From 964aa0e84d82161adf4f3b1d5290d94952be9a85 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Feb 2023 09:54:33 +0200 Subject: [PATCH] Switch to using an external Ntfy role The newly extracted role also has native Traefik support, so we no longer need to rely on `matrix-nginx-proxy` for reverse-proxying to Ntfy. The new role uses port `80` inside the container (not `8080`, like before), because that's the default assumption of the officially published container image. Using a custom port (like `8080`), means the default healthcheck command (which hardcodes port `80`) doesn't work. Instead of fiddling to override the healthcheck command, we've decided to stick to the default port instead. This only affects the inside-the-container port, not any external ports. The new role also supports adding the network ranges of the container's multiple additional networks as "exempt hosts". Previously, only one network's address range was added to "exempt hosts". --- CHANGELOG.md | 11 ++++ docs/configuring-playbook-ntfy.md | 17 +++--- group_vars/matrix_servers | 45 +++++++++++---- playbooks/matrix.yml | 2 +- requirements.yml | 3 + .../matrix-nginx-proxy/defaults/main.yml | 5 -- .../matrix-nginx-proxy/templates/labels.j2 | 12 ---- .../nginx/conf.d/matrix-ntfy.conf.j2 | 2 +- roles/custom/matrix-ntfy/defaults/main.yml | 56 ------------------- roles/custom/matrix-ntfy/tasks/main.yml | 23 -------- roles/custom/matrix-ntfy/tasks/self_check.yml | 27 --------- .../matrix-ntfy/tasks/setup_install.yml | 38 ------------- .../matrix-ntfy/tasks/setup_uninstall.yml | 25 --------- .../matrix-ntfy/templates/ntfy/server.yml.j2 | 11 ---- .../templates/systemd/matrix-ntfy.service.j2 | 39 ------------- .../defaults/main.yml | 3 + .../tasks/validate_config.yml | 17 +++++- 17 files changed, 78 insertions(+), 258 deletions(-) delete mode 100644 roles/custom/matrix-ntfy/defaults/main.yml delete mode 100644 roles/custom/matrix-ntfy/tasks/main.yml delete mode 100644 roles/custom/matrix-ntfy/tasks/self_check.yml delete mode 100644 roles/custom/matrix-ntfy/tasks/setup_install.yml delete mode 100644 roles/custom/matrix-ntfy/tasks/setup_uninstall.yml delete mode 100644 roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 delete mode 100644 roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index f6b76e10..493315b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2023-02-17 + +## The matrix-ntfy role lives independently now + +**TLDR**: the `matrix-ntfy` role is now included from another repository. Some variables have been renamed. All functionality remains intact. + +The `matrix-ntfy` role (which configures [Ntfy](https://ntfy.sh/)) has been extracted from the playbook and now lives in its [own repository](https://gitlab.com/etke.cc/roles/ntfy). This makes it possible to easily use it in other Ansible playbooks. + +You need to **update you roles** (`just roles` or `make roles`) regardless of whether you're enabling Ntfy or not. If you're making use of Ntfy via this playbook, you will need to update variable references in your `vars.yml` file (`matrix_ntfy_` -> `ntfy_`). + + # 2023-02-15 ## The matrix-grafana role lives independently now diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index a5aec60b..27d2fb12 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -15,17 +15,20 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml # Enabling it is the only required setting -matrix_ntfy_enabled: true +ntfy_enabled: true -# Some other options -matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" -matrix_ntfy_configuration_extension_yaml: | - log_level: DEBUG +# This is the default hostname. +# Uncomment the line below and change it, if you'd like. +# matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" + +# Uncomment and change to inject additional configuration options. +# ntfy_configuration_extension_yaml: | +# log_level: DEBUG ``` -For a more complete list of variables that you could override, see `roles/custom/matrix-ntfy/defaults/main.yml`. +For a more complete list of variables that you could override, see the [`defaults/main.yml` file](https://gitlab.com/etke.cc/roles/ntfy/-/blob/main/defaults/main.yml) of the ntfy Ansible role. -For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). +For a complete list of ntfy config options that you could put in `ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). ## Installing diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e55bade9..32b99629 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -326,7 +326,7 @@ devture_systemd_service_manager_services_list_auto: | + (matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable') | list ) + - ([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else []) + ([{'name': (ntfy_identifier + '.service'), 'priority': 800, 'groups': ['matrix', 'ntfy']}] if ntfy_enabled else []) + ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else []) + @@ -2379,8 +2379,8 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_s matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" -matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}" -matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}" +matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" +matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}" @@ -2389,9 +2389,9 @@ matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_jitsi_manage_wellknown: "{{ matrix_jitsi_require_well_known }}" -matrix_nginx_proxy_proxy_grafana_enabled: "{{ grafana_enabled }}" +matrix_nginx_proxy_proxy_grafana_enabled: "{{ grafana_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}" -matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}" +matrix_nginx_proxy_proxy_ntfy_enabled: "{{ ntfy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_nginx_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" @@ -2404,7 +2404,6 @@ matrix_nginx_proxy_container_labels_traefik_proxy_etherpad_enabled: "{{ matrix_e matrix_nginx_proxy_container_labels_traefik_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_container_labels_traefik_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}" -matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -2486,7 +2485,7 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-sygnal.service'] if matrix_sygnal_enabled else []) + - (['matrix-ntfy.service'] if matrix_ntfy_enabled else []) + ([(ntfy_identifier + '.service')] if ntfy_enabled else []) + (['matrix-jitsi.service'] if matrix_jitsi_enabled else []) + @@ -2523,7 +2522,7 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else []) + - ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + ([ntfy_hostname] if ntfy_enabled else []) + (matrix_bot_postmoogle_domains if matrix_bot_postmoogle_enabled else []) + @@ -2886,17 +2885,39 @@ matrix_sygnal_container_http_host_bind_port: "{{ (matrix_playbook_service_host_b ###################################################################### # -# matrix-ntfy +# etke/ntfy # ###################################################################### -matrix_ntfy_enabled: false +ntfy_enabled: false -matrix_ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '2586') if matrix_playbook_service_host_bind_interface_prefix else '' }}" +ntfy_identifier: matrix-ntfy + +ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" + +ntfy_uid: "{{ matrix_user_uid }}" +ntfy_gid: "{{ matrix_user_gid }}" + +ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" + +ntfy_container_network: "{{ matrix_nginx_proxy_container_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else ntfy_identifier }}" + +ntfy_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}" + +ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '2586') if matrix_playbook_service_host_bind_interface_prefix else '' }}" + +ntfy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" +ntfy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +ntfy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" + +ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: | + {{ + [matrix_server_fqn_matrix] + }} ###################################################################### # -# /matrix-ntfy +# /etky/ntfy # ###################################################################### diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index f5e21493..f6a83ccb 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -105,7 +105,7 @@ - custom/matrix-etherpad - custom/matrix-email2matrix - custom/matrix-sygnal - - custom/matrix-ntfy + - galaxy/ntfy - custom/matrix-nginx-proxy - custom/matrix-coturn - custom/matrix-aux diff --git a/requirements.yml b/requirements.yml index 716b7c6e..54c172ec 100644 --- a/requirements.yml +++ b/requirements.yml @@ -42,6 +42,9 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v9.3.6-1 +- src: git+https://gitlab.com/etke.cc/roles/ntfy.git + version: v2.0.0-0 + - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git version: fb09fd26f877372417d5586f1e79e83f983f0bd6 diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 38afb3c4..b656f074 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -91,11 +91,6 @@ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname: "{{ matrix_se matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}" matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_sygnal_hostname }}`)" -matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled: false -matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" -matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls: "{{ matrix_nginx_proxy_container_labels_traefik_entrypoints != 'web' }}" -matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule: "Host(`{{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_hostname }}`)" - # matrix_nginx_proxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. # See `../templates/labels.j2` for details. # diff --git a/roles/custom/matrix-nginx-proxy/templates/labels.j2 b/roles/custom/matrix-nginx-proxy/templates/labels.j2 index 4565da19..1e60ba6d 100644 --- a/roles/custom/matrix-nginx-proxy/templates/labels.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/labels.j2 @@ -109,18 +109,6 @@ traefik.http.routers.matrix-nginx-proxy-sygnal.entrypoints={{ matrix_nginx_proxy {% endif %} -{% if matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_enabled %} -# ntfy -traefik.http.routers.matrix-nginx-proxy-ntfy.rule={{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_rule }} -traefik.http.routers.matrix-nginx-proxy-ntfy.service=matrix-nginx-proxy-web -traefik.http.routers.matrix-nginx-proxy-ntfy.tls={{ matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls | to_json }} -{% if matrix_nginx_proxy_container_labels_traefik_proxy_ntfy_tls %} -traefik.http.routers.matrix-nginx-proxy-ntfy.tls.certResolver={{ matrix_nginx_proxy_container_labels_traefik_tls_certResolver }} -{% endif %} -traefik.http.routers.matrix-nginx-proxy-ntfy.entrypoints={{ matrix_nginx_proxy_container_labels_traefik_entrypoints }} -{% endif %} - - traefik.http.services.matrix-nginx-proxy-web.loadbalancer.server.port=8080 {% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index fbae47e1..7d5c8a0e 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -21,7 +21,7 @@ {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; - set $backend "matrix-ntfy:8080"; + set $backend "matrix-ntfy:80"; proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} diff --git a/roles/custom/matrix-ntfy/defaults/main.yml b/roles/custom/matrix-ntfy/defaults/main.yml deleted file mode 100644 index e0c90f5f..00000000 --- a/roles/custom/matrix-ntfy/defaults/main.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Project source code URL: https://github.com/binwiederhier/ntfy - -matrix_ntfy_enabled: true - -matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" -matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config" -matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" - -matrix_ntfy_version: v2.0.0 -matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" -matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" - -# Public facing base URL of the ntfy service -matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" - -# Rate limits - -matrix_ntfy_global_topic_limit: 15000 # default -matrix_ntfy_visitor_subscription_limit: 30 # default -matrix_ntfy_visitor_request_limit_burst: 60 # default -matrix_ntfy_visitor_request_limit_replenish: "5s" # default - - -# Controls whether the container exposes its HTTP port (tcp/80 in the container). -# -# Takes an ":" or "" value (e.g. "127.0.0.1:2586"), or empty string to not expose. -matrix_ntfy_container_http_host_bind_port: '' - -# A list of extra arguments to pass to the container (`docker run` command) -matrix_ntfy_container_extra_arguments: [] - -# Controls whether the self-check feature should validate SSL certificates. -matrix_ntfy_self_check_validate_certificates: true - -# Default ntfy configuration template which covers the generic use case. -# You can customize it by controlling the various variables inside it. -# -# For a more advanced customization, you can extend the default (see `matrix_ntfy_configuration_extension_yaml`) -# or completely replace this variable with your own template. -matrix_ntfy_configuration_yaml: "{{ lookup('template', 'templates/ntfy/server.yml.j2') }}" - -matrix_ntfy_configuration_extension_yaml: | - # Your custom YAML configuration for ntfy goes here. - # This configuration extends the default starting configuration (`matrix_ntfy_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_ntfy_configuration_yaml`. - -matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml | from_yaml if matrix_ntfy_configuration_extension_yaml | from_yaml is mapping else {} }}" - -# Holds the final ntfy configuration (a combination of the default and its extension). -# You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`. -matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml | from_yaml | combine(matrix_ntfy_configuration_extension, recursive=True) }}" diff --git a/roles/custom/matrix-ntfy/tasks/main.yml b/roles/custom/matrix-ntfy/tasks/main.yml deleted file mode 100644 index 85d80841..00000000 --- a/roles/custom/matrix-ntfy/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -- block: - - when: matrix_ntfy_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" - tags: - - setup-all - - setup-ntfy - - install-all - - install-ntfy - -- block: - - when: not matrix_ntfy_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - tags: - - setup-all - - setup-ntfy - -- block: - - when: matrix_ntfy_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml" - tags: - - self-check diff --git a/roles/custom/matrix-ntfy/tasks/self_check.yml b/roles/custom/matrix-ntfy/tasks/self_check.yml deleted file mode 100644 index bdbd666a..00000000 --- a/roles/custom/matrix-ntfy/tasks/self_check.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -# Query an arbitrary ntfy topic using ntfy's UnifiedPush topic name syntax. -# Expect an empty response (because we query 'since=1s'). - -- ansible.builtin.set_fact: - matrix_ntfy_url_endpoint_public: "{{ matrix_ntfy_base_url }}/upSELFCHECK123/json?poll=1&since=1s" - -- name: Check ntfy - ansible.builtin.uri: - url: "{{ matrix_ntfy_url_endpoint_public }}" - follow_redirects: none - validate_certs: "{{ matrix_ntfy_self_check_validate_certificates }}" - register: matrix_ntfy_self_check_result - check_mode: false - ignore_errors: true - delegate_to: 127.0.0.1 - become: false - -- name: Fail if ntfy not working - ansible.builtin.fail: - msg: "Failed checking ntfy is up at `{{ matrix_server_fqn_ntfy }}` (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`). Is ntfy running? Is port 443 open in your firewall? Full error: {{ matrix_ntfy_self_check_result }}" - when: "matrix_ntfy_self_check_result.failed" - -- name: Report working ntfy - ansible.builtin.debug: - msg: "ntfy at `{{ matrix_server_fqn_ntfy }}` is working (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`)" diff --git a/roles/custom/matrix-ntfy/tasks/setup_install.yml b/roles/custom/matrix-ntfy/tasks/setup_install.yml deleted file mode 100644 index 38adb122..00000000 --- a/roles/custom/matrix-ntfy/tasks/setup_install.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- - -- name: Ensure matrix-ntfy image is pulled - community.docker.docker_image: - name: "{{ matrix_ntfy_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure matrix-ntfy paths exists - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_ntfy_base_path }}" - - "{{ matrix_ntfy_config_dir_path }}" - - "{{ matrix_ntfy_data_path }}" - -- name: Ensure matrix-ntfy config installed - ansible.builtin.copy: - content: "{{ matrix_ntfy_configuration | to_nice_yaml(indent=2, width=999999) }}" - dest: "{{ matrix_ntfy_config_dir_path }}/server.yml" - mode: 0644 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - -- name: Ensure matrix-ntfy.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" - mode: 0644 diff --git a/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml b/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml deleted file mode 100644 index afd826f8..00000000 --- a/roles/custom/matrix-ntfy/tasks/setup_uninstall.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: Check existence of matrix-ntfy service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" - register: matrix_ntfy_service_stat - -- when: matrix_ntfy_service_stat.stat.exists | bool - block: - - name: Ensure matrix-ntfy is stopped - ansible.builtin.service: - name: matrix-ntfy - state: stopped - enabled: false - daemon_reload: true - - - name: Ensure matrix-ntfy.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-ntfy.service" - state: absent - - - name: Ensure matrix-ntfy path doesn't exist - ansible.builtin.file: - path: "{{ matrix_ntfy_base_path }}" - state: absent diff --git a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 deleted file mode 100644 index 9815fd6b..00000000 --- a/roles/custom/matrix-ntfy/templates/ntfy/server.yml.j2 +++ /dev/null @@ -1,11 +0,0 @@ -base_url: {{ matrix_ntfy_base_url }} -behind_proxy: true -cache_file: /data/cache.db -listen-http: :8080 - -# Rate Limits -global-topic-limit: {{ matrix_ntfy_global_topic_limit | to_json }} -visitor-subscription-limit: {{ matrix_ntfy_visitor_subscription_limit | to_json }} - -visitor-request-limit-burst: {{ matrix_ntfy_visitor_request_limit_burst | to_json }} -visitor-request-limit-replenish: "{{ matrix_ntfy_visitor_request_limit_replenish }}" diff --git a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 deleted file mode 100644 index 5c2feac0..00000000 --- a/roles/custom/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ /dev/null @@ -1,39 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-ntfy -After=docker.service -Requires=docker.service -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' - -ExecStart={{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ntfy \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - --env NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS={{matrix_server_fqn_matrix}},localhost,$(docker network inspect {{matrix_docker_network}} -f "{% raw %}{{ (index .IPAM.Config 0).Subnet }}{% endraw %}") \ - {% for arg in matrix_ntfy_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_ntfy_container_http_host_bind_port %} - -p {{ matrix_ntfy_container_http_host_bind_port }}:8080 \ - {% endif %} - --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ - --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ - {{ matrix_ntfy_docker_image }} \ - serve' - -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-ntfy - -[Install] -WantedBy=multi-user.target diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml index 03867679..f8ccc88a 100644 --- a/roles/custom/matrix_playbook_migration/defaults/main.yml +++ b/roles/custom/matrix_playbook_migration/defaults/main.yml @@ -11,3 +11,6 @@ matrix_playbook_migration_matrix_backup_borg_migration_validation_enabled: true # Controls if (`matrix_grafana` -> `grafana`) validation will run. matrix_playbook_migration_matrix_grafana_migration_validation_enabled: true + +# Controls if (`matrix_ntfy` -> `ntfy`) validation will run. +matrix_playbook_migration_matrix_ntfy_migration_validation_enabled: true diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index 2ac04ece..80f10197 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -82,7 +82,7 @@ when: "matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_vars | length > 0" - when: matrix_playbook_migration_matrix_backup_borg_migration_validation_enabled | bool - block: + block:ntfy - ansible.builtin.set_fact: matrix_playbook_migration_backup_borg_migration_vars: |- {{ vars | dict2items | selectattr('key', 'match', 'matrix_backup_borg_.*') | list | items2dict }} @@ -110,3 +110,18 @@ Please change your configuration (vars.yml) to rename all variables (`matrix_grafana_` -> `grafana_`). We found usage of the following variables: {{ matrix_playbook_migration_grafana_migration_vars.keys() | join(', ') }} when: "matrix_playbook_migration_grafana_migration_vars | length > 0" + +- when: matrix_playbook_migration_matrix_ntfy_migration_validation_enabled | bool + block: + - ansible.builtin.set_fact: + matrix_playbook_migration_ntfy_migration_vars: |- + {{ vars | dict2items | selectattr('key', 'match', 'matrix_ntfy_.*') | list | items2dict }} + + - name: (Deprecation) Catch and report matrix_ntfy variables + ansible.builtin.fail: + msg: >- + The matrix-ntfy role that used to be part of this playbook has been replaced by https://gitlab.com/etke.cc/roles/ntfy. + The new role is compatible with the old one, but uses different names for its variables. + Please change your configuration (vars.yml) to rename all variables (`matrix_ntfy_` -> `ntfy_`). + We found usage of the following variables: {{ matrix_playbook_migration_ntfy_migration_vars.keys() | join(', ') }} + when: "matrix_playbook_migration_ntfy_migration_vars | length > 0"