diff --git a/CHANGELOG.md b/CHANGELOG.md index 790406f3..1aedacc3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -223,9 +223,9 @@ devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed. -Switching to Traefik will obtain new SSL certificates from Let's Encrypt (stored in `/devture-traefik/ssl/acme.json`). **The switch is reversible**. You can always go back to `playbook-managed-nginx` if Traefik is causing you trouble. +Switching to Traefik will obtain new SSL certificates from Let's Encrypt (stored in `/matrix/traefik/ssl/acme.json`). **The switch is reversible**. You can always go back to `playbook-managed-nginx` if Traefik is causing you trouble. -**Note**: toggling `matrix_playbook_reverse_proxy_type` between Traefik and nginx will uninstall the Traefik role and all of its data (under `/devture-traefik`), so you may run into a Let's Encrypt rate limit if you do it often. +**Note**: toggling `matrix_playbook_reverse_proxy_type` between Traefik and nginx will uninstall the Traefik role and all of its data (under `/matrix/traefik`), so you may run into a Let's Encrypt rate limit if you do it often. Treafik directly reverse-proxies to **some** services right now, but for most other services it goes through `matrix-nginx-proxy` (e.g. Traefik -> `matrix-nginx-proxy` -> [Ntfy](docs/configuring-playbook-ntfy.md)). So, even if you opt into Traefik, you'll still see `matrix-nginx-proxy` being installed in local-only mode. This will improve with time. diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 13d5f609..9fa9f84b 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -54,7 +54,7 @@ devture_traefik_ssl_dir_enabled: true # Tell Traefik to load our custom configuration file (certificates.yml). # The file is created below, in `matrix_aux_file_definitions`. -# The `/config/..` path is an in-container path, not a path on the host (like `/devture-traefik/config`). Do not change it! +# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it! devture_traefik_configuration_extension_yaml: | providers: file: @@ -85,7 +85,7 @@ matrix_aux_file_definitions: # HERE # Create the custom Traefik configuration. - # The `/ssl/..` paths below are in-container paths, not paths on the host (/`devture-traefik/ssl/..`). Do not change them! + # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them! - dest: "{{ devture_traefik_config_dir_path }}/certificates.yml" content: | tls: diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c9f78345..5c4c1bdd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -19,23 +19,9 @@ # Also see `devture_docker_sdk_for_python_installation_enabled`. matrix_playbook_docker_installation_enabled: true -# Controls whether to run the Traefik role or not -# See the `com.devture.ansible.role.traefik` section below for role configuration. -# -# There's a difference between `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`. -# `devture_traefik_enabled` controls what the Traefik role would do - when not enabled, it will run uninstall tasks, etc. -# `matrix_playbook_traefik_role_enabled` controls if the Traefik role would even run at all. -# -# Sometimes, you're installing Traefik via a different (related playbook) which uses the same role. -# In such cases, you'd like to disable the role in this playbook from bothering with Traefik at all (`matrix_playbook_traefik_role_enabled: false`). -# If you used `devture_traefik_enabled: false` + `matrix_playbook_traefik_role_enabled: true` instead, you'd see the Treafik role here -# try to delete Traefik data (`/devture-traefik`) installed by the other playbook. -matrix_playbook_traefik_role_enabled: "{{ matrix_playbook_reverse_proxy_type != 'other-traefik-container' }}" - # Controls whether to attach Traefik labels to services. -# This is separate from `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`, -# because you may wish to disable Traefik installation by the playbook, yet still use Traefik -# installed in another way. +# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook, +# yet still use Traefik installed in another way. matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" # Controls the additional network that reverse-proxyable services will be connected to. @@ -3854,8 +3840,6 @@ devture_container_socket_proxy_api_containers_enabled: true # # ######################################################################## -# To completely disable the Traefik role from running, use `matrix_playbook_traefik_role_enabled: false`. -# See the comment there for more details about why we have both `devture_traefik_enabled` and `matrix_playbook_traefik_role_enabled`. devture_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" devture_traefik_identifier: matrix-traefik diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 6e348df2..e72269ee 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -121,8 +121,7 @@ - role: galaxy/com.devture.ansible.role.container_socket_proxy - - when: matrix_playbook_traefik_role_enabled | bool - role: galaxy/com.devture.ansible.role.traefik + - role: galaxy/com.devture.ansible.role.traefik - role: galaxy/com.devture.ansible.role.traefik_certs_dumper diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 98a2167e..5e743925 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -284,7 +284,7 @@ matrix_homeserver_app_service_config_files_auto: [] # Valid options and a description of their behavior: # # - `playbook-managed-traefik` -# - the playbook will install devture-traefik +# - the playbook will run a managed Traefik instance (matrix-traefik) # - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`) # - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email` # - it will also install matrix-nginx-proxy in local-only mode, while we migrate the rest of the services to a Traefik-native mode of working diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index e2b29384..4a39e2c7 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -12,7 +12,7 @@ - setup-all - install-all -- when: matrix_playbook_traefik_role_enabled | bool +- when: devture_traefik_enabled | bool block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/devture_traefik_to_matrix_traefik.yml" tags: diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index 296f2daf..d8fe1683 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -37,6 +37,7 @@ - {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled'} - {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled'} - {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'devture_traefik_certs_dumper_enabled'} + - {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'devture_traefik_enabled'} - name: (Deprecation) Catch and report matrix_postgres variables ansible.builtin.fail: