXXXXXXXXXXXXXX
-matrix_dynamic_dns_password: XXXXXXXXXXXXXXXX
-matrix_dynamic_dns_provider: 'domains.google.com'
+matrix_dynamic_dns_domain_configurations: |
+  {{
+    [{'provider': 'domains.google.com', 'protocol': 'dyndn2', 'username': 'XXXXXXXXXXXXXXXX', 'password': 'XXXXXXXXXXXXXXXX', 'domain': matrix_domain}]
+  }}
 ```
 
 ## Additional Reading
 
 Additional resources:
 
-- https://matrix.org/docs/guides/free-small-matrix-server
+- https://matrix.org/docs/guides/free-small-matrix-server

docs/configuring-playbook.md

@@ -33,7 +33,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional)
 
-- [Setting up budget builds or resource-constrained builds](configuring-playbook-budget-builds.md) (optional)
+- [Setting Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional)
 
 ### Core service adjustments
 

group_vars/matrix_servers

@@ -619,6 +619,23 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{ 8048 if mat
 ######################################################################
 
 
+
+######################################################################
+#
+# matrix-dynamic-dns
+#
+######################################################################
+
+matrix_dynamic_dns_domain_configurations: []
+
+######################################################################
+#
+# /matrix-dynamic-dns
+#
+######################################################################
+
+
+
 ######################################################################
 #
 # matrix-email2matrix

roles/matrix-dynamic-dns/defaults/main.yml

@@ -1,11 +1,11 @@
 # Whether dynamic dns is enabled
-matrix_dynamic_dns_enabled: false
+matrix_dynamic_dns_enabled: "{{ matrix_dynamic_dns_domain_configurations is defined }}"
 
 # The dynamic dns daemon interval
 matrix_dynamic_dns_daemon_interval: '300'
 
 # The docker container to use when in mode
-matrix_dynamic_dns_docker_image: 'linuxserver/ddclient'
+matrix_dynamic_dns_docker_image: 'linuxserver/ddclient:v3.9.1-ls45'
 
 # The image to force pull
 matrix_dynamic_dns_docker_image_force_pull: "{{ matrix_dynamic_dns_docker_image.endswith(':latest') }}"
@@ -28,13 +28,5 @@ matrix_dynamic_dns_config_path: "{{ matrix_dynamic_dns_base_path }}/config"
 matrix_dynamic_dns_docker_src_files_path: "{{ matrix_dynamic_dns_base_path }}/docker-src"
 
 # Config options
+matrix_dynamic_dns_additional_configuration_blocks: []
 matrix_dynamic_dns_use: "web"
-matrix_dynamic_dns_static: false
-matrix_dynamic_dns_custom: false
-matrix_dynamic_dns_zone: ""
-matrix_dynamic_dns_ttl: ""
-matrix_dynamic_dns_mx: ""
-matrix_dynamic_dns_wildcard: false
-matrix_dynamic_dns_protocol: 'dyndns2'
-matrix_dynamic_dns_provider: 'domains.google.com'
-matrix_dynamic_dns_domain: '{{ matrix_domain }}'

roles/matrix-dynamic-dns/tasks/install.yml

@@ -12,7 +12,7 @@
   file:
     path: "{{ item.path }}"
     state: directory
-    mode: 0750
+    mode: 0751
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_groupname }}"
   with_items:

roles/matrix-dynamic-dns/tasks/validate_config.yml

@@ -1,10 +1,10 @@
 ---
 
-- name: Fail if required settings not defined
+- name: Fail if required settings not defined in configuration blocks
   fail:
     msg: >-
       You need to define a required configuration setting (`{{ item }}`).
-  when: "vars[item] == ''"
-  with_items:
-    - "matrix_dynamic_dns_domain"
-    - "matrix_dynamic_dns_provider"
+  when: "'domain' not in configuration == '' or 'provider' not in configuration == '' or 'protocol' not in configuration == ''"
+  with_items: "{{ matrix_dynamic_dns_domain_configurations }}"
+  loop_control:
+    loop_var: configuration

roles/matrix-dynamic-dns/templates/ddclient.conf.j2

@@ -3,14 +3,24 @@ syslog=no
 pid=/var/run/ddclient/ddclient.pid
 ssl=yes
 use={{ matrix_dynamic_dns_use }}
-protocol={{ matrix_dynamic_dns_protocol }}
-server={{ matrix_dynamic_dns_provider }} {% if matrix_dynamic_dns_username %}
-login='{{ matrix_dynamic_dns_username }}' {% endif %} {% if matrix_dynamic_dns_username %}
-password='{{ matrix_dynamic_dns_password }}' {% endif %} {% if matrix_dynamic_dns_static %}
-static=yes {% endif %} {% if matrix_dynamic_dns_custom %}
-custom=yes {% endif %} {% if matrix_dynamic_dns_zone %}
-zone={{ matrix_dynamic_dns_zone }} {% endif %} {% if matrix_dynamic_dns_ttl %}
-ttl={{ matrix_dynamic_dns_ttl }} {% endif %} {% if matrix_dynamic_dns_mx %}
-mx={{ matrix_dynamic_dns_mx }} {% endif %} {% if matrix_dynamic_dns_wildcard %}
+
+{% for dynamic_dns_domain_configuration in matrix_dynamic_dns_domain_configurations %}
+protocol={{ dynamic_dns_domain_configuration.protocol }}
+server={{ dynamic_dns_domain_configuration.provider }} {% if 'username' in dynamic_dns_domain_configuration %}
+login='{{ dynamic_dns_domain_configuration.username }}' {% endif %} {% if 'password' in dynamic_dns_domain_configuration %}
+password='{{ dynamic_dns_domain_configuration.password }}' {% endif %} {% if 'static' in dynamic_dns_domain_configuration %}
+static=yes {% endif %} {% if 'custom' in dynamic_dns_domain_configuration %}
+custom=yes {% endif %} {% if 'zone' in dynamic_dns_domain_configuration %}
+zone={{ dynamic_dns_domain_configuration.zone }} {% endif %} {% if 'ttl' in dynamic_dns_domain_configuration %}
+ttl={{ dynamic_dns_domain_configuration.ttl }} {% endif %} {% if 'mx' in dynamic_dns_domain_configuration %}
+mx={{ dynamic_dns_domain_configuration.mx }} {% endif %} {% if 'wildcard' in dynamic_dns_domain_configuration %}
 wildcard=yes {% endif %}
-{{ matrix_dynamic_dns_domain }}
+{{ dynamic_dns_domain_configuration.domain }}
+
+{% endfor %}
+
+
+{% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %}
+{{ matrix_dynamic_dns_additional_configuration }}
+
+{% endfor %}

roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2

@@ -15,12 +15,9 @@ ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dynamic-dns
 ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dynamic-dns
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \
 			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
   			-e PUID={{ matrix_user_uid }} \
   			-e PGID={{ matrix_user_gid }} \
-			-e CONFIG_PATH=/config/config.yaml \
 			-v {{ matrix_dynamic_dns_config_path }}:/config:z \
 			{% for arg in matrix_dynamic_dns_container_extra_arguments %}
 			{{ arg }} \

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml

@@ -12,6 +12,18 @@
 - set_fact:
     domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}"
 
+- name: Ensure dynamic dns has ran
+  service:
+    name: "dynamic-dns"
+    state: started
+  register: dynamic_dns_service_update
+  when: "domain_name_needs_cert|bool and matrix_dynamic_dns_enabled|bool" 
+
+- name: Sleep for 60 seconds so that DNS records can be updated
+  wait_for:
+    timeout: 60
+  when: dynamic_dns_service_update.changed
+
 # This will fail if there is something running on port 80 (like matrix-nginx-proxy).
 # We suppress the error, as we'll try another method below.
 - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)