mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 01:53:24 +00:00 
			
		
		
		
	Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy
This commit is contained in:
		
							
								
								
									
										35
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										35
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -1,3 +1,38 @@ | ||||
| # 2019-05-25 | ||||
|  | ||||
| ## Support for exposing container ports publicly (not just to the host) | ||||
|  | ||||
| Until now, various roles supported a `matrix_*_expose_port` variable, which would expose their container's port to the host. This was mostly useful for reverse-proxying manually (in case `matrix-nginx-proxy` was disabled). It could also be used for installing some playbook services (e.g. bridges, etc.) and wiring them to a separate (manual) Matrix setup. | ||||
|  | ||||
| `matrix_*_expose_port` variables were not granular enough - sometimes they would expose one port, other times multiple. They also didn't provide control over **where** to expose (to which port number and to which network interface), because they would usually hardcode something like `127.0.0.1:8080`. | ||||
|  | ||||
| All such variables have been superseded by a better (more flexible) way to do it. | ||||
|  | ||||
| **Most** people (including those not using `matrix-nginx-proxy`), **don't need** to bother with this. | ||||
|  | ||||
| Porting examples follow for people having more customized setups: | ||||
|  | ||||
| - **from** `matrix_synapse_container_expose_client_api_port: true` **to** `matrix_synapse_container_client_api_host_bind_port: '127.0.0.1:8008'` | ||||
|  | ||||
| - **from** `matrix_synapse_container_expose_federation_api_port: true` **to** `matrix_synapse_container_federation_api_plain_host_bind_port: '127.0.0.1:8048'` and possibly `matrix_synapse_container_federation_api_tls_host_bind_port: '8448'` | ||||
|  | ||||
| - **from** `matrix_synapse_container_expose_metrics_port: true` **to** `matrix_synapse_container_metrics_api_host_bind_port: '127.0.0.1:9100'` | ||||
|  | ||||
| - **from** `matrix_riot_web_container_expose_port: true` **to** `matrix_riot_web_container_http_host_bind_port: '127.0.0.1:8765'` | ||||
|  | ||||
| - **from** `matrix_mxisd_container_expose_port: true` **to** `matrix_mxisd_container_http_host_bind_port: '127.0.0.1:8090'` | ||||
|  | ||||
| - **from** `matrix_dimension_container_expose_port: true` **to** `matrix_dimension_container_http_host_bind_port: '127.0.0.1:8184'` | ||||
|  | ||||
| - **from** `matrix_corporal_container_expose_ports: true` **to** `matrix_corporal_container_http_gateway_host_bind_port: '127.0.0.1:41080'` and possibly `matrix_corporal_container_http_api_host_bind_port: '127.0.0.1:41081'` | ||||
|  | ||||
| - **from** `matrix_appservice_irc_container_expose_client_server_api_port: true` **to** `matrix_appservice_irc_container_http_host_bind_port: '127.0.0.1:9999'` | ||||
|  | ||||
| - **from** `matrix_appservice_discord_container_expose_client_server_api_port: true` **to** `matrix_appservice_discord_container_http_host_bind_port: '127.0.0.1:9005'` | ||||
|  | ||||
| As always, if you forget to remove usage of some outdated variable, the playbook will warn you. | ||||
|  | ||||
|  | ||||
| # 2019-05-23 | ||||
|  | ||||
| ## Ansible 2.8 compatibility | ||||
|   | ||||
| @@ -9,7 +9,7 @@ For an Integration Manager like [Dimension](https://dimension.t2bot.io) to work, | ||||
| Other important prerequisite is the `dimension.<your-domain>` DNS record being set up correctly. See [Configuring your DNS server](configuring-dns.md) on how to set up DNS record correctly. | ||||
|  | ||||
| ## Enable | ||||
| [Dimension integrations manager](https://dimension.t2bot.io) installation is disabled by default. You can enable it in your configuration file (`inventory/matrix.<your-domain>/vars.yml`): | ||||
| [Dimension integrations manager](https://dimension.t2bot.io) installation is disabled by default. You can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`): | ||||
|  | ||||
| ```yaml | ||||
| matrix_dimension_enabled: true | ||||
| @@ -18,7 +18,7 @@ matrix_dimension_enabled: true | ||||
|  | ||||
| ## Define admin users | ||||
| These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Riot and clicking the settings icon. | ||||
| Add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`): | ||||
| Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`): | ||||
|  | ||||
| ```yaml | ||||
| matrix_dimension_admins: ['@user1:domain.com', '@user2:domain.com'] | ||||
| @@ -37,7 +37,7 @@ To get an access token, follow these steps: | ||||
|  | ||||
| **Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.** | ||||
|  | ||||
| Add access token to your configuration file (`inventory/matrix.<your-domain>/vars.yml`): | ||||
| Add access token to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`): | ||||
|  | ||||
| ```yaml | ||||
| matrix_dimension_access_token: "YOUR ACCESS TOKEN HERE" | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
| By default, this playbook would set up a PostgreSQL database server on your machine, running in a Docker container. | ||||
| If that's alright, you can skip this. | ||||
|  | ||||
| If you'd like to use an external PostgreSQL server that you manage, you can edit your configuration file  (`inventory/matrix.<your-domain>/vars.yml`). | ||||
| If you'd like to use an external PostgreSQL server that you manage, you can edit your configuration file  (`inventory/host_vars/matrix.<your-domain>/vars.yml`). | ||||
| It should be something like this: | ||||
|  | ||||
| ```yaml | ||||
|   | ||||
| @@ -6,7 +6,7 @@ That is, people on your server can communicate with people on any other Matrix s | ||||
|  | ||||
| ## Federating only with select servers | ||||
|  | ||||
| To make your server only federate with servers of your choosing, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`): | ||||
| To make your server only federate with servers of your choosing, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`): | ||||
|  | ||||
| ```yaml | ||||
| matrix_synapse_federation_domain_whitelist: | ||||
| @@ -19,7 +19,7 @@ If you wish to disable federation, you can do that with an empty list (`[]`), or | ||||
|  | ||||
| ## Disabling federation | ||||
|  | ||||
| To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/matrix.<your-domain>/vars.yml`): | ||||
| To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`): | ||||
|  | ||||
| ```yaml | ||||
| matrix_synapse_federation_enabled: false | ||||
|   | ||||
| @@ -13,13 +13,13 @@ No matter which external webserver you decide to go with, you'll need to: | ||||
|  | ||||
| 1) Make sure your web server user (something like `http`, `apache`, `www-data`, `nginx`) is part of the `matrix` group. You should run something like this: `usermod -a -G matrix nginx` | ||||
|  | ||||
| 2) Edit your configuration file (`inventory/matrix.<your-domain>/vars.yml`) to disable the integrated nginx server: | ||||
| 2) Edit your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) to disable the integrated nginx server: | ||||
|  | ||||
| ```yaml | ||||
| matrix_nginx_proxy_enabled: false | ||||
| ``` | ||||
|  | ||||
| 3) **If you'll manage SSL certificates by yourself**, edit your configuration file (`inventory/matrix.<your-domain>/vars.yml`) to disable SSL certificate retrieval: | ||||
| 3) **If you'll manage SSL certificates by yourself**, edit your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) to disable SSL certificate retrieval: | ||||
|  | ||||
| ```yaml | ||||
| matrix_ssl_retrieval_method: none | ||||
|   | ||||
| @@ -29,7 +29,7 @@ You'll need an Amazon S3 bucket and some IAM user credentials (access key + secr | ||||
| } | ||||
| ``` | ||||
|  | ||||
| You then need to enable S3 support in your configuration file (`inventory/matrix.<your-domain>/vars.yml`). | ||||
| You then need to enable S3 support in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`). | ||||
| It would be something like this: | ||||
|  | ||||
| ```yaml | ||||
|   | ||||
| @@ -89,10 +89,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/ | ||||
| If your files are not in `/matrix/ssl` but in some other location, you would need to mount them into the container: | ||||
|  | ||||
| ```yaml | ||||
| matrix_nginx_proxy_container_additional_volumes: | ||||
|   - src: /some/path/on/the/host | ||||
|     dst: /some/path/inside/the/container | ||||
|     options: ro | ||||
| matrix_synapse_container_extra_arguments: | ||||
|   - "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro" | ||||
| ``` | ||||
|  | ||||
| You then refer to them (for `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate` and `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key`) by using `/some/path/inside/the/container`. | ||||
| @@ -118,10 +116,8 @@ Make sure to reload/restart your webserver once in a while, so that newer certif | ||||
| To do that, make sure the certificate files are mounted into the Synapse container: | ||||
|  | ||||
| ```yaml | ||||
| matrix_synapse_container_additional_volumes: | ||||
|   - src: /some/path/on/the/host | ||||
|     dst: /some/path/inside/the/container | ||||
|     options: ro | ||||
| matrix_synapse_container_extra_arguments: | ||||
|   - "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro" | ||||
| ``` | ||||
|  | ||||
| You can then tell Synapse to serve Federation traffic over TLS on `tcp/8448`: | ||||
|   | ||||
| @@ -6,7 +6,7 @@ This is for when you wish to have your own Apache webserver sitting in front of | ||||
| See the [Using your own webserver, instead of this playbook's nginx proxy](../../docs/configuring-playbook-own-webserver.md) documentation page. | ||||
|  | ||||
| To use your own Apache reverse-proxy, you first need to disable the integrated nginx server. | ||||
| You do that with the following custom configuration (`inventory/matrix.<your-domain>/vars.yml`): | ||||
| You do that with the following custom configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`): | ||||
|  | ||||
| ```yaml | ||||
| matrix_nginx_proxy_enabled: false | ||||
|   | ||||
| @@ -36,8 +36,8 @@ matrix_appservice_discord_enabled: false | ||||
|  | ||||
| # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-discord over the container network. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose | ||||
| # matrix-appservice-discord's client-server port to the local host (`127.0.0.1:9005`). | ||||
| matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" | ||||
| # matrix-appservice-discord's client-server port to the local host. | ||||
| matrix_appservice_discord_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9005' }}" | ||||
|  | ||||
| matrix_appservice_discord_systemd_required_services_list: | | ||||
|   {{ | ||||
| @@ -64,8 +64,8 @@ matrix_appservice_irc_enabled: false | ||||
|  | ||||
| # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose | ||||
| # matrix-appservice-irc's client-server port to the local host (`127.0.0.1:9999`). | ||||
| matrix_appservice_irc_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" | ||||
| # matrix-appservice-irc's client-server port to the local host. | ||||
| matrix_appservice_irc_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9999' }}" | ||||
|  | ||||
| matrix_appservice_irc_systemd_required_services_list: | | ||||
|   {{ | ||||
| @@ -122,6 +122,8 @@ matrix_mautrix_telegram_systemd_required_services_list: | | ||||
|  | ||||
| matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" | ||||
|  | ||||
| matrix_mautrix_telegram_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9006' }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| # /matrix-bridge-mautrix-telegram | ||||
| @@ -162,8 +164,9 @@ matrix_corporal_enabled: false | ||||
|  | ||||
| # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose | ||||
| # matrix-corporal's web-server ports to the local host (`127.0.0.1:41080` and `127.0.0.1:41081`). | ||||
| matrix_corporal_container_expose_ports: "{{ not matrix_nginx_proxy_enabled }}" | ||||
| # matrix-corporal's web-server ports to the local host. | ||||
| matrix_corporal_container_http_gateway_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:41080' }}" | ||||
| matrix_corporal_container_http_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:41081' }}" | ||||
|  | ||||
| matrix_corporal_systemd_required_services_list: | | ||||
|   {{ | ||||
| @@ -222,8 +225,8 @@ matrix_dimension_enabled: false | ||||
|  | ||||
| # Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose | ||||
| # the Dimension HTTP port to the local host (`127.0.0.1:8184`). | ||||
| matrix_dimension_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}" | ||||
| # the Dimension HTTP port to the local host. | ||||
| matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8184' }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| @@ -264,8 +267,8 @@ matrix_mxisd_enabled: true | ||||
|  | ||||
| # Normally, matrix-nginx-proxy is enabled and nginx can reach mxisd over the container network. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose | ||||
| # mxisd's web-server port to the local host (`127.0.0.1:8090`). | ||||
| matrix_mxisd_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}" | ||||
| # mxisd's web-server port. | ||||
| matrix_mxisd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8090' }}" | ||||
|  | ||||
| # We enable Synapse integration via its Postgres database by default. | ||||
| # When using another Identity store, you might wish to disable this and define | ||||
| @@ -408,8 +411,8 @@ matrix_riot_web_enabled: true | ||||
|  | ||||
| # Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose | ||||
| # the riot-web HTTP port to the local host (`127.0.0.1:80`). | ||||
| matrix_riot_web_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}" | ||||
| # the riot-web HTTP port to the local host. | ||||
| matrix_riot_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8765' }}" | ||||
|  | ||||
| matrix_riot_web_default_hs_url: "{{ matrix_homeserver_url }}" | ||||
| matrix_riot_web_default_is_url: "{{ matrix_identity_server_url }}" | ||||
| @@ -449,15 +452,20 @@ matrix_riot_web_enable_presence_by_hs_url: | | ||||
| matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}" | ||||
|  | ||||
| # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose its ports | ||||
| # to the local host. | ||||
| # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, | ||||
| # you can expose Synapse's ports to the host. | ||||
| # | ||||
| # For exposing the Matrix Client API's port (plain HTTP) to the local host (`127.0.0.1:8008`). | ||||
| matrix_synapse_container_expose_client_api_port: "{{ not matrix_nginx_proxy_enabled }}" | ||||
| # For exposing the Matrix Federation API's port (plain HTTP) to the local host (`127.0.0.1:8048`). | ||||
| matrix_synapse_container_expose_federation_api_port: "{{ not matrix_nginx_proxy_enabled }}" | ||||
|  | ||||
| matrix_synapse_container_expose_metrics_port: "{{ not matrix_nginx_proxy_enabled }}" | ||||
| # For exposing the Matrix Client API's port (plain HTTP) to the local host. | ||||
| matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" | ||||
| # | ||||
| # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. | ||||
| matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}" | ||||
| # | ||||
| # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. | ||||
| matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" | ||||
| # | ||||
| # For exposing the Synapse Metrics API's port (plain HTTP) to the local host. | ||||
| matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}" | ||||
|  | ||||
| matrix_synapse_database_host: "{{ matrix_postgres_connection_hostname }}" | ||||
| matrix_synapse_database_user: "{{ matrix_postgres_connection_username }}" | ||||
|   | ||||
| @@ -11,8 +11,10 @@ matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-dis | ||||
| matrix_appservice_discord_client_id: '' | ||||
| matrix_appservice_discord_bot_token: '' | ||||
|  | ||||
| # Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005). | ||||
| matrix_appservice_discord_container_expose_client_server_api_port: false | ||||
| # Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9005 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9005"), or empty string to not expose. | ||||
| matrix_appservice_discord_container_http_host_bind_port: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_appservice_discord_container_extra_arguments: [] | ||||
|   | ||||
| @@ -61,9 +61,6 @@ | ||||
|     -l discord_bot | ||||
|   when: "not appservice_discord_registration_file.stat.exists" | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_app_service_config_file_appservice_discord: '{{ matrix_appservice_discord_base_path }}/discord-registration.yml' | ||||
|  | ||||
| - name: Check if a matrix-appservice-discord invite_link file exists | ||||
|   stat: | ||||
|     path: "{{ matrix_appservice_discord_base_path }}/invite_link" | ||||
| @@ -82,12 +79,12 @@ | ||||
|  | ||||
| # If the matrix-synapse role is not used, these variables may not exist. | ||||
| - set_fact: | ||||
|     matrix_synapse_container_additional_volumes: > | ||||
|       {{ matrix_synapse_container_additional_volumes|default([]) }} | ||||
|     matrix_synapse_container_extra_arguments: > | ||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||
|       + | ||||
|       {{ [{'src': '{{ matrix_appservice_discord_base_path }}/discord-registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_discord }}', 'options': 'ro'}] }} | ||||
|       {{ ["--mount type=bind,src={{ matrix_appservice_discord_base_path }}/discord-registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }} | ||||
|  | ||||
|     matrix_synapse_app_service_config_files: > | ||||
|       {{ matrix_synapse_app_service_config_files|default([]) }} | ||||
|       + | ||||
|       {{ ["{{ matrix_synapse_app_service_config_file_appservice_discord }}"] | to_nice_json  }} | ||||
|       {{ ["/matrix-appservice-discord-registration.yaml"] }} | ||||
|   | ||||
| @@ -8,3 +8,12 @@ | ||||
|   with_items: | ||||
|     - "matrix_appservice_discord_client_id" | ||||
|     - "matrix_appservice_discord_bot_token" | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed appservice-discord variables | ||||
|   fail: | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'} | ||||
|   | ||||
| @@ -19,8 +19,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ | ||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--network={{ matrix_docker_network }} \ | ||||
| 			{% if matrix_appservice_discord_container_expose_client_server_api_port %} | ||||
| 			-p 127.0.0.1:9005:9005 \ | ||||
| 			{% if matrix_appservice_discord_container_http_host_bind_port %} | ||||
| 			-p {{ matrix_appservice_discord_container_http_host_bind_port }}:9005 \ | ||||
| 			{% endif %} | ||||
| 			-v {{ matrix_appservice_discord_base_path }}:/data \ | ||||
| 			{% for arg in matrix_appservice_discord_container_extra_arguments %} | ||||
|   | ||||
| @@ -7,8 +7,10 @@ matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest" | ||||
|  | ||||
| matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" | ||||
|  | ||||
| # Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999). | ||||
| matrix_appservice_irc_container_expose_client_server_api_port: false | ||||
| # Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose. | ||||
| matrix_appservice_irc_container_http_host_bind_port: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_appservice_irc_container_extra_arguments: [] | ||||
|   | ||||
| @@ -70,20 +70,17 @@ | ||||
|     -l irc_bot | ||||
|   when: "not appservice_irc_registration_file.stat.exists" | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_app_service_config_file_appservice_irc: '/app-registration/appservice-irc.yml' | ||||
|  | ||||
| # If the matrix-synapse role is not used, these variables may not exist. | ||||
| - set_fact: | ||||
|     matrix_synapse_container_additional_volumes: > | ||||
|       {{ matrix_synapse_container_additional_volumes|default([]) }} | ||||
|     matrix_synapse_container_extra_arguments: > | ||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||
|       + | ||||
|       {{ [{'src': '{{ matrix_appservice_irc_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_irc }}', 'options': 'ro'}] }} | ||||
|       {{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }} | ||||
|  | ||||
|     matrix_synapse_app_service_config_files: > | ||||
|       {{ matrix_synapse_app_service_config_files|default([]) }} | ||||
|       + | ||||
|       {{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json  }} | ||||
|       {{ ["/matrix-appservice-irc-registration.yaml"] }} | ||||
|  | ||||
| - name: Ensure IRC configuration directory permissions are correct | ||||
|   file: | ||||
|   | ||||
| @@ -14,3 +14,11 @@ | ||||
|       You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`. | ||||
|   when: "matrix_appservice_irc_configuration.ircService|default(none) is none" | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed appservice-irc variables | ||||
|   fail: | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'} | ||||
|   | ||||
| @@ -19,8 +19,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ | ||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--network={{ matrix_docker_network }} \ | ||||
| 			{% if matrix_appservice_irc_container_expose_client_server_api_port %} | ||||
| 			-p 127.0.0.1:9999:9999 \ | ||||
| 			{% if matrix_appservice_irc_container_http_host_bind_port %} | ||||
| 			-p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \ | ||||
| 			{% endif %} | ||||
| 			-v {{ matrix_appservice_irc_base_path }}:/data:z \ | ||||
| 			{% for arg in matrix_appservice_irc_container_extra_arguments %} | ||||
|   | ||||
| @@ -7,10 +7,6 @@ matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest" | ||||
|  | ||||
| matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook" | ||||
|  | ||||
| # Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/ | ||||
| matrix_mautrix_facebook_api_id: '' | ||||
| matrix_mautrix_facebook_api_hash: '' | ||||
|  | ||||
| matrix_mautrix_facebook_homeserver_address: 'https://{{ matrix_server_fqn_matrix }}' | ||||
| matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' | ||||
| matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080' | ||||
|   | ||||
| @@ -2,12 +2,6 @@ | ||||
|   tags: | ||||
|     - always | ||||
|  | ||||
| - import_tasks: "{{ role_path }}/tasks/validate_config.yml" | ||||
|   when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool" | ||||
|   tags: | ||||
|     - setup-all | ||||
|     - setup-mautrix-facebook | ||||
|  | ||||
| - import_tasks: "{{ role_path }}/tasks/setup_install.yml" | ||||
|   when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool" | ||||
|   tags: | ||||
|   | ||||
| @@ -65,17 +65,14 @@ | ||||
|       python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml | ||||
|   when: "not mautrix_facebook_registration_file_stat.stat.exists" | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml' | ||||
|  | ||||
| # If the matrix-synapse role is not used, these variables may not exist. | ||||
| - set_fact: | ||||
|     matrix_synapse_container_additional_volumes: > | ||||
|       {{ matrix_synapse_container_additional_volumes|default([]) }} | ||||
|     matrix_synapse_container_extra_arguments: > | ||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||
|       + | ||||
|       {{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }} | ||||
|       {{ ["--mount type=bind,src={{ matrix_mautrix_facebook_base_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] }} | ||||
|  | ||||
|     matrix_synapse_app_service_config_files: > | ||||
|       {{ matrix_synapse_app_service_config_files|default([]) }} | ||||
|       + | ||||
|       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json  }} | ||||
|       {{ ["/matrix-mautrix-facebook-registration.yaml"] }} | ||||
|   | ||||
| @@ -1,10 +0,0 @@ | ||||
| --- | ||||
|  | ||||
| - name: Fail if required settings not defined | ||||
|   fail: | ||||
|     msg: >- | ||||
|       You need to define a required configuration setting (`{{ item }}`). | ||||
|   when: "vars[item] == ''" | ||||
|   with_items: | ||||
|     - "matrix_mautrix_facebook_api_id" | ||||
|     - "matrix_mautrix_facebook_api_hash" | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_mautrix_telegram_enabled: true | ||||
|  | ||||
| matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.1" | ||||
| matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.2" | ||||
|  | ||||
| matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" | ||||
|  | ||||
| @@ -21,8 +21,10 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}' | ||||
| matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' | ||||
| matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}' | ||||
|  | ||||
| # Set this to a port number to expose on the host when not using matrix-nginx-proxy | ||||
| matrix_mautrix_telegram_container_exposed_port_number: ~ | ||||
| # Controls whether the matrix-telegram container exposes its HTTP port (tcp/8080 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose. | ||||
| matrix_mautrix_telegram_container_http_host_bind_port: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_mautrix_telegram_container_extra_arguments: [] | ||||
|   | ||||
| @@ -76,43 +76,40 @@ | ||||
|       python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml | ||||
|   when: "not mautrix_telegram_registration_file_stat.stat.exists" | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml' | ||||
|  | ||||
| # If the matrix-synapse role is not used, these variables may not exist. | ||||
| - set_fact: | ||||
|     matrix_synapse_container_additional_volumes: > | ||||
|       {{ matrix_synapse_container_additional_volumes|default([]) }} | ||||
|     matrix_synapse_container_extra_arguments: > | ||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||
|       + | ||||
|       {{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }} | ||||
|       {{ ["--mount type=bind,src={{ matrix_mautrix_telegram_base_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] }} | ||||
|  | ||||
|     matrix_synapse_app_service_config_files: > | ||||
|       {{ matrix_synapse_app_service_config_files|default([]) }} | ||||
|       + | ||||
|       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json  }} | ||||
|       {{ ["/matrix-mautrix-telegram-registration.yaml"] }} | ||||
|  | ||||
| - block: | ||||
|   - name: Fail if matrix-nginx-proxy role already executed | ||||
|     fail: | ||||
|       msg: > | ||||
|       msg: >- | ||||
|         Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, | ||||
|         but it's pointless since the matrix-nginx-proxy role had already executed. | ||||
|         To fix this, please change the order of roles in your plabook, | ||||
|         so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. | ||||
|     when: matrix_nginx_proxy_role_executed|bool | ||||
|     when: matrix_nginx_proxy_role_executed|default(False)|bool | ||||
|  | ||||
|   - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy | ||||
|     set_fact: | ||||
|       matrix_mautrix_telegram_matrix_nginx_proxy_configuration: | | ||||
|         location {{ matrix_mautrix_telegram_public_endpoint }} { | ||||
|         {% if matrix_nginx_proxy_enabled %} | ||||
|         {% if matrix_nginx_proxy_enabled|default(False) %} | ||||
|         	{# Use the embedded DNS resolver in Docker containers to discover the service #} | ||||
|         	resolver 127.0.0.11 valid=5s; | ||||
|         	set $backend "matrix-mautrix-telegram:8080"; | ||||
|         	proxy_pass http://$backend; | ||||
|         {% else %} | ||||
|         	{# Generic configuration for use outside of our container setup #} | ||||
|         	proxy_pass http://127.0.0.1:8080; | ||||
|         	proxy_pass http://127.0.0.1:9006; | ||||
|         {% endif %} | ||||
|         } | ||||
|  | ||||
| @@ -120,20 +117,19 @@ | ||||
|     set_fact: | ||||
|       matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | | ||||
|         {{ | ||||
|           matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | ||||
|           matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) | ||||
|           + | ||||
|           [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] | ||||
|         }} | ||||
|  | ||||
|   when: "matrix_nginx_proxy_enabled|default(False)" | ||||
|   tags: | ||||
|    - always | ||||
|  | ||||
| - name: Warn about reverse-proxying if matrix-nginx-proxy not used | ||||
|   debug: | ||||
|     msg: > | ||||
|     msg: >- | ||||
|       NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy | ||||
|       reverse proxy. | ||||
|       Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` | ||||
|       URL endpoint to the matrix-mautrix-telegram container. | ||||
|       You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. | ||||
|   when: "matrix_nginx_proxy_enabled is not defined" | ||||
|   | ||||
| @@ -9,3 +9,12 @@ | ||||
|     - "matrix_mautrix_telegram_api_id" | ||||
|     - "matrix_mautrix_telegram_api_hash" | ||||
|     - "matrix_mautrix_telegram_public_endpoint" | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed Telegram variables | ||||
|   fail: | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_mautrix_telegram_container_exposed_port_number', 'new': '<superseded by matrix_mautrix_telegram_container_http_host_bind_port>'} | ||||
|   | ||||
| @@ -26,8 +26,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ | ||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--network={{ matrix_docker_network }} \ | ||||
| 			{% if matrix_mautrix_telegram_container_exposed_port_number is not none %} | ||||
| 			-p 127.0.0.1:{{ matrix_mautrix_telegram_container_exposed_port_number }}:8080 \ | ||||
| 			{% if matrix_mautrix_telegram_container_http_host_bind_port %} | ||||
| 			-p {{ matrix_mautrix_telegram_container_http_host_bind_port }}:8080 \ | ||||
| 			{% endif %} | ||||
| 			-v {{ matrix_mautrix_telegram_base_path }}:/data:z \ | ||||
| 			{% for arg in matrix_mautrix_telegram_container_extra_arguments %} | ||||
|   | ||||
| @@ -65,17 +65,14 @@ | ||||
|       /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml | ||||
|   when: "not mautrix_whatsapp_registration_file_stat.stat.exists" | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml' | ||||
|  | ||||
| # If the matrix-synapse role is not used, these variables may not exist. | ||||
| - set_fact: | ||||
|     matrix_synapse_container_additional_volumes: > | ||||
|       {{ matrix_synapse_container_additional_volumes|default([]) }} | ||||
|     matrix_synapse_container_extra_arguments: > | ||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||
|       + | ||||
|       {{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }} | ||||
|       {{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_base_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }} | ||||
|  | ||||
|     matrix_synapse_app_service_config_files: > | ||||
|       {{ matrix_synapse_app_service_config_files|default([]) }} | ||||
|       + | ||||
|       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json  }} | ||||
|       {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }} | ||||
|   | ||||
| @@ -36,6 +36,6 @@ | ||||
|     msg: >- | ||||
|       {{ item }} was not detected to be running. | ||||
|       It's possible that there's a configuration problem or another service on your server interferes with it (uses the same ports, etc.). | ||||
|       Try running `systemctl status {{ item }}` and `systemctl -fu {{ item }}` on the server to investigate. | ||||
|       Try running `systemctl status {{ item }}` and `journalctl -fu {{ item }}` on the server to investigate. | ||||
|   with_items: "{{ matrix_systemd_services_list }}" | ||||
|   when: "ansible_facts.services[item + '.service']|default(none) is none or ansible_facts.services[item + '.service'].state != 'running'" | ||||
|   | ||||
| @@ -3,8 +3,15 @@ | ||||
|  | ||||
| matrix_corporal_enabled: true | ||||
|  | ||||
| # Controls whether the matrix-corporal web server's ports (`41080` and `41081`) are exposed outside of the container. | ||||
| matrix_corporal_container_expose_ports: false | ||||
| # Controls whether the matrix-corporal container exposes its gateway HTTP port (tcp/41080 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:41080"), or empty string to not expose. | ||||
| matrix_corporal_container_http_gateway_host_bind_port: '' | ||||
|  | ||||
| # Controls whether the matrix-corporal container exposes its API HTTP port (tcp/41081 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:41081"), or empty string to not expose. | ||||
| matrix_corporal_container_http_api_host_bind_port: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_corporal_container_extra_arguments: [] | ||||
|   | ||||
| @@ -2,7 +2,7 @@ | ||||
|  | ||||
| - name: Fail if required matrix-corporal settings not defined | ||||
|   fail: | ||||
|     msg: > | ||||
|     msg: >- | ||||
|       You need to define a required configuration setting (`{{ item }}`) for using matrix-corporal. | ||||
|   when: "vars[item] == ''" | ||||
|   with_items: | ||||
| @@ -15,3 +15,13 @@ | ||||
|   fail: | ||||
|     msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`" | ||||
|   when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''" | ||||
|  | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed corporal variables | ||||
|   fail: | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_corporal_container_expose_ports', 'new': '<superseded by matrix_corporal_container_http_gateway_host_bind_port and matrix_corporal_container_http_api_host_bind_port>'} | ||||
|   | ||||
| @@ -17,9 +17,11 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--read-only \ | ||||
| 			--network={{ matrix_docker_network }} \ | ||||
| 			{% if matrix_corporal_container_expose_ports %} | ||||
| 			-p 127.0.0.1:41080:41080 \ | ||||
| 			-p 127.0.0.1:41081:41081 \ | ||||
| 			{% if matrix_corporal_container_http_gateway_host_bind_port %} | ||||
| 			-p {{ matrix_corporal_container_http_gateway_host_bind_port }}:41080 \ | ||||
| 			{% endif %} | ||||
| 			{% if matrix_corporal_container_http_api_host_bind_port %} | ||||
| 			-p {{ matrix_corporal_container_http_api_host_bind_port }}:41081 \ | ||||
| 			{% endif %} | ||||
| 			-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \ | ||||
| 			-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \ | ||||
|   | ||||
| @@ -2,7 +2,7 @@ | ||||
|  | ||||
| - name: Fail if required Coturn settings not defined | ||||
|   fail: | ||||
|     msg: > | ||||
|     msg: >- | ||||
|       You need to define a required configuration setting (`{{ item }}`) for using Coturn. | ||||
|   when: "vars[item] == ''" | ||||
|   with_items: | ||||
|   | ||||
| @@ -18,7 +18,10 @@ matrix_dimension_docker_image: "turt2live/matrix-dimension:latest" | ||||
| matrix_dimension_user_uid: 1000 | ||||
| matrix_dimension_user_gid: 1000 | ||||
|  | ||||
| matrix_dimension_container_expose_port: false | ||||
| # Controls whether the matrix-dimension container exposes its HTTP port (tcp/8184 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8184"), or empty string to not expose. | ||||
| matrix_dimension_container_http_host_bind_port: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_dimension_container_extra_arguments: [] | ||||
|   | ||||
| @@ -13,3 +13,12 @@ | ||||
|   with_items: | ||||
|     - "matrix_synapse_federation_enabled" | ||||
|   when: "matrix_dimension_enabled|bool and not matrix_synapse_federation_enabled|bool" | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed Dimension variables | ||||
|   fail: | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_dimension_container_expose_port', 'new': '<superseded by matrix_dimension_container_http_host_bind_port>'} | ||||
|   | ||||
| @@ -17,8 +17,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ | ||||
| 			{% if matrix_dimension_widgets_allow_self_signed_ssl_certificates %} | ||||
| 			-e NODE_TLS_REJECT_UNAUTHORIZED=0 \ | ||||
| 			{% endif %} | ||||
| 			{% if matrix_dimension_container_expose_port %} | ||||
| 			-p 127.0.0.1:8184:8184 \ | ||||
| 			{% if matrix_dimension_container_http_host_bind_port %} | ||||
| 			-p {{ matrix_dimension_container_http_host_bind_port }}:8184 \ | ||||
| 			{% endif %} | ||||
| 			-v {{ matrix_dimension_base_path }}:/data:rw \ | ||||
| 			{% for arg in matrix_dimension_container_extra_arguments %} | ||||
|   | ||||
| @@ -1,12 +1,17 @@ | ||||
| # mxisd is a Federated Matrix Identity Server | ||||
| # See: https://github.com/kamax-matrix/mxisd | ||||
|  | ||||
| matrix_mxisd_enabled: true | ||||
|  | ||||
| matrix_mxisd_docker_image: "kamax/mxisd:1.4.3" | ||||
| matrix_mxisd_docker_image: "kamax/mxisd:1.4.4" | ||||
| matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" | ||||
| matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config" | ||||
| matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data" | ||||
|  | ||||
| # Controls whether the mxisd web server's port (`8090`) is exposed outside of the container. | ||||
| matrix_mxisd_container_expose_port: false | ||||
| # Controls whether the matrix-mxisd container exposes its HTTP port (tcp/8090 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8090"), or empty string to not expose. | ||||
| matrix_mxisd_container_http_host_bind_port: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_mxisd_container_extra_arguments: [] | ||||
|   | ||||
| @@ -45,3 +45,13 @@ | ||||
|   when: "vars[item] == ''" | ||||
|   with_items: | ||||
|     - "matrix_mxisd_threepid_medium_email_connectors_smtp_host" | ||||
|  | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed mxisd variables | ||||
|   fail: | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_mxisd_container_expose_port', 'new': '<superseded by matrix_mxisd_container_http_host_bind_port>'} | ||||
|   | ||||
| @@ -23,8 +23,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mxisd \ | ||||
| 			--read-only \ | ||||
| 			--tmpfs=/tmp:rw,exec,nosuid,size=10m \ | ||||
| 			--network={{ matrix_docker_network }} \ | ||||
| 			{% if matrix_mxisd_container_expose_port %} | ||||
| 			-p 127.0.0.1:8090:8090 \ | ||||
| 			{% if matrix_mxisd_container_http_host_bind_port %} | ||||
| 			-p {{ matrix_mxisd_container_http_host_bind_port }}:8090 \ | ||||
| 			{% endif %} | ||||
| 			-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \ | ||||
| 			-v {{ matrix_mxisd_data_path }}:/var/mxisd:rw \ | ||||
|   | ||||
| @@ -2,7 +2,7 @@ | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed settings | ||||
|   fail: | ||||
|     msg: > | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
|   | ||||
| @@ -169,6 +169,25 @@ server { | ||||
| 	} | ||||
| 	{% endif %} | ||||
|  | ||||
| 	location /_synapse/admin { | ||||
| 		{% if matrix_nginx_proxy_enabled %} | ||||
| 			{# Use the embedded DNS resolver in Docker containers to discover the service #} | ||||
| 			resolver 127.0.0.11 valid=5s; | ||||
| 			set $backend "{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}"; | ||||
| 			proxy_pass http://$backend; | ||||
| 		{% else %} | ||||
| 			{# Generic configuration for use outside of our container setup #} | ||||
| 			proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container }}; | ||||
| 		{% endif %} | ||||
|  | ||||
| 		proxy_set_header Host $host; | ||||
| 		proxy_set_header X-Forwarded-For $remote_addr; | ||||
|  | ||||
| 		client_body_buffer_size 25M; | ||||
| 		client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; | ||||
| 		proxy_max_temp_file_size 0; | ||||
| 	} | ||||
|  | ||||
| 	location / { | ||||
| 		rewrite ^/$ /_matrix/static/ last; | ||||
| 	} | ||||
|   | ||||
| @@ -1,10 +1,13 @@ | ||||
| matrix_riot_web_enabled: true | ||||
|  | ||||
| matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.2" | ||||
| matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.0" | ||||
|  | ||||
| matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" | ||||
|  | ||||
| matrix_riot_web_container_expose_port: false | ||||
| # Controls whether the matrix-riot-web container exposes its HTTP port (tcp/8080 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose. | ||||
| matrix_riot_web_container_http_host_bind_port: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_riot_web_container_extra_arguments: [] | ||||
|   | ||||
| @@ -8,9 +8,9 @@ | ||||
|   with_items: | ||||
|     - "matrix_riot_web_default_hs_url" | ||||
|  | ||||
| - name: (Deprecation) Catch and report renamed settings | ||||
| - name: (Deprecation) Catch and report renamed riot-web variables | ||||
|   fail: | ||||
|     msg: > | ||||
|     msg: >- | ||||
|       Your configuration contains a variable, which now has a different name. | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
| @@ -20,3 +20,4 @@ | ||||
|     - {'old': 'matrix_riot_web_homepage_template_technical', 'new': '<removed>'} | ||||
|     - {'old': 'matrix_riot_web_homepage_template_building', 'new': '<removed>'} | ||||
|     - {'old': 'matrix_riot_web_homepage_template_contributing', 'new': '<removed>'} | ||||
|     - {'old': 'matrix_riot_web_container_expose_port', 'new': '<superseded by matrix_riot_web_container_http_host_bind_port>'} | ||||
|   | ||||
| @@ -17,8 +17,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--read-only \ | ||||
| 			--network={{ matrix_docker_network }} \ | ||||
| 			{% if matrix_riot_web_container_expose_port %} | ||||
| 			-p 127.0.0.1:8765:8080 \ | ||||
| 			{% if matrix_riot_web_container_http_host_bind_port %} | ||||
| 			-p {{ matrix_riot_web_container_http_host_bind_port }}:8080 \ | ||||
| 			{% endif %} | ||||
| 			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \ | ||||
| 			-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \ | ||||
|   | ||||
| @@ -1,3 +1,3 @@ | ||||
| --- | ||||
|  | ||||
| matrix_riot_web_embedded_pages_home_url: "{{ (none if matrix_riot_web_embedded_pages_home_path is none else 'home.html') }}" | ||||
| matrix_riot_web_embedded_pages_home_url: "{{ ('' if matrix_riot_web_embedded_pages_home_path is none else 'home.html') }}" | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_synapse_enabled: true | ||||
|  | ||||
| matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.5.1" | ||||
| matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.5.2" | ||||
|  | ||||
| matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" | ||||
| matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" | ||||
| @@ -12,16 +12,32 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" | ||||
| matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" | ||||
| matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" | ||||
|  | ||||
| # Controls whether the Synapse container exposes the Client/Server API port (tcp/8008). | ||||
| matrix_synapse_container_expose_client_api_port: false | ||||
| # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8008"), or empty string to not expose. | ||||
| matrix_synapse_container_client_api_host_bind_port: '' | ||||
|  | ||||
| # Controls whether the Synapse container exposes the Server/Server (Federation) API port (tcp/8048). | ||||
| # This is for the plain HTTP API. If you need Synapse to handle TLS encryption, | ||||
| # that would be on another port (tcp/8448) controlled by `matrix_synapse_tls_federation_listener_enabled`. | ||||
| matrix_synapse_container_expose_federation_api_port: false | ||||
| # Controls whether the matrix-synapse container exposes the plain (unencrypted) Server/Server (Federation) API port (tcp/8048 in the container). | ||||
| # | ||||
| # Takes effect only if federation is enabled (matrix_synapse_federation_enabled). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048"), or empty string to not expose. | ||||
| matrix_synapse_container_federation_api_plain_host_bind_port: '' | ||||
|  | ||||
| # Controls whether the matrix-synapse container exposes the metrics port (tcp/9100). | ||||
| matrix_synapse_container_expose_metrics_port: false | ||||
| # Controls whether the matrix-synapse container exposes the tls (encrypted) Server/Server (Federation) API port (tcp/8448 in the container). | ||||
| # | ||||
| # Takes effect only if federation is enabled (matrix_synapse_federation_enabled) | ||||
| # and TLS support is enabled (matrix_synapse_tls_federation_listener_enabled). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "8448"), or empty string to not expose. | ||||
| matrix_synapse_container_federation_api_tls_host_bind_port: '' | ||||
|  | ||||
| # Controls whether the matrix-synapse container exposes the metrics port (tcp/9100 in the container). | ||||
| # | ||||
| # Takes effect only if metrics are enabled (matrix_synapse_metrics_enabled). | ||||
| # | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose. | ||||
| matrix_synapse_container_metrics_api_host_bind_port: '' | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_synapse_container_extra_arguments: [] | ||||
| @@ -154,6 +170,11 @@ matrix_synapse_federation_domain_whitelist: ~ | ||||
| # A list of additional "volumes" to mount in the container. | ||||
| # This list gets populated dynamically based on Synapse extensions that have been enabled. | ||||
| # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} | ||||
| # | ||||
| # Note: internally, this uses the `-v` flag for mounting the specified volumes. | ||||
| # It's better (safer) to use the `--mount` flag for mounting volumes. | ||||
| # To use `--mount`, specifiy it in `matrix_synapse_container_extra_arguments`. | ||||
| # Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro'] | ||||
| matrix_synapse_container_additional_volumes: [] | ||||
|  | ||||
| # A list of additional loggers to register in synapse.log.config. | ||||
| @@ -163,7 +184,7 @@ matrix_synapse_additional_loggers: [] | ||||
|  | ||||
| # A list of appservice config files (in-container filesystem paths). | ||||
| # This list gets populated dynamically based on Synapse extensions that have been enabled. | ||||
| # You may wish to use this together with `matrix_synapse_container_additional_volumes`. | ||||
| # You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`. | ||||
| matrix_synapse_app_service_config_files: [] | ||||
|  | ||||
| # This is set dynamically during execution depending on whether | ||||
|   | ||||
| @@ -1,8 +1,6 @@ | ||||
| - set_fact: | ||||
|     matrix_synapse_password_providers_enabled: true | ||||
|   when: matrix_synapse_ext_password_provider_ldap_enabled|bool | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_additional_loggers: > | ||||
|       {{ matrix_synapse_additional_loggers }} | ||||
|       + | ||||
|   | ||||
| @@ -17,13 +17,11 @@ | ||||
| - set_fact: | ||||
|     matrix_synapse_password_providers_enabled: true | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_container_additional_volumes: > | ||||
|       {{ matrix_synapse_container_additional_volumes }} | ||||
|     matrix_synapse_container_extra_arguments: > | ||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||
|       + | ||||
|       {{ [{'src': '{{ matrix_synapse_ext_path }}/rest_auth_provider.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py', 'options': 'ro'}] }} | ||||
|       {{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] }} | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_additional_loggers: > | ||||
|       {{ matrix_synapse_additional_loggers }} | ||||
|       + | ||||
|   | ||||
| @@ -17,13 +17,11 @@ | ||||
| - set_fact: | ||||
|     matrix_synapse_password_providers_enabled: true | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_container_additional_volumes: > | ||||
|       {{ matrix_synapse_container_additional_volumes }} | ||||
|     matrix_synapse_container_extra_arguments: > | ||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||
|       + | ||||
|       {{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py', 'options': 'ro'}] }} | ||||
|       {{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] }} | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_synapse_additional_loggers: > | ||||
|       {{ matrix_synapse_additional_loggers }} | ||||
|       + | ||||
|   | ||||
| @@ -15,7 +15,7 @@ | ||||
|       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). | ||||
|   when: "item.old in vars" | ||||
|   with_items: | ||||
|     - {'old': 'matrix_synapse_container_expose_api_port', 'new': 'matrix_synapse_container_expose_client_api_port'} | ||||
|     - {'old': 'matrix_synapse_container_expose_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'} | ||||
|     - {'old': 'matrix_synapse_no_tls', 'new': '<removed>'} | ||||
|     - {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'} | ||||
|     - {'old': 'matrix_alias_creation_rules', 'new': 'matrix_synapse_alias_creation_rules'} | ||||
| @@ -27,3 +27,6 @@ | ||||
|     - {'old': 'matrix_synapse_federation_rc_sleep_delay', 'new': '<sleep_delay subkey of matrix_synapse_rc_federation>'} | ||||
|     - {'old': 'matrix_synapse_federation_rc_reject_limit', 'new': '<reject_limit subkey of matrix_synapse_rc_federation>'} | ||||
|     - {'old': 'matrix_synapse_federation_rc_concurrent', 'new': '<concurrent subkey of matrix_synapse_rc_federation>'} | ||||
|     - {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'} | ||||
|     - {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'} | ||||
|     - {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'} | ||||
|   | ||||
| @@ -893,7 +893,7 @@ report_stats: {{ matrix_synapse_report_stats|to_json }} | ||||
|  | ||||
| # A list of application service config files to use | ||||
| # | ||||
| app_service_config_files: {{ matrix_synapse_app_service_config_files }} | ||||
| app_service_config_files: {{ matrix_synapse_app_service_config_files|to_json }} | ||||
|  | ||||
| # Uncomment to enable tracking of application service IP addresses. Implicitly | ||||
| # enables MAU tracking for application service users. | ||||
|   | ||||
| @@ -29,17 +29,17 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ | ||||
| 			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ | ||||
| 			--network={{ matrix_docker_network }} \ | ||||
| 			-e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \ | ||||
| 			{% if matrix_synapse_container_expose_client_api_port %} | ||||
| 			-p 127.0.0.1:8008:8008 \ | ||||
| 			{% if matrix_synapse_container_client_api_host_bind_port %} | ||||
| 			-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ | ||||
| 			{% endif %} | ||||
| 			{% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled %} | ||||
| 			-p 8448:8448 \ | ||||
| 			{% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %} | ||||
| 			-p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:8448 \ | ||||
| 			{% endif %} | ||||
| 			{% if matrix_synapse_federation_enabled and matrix_synapse_container_expose_federation_api_port %} | ||||
| 			-p 127.0.0.1:8048:8048 \ | ||||
| 			{% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} | ||||
| 			-p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:8048 \ | ||||
| 			{% endif %} | ||||
| 			{% if matrix_synapse_container_expose_metrics_port %} | ||||
| 			-p 127.0.0.1:{{ matrix_synapse_metrics_port }}:{{ matrix_synapse_metrics_port }} \ | ||||
| 			{% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %} | ||||
| 			-p {{ matrix_synapse_container_metrics_api_host_bind_port }}:{{ matrix_synapse_metrics_port }} \ | ||||
| 			{% endif %} | ||||
| 			-v {{ matrix_synapse_config_dir_path }}:/data:ro \ | ||||
| 			-v {{ matrix_synapse_run_path }}:/matrix-run:rw \ | ||||
|   | ||||
		Reference in New Issue
	
	Block a user