From e894befd87dce731debad58e77fd0de33e303732 Mon Sep 17 00:00:00 2001 From: Scott Crossen Date: Sat, 7 Nov 2020 17:34:16 -0800 Subject: [PATCH] Updates to reviewer comments --- ...md => configuring-playbook-dynamic-dns.md} | 13 ++++---- docs/configuring-playbook.md | 2 +- group_vars/matrix_servers | 17 +++++++++++ roles/matrix-dynamic-dns/defaults/main.yml | 14 ++------- roles/matrix-dynamic-dns/tasks/install.yml | 2 +- .../tasks/validate_config.yml | 10 +++---- .../templates/ddclient.conf.j2 | 30 ++++++++++++------- .../systemd/matrix-dynamic-dns.service.j2 | 3 -- ...tup_ssl_lets_encrypt_obtain_for_domain.yml | 12 ++++++++ 9 files changed, 66 insertions(+), 37 deletions(-) rename docs/{configuring-playbook-budget-builds.md => configuring-playbook-dynamic-dns.md} (65%) diff --git a/docs/configuring-playbook-budget-builds.md b/docs/configuring-playbook-dynamic-dns.md similarity index 65% rename from docs/configuring-playbook-budget-builds.md rename to docs/configuring-playbook-dynamic-dns.md index 318c3c0c..1047eaf1 100644 --- a/docs/configuring-playbook-budget-builds.md +++ b/docs/configuring-playbook-dynamic-dns.md @@ -1,6 +1,6 @@ -# Tips for deploying Matrix on a Budget +# Dynamic DNS -## Dynamic DNS +## Setup Most cloud providers / ISPs will charge you extra for a static IP address. If you're not hosting a highly reliable homeserver you can workaround this via dynamic DNS. To @@ -9,13 +9,14 @@ google domains, this process is described [here](https://support.google.com/doma After you've gotten the proper credentials you can add the following config to your inventory/host_vars/matrix.DOMAIN/vars.yml: ``` -matrix_dynamic_dns_username: XXXXXXXXXXXXXXXX -matrix_dynamic_dns_password: XXXXXXXXXXXXXXXX -matrix_dynamic_dns_provider: 'domains.google.com' +matrix_dynamic_dns_domain_configurations: | + {{ + [{'provider': 'domains.google.com', 'protocol': 'dyndn2', 'username': 'XXXXXXXXXXXXXXXX', 'password': 'XXXXXXXXXXXXXXXX', 'domain': matrix_domain}] + }} ``` ## Additional Reading Additional resources: -- https://matrix.org/docs/guides/free-small-matrix-server \ No newline at end of file +- https://matrix.org/docs/guides/free-small-matrix-server diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 8b0c5537..7ef58b2f 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -33,7 +33,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional) -- [Setting up budget builds or resource-constrained builds](configuring-playbook-budget-builds.md) (optional) +- [Setting Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional) ### Core service adjustments diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 00cdbdfb..2be361c9 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -619,6 +619,23 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{ 8048 if mat ###################################################################### + +###################################################################### +# +# matrix-dynamic-dns +# +###################################################################### + +matrix_dynamic_dns_domain_configurations: [] + +###################################################################### +# +# /matrix-dynamic-dns +# +###################################################################### + + + ###################################################################### # # matrix-email2matrix diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index e57b47da..8c86d35c 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -1,11 +1,11 @@ # Whether dynamic dns is enabled -matrix_dynamic_dns_enabled: false +matrix_dynamic_dns_enabled: "{{ matrix_dynamic_dns_domain_configurations is defined }}" # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' # The docker container to use when in mode -matrix_dynamic_dns_docker_image: 'linuxserver/ddclient' +matrix_dynamic_dns_docker_image: 'linuxserver/ddclient:v3.9.1-ls45' # The image to force pull matrix_dynamic_dns_docker_image_force_pull: "{{ matrix_dynamic_dns_docker_image.endswith(':latest') }}" @@ -28,13 +28,5 @@ matrix_dynamic_dns_config_path: "{{ matrix_dynamic_dns_base_path }}/config" matrix_dynamic_dns_docker_src_files_path: "{{ matrix_dynamic_dns_base_path }}/docker-src" # Config options +matrix_dynamic_dns_additional_configuration_blocks: [] matrix_dynamic_dns_use: "web" -matrix_dynamic_dns_static: false -matrix_dynamic_dns_custom: false -matrix_dynamic_dns_zone: "" -matrix_dynamic_dns_ttl: "" -matrix_dynamic_dns_mx: "" -matrix_dynamic_dns_wildcard: false -matrix_dynamic_dns_protocol: 'dyndns2' -matrix_dynamic_dns_provider: 'domains.google.com' -matrix_dynamic_dns_domain: '{{ matrix_domain }}' diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index 816dc7c3..225738bf 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -12,7 +12,7 @@ file: path: "{{ item.path }}" state: directory - mode: 0750 + mode: 0751 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: diff --git a/roles/matrix-dynamic-dns/tasks/validate_config.yml b/roles/matrix-dynamic-dns/tasks/validate_config.yml index 2895f407..c6e4c4a6 100644 --- a/roles/matrix-dynamic-dns/tasks/validate_config.yml +++ b/roles/matrix-dynamic-dns/tasks/validate_config.yml @@ -1,10 +1,10 @@ --- -- name: Fail if required settings not defined +- name: Fail if required settings not defined in configuration blocks fail: msg: >- You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - "matrix_dynamic_dns_domain" - - "matrix_dynamic_dns_provider" + when: "'domain' not in configuration == '' or 'provider' not in configuration == '' or 'protocol' not in configuration == ''" + with_items: "{{ matrix_dynamic_dns_domain_configurations }}" + loop_control: + loop_var: configuration diff --git a/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 b/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 index 651712db..1480d834 100644 --- a/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 +++ b/roles/matrix-dynamic-dns/templates/ddclient.conf.j2 @@ -3,14 +3,24 @@ syslog=no pid=/var/run/ddclient/ddclient.pid ssl=yes use={{ matrix_dynamic_dns_use }} -protocol={{ matrix_dynamic_dns_protocol }} -server={{ matrix_dynamic_dns_provider }} {% if matrix_dynamic_dns_username %} -login='{{ matrix_dynamic_dns_username }}' {% endif %} {% if matrix_dynamic_dns_username %} -password='{{ matrix_dynamic_dns_password }}' {% endif %} {% if matrix_dynamic_dns_static %} -static=yes {% endif %} {% if matrix_dynamic_dns_custom %} -custom=yes {% endif %} {% if matrix_dynamic_dns_zone %} -zone={{ matrix_dynamic_dns_zone }} {% endif %} {% if matrix_dynamic_dns_ttl %} -ttl={{ matrix_dynamic_dns_ttl }} {% endif %} {% if matrix_dynamic_dns_mx %} -mx={{ matrix_dynamic_dns_mx }} {% endif %} {% if matrix_dynamic_dns_wildcard %} + +{% for dynamic_dns_domain_configuration in matrix_dynamic_dns_domain_configurations %} +protocol={{ dynamic_dns_domain_configuration.protocol }} +server={{ dynamic_dns_domain_configuration.provider }} {% if 'username' in dynamic_dns_domain_configuration %} +login='{{ dynamic_dns_domain_configuration.username }}' {% endif %} {% if 'password' in dynamic_dns_domain_configuration %} +password='{{ dynamic_dns_domain_configuration.password }}' {% endif %} {% if 'static' in dynamic_dns_domain_configuration %} +static=yes {% endif %} {% if 'custom' in dynamic_dns_domain_configuration %} +custom=yes {% endif %} {% if 'zone' in dynamic_dns_domain_configuration %} +zone={{ dynamic_dns_domain_configuration.zone }} {% endif %} {% if 'ttl' in dynamic_dns_domain_configuration %} +ttl={{ dynamic_dns_domain_configuration.ttl }} {% endif %} {% if 'mx' in dynamic_dns_domain_configuration %} +mx={{ dynamic_dns_domain_configuration.mx }} {% endif %} {% if 'wildcard' in dynamic_dns_domain_configuration %} wildcard=yes {% endif %} -{{ matrix_dynamic_dns_domain }} +{{ dynamic_dns_domain_configuration.domain }} + +{% endfor %} + + +{% for matrix_dynamic_dns_additional_configuration in matrix_dynamic_dns_additional_configuration_blocks %} +{{ matrix_dynamic_dns_additional_configuration }} + +{% endfor %} diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 index 9c11e148..7e73b587 100644 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -15,12 +15,9 @@ ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dynamic-dns ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dynamic-dns ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ --network={{ matrix_docker_network }} \ -e PUID={{ matrix_user_uid }} \ -e PGID={{ matrix_user_gid }} \ - -e CONFIG_PATH=/config/config.yaml \ -v {{ matrix_dynamic_dns_config_path }}:/config:z \ {% for arg in matrix_dynamic_dns_container_extra_arguments %} {{ arg }} \ diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index e80b655d..0c12fa93 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -12,6 +12,18 @@ - set_fact: domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}" +- name: Ensure dynamic dns has ran + service: + name: "dynamic-dns" + state: started + register: dynamic_dns_service_update + when: "domain_name_needs_cert|bool and matrix_dynamic_dns_enabled|bool" + +- name: Sleep for 60 seconds so that DNS records can be updated + wait_for: + timeout: 60 + when: dynamic_dns_service_update.changed + # This will fail if there is something running on port 80 (like matrix-nginx-proxy). # We suppress the error, as we'll try another method below. - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)