Compare commits
No commits in common. 'housekeeping' and 'development' have entirely different histories.
housekeepi
...
developmen
@ -1,28 +0,0 @@
|
|||||||
import sys, main, os, uservar
|
|
||||||
|
|
||||||
key = os.environ.get('MATRIX_KEY')
|
|
||||||
|
|
||||||
def checks():
|
|
||||||
if uservar.ip is None:
|
|
||||||
print("ERROR: IP variable empty")
|
|
||||||
sys.exit()
|
|
||||||
|
|
||||||
if uservar.heisenberg_bridge == True and not uservar.heisenbridge_owner:
|
|
||||||
print("please fill in a matrix user")
|
|
||||||
sys.exit()
|
|
||||||
|
|
||||||
if uservar.appservice_discord_bridge and not uservar.appservice_discord_brige_client_id or not uservar.appservice_discord_bridge_token:
|
|
||||||
print("ERROR: fill out all appservice variables")
|
|
||||||
sys.exit()
|
|
||||||
|
|
||||||
if key is None and uservar.add_key == False:
|
|
||||||
homeserver_key = os.popen("pwgen -s 64 1").read()
|
|
||||||
homeserver_key = main.func(homeserver_key)
|
|
||||||
print("if ist durch")
|
|
||||||
with open('/home/{}/.bashrc'.format(main.user), 'a') as f:
|
|
||||||
f.write("export MATRIX_KEY={}".format(homeserver_key))
|
|
||||||
f.close()
|
|
||||||
elif key is not None and uservar.add_key == False:
|
|
||||||
homeserver_key = key
|
|
||||||
elif uservar.add_key == True:
|
|
||||||
homeserver_key = uservar.homeserver_key
|
|
@ -1,114 +0,0 @@
|
|||||||
# Setting up draupnir (optional)
|
|
||||||
|
|
||||||
The playbook can install and configure the [draupnir](https://github.com/Gnuxie/Draupnir) moderation bot for you.
|
|
||||||
|
|
||||||
See the project's [documentation](https://github.com/Gnuxie/Draupnir) to learn what it does and why it might be useful to you.
|
|
||||||
|
|
||||||
If your migrating from Mjolnir skip to step 5b.
|
|
||||||
|
|
||||||
## 1. Register the bot account
|
|
||||||
|
|
||||||
The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver.
|
|
||||||
|
|
||||||
You **need to register the bot user manually** before setting up the bot.
|
|
||||||
|
|
||||||
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
|
|
||||||
|
|
||||||
You can use the playbook to [register a new user](registering-users.md):
|
|
||||||
|
|
||||||
```
|
|
||||||
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
|
|
||||||
```
|
|
||||||
|
|
||||||
If you would like draupnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above.
|
|
||||||
|
|
||||||
|
|
||||||
## 2. Get an access token
|
|
||||||
|
|
||||||
Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
|
|
||||||
|
|
||||||
|
|
||||||
## 3. Make sure the account is free from rate limiting
|
|
||||||
|
|
||||||
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps.
|
|
||||||
|
|
||||||
1. Copy the statement below into a text editor.
|
|
||||||
|
|
||||||
```
|
|
||||||
INSERT INTO ratelimit_override VALUES ('@bot.draupnir:DOMAIN', 0, 0);
|
|
||||||
```
|
|
||||||
|
|
||||||
1. Change the username (`@bot.draupnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain.
|
|
||||||
|
|
||||||
1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal)
|
|
||||||
|
|
||||||
1. Connect to Synapse's database by typing `\connect synapse` into the database terminal
|
|
||||||
|
|
||||||
1. Paste in the `INSERT INTO` command that you edited and press enter.
|
|
||||||
|
|
||||||
You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this:
|
|
||||||
|
|
||||||
```
|
|
||||||
user_id | messages_per_second | burst_count
|
|
||||||
-----------------------+---------------------+-------------
|
|
||||||
@bot.draupnir:raim.ist | 0 | 0`
|
|
||||||
```
|
|
||||||
then you did it correctly.
|
|
||||||
|
|
||||||
|
|
||||||
## 4. Create a management room
|
|
||||||
|
|
||||||
Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet.
|
|
||||||
|
|
||||||
Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`.
|
|
||||||
|
|
||||||
Finally invite the `@bot.draupnir:DOMAIN` account you created earlier into the room.
|
|
||||||
|
|
||||||
|
|
||||||
## 5a. Adjusting the playbook configuration
|
|
||||||
|
|
||||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
|
||||||
|
|
||||||
You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with the your own values.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_bot_draupnir_enabled: true
|
|
||||||
|
|
||||||
matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE"
|
|
||||||
|
|
||||||
matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE"
|
|
||||||
```
|
|
||||||
|
|
||||||
## 5b. Migrating from Mjolnir (Only required if migrating.)
|
|
||||||
|
|
||||||
Replace your `matrix_bot_mjolnir` config with `matrix_bot_draupnir` config. Also disable mjolnir if you're doing migration.
|
|
||||||
That is all you need to do due to that Draupnir can complete migration on its own.
|
|
||||||
|
|
||||||
## 6. Installing
|
|
||||||
|
|
||||||
After configuring the playbook, run the [installation](installing.md) command:
|
|
||||||
|
|
||||||
```
|
|
||||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
You can refer to the upstream [documentation](https://github.com/Gnuxie/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot.
|
|
||||||
|
|
||||||
You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.
|
|
||||||
|
|
||||||
For example to change draupnir's `recordIgnoredInvites` option to `true` you would add the following to your `vars.yml` file.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_bot_draupnir_configuration_extension_yaml: |
|
|
||||||
# Your custom YAML configuration goes here.
|
|
||||||
# This configuration extends the default starting configuration (`matrix_bot_draupnir_configuration_yaml`).
|
|
||||||
#
|
|
||||||
# You can override individual variables from the default configuration, or introduce new ones.
|
|
||||||
#
|
|
||||||
# If you need something more special, you can take full control by
|
|
||||||
# completely redefining `matrix_bot_draupnir_configuration_yaml`.
|
|
||||||
recordIgnoredInvites: true
|
|
||||||
```
|
|
@ -1,65 +0,0 @@
|
|||||||
# Setting up Rageshake (optional)
|
|
||||||
|
|
||||||
The playbook can install and configure the [rageshake](https://github.com/matrix-org/rageshake) bug report server for you.
|
|
||||||
|
|
||||||
This is useful if you're developing your own applications and would like to collect bug reports for them.
|
|
||||||
|
|
||||||
|
|
||||||
## Decide on a domain and path
|
|
||||||
|
|
||||||
By default, Rageshake is configured to use its own dedicated domain (`rageshake.DOMAIN`) and requires you to [adjust your DNS records](#adjusting-dns-records).
|
|
||||||
|
|
||||||
You can override the domain and path like this:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
# Switch to the domain used for Matrix services (`matrix.DOMAIN`),
|
|
||||||
# so we won't need to add additional DNS records for Rageshake.
|
|
||||||
matrix_rageshake_hostname: "{{ matrix_server_fqn_matrix }}"
|
|
||||||
|
|
||||||
# Expose under the /rageshake subpath
|
|
||||||
matrix_rageshake_path_prefix: /rageshake
|
|
||||||
```
|
|
||||||
|
|
||||||
**NOTE**: When using `matrix-nginx-proxy` instead of Traefik, you won't be able to override the path prefix. You can only override the domain, but that needs to happen using another variable: `matrix_server_fqn_rageshake` (e.g. `matrix_server_fqn_rageshake: "some-domain.{{ matrix_domain }}"`).
|
|
||||||
|
|
||||||
|
|
||||||
## Adjusting DNS records
|
|
||||||
|
|
||||||
Once you've decided on the domain and path, **you may need to adjust your DNS** records to point the Rageshake domain to the Matrix server.
|
|
||||||
|
|
||||||
If you've decided to reuse the `matrix.` domain, you won't need to do any extra DNS configuration.
|
|
||||||
|
|
||||||
|
|
||||||
## Enabling the Rageshake service
|
|
||||||
|
|
||||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_rageshake_enabled: true
|
|
||||||
```
|
|
||||||
|
|
||||||
Rageshake has various options which don't have dedicated Ansible variables. You can see the full list of options in the [`rageshake.sample.yaml` file](https://github.com/matrix-org/rageshake/blob/master/rageshake.sample.yaml).
|
|
||||||
|
|
||||||
To set these, you can make use of the `matrix_rageshake_configuration_extension_yaml` variable like this:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_rageshake_configuration_extension_yaml: |
|
|
||||||
github_token: secrettoken
|
|
||||||
|
|
||||||
github_project_mappings:
|
|
||||||
my-app: octocat/HelloWorld
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Installing
|
|
||||||
|
|
||||||
After configuring the playbook, run the [installation](installing.md) command again:
|
|
||||||
|
|
||||||
```
|
|
||||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
Refer to the [rageshake documentation](https://github.com/matrix-org/rageshake) for available APIs, etc.
|
|
@ -1,62 +0,0 @@
|
|||||||
# Setting up Sliding Sync Proxy (optional)
|
|
||||||
|
|
||||||
The playbook can install and configure [sliding-sync](https://github.com/matrix-org/sliding-sync) proxy for you.
|
|
||||||
|
|
||||||
Sliding Sync is an implementation of [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md) and a prerequisite for running the new (**still beta**) Element X clients ([Element X iOS](https://github.com/vector-im/element-x-ios) and [Element X Android](https://github.com/vector-im/element-x-android)).
|
|
||||||
|
|
||||||
See the project's [documentation](https://github.com/matrix-org/sliding-sync) to learn more.
|
|
||||||
|
|
||||||
Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi).
|
|
||||||
|
|
||||||
Element X Android requires manual compilation to get it working with a non-`matrix.org` homeseserver. It's also less feature-complete than the iOS version.
|
|
||||||
|
|
||||||
**NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync.
|
|
||||||
|
|
||||||
|
|
||||||
## Decide on a domain and path
|
|
||||||
|
|
||||||
By default, the Sliding Sync proxy is configured to be served on the Matrix domain (`matrix.DOMAIN`, controlled by `matrix_server_fqn_matrix`), under the `/sliding-sync` path.
|
|
||||||
|
|
||||||
This makes it easy to set it up, **without** having to [adjust your DNS records](#adjusting-dns-records).
|
|
||||||
|
|
||||||
If you'd like to run the Sliding Sync proxy on another hostname or path, use the `matrix_sliding_sync_hostname` and `matrix_sliding_sync_path_prefix` variables.
|
|
||||||
|
|
||||||
|
|
||||||
## Adjusting DNS records
|
|
||||||
|
|
||||||
If you've changed the default hostame, **you may need to adjust your DNS** records.
|
|
||||||
|
|
||||||
|
|
||||||
## Adjusting the playbook configuration
|
|
||||||
|
|
||||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_sliding_sync_enabled: true
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Installing
|
|
||||||
|
|
||||||
After potentially [adjusting DNS records](#adjusting-dns-records) and configuring the playbook, run the [installation](installing.md) command again: `just install-all`.
|
|
||||||
|
|
||||||
### External databases
|
|
||||||
|
|
||||||
Please note that, if your setup utilizes an external database, you must also establish configuration for the sliding sync proxy. Alter the defaults below to suit your configuration:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_sliding_sync_database_username: 'matrix_sliding_sync'
|
|
||||||
matrix_sliding_sync_database_password: ''
|
|
||||||
matrix_sliding_sync_database_hostname: ''
|
|
||||||
matrix_sliding_sync_database_port: 5432
|
|
||||||
matrix_sliding_sync_database_name: 'matrix_sliding_sync'
|
|
||||||
```
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
You **don't need to do anything special** to make use of the Sliding Sync Proxy.
|
|
||||||
Simply open your client which supports Sliding Sync (like Element X) and log in.
|
|
||||||
|
|
||||||
When the Sliding Sync proxy is [installed](#installing), your `/.well-known/matrix/client` file is also updated. A new `org.matrix.msc3575.proxy` section and `url` property are added there and made to point to your Sliding Sync proxy's base URL (e.g. `https://matrix.DOMAIN/sliding-sync`).
|
|
||||||
|
|
||||||
This allows clients which support Sliding Sync to detect the Sliding Sync Proxy's URL and make use of it.
|
|
@ -1,100 +1,112 @@
|
|||||||
# Adjusting SSL certificate retrieval (optional, advanced)
|
# Adjusting SSL certificate retrieval (optional, advanced)
|
||||||
|
|
||||||
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (e.g. `matrix.<your-domain>` and others)
|
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `element.<your-domain>`)
|
||||||
|
|
||||||
This guide is about using the integrated Traefik server and doesn't apply if you're using [your own webserver](configuring-playbook-own-webserver.md).
|
Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
|
||||||
|
They can also be used for configuring [your own webserver](configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
|
||||||
|
|
||||||
|
If you need to retrieve certificates for other domains (e.g. your base domain) or more control over certificate retrieval, read below.
|
||||||
|
|
||||||
## Using staging Let's Encrypt certificates instead of real ones
|
Things discussed in this document:
|
||||||
|
|
||||||
For testing purposes, you may wish to use staging certificates provide by Let's Encrypt.
|
- [Using self-signed SSL certificates](#using-self-signed-ssl-certificates), if you can't use Let's Encrypt or just need a test setup
|
||||||
|
|
||||||
You can do this with the following configuration:
|
- [Using your own SSL certificates](#using-your-own-ssl-certificates), if you don't want to or can't use Let's Encrypt certificates, but are still interested in using the integrated nginx reverse proxy server
|
||||||
|
|
||||||
|
- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you
|
||||||
|
|
||||||
|
- [Obtaining SSL certificates for additional domains](#obtaining-ssl-certificates-for-additional-domains), if you'd like to host additional domains on the Matrix server and would like the playbook to help you obtain and renew certificates for those domains automatically
|
||||||
|
|
||||||
|
|
||||||
|
## Using self-signed SSL certificates
|
||||||
|
|
||||||
|
For private deployments (not publicly accessible from the internet), you may not be able to use Let's Encrypt certificates.
|
||||||
|
|
||||||
|
If self-signed certificates are alright with you, you can ask the playbook to generate such for you with the following configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
devture_traefik_config_certificatesResolvers_acme_use_staging: true
|
matrix_ssl_retrieval_method: self-signed
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If you get a `Cannot reach homeserver` error in Element, you will have to visit `https://matrix.<your-domain>` in your browser and agree to the certificate exception before you can login.
|
||||||
|
|
||||||
## Disabling SSL termination
|
|
||||||
|
|
||||||
For testing or other purposes, you may wish to install services without SSL termination and have services exposed to `http://` instead of `https://`.
|
## Using your own SSL certificates
|
||||||
|
|
||||||
You can do this with the following configuration:
|
If you'd like to manage SSL certificates by yourself and have the playbook use your certificate files, you can use the following configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
devture_traefik_config_entrypoint_web_secure_enabled: false
|
matrix_ssl_retrieval_method: manually-managed
|
||||||
```
|
```
|
||||||
|
|
||||||
|
With such a configuration, the playbook would expect you to drop the SSL certificate files in the directory specified by `matrix_ssl_config_dir_path` (`/matrix/ssl/config` by default) obeying the following hierarchy:
|
||||||
|
|
||||||
## Using self-signed SSL certificates
|
- `<matrix_ssl_config_dir_path>/live/<domain>/fullchain.pem`
|
||||||
|
- `<matrix_ssl_config_dir_path>/live/<domain>/privkey.pem`
|
||||||
|
- `<matrix_ssl_config_dir_path>/live/<domain>/chain.pem`
|
||||||
|
|
||||||
If you'd like to use your own SSL certificates, instead of the default (SSL certificates obtained automatically via [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) from [Let's Encrypt](https://letsencrypt.org/)):
|
where `<domain>` refers to the domains that you need (usually `matrix.<your-domain>` and `element.<your-domain>`).
|
||||||
|
|
||||||
- generate your self-signed certificate files
|
|
||||||
- follow the [Using your own SSL certificates](#using-your-own-ssl-certificates) documentation below
|
|
||||||
|
|
||||||
|
## Not bothering with SSL certificates
|
||||||
|
|
||||||
|
If you're [using an external web server](configuring-playbook-own-webserver.md) which is not nginx, or you would otherwise want to manage its certificates without this playbook getting in the way, you can completely disable SSL certificate management with the following configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_ssl_retrieval_method: none
|
||||||
|
```
|
||||||
|
|
||||||
|
With such a configuration, no certificates will be retrieved at all. You're free to manage them however you want.
|
||||||
|
|
||||||
|
|
||||||
|
## Obtaining SSL certificates for additional domains
|
||||||
|
|
||||||
|
The playbook tries to be smart about the certificates it will obtain for you.
|
||||||
|
|
||||||
|
By default, it obtains certificates for:
|
||||||
|
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
|
||||||
|
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
|
||||||
|
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
|
||||||
|
- possibly for `hydrogen.<your-domain>`, if you have explicitly [set up Hydrogen client](configuring-playbook-client-hydrogen.md).
|
||||||
|
- possibly for `cinny.<your-domain>`, if you have explicitly [set up Cinny client](configuring-playbook-client-cinny.md).
|
||||||
|
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
|
||||||
|
- possibly for `goneb.<your-domain>`, if you have explicitly [set up Go-NEB bot](configuring-playbook-bot-go-neb.md).
|
||||||
|
- possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
|
||||||
|
- possibly for `stats.<your-domain>`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md).
|
||||||
|
- possibly for `sygnal.<your-domain>`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md).
|
||||||
|
- possibly for `ntfy.<your-domain>`, if you have explicitly [set up ntfy](configuring-playbook-ntfy.md).
|
||||||
|
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
||||||
|
|
||||||
|
If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.
|
||||||
|
To do that, simply define your own custom configuration like this:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# In this example, we retrieve 2 extra certificates,
|
||||||
|
# one for the base domain (in the `matrix_domain` variable) and one for a hardcoded domain.
|
||||||
|
# Adding any other additional domains (hosted on the same machine) is possible.
|
||||||
|
matrix_ssl_additional_domains_to_obtain_certificates_for:
|
||||||
|
- '{{ matrix_domain }}'
|
||||||
|
- 'another.domain.example.com'
|
||||||
|
```
|
||||||
|
|
||||||
|
After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should:
|
||||||
|
|
||||||
|
- make sure the web server occupying port 80 is stopped. If you are using matrix-nginx-proxy server (which is the default for this playbook), you need to stop it temporarily by running `systemctl stop matrix-nginx-proxy` on the server.
|
||||||
|
|
||||||
|
- re-run the SSL part of the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-ssl,start`
|
||||||
|
|
||||||
|
The certificate files would be made available in `/matrix/ssl/config/live/<your-other-domain>/...`.
|
||||||
|
|
||||||
|
For automated certificate renewal to work, each port `80` vhost for each domain you are obtaining certificates for needs to forward requests for `/.well-known/acme-challenge` to the certbot container we use for renewal.
|
||||||
|
|
||||||
|
See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-domain.conf`
|
||||||
|
Don't be alarmed if the above configuration file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers.
|
||||||
|
|
||||||
## Using your own SSL certificates
|
|
||||||
|
|
||||||
To use your own SSL certificates with Traefik, you need to:
|
## Specify the SSL private key algorithm
|
||||||
|
|
||||||
- disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support
|
If you'd like to [specify the private key type](https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys) used with Let's Encrypt, define your own custom configuration like this:
|
||||||
- put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually
|
|
||||||
- register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)
|
|
||||||
- put the SSL files on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Disable ACME / Let's Encrypt support.
|
matrix_ssl_lets_encrypt_key_type: ecdsa
|
||||||
devture_traefik_config_certificatesResolvers_acme_enabled: false
|
|
||||||
|
|
||||||
# Disabling ACME support (above) automatically disables the creation of the SSL directory.
|
|
||||||
# Force-enable it here, because we'll add our certificate files there.
|
|
||||||
devture_traefik_ssl_dir_enabled: true
|
|
||||||
|
|
||||||
# Tell Traefik to load our custom configuration file (certificates.yml).
|
|
||||||
# The file is created below, in `matrix_aux_file_definitions`.
|
|
||||||
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
|
|
||||||
devture_traefik_configuration_extension_yaml: |
|
|
||||||
providers:
|
|
||||||
file:
|
|
||||||
filename: /config/certificates.yml
|
|
||||||
watch: true
|
|
||||||
|
|
||||||
# Use the matrix-aux role to create our custom files on the server.
|
|
||||||
# If you'd like to do this manually, you remove this `matrix_aux_file_definitions` variable.
|
|
||||||
matrix_aux_file_definitions:
|
|
||||||
# Create the privkey.pem file on the server by
|
|
||||||
# uploading a file from the computer where Ansible is running.
|
|
||||||
- dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
|
|
||||||
src: /path/on/your/Ansible/computer/to/privkey.pem
|
|
||||||
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
|
|
||||||
# Note the indentation level.
|
|
||||||
# content: |
|
|
||||||
# FILE CONTENT
|
|
||||||
# HERE
|
|
||||||
|
|
||||||
# Create the cert.pem file on the server
|
|
||||||
# uploading a file from the computer where Ansible is running.
|
|
||||||
- dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem"
|
|
||||||
src: /path/on/your/Ansible/computer/to/cert.pem
|
|
||||||
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
|
|
||||||
# Note the indentation level.
|
|
||||||
# content: |
|
|
||||||
# FILE CONTENT
|
|
||||||
# HERE
|
|
||||||
|
|
||||||
# Create the custom Traefik configuration.
|
|
||||||
# The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
|
|
||||||
- dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
|
|
||||||
content: |
|
|
||||||
tls:
|
|
||||||
certificates:
|
|
||||||
- certFile: /ssl/cert.pem
|
|
||||||
keyFile: /ssl/privkey.pem
|
|
||||||
stores:
|
|
||||||
default:
|
|
||||||
defaultCertificate:
|
|
||||||
certFile: /ssl/cert.pem
|
|
||||||
keyFile: /ssl/privkey.pem
|
|
||||||
```
|
```
|
||||||
|
@ -1,36 +0,0 @@
|
|||||||
# Setting up synapse_auto_compressor
|
|
||||||
|
|
||||||
The playbook can install and configure [synapse_auto_compressor](https://github.com/matrix-org/rust-synapse-compress-state/#automated-tool-synapse_auto_compressor) for you.
|
|
||||||
|
|
||||||
It's a CLI tool that automatically compresses Synapse's `state_groups` database table in the background.
|
|
||||||
|
|
||||||
See the project's [documentation](https://github.com/matrix-org/rust-synapse-compress-state/#automated-tool-synapse_auto_compressor) to learn what it does and why it might be useful to you.
|
|
||||||
|
|
||||||
|
|
||||||
## Adjusting the playbook configuration
|
|
||||||
|
|
||||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_synapse_auto_compressor_enabled: true
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Installing
|
|
||||||
|
|
||||||
After configuring the playbook, run the [installation](installing.md) command again:
|
|
||||||
|
|
||||||
```
|
|
||||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
After installation, `synapse_auto_compressor` will run automatically every day at `00:00:00` (as defined in `matrix_synapse_auto_compressor_calendar` by default).
|
|
||||||
|
|
||||||
## Manually start the tool
|
|
||||||
|
|
||||||
For testing your setup it can be helpful to not wait until 00:00. If you want to run the tool immediately, log onto the server
|
|
||||||
and run `systemctl start matrix-synapse-auto-compressor`. Running this command will not return control to your terminal until the compression run is done, which may take a long time.
|
|
||||||
Consider using [tmux](https://en.wikipedia.org/wiki/Tmux) if your SSH connection is unstable.
|
|
@ -1,50 +0,0 @@
|
|||||||
# Configure Traefik (optional, advanced)
|
|
||||||
|
|
||||||
By default, this playbook installs and manages a [Traefik](https://doc.traefik.io/traefik/) reverse-proxy server, powered by the [com.devture.ansible.role.traefik](https://github.com/devture/com.devture.ansible.role.traefik) Ansible role.
|
|
||||||
|
|
||||||
This Ansible role support various configuration options. Feel free to consult its `default/main.yml` variables file.
|
|
||||||
|
|
||||||
|
|
||||||
## Adjusting SSL certificate retrieval
|
|
||||||
|
|
||||||
See the dedicated [Adjusting SSL certificate retrieval](configuring-playbook-ssl-certificates.md) documentation page.
|
|
||||||
|
|
||||||
## Increase logging verbosity
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
devture_traefik_config_log_level: DEBUG
|
|
||||||
```
|
|
||||||
|
|
||||||
## Disable access logs
|
|
||||||
|
|
||||||
This will disable access logging.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
devture_traefik_config_accessLog_enabled: false
|
|
||||||
```
|
|
||||||
|
|
||||||
## Enable Traefik Dashboard
|
|
||||||
|
|
||||||
This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.DOMAIN/dashboard/` (note the trailing `/`).
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
devture_traefik_dashboard_enabled: true
|
|
||||||
devture_traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}"
|
|
||||||
devture_traefik_dashboard_basicauth_enabled: true
|
|
||||||
devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
|
|
||||||
devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
|
|
||||||
```
|
|
||||||
|
|
||||||
**WARNING**: enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts.
|
|
||||||
|
|
||||||
## Additional configuration
|
|
||||||
|
|
||||||
Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
# This is a contrived example.
|
|
||||||
# You can enable and secure the Dashboard using dedicated variables. See above.
|
|
||||||
devture_traefik_configuration_extension_yaml: |
|
|
||||||
api:
|
|
||||||
dashboard: true
|
|
||||||
```
|
|
@ -1,153 +0,0 @@
|
|||||||
# Setting up Matrix User Verification Service (optional)
|
|
||||||
|
|
||||||
**[Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) (hereafter: UVS) can only be installed after Matrix services are installed and running.**
|
|
||||||
If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later.
|
|
||||||
|
|
||||||
Currently, the main purpose of this role is to allow Jitsi to authenticate matrix users and check if they are authorized to join a conference. Please refer to the documentation of the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) to understand how it works.
|
|
||||||
|
|
||||||
**Note**: enabling Matrix User Verification Service, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled.
|
|
||||||
|
|
||||||
If the Jitsi server is also configured by this playbook, all plugging of variables and secrets is handled in `group_vars/matrix_servers`.
|
|
||||||
|
|
||||||
__Some general concepts of UVS may be helpful to understand the rest, so here they are:__
|
|
||||||
|
|
||||||
UVS can be used to verify two claims:
|
|
||||||
|
|
||||||
* (A) Whether a given OpenID token is valid for a given server and
|
|
||||||
* (B) whether a user is member of a given room and the corresponding PowerLevel
|
|
||||||
|
|
||||||
Verifying an OpenID token id done by finding the corresponding Homeserver via '.well-known/matrix/server' for the given domain.
|
|
||||||
The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this.
|
|
||||||
By default, this playbook only checks against `matrix_server_fqn_matrix`.
|
|
||||||
Therefore, the request will be made against the public openid API for `matrix_server_fqn_matrix`.
|
|
||||||
|
|
||||||
Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network.
|
|
||||||
UVS will verify the validity of the token beforehand though.
|
|
||||||
|
|
||||||
## Prerequisites
|
|
||||||
|
|
||||||
In order to use UVS, an admin token for the configured homeserver must be supplied. For now this means configuring Synapse and creating the token before installing UVS.
|
|
||||||
|
|
||||||
## Enable
|
|
||||||
|
|
||||||
<<<<<<< HEAD
|
|
||||||
[Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) installation is disabled by default unless required by Jitsi (see group_vars/matrix_servers).
|
|
||||||
=======
|
|
||||||
[Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service) installation is disabled by default.
|
|
||||||
>>>>>>> 413049feea13fe5bece06ae0c331514b62d706d2
|
|
||||||
You can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_user_verification_service_enabled: true
|
|
||||||
```
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
The only required configuration variable is `matrix_user_verification_service_uvs_access_token` (see below).
|
|
||||||
|
|
||||||
For a list of all configuration options see the role defaults [`roles/matrix-user-verification-service/defaults/main.yml`](../roles/custom/matrix-user-verification-service/defaults/main.yml).
|
|
||||||
But be aware of all the plugging happening in `group_vars/matrix_servers`.
|
|
||||||
|
|
||||||
In the default configuration, the UVS Server is only reachable via the docker network, which is fine if e.g. Jitsi is also running in a container on the host.
|
|
||||||
<<<<<<< HEAD
|
|
||||||
However, it is possible to expose UVS via setting `matrix_user_verification_service_container_http_host_bind_port`. Be aware that the normally used port (3000) may collide with Grafana.
|
|
||||||
|
|
||||||
### Access token
|
|
||||||
|
|
||||||
The Synapse Access Token is used to verify RoomMembership and PowerLevel against the configured homeserver_url (which is plugged in group_vars).
|
|
||||||
=======
|
|
||||||
However, it is possible to expose UVS via setting `matrix_user_verification_service_container_http_host_bind_port`.
|
|
||||||
|
|
||||||
### Access token
|
|
||||||
|
|
||||||
The Synapse Access Token is used to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`.
|
|
||||||
>>>>>>> 413049feea13fe5bece06ae0c331514b62d706d2
|
|
||||||
|
|
||||||
We recommend that you create a dedicated Matrix user for uvs (`uvs` is a good username).
|
|
||||||
Follow our [Registering users](registering-users.md) guide to register a user with administration privileges.
|
|
||||||
|
|
||||||
You are required to specify an access token (belonging to this new user) for UVS to work.
|
|
||||||
To get an access token for the UVS user, you can follow the documentation on [how to do obtain an access token](obtaining-access-tokens.md).
|
|
||||||
|
|
||||||
**Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.**
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_user_verification_service_uvs_access_token: "YOUR ACCESS TOKEN HERE"
|
|
||||||
```
|
|
||||||
|
|
||||||
<<<<<<< HEAD
|
|
||||||
### (Optional) Auth Token
|
|
||||||
|
|
||||||
It is possible to set an API Auth Token to restrict access to the UVS. If this is set, anyone making a request to UVS must provide it via the header "Authorization: Bearer TOKEN"
|
|
||||||
=======
|
|
||||||
### (Optional) Custom Auth Token
|
|
||||||
|
|
||||||
It is possible to set an API Auth Token to restrict access to the UVS. If this is enabled, anyone making a request to UVS must provide it via the header "Authorization: Bearer TOKEN"
|
|
||||||
>>>>>>> 413049feea13fe5bece06ae0c331514b62d706d2
|
|
||||||
|
|
||||||
By default, the token will be derived from `matrix_homeserver_generic_secret_key` in `group_vars/matrix_servers`.
|
|
||||||
To set your own Token, simply put the following in your host_vars.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_user_verification_service_uvs_auth_token: "TOKEN"
|
|
||||||
```
|
|
||||||
|
|
||||||
In case Jitsi is also managed by this playbook and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token.
|
|
||||||
|
|
||||||
<<<<<<< HEAD
|
|
||||||
=======
|
|
||||||
### (Optional) Disable Auth
|
|
||||||
Authorization is enabled by default. To disable set
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
matrix_user_verification_service_uvs_require_auth: false
|
|
||||||
```
|
|
||||||
|
|
||||||
in your host_vars.
|
|
||||||
|
|
||||||
>>>>>>> 413049feea13fe5bece06ae0c331514b62d706d2
|
|
||||||
### (Optional) Federation
|
|
||||||
|
|
||||||
In theory (however currently untested), UVS can handle federation. Simply set:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
<<<<<<< HEAD
|
|
||||||
matrix_user_verification_service_uvs_openid_verify_server_name: ~
|
|
||||||
```
|
|
||||||
|
|
||||||
using host_vars to override the group_vars.
|
|
||||||
=======
|
|
||||||
matrix_user_verification_service_uvs_pin_openid_verify_server_name: false
|
|
||||||
```
|
|
||||||
|
|
||||||
in your host_vars.
|
|
||||||
>>>>>>> 413049feea13fe5bece06ae0c331514b62d706d2
|
|
||||||
|
|
||||||
This will instruct UVS to verify the OpenID token against any domain given in a request.
|
|
||||||
Homeserver discovery is done via '.well-known/matrix/server' of the given domain.
|
|
||||||
|
|
||||||
## Installation
|
|
||||||
|
|
||||||
After these variables have been set, please run the following command to re-run setup and to restart UVS:
|
|
||||||
|
|
||||||
```
|
|
||||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-matrix-user-verification-service,start
|
|
||||||
```
|
|
||||||
|
|
||||||
## Logging
|
|
||||||
|
|
||||||
The configuration variable `UVS_LOG_LEVEL` can be set to:
|
|
||||||
- warning
|
|
||||||
- info
|
|
||||||
- debug
|
|
||||||
|
|
||||||
## TLS Certificate Checking
|
|
||||||
If the matrix Homeserver does not provide a valid TLS certificate, UVS will fail with the following error message:
|
|
||||||
|
|
||||||
> message: 'No response received: [object Object]',
|
|
||||||
|
|
||||||
This also applies to self-signed and let's encrypt staging certificates.
|
|
||||||
|
|
||||||
To disable certificate validation altogether (INSECURE! Not suitable for production use!) set: `NODE_TLS_REJECT_UNAUTHORIZED=0`
|
|
||||||
|
|
||||||
Alternatively, it is possible to inject your own CA certificates into the container by mounting a PEM file with additional trusted CAs into the container and pointing the `NODE_EXTRA_CA_CERTS` environment variable to it.
|
|
@ -1,17 +0,0 @@
|
|||||||
# Nginx reverse-proxy fronting the playbook's integrated Traefik reverse-proxy
|
|
||||||
|
|
||||||
This directory contains a sample config that shows you how use the [nginx](https://nginx.org/) webserver to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with another reverse-proxy.
|
|
||||||
|
|
||||||
|
|
||||||
## Prerequisite configuration
|
|
||||||
|
|
||||||
To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
|
|
||||||
|
|
||||||
|
|
||||||
## Using the nginx configuration
|
|
||||||
|
|
||||||
Copy the [matrix.conf](matrix.conf) file to your nginx server's filesystem, modify it to your needs and include it your nginx configuration (e.g. `include /path/to/matrix.conf;`).
|
|
||||||
|
|
||||||
This configuration **disables SSL certificate retrieval**, so you will **need to obtain SSL certificates manually** (e.g. by using [certbot](https://certbot.eff.org/)) and set the appropriate path in `matrix.conf`. In the example nginx configuration, a single certificate is used for all subdomains (`matrix.DOMAIN`, `element.DOMAIN`, etc.). For your setup, may wish to change this and use separate `server` blocks and separate certificate files for each host.
|
|
||||||
|
|
||||||
Also note that your copy of the `matrix.conf` file has to be adapted to whatever services you are using. For example, remove `element.domain.com` from the `server_name` list if you don't use [Element](../../docs/configuring-playbook-client-element.md) web client or add `dimension.domain.com` to it if you do use the [Dimension](../../docs/configuring-playbook-dimension.md) integration manager.
|
|
@ -1,96 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
# TODO: add/remove services and their subdomains if you use/don't use them
|
|
||||||
# this example is using hosting something on the base domain and an element web client, so example.com and element.example.com are listed in addition to matrix.example.com
|
|
||||||
# if you don't use those, you can remove them
|
|
||||||
# if you use e.g. dimension on dimension.example.com, add dimension.example.com to the server_name list
|
|
||||||
server_name example.com matrix.example.com element.example.com;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
# note: do not add a path (even a single /) after the port in `proxy_pass`,
|
|
||||||
# otherwise, nginx will canonicalise the URI and cause signature verification
|
|
||||||
# errors.
|
|
||||||
proxy_pass http://localhost:81;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/matrix.access.log;
|
|
||||||
error_log /var/log/nginx/matrix.error.log;
|
|
||||||
|
|
||||||
# Nginx by default only allows file uploads up to 1M in size
|
|
||||||
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
|
||||||
client_max_body_size 50M;
|
|
||||||
}
|
|
||||||
|
|
||||||
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
|
|
||||||
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
|
|
||||||
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
||||||
}
|
|
||||||
|
|
||||||
# settings for matrix federation
|
|
||||||
server {
|
|
||||||
# For the federation port
|
|
||||||
listen 8448 ssl http2 default_server;
|
|
||||||
listen [::]:8448 ssl http2 default_server;
|
|
||||||
|
|
||||||
server_name matrix.example.com;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://localhost:8449;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/matrix.access.log;
|
|
||||||
error_log /var/log/nginx/matrix.error.log;
|
|
||||||
|
|
||||||
# Nginx by default only allows file uploads up to 1M in size
|
|
||||||
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
|
||||||
client_max_body_size 50M;
|
|
||||||
}
|
|
||||||
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
|
|
||||||
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
|
|
||||||
# TODO: adapt the path to your ssl certificate for the domains listed on server_name
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
||||||
}
|
|
||||||
|
|
||||||
# ensure using https
|
|
||||||
# TODO: remove server blocks that you don't use / add server blocks for domains you do use
|
|
||||||
server {
|
|
||||||
if ($host = example.com) {
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
} # managed by Certbot
|
|
||||||
|
|
||||||
server_name example.com;
|
|
||||||
listen 80;
|
|
||||||
return 404; # managed by Certbot
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
if ($host = matrix.example.com) {
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
} # managed by Certbot
|
|
||||||
|
|
||||||
server_name matrix.example.com;
|
|
||||||
listen 80;
|
|
||||||
return 404; # managed by Certbot
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
if ($host = element.example.com) {
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
} # managed by Certbot
|
|
||||||
|
|
||||||
server_name element.example.com;
|
|
||||||
listen 80;
|
|
||||||
return 404; # managed by Certbot
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load Diff
@ -1,47 +1,34 @@
|
|||||||
- src: git+https://github.com/geerlingguy/ansible-role-docker
|
---
|
||||||
version: 6.1.0
|
|
||||||
name: geerlingguy.docker
|
- src: geerlingguy.docker
|
||||||
|
version: 6.0.4
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
||||||
version: 129c8590e106b83e6f4c259649a613c6279e937a
|
version: 6ba3be490b6f4c6f35ea109aeb8e533fa231b3a5
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
|
||||||
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
|
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
|
||||||
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
|
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
|
||||||
version: 3d5bb2976815958cdce3f368fa34fb51554f899b
|
version: 3d5bb2976815958cdce3f368fa34fb51554f899b
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
|
||||||
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
|
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
|
||||||
version: 38764398bf82b06a1736c3bfedc71dfd229e4b52
|
version: a1bb78d194434b38005f3a9e623bfa4b2c06c7bc
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
|
||||||
version: 8e9ec48a09284c84704d7a2dce17da35f181574d
|
version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
|
||||||
version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
|
version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
|
||||||
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
|
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
|
||||||
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
|
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
|
||||||
version: v1.5.0-7
|
version: v1.5.0-0
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git
|
|
||||||
version: v0.12.0-0
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
|
|
||||||
version: v1.2.4-1.7.9-0
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
|
|
||||||
version: v9.4.7-0
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
|
|
||||||
version: v2.2.0-0
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/redis.git
|
|
||||||
version: v7.0.10-0
|
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
|
|
||||||
version: v1.8.18-2
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
|
||||||
version: v0.1.1-1
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
|
|
||||||
version: v2.9.9-0
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
|
|
||||||
version: v2.8.1-0
|
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
|
|
||||||
version: v1.0.0-0
|
|
||||||
name: aux
|
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
|
|
||||||
version: v2.43.0-0
|
|
||||||
name: prometheus
|
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
# etherpad-proxy-connect is a compatibility role connecting the new Etherpad role with matrix-nginx-proxy.
|
|
||||||
# It adds back support for serving Etherpad under the Dimension domain (`matrix_server_fqn_dimension`).
|
|
||||||
|
|
||||||
# Controls whether Etherpad will be hosted under the Dimension domain when matrix-nginx-proxy is used (depending on matrix_playbook_reverse_proxy_type).
|
|
||||||
# If you're not using matrix-nginx-proxy, then this value has no effect.
|
|
||||||
etherpad_nginx_proxy_dimension_integration_enabled: false
|
|
||||||
|
|
||||||
# Controls the path at which Etherpad will be exposed on the Dimension domain.
|
|
||||||
etherpad_nginx_proxy_dimension_integration_path_prefix: "{{ etherpad_path_prefix }}"
|
|
@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- when: etherpad_enabled | bool and etherpad_nginx_proxy_dimension_integration_enabled | bool
|
|
||||||
tags:
|
|
||||||
- install-all
|
|
||||||
- setup-all
|
|
||||||
- install-nginx-proxy
|
|
||||||
- setup-nginx-proxy
|
|
||||||
block:
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
|
||||||
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
|
|
@ -1,32 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Fail if reverse-proxy is not nginx
|
|
||||||
when: matrix_playbook_reverse_proxy_type not in ['playbook-managed-nginx', 'other-nginx-non-container']
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >
|
|
||||||
Etherpad's integration into matrix-nginx-proxy's Dimension server only makes sense if you're using matrix-nginx-proxy.
|
|
||||||
`matrix_playbook_reverse_proxy_type` ({{ matrix_playbook_reverse_proxy_type }}) indicates that you're using another reverse-proxy.
|
|
||||||
If you're using Traefik, you should configure `etherpad_hostname` and `etherpad_path_prefix` instead.
|
|
||||||
|
|
||||||
- name: Fail if Dimension not enabled
|
|
||||||
when: not matrix_dimension_enabled
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >
|
|
||||||
Etherpad's integration into matrix-nginx-proxy's Dimension server only makes sense if you're using Dimension.
|
|
||||||
Looks like Dimension is not enabled in your configuration (judging by `matrix_dimension_enabled`).
|
|
||||||
Consider configuring `etherpad_hostname` and `etherpad_path_prefix` instead.
|
|
||||||
|
|
||||||
- name: Fail if Etherpad hostname does not match Dimension hostname
|
|
||||||
when: etherpad_hostname != matrix_server_fqn_dimension
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >
|
|
||||||
Etherpad's integration into matrix-nginx-proxy's Dimension server requires that you set `etherpad_hostname` to `matrix_server_fqn_dimension`.
|
|
||||||
Consider adding this to your configuration: `{% raw %}etherpad_hostname: "{{ matrix_server_fqn_dimension }}"{% endraw %}`
|
|
||||||
|
|
||||||
- name: Fail if / path prefix used for Etherpad
|
|
||||||
when: etherpad_nginx_proxy_dimension_integration_path_prefix == '/'
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: >
|
|
||||||
Etherpad's integration into matrix-nginx-proxy's Dimension server only makes sense if you're using a non-`/` path for Etherpad.
|
|
||||||
You've chosen a path prefix of `/` in `etherpad_nginx_proxy_dimension_integration_path_prefix`.
|
|
||||||
The `/` path must go to Dimension itself, so you need to pick a different prefix (e.g. `/etherpad`).
|
|
@ -0,0 +1,81 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# matrix-aux is a role that manages auxiliary files and directories on your Matrix server.
|
||||||
|
#
|
||||||
|
# Certain components (like matrix-synapse, etc.) may sometimes require additional templates (email templates, privacy policies, etc.).
|
||||||
|
# This role allows such files to be managed by the playbook.
|
||||||
|
#
|
||||||
|
# Note that files and directories created via this role are not automatically made available for containers to use.
|
||||||
|
# If you use this role to put files in a directory that's already mounted into a container,
|
||||||
|
# you can access the files without additional work.
|
||||||
|
# Otherwise, you'd need to mount the file/directory to the container that needs it.
|
||||||
|
# Roles usually provide a `matrix_*_additional_volumes` or `matrix_*_container_extra_arguments` variable
|
||||||
|
# that you can use to mount an additional volume.
|
||||||
|
|
||||||
|
# The default permission mode when creating directories using `matrix_aux_directory_definitions`
|
||||||
|
matrix_aux_directory_default_mode: '0750'
|
||||||
|
|
||||||
|
# Holds a list of directories to create on the server.
|
||||||
|
#
|
||||||
|
# By default, directories are:
|
||||||
|
# - created with permissions as specified in `matrix_aux_directory_default_mode`
|
||||||
|
# - owned by the `matrix_user_username` user and `matrix_user_groupname` group (usually `matrix:matrix`)
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
#
|
||||||
|
# matrix_aux_directory_definitions:
|
||||||
|
# - dest: /matrix/aux
|
||||||
|
#
|
||||||
|
# - dest: /matrix/another
|
||||||
|
# mode: '0700'
|
||||||
|
# owner: 'some-user'
|
||||||
|
# group: 'some-group'
|
||||||
|
matrix_aux_directory_definitions: []
|
||||||
|
|
||||||
|
# The default permission mode when creating directories using `matrix_aux_directory_definitions`
|
||||||
|
matrix_aux_file_default_mode: '0640'
|
||||||
|
|
||||||
|
# Holds a list of files to create on the server.
|
||||||
|
#
|
||||||
|
# By default, files are:
|
||||||
|
# - created with permissions as specified in `matrix_aux_file_default_mode`
|
||||||
|
# - owned by the `matrix_user_username` user and `matrix_user_groupname` group (usually `matrix:matrix`)
|
||||||
|
#
|
||||||
|
# You can define the file content inline (in your `vars.yml` file) or as an external file (see the example below).
|
||||||
|
# Defining the content inline in `vars.yml` has the benefit of not splitting your configuration into multiple files,
|
||||||
|
# but rather keeping everything inside `vars.yml` (which also gets backed up on the server in `/matrix/vars.yml`).
|
||||||
|
#
|
||||||
|
# Note: parent paths for files must exist.
|
||||||
|
# If you've defined a file with a destination of `/matrix/some/path/file.txt`,
|
||||||
|
# then you likely need to add `/matrix/some/path` to `matrix_aux_directory_definitions` as well.
|
||||||
|
# You don't need to do this for directories that the playbook already creates for you.
|
||||||
|
#
|
||||||
|
# Use a `content` key for text content and `src` with a location to a file for binary content.
|
||||||
|
# The `content` key does not support binary content (see https://github.com/ansible/ansible/issues/11594).
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
#
|
||||||
|
# matrix_aux_file_definitions:
|
||||||
|
# - dest: "{{ matrix_synapse_config_dir_path }}/something.html"
|
||||||
|
# content: |
|
||||||
|
# <!doctype html>
|
||||||
|
# <html><body>Something</body></html>
|
||||||
|
#
|
||||||
|
# - dest: /matrix/aux/some-other-file.txt
|
||||||
|
# content: "Something"
|
||||||
|
# mode: '0600'
|
||||||
|
# owner: 'some-user'
|
||||||
|
# group: 'some-group'
|
||||||
|
#
|
||||||
|
# - dest: /matrix/aux/yet-another-file.txt
|
||||||
|
# content: "{{ lookup('template', '/path/to/file.txt.j2') }}"
|
||||||
|
# mode: '0600'
|
||||||
|
# owner: 'some-user'
|
||||||
|
# group: 'some-group'
|
||||||
|
#
|
||||||
|
# - dest: /matrix/aux/binary-file.dat
|
||||||
|
# src: "/path/to/binary.dat"
|
||||||
|
# mode: '0600'
|
||||||
|
# owner: 'some-user'
|
||||||
|
# group: 'some-group'
|
||||||
|
matrix_aux_file_definitions: []
|
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup.yml"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-aux-files
|
||||||
|
- install-all
|
||||||
|
- install-aux-files
|
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure AUX directories are created
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ item.owner | default(matrix_user_username) }}"
|
||||||
|
group: "{{ item.group | default(matrix_user_groupname) }}"
|
||||||
|
mode: "{{ item.mode | default(matrix_aux_directory_default_mode) }}"
|
||||||
|
with_items: "{{ matrix_aux_directory_definitions }}"
|
||||||
|
|
||||||
|
- name: Ensure AUX files are created
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "{{ item.src if 'src' in item else omit }}"
|
||||||
|
content: "{{ item.content if 'content' in item else omit }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: "{{ item.owner | default(matrix_user_username) }}"
|
||||||
|
group: "{{ item.group | default(matrix_user_groupname) }}"
|
||||||
|
mode: "{{ item.mode | default(matrix_aux_file_default_mode) }}"
|
||||||
|
with_items: "{{ matrix_aux_file_definitions }}"
|
@ -0,0 +1,107 @@
|
|||||||
|
---
|
||||||
|
# Project source code URL: https://gitlab.com/etke.cc/borgmatic
|
||||||
|
|
||||||
|
matrix_backup_borg_enabled: true
|
||||||
|
|
||||||
|
matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
|
||||||
|
matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config"
|
||||||
|
|
||||||
|
matrix_backup_borg_container_image_self_build: false
|
||||||
|
matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic"
|
||||||
|
matrix_backup_borg_docker_repo_version: main
|
||||||
|
matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src"
|
||||||
|
|
||||||
|
# image and postgres version determined automatically, based on detected postgres server version (if enabled), otherwise latest is used
|
||||||
|
matrix_backup_borg_version: ""
|
||||||
|
matrix_backup_borg_postgres_version: ""
|
||||||
|
matrix_backup_borg_borg_version: 1.2.3
|
||||||
|
matrix_backup_borg_borgmatic_version: 1.7.5
|
||||||
|
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
|
||||||
|
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
|
||||||
|
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}"
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_backup_borg_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-backup-borg.service depends on
|
||||||
|
matrix_backup_borg_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
# List of systemd services that matrix-backup-borg.service wants
|
||||||
|
matrix_backup_borg_systemd_wanted_services_list: []
|
||||||
|
|
||||||
|
# systemd calendar configuration for the backup job
|
||||||
|
# the actual job may run with a delay (see matrix_backup_borg_schedule_randomized_delay_sec)
|
||||||
|
matrix_backup_borg_schedule: "*-*-* 04:00:00"
|
||||||
|
# the delay with which the systemd timer may run in relation to the `matrix_backup_borg_schedule` schedule
|
||||||
|
matrix_backup_borg_schedule_randomized_delay_sec: 2h
|
||||||
|
|
||||||
|
# what directories should be added to backup
|
||||||
|
matrix_backup_borg_location_source_directories: []
|
||||||
|
|
||||||
|
# postgres db backup
|
||||||
|
matrix_backup_borg_postgresql_enabled: true
|
||||||
|
matrix_backup_borg_supported_postgres_versions: ['12', '13', '14', '15']
|
||||||
|
matrix_backup_borg_postgresql_databases: []
|
||||||
|
matrix_backup_borg_postgresql_databases_hostname: ''
|
||||||
|
matrix_backup_borg_postgresql_databases_username: "matrix"
|
||||||
|
matrix_backup_borg_postgresql_databases_password: ""
|
||||||
|
matrix_backup_borg_postgresql_databases_port: 5432
|
||||||
|
|
||||||
|
# target repositories
|
||||||
|
matrix_backup_borg_location_repositories: []
|
||||||
|
|
||||||
|
# exclude following paths:
|
||||||
|
matrix_backup_borg_location_exclude_patterns: []
|
||||||
|
|
||||||
|
# borg encryption mode, only "repokey-*" and "none" are supported
|
||||||
|
matrix_backup_borg_encryption: repokey-blake2
|
||||||
|
|
||||||
|
# private ssh key used to connect to the borg repo
|
||||||
|
matrix_backup_borg_ssh_key_private: ""
|
||||||
|
|
||||||
|
# allow unencrypted repo access
|
||||||
|
matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: "{{ matrix_backup_borg_encryption == 'none' }}"
|
||||||
|
|
||||||
|
# borg ssh command with ssh key
|
||||||
|
matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
|
||||||
|
|
||||||
|
# compression algorithm
|
||||||
|
matrix_backup_borg_storage_compression: lz4
|
||||||
|
|
||||||
|
# archive name format
|
||||||
|
matrix_backup_borg_storage_archive_name_format: matrix-{now:%Y-%m-%d-%H%M%S}
|
||||||
|
|
||||||
|
# repository passphrase
|
||||||
|
matrix_backup_borg_storage_encryption_passphrase: ""
|
||||||
|
|
||||||
|
# retention configuration
|
||||||
|
matrix_backup_borg_retention_keep_hourly: 0
|
||||||
|
matrix_backup_borg_retention_keep_daily: 7
|
||||||
|
matrix_backup_borg_retention_keep_weekly: 4
|
||||||
|
matrix_backup_borg_retention_keep_monthly: 12
|
||||||
|
matrix_backup_borg_retention_keep_yearly: 2
|
||||||
|
|
||||||
|
# retention prefix
|
||||||
|
matrix_backup_borg_retention_prefix: matrix-
|
||||||
|
|
||||||
|
# Default borgmatic configuration template which covers the generic use case.
|
||||||
|
# You can customize it by controlling the various variables inside it.
|
||||||
|
#
|
||||||
|
# For a more advanced customization, you can extend the default (see `matrix_backup_borg_configuration_extension_yaml`)
|
||||||
|
# or completely replace this variable with your own template.
|
||||||
|
matrix_backup_borg_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
|
|
||||||
|
matrix_backup_borg_configuration_extension_yaml: |
|
||||||
|
# Your custom YAML configuration for borgmatic goes here.
|
||||||
|
# This configuration extends the default starting configuration (`matrix_borg_configuration_yaml`).
|
||||||
|
#
|
||||||
|
# You can override individual variables from the default configuration, or introduce new ones.
|
||||||
|
#
|
||||||
|
# If you need something more special, you can take full control by
|
||||||
|
# completely redefining `matrix_backup_borg_configuration_yaml`.
|
||||||
|
|
||||||
|
matrix_backup_borg_configuration_extension: "{{ matrix_backup_borg_configuration_extension_yaml | from_yaml if matrix_backup_borg_configuration_extension_yaml | from_yaml is mapping else {} }}"
|
||||||
|
|
||||||
|
# Holds the final borgmatic configuration (a combination of the default and its extension).
|
||||||
|
# You most likely don't need to touch this variable. Instead, see `matrix_backup_borg_configuration_yaml`.
|
||||||
|
matrix_backup_borg_configuration: "{{ matrix_backup_borg_configuration_yaml | from_yaml | combine(matrix_backup_borg_configuration_extension, recursive=True) }}"
|
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
|
||||||
|
|
||||||
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
|
when: "run_setup | bool and matrix_backup_borg_enabled | bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-backup-borg
|
||||||
|
- install-all
|
||||||
|
- install-backup-borg
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
|
when: "run_setup | bool and not matrix_backup_borg_enabled | bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-backup-borg
|
@ -0,0 +1,107 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
|
||||||
|
block:
|
||||||
|
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
|
||||||
|
Consider setting `matrix_backup_borg_version` to your Postgres version manually.
|
||||||
|
when: not devture_postgres_enabled
|
||||||
|
|
||||||
|
- ansible.builtin.include_role:
|
||||||
|
name: galaxy/com.devture.ansible.role.postgres
|
||||||
|
tasks_from: detect_existing_postgres_version
|
||||||
|
|
||||||
|
- name: Fail if detected Postgres version is unsupported
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
|
||||||
|
when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
|
||||||
|
|
||||||
|
- name: Set the correct borg backup version to use
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
matrix_backup_borg_version: "{{ devture_postgres_detected_version }}-{{ matrix_backup_borg_borg_version }}-{{ matrix_backup_borg_borgmatic_version }}"
|
||||||
|
|
||||||
|
- name: Ensure borg paths exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_backup_borg_config_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true}
|
||||||
|
when: "item.when | bool"
|
||||||
|
|
||||||
|
- name: Ensure borgmatic config is created
|
||||||
|
ansible.builtin.copy:
|
||||||
|
content: "{{ matrix_backup_borg_configuration | to_nice_yaml(indent=2, width=999999) }}"
|
||||||
|
dest: "{{ matrix_backup_borg_config_path }}/config.yaml"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Ensure borg passwd is created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/passwd.j2"
|
||||||
|
dest: "{{ matrix_backup_borg_config_path }}/passwd"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Ensure borg ssh key is created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/sshkey.j2"
|
||||||
|
dest: "{{ matrix_backup_borg_config_path }}/sshkey"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
|
- name: Ensure borg image is pulled
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ matrix_backup_borg_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}"
|
||||||
|
when: "not matrix_backup_borg_container_image_self_build | bool"
|
||||||
|
register: result
|
||||||
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||||
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||||
|
until: result is not failed
|
||||||
|
|
||||||
|
- name: Ensure borg repository is present on self-build
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: "{{ matrix_backup_borg_docker_repo }}"
|
||||||
|
version: "{{ matrix_backup_borg_docker_repo_version }}"
|
||||||
|
dest: "{{ matrix_backup_borg_docker_src_files_path }}"
|
||||||
|
force: "yes"
|
||||||
|
become: true
|
||||||
|
become_user: "{{ matrix_user_username }}"
|
||||||
|
register: matrix_backup_borg_git_pull_results
|
||||||
|
when: "matrix_backup_borg_container_image_self_build | bool"
|
||||||
|
|
||||||
|
- name: Ensure borg image is built
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ matrix_backup_borg_docker_image }}"
|
||||||
|
source: build
|
||||||
|
force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
|
||||||
|
build:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
path: "{{ matrix_backup_borg_docker_src_files_path }}"
|
||||||
|
pull: true
|
||||||
|
when: "matrix_backup_borg_container_image_self_build | bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.service installed
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2"
|
||||||
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_backup_borg_systemd_service_result
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.timer installed
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
|
||||||
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
|
||||||
|
mode: 0644
|
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Check existence of matrix-backup-borg service
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
|
||||||
|
register: matrix_backup_borg_service_stat
|
||||||
|
|
||||||
|
- when: matrix_backup_borg_service_stat.stat.exists | bool
|
||||||
|
block:
|
||||||
|
- name: Ensure matrix-backup-borg is stopped
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: matrix-backup-borg
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.service doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.timer doesn't exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
|
||||||
|
state: absent
|
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- name: Fail if required backup-borg settings not defined
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
You need to define a required configuration setting (`{{ item.name }}`).
|
||||||
|
when: "item.when | bool and vars[item.name] == ''"
|
||||||
|
with_items:
|
||||||
|
- {'name': 'matrix_backup_borg_ssh_key_private', when: true}
|
||||||
|
- {'name': 'matrix_backup_borg_location_repositories', when: true}
|
||||||
|
- {'name': 'matrix_backup_borg_postgresql_databases_hostname', when: "{{ matrix_backup_borg_postgresql_enabled }}"}
|
||||||
|
|
||||||
|
- name: Fail if encryption passphrase is undefined unless repository is unencrypted
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable.
|
||||||
|
when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'"
|
@ -0,0 +1,43 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True", trim_blocks: "True"
|
||||||
|
|
||||||
|
location:
|
||||||
|
source_directories: {{ matrix_backup_borg_location_source_directories|to_json }}
|
||||||
|
repositories: {{ matrix_backup_borg_location_repositories|to_json }}
|
||||||
|
one_file_system: true
|
||||||
|
exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }}
|
||||||
|
|
||||||
|
storage:
|
||||||
|
compression: {{ matrix_backup_borg_storage_compression|to_json }}
|
||||||
|
ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }}
|
||||||
|
archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }}
|
||||||
|
encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }}
|
||||||
|
unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }}
|
||||||
|
|
||||||
|
retention:
|
||||||
|
keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }}
|
||||||
|
keep_daily: {{ matrix_backup_borg_retention_keep_daily|to_json }}
|
||||||
|
keep_weekly: {{ matrix_backup_borg_retention_keep_weekly|to_json }}
|
||||||
|
keep_monthly: {{ matrix_backup_borg_retention_keep_monthly|to_json }}
|
||||||
|
keep_yearly: {{ matrix_backup_borg_retention_keep_yearly|to_json }}
|
||||||
|
prefix: {{ matrix_backup_borg_retention_prefix|to_json }}
|
||||||
|
|
||||||
|
consistency:
|
||||||
|
checks:
|
||||||
|
- repository
|
||||||
|
- archives
|
||||||
|
|
||||||
|
hooks:
|
||||||
|
{% if matrix_backup_borg_postgresql_enabled and matrix_backup_borg_postgresql_databases|length > 0 %}
|
||||||
|
postgresql_databases:
|
||||||
|
{% for database in matrix_backup_borg_postgresql_databases %}
|
||||||
|
- name: {{ database|to_json }}
|
||||||
|
hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }}
|
||||||
|
username: {{ matrix_backup_borg_postgresql_databases_username|to_json }}
|
||||||
|
password: {{ matrix_backup_borg_postgresql_databases_password|to_json }}
|
||||||
|
port: {{ matrix_backup_borg_postgresql_databases_port | int | to_json }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
after_backup:
|
||||||
|
- echo "Backup created."
|
||||||
|
on_error:
|
||||||
|
- echo "Error while creating a backup."
|
@ -0,0 +1,29 @@
|
|||||||
|
{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #}
|
||||||
|
root:x:0:0:root:/root:/bin/ash
|
||||||
|
bin:x:1:1:bin:/bin:/sbin/nologin
|
||||||
|
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
||||||
|
adm:x:3:4:adm:/var/adm:/sbin/nologin
|
||||||
|
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
|
||||||
|
sync:x:5:0:sync:/sbin:/bin/sync
|
||||||
|
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
||||||
|
halt:x:7:0:halt:/sbin:/sbin/halt
|
||||||
|
mail:x:8:12:mail:/var/mail:/sbin/nologin
|
||||||
|
news:x:9:13:news:/usr/lib/news:/sbin/nologin
|
||||||
|
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
|
||||||
|
operator:x:11:0:operator:/root:/sbin/nologin
|
||||||
|
man:x:13:15:man:/usr/man:/sbin/nologin
|
||||||
|
postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
|
||||||
|
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
|
||||||
|
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
|
||||||
|
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
|
||||||
|
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
|
||||||
|
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
|
||||||
|
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
|
||||||
|
games:x:35:35:games:/usr/games:/sbin/nologin
|
||||||
|
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
|
||||||
|
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
|
||||||
|
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
|
||||||
|
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
|
||||||
|
guest:x:405:100:guest:/dev/null:/sbin/nologin
|
||||||
|
{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash
|
||||||
|
nobody:x:65534:65534:nobody:/:/sbin/nologin
|
@ -0,0 +1 @@
|
|||||||
|
{{ matrix_backup_borg_ssh_key_private }}
|
@ -0,0 +1,65 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix Borg Backup
|
||||||
|
{% for service in matrix_backup_borg_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for service in matrix_backup_borg_systemd_wanted_services_list %}
|
||||||
|
Wants={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
DefaultDependencies=no
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||||
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
|
||||||
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
|
||||||
|
ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
|
||||||
|
--log-driver=none \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--read-only \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
|
||||||
|
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
|
||||||
|
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
|
||||||
|
{% for source in matrix_backup_borg_location_source_directories %}
|
||||||
|
--mount type=bind,src={{ source }},dst={{ source }},ro \
|
||||||
|
{% endfor %}
|
||||||
|
{% for arg in matrix_backup_borg_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_backup_borg_docker_image }} \
|
||||||
|
sh -c "borgmatic rcreate --encryption {{ matrix_backup_borg_encryption }}"
|
||||||
|
|
||||||
|
# The `CAP_DAC_OVERRIDE` capability is required, so that `root` in the container
|
||||||
|
# can read the `/etc/borgmatic.d/config.yaml` (`{{ matrix_backup_borg_config_path }}/config.yaml`) file,
|
||||||
|
# owned by `matrix:matrix` on the filesystem.
|
||||||
|
#
|
||||||
|
# `/root` is mountes as temporary filesystem, because we're using `--read-only` and because
|
||||||
|
# Borgmatic tries to write to at least a few paths under `/root` (`.config`, `.ssh`, `.borgmatic`).
|
||||||
|
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
|
||||||
|
--log-driver=none \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--cap-add=CAP_DAC_OVERRIDE \
|
||||||
|
--read-only \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
--tmpfs=/root:rw,noexec,nosuid,size=100m \
|
||||||
|
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
|
||||||
|
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
|
||||||
|
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
|
||||||
|
{% for source in matrix_backup_borg_location_source_directories %}
|
||||||
|
--mount type=bind,src={{ source }},dst={{ source }},ro \
|
||||||
|
{% endfor %}
|
||||||
|
{% for arg in matrix_backup_borg_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_backup_borg_docker_image }}
|
||||||
|
|
||||||
|
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
|
||||||
|
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
|
||||||
|
SyslogIdentifier=matrix-backup-borg
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,10 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Matrix Borg Backup timer
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
Unit=matrix-backup-borg.service
|
||||||
|
OnCalendar={{ matrix_backup_borg_schedule }}
|
||||||
|
RandomizedDelaySec={{ matrix_backup_borg_schedule_randomized_delay_sec }}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
@ -1,20 +1,20 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- tags:
|
- block:
|
||||||
- setup-all
|
|
||||||
- setup-bot-buscarron
|
|
||||||
- install-all
|
|
||||||
- install-bot-buscarron
|
|
||||||
block:
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
|
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
|
||||||
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
|
when: "run_setup | bool and matrix_bot_buscarron_enabled | bool"
|
||||||
|
tags:
|
||||||
- tags:
|
|
||||||
- setup-all
|
- setup-all
|
||||||
- setup-bot-buscarron
|
- setup-bot-buscarron
|
||||||
block:
|
- install-all
|
||||||
|
- install-bot-buscarron
|
||||||
|
|
||||||
|
- block:
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
|
when: "run_setup | bool and not matrix_bot_buscarron_enabled | bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-bot-buscarron
|
||||||
|
@ -1,45 +0,0 @@
|
|||||||
{% if matrix_bot_buscarron_container_labels_traefik_enabled %}
|
|
||||||
traefik.enable=true
|
|
||||||
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_docker_network %}
|
|
||||||
traefik.docker.network={{ matrix_bot_buscarron_container_labels_traefik_docker_network }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% set middlewares = [] %}
|
|
||||||
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_path_prefix != '/' %}
|
|
||||||
traefik.http.middlewares.matrix-bot-buscarron-slashless-redirect.redirectregex.regex=({{ matrix_bot_buscarron_container_labels_traefik_path_prefix | quote }})$
|
|
||||||
traefik.http.middlewares.matrix-bot-buscarron-slashless-redirect.redirectregex.replacement=${1}/
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-buscarron-slashless-redirect'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_path_prefix != '/' %}
|
|
||||||
traefik.http.middlewares.matrix-bot-buscarron-strip-prefix.stripprefix.prefixes={{ matrix_bot_buscarron_container_labels_traefik_path_prefix }}
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-buscarron-strip-prefix'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
|
|
||||||
{% for name, value in matrix_bot_buscarron_container_labels_traefik_additional_response_headers.items() %}
|
|
||||||
traefik.http.middlewares.matrix-bot-buscarron-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
|
|
||||||
{% endfor %}
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-buscarron-add-headers'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
traefik.http.routers.matrix-bot-buscarron.rule={{ matrix_bot_buscarron_container_labels_traefik_rule }}
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_priority | int > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron.priority={{ matrix_bot_buscarron_container_labels_traefik_priority }}
|
|
||||||
{% endif %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron.service=matrix-bot-buscarron
|
|
||||||
{% if middlewares | length > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron.middlewares={{ middlewares | join(',') }}
|
|
||||||
{% endif %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron.entrypoints={{ matrix_bot_buscarron_container_labels_traefik_entrypoints }}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron.tls={{ matrix_bot_buscarron_container_labels_traefik_tls | to_json }}
|
|
||||||
{% if matrix_bot_buscarron_container_labels_traefik_tls %}
|
|
||||||
traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{{ matrix_bot_buscarron_container_labels_additional_labels }}
|
|
@ -1,63 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Ensure chatgpt paths exist
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
state: directory
|
|
||||||
mode: 0750
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
with_items:
|
|
||||||
- {path: "{{ matrix_bot_chatgpt_config_path }}", when: true}
|
|
||||||
- {path: "{{ matrix_bot_chatgpt_data_path }}", when: true}
|
|
||||||
- {path: "{{ matrix_bot_chatgpt_container_src_path }}", when: matrix_bot_chatgpt_container_image_self_build}
|
|
||||||
when: "item.when | bool"
|
|
||||||
|
|
||||||
- name: Ensure chatgpt environment variables file created
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "{{ role_path }}/templates/env.j2"
|
|
||||||
dest: "{{ matrix_bot_chatgpt_config_path }}/env"
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: Ensure chatgpt container image is pulled
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ matrix_bot_chatgpt_container_image }}"
|
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
|
||||||
force_source: "{{ matrix_bot_chatgpt_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_chatgpt_container_image_force_pull }}"
|
|
||||||
when: "not matrix_bot_chatgpt_container_image_self_build | bool"
|
|
||||||
register: result
|
|
||||||
retries: "{{ devture_playbook_help_container_retries_count }}"
|
|
||||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
|
||||||
until: result is not failed
|
|
||||||
|
|
||||||
- when: matrix_bot_chatgpt_container_image_self_build | bool
|
|
||||||
block:
|
|
||||||
- name: Ensure chatgpt repository is present on self-build
|
|
||||||
ansible.builtin.git:
|
|
||||||
repo: "{{ matrix_bot_chatgpt_container_image_self_build_repo }}"
|
|
||||||
version: "{{ matrix_bot_chatgpt_container_image_self_build_repo_version }}"
|
|
||||||
dest: "{{ matrix_bot_chatgpt_container_src_path }}"
|
|
||||||
force: "yes"
|
|
||||||
become: true
|
|
||||||
become_user: "{{ matrix_user_username }}"
|
|
||||||
register: matrix_bot_chatgpt_git_pull_results
|
|
||||||
|
|
||||||
- name: Ensure chatgpt container image is built
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ matrix_bot_chatgpt_container_image }}"
|
|
||||||
source: build
|
|
||||||
force_source: "{{ matrix_bot_chatgpt_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
|
|
||||||
build:
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
path: "{{ matrix_bot_chatgpt_container_src_path }}"
|
|
||||||
pull: true
|
|
||||||
|
|
||||||
- name: Ensure matrix-bot-chatgpt.service installed
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "{{ role_path }}/templates/systemd/matrix-bot-chatgpt.service.j2"
|
|
||||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
|
|
||||||
mode: 0644
|
|
@ -0,0 +1,63 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure chatgpt paths exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_bot_chatgpt_config_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_bot_chatgpt_data_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_bot_chatgpt_docker_src_files_path }}", when: matrix_bot_chatgpt_container_image_self_build}
|
||||||
|
when: "item.when | bool"
|
||||||
|
|
||||||
|
- name: Ensure chatgpt environment variables file created
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/env.j2"
|
||||||
|
dest: "{{ matrix_bot_chatgpt_config_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Ensure chatgpt image is pulled
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ matrix_bot_chatgpt_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_bot_chatgpt_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_chatgpt_docker_image_force_pull }}"
|
||||||
|
when: "not matrix_bot_chatgpt_container_image_self_build | bool"
|
||||||
|
register: result
|
||||||
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||||
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||||
|
until: result is not failed
|
||||||
|
|
||||||
|
- name: Ensure chatgpt repository is present on self-build
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: "{{ matrix_bot_chatgpt_docker_repo }}"
|
||||||
|
version: "{{ matrix_bot_chatgpt_docker_repo_version }}"
|
||||||
|
dest: "{{ matrix_bot_chatgpt_docker_src_files_path }}"
|
||||||
|
force: "yes"
|
||||||
|
become: true
|
||||||
|
become_user: "{{ matrix_user_username }}"
|
||||||
|
register: matrix_bot_chatgpt_git_pull_results
|
||||||
|
when: "matrix_bot_chatgpt_container_image_self_build | bool"
|
||||||
|
|
||||||
|
- name: Ensure chatgpt image is built
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ matrix_bot_chatgpt_docker_image }}"
|
||||||
|
source: build
|
||||||
|
force_source: "{{ matrix_bot_chatgpt_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
|
||||||
|
build:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
path: "{{ matrix_bot_chatgpt_docker_src_files_path }}"
|
||||||
|
pull: true
|
||||||
|
when: "matrix_bot_chatgpt_container_image_self_build | bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-bot-chatgpt.service installed
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-bot-chatgpt.service.j2"
|
||||||
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_bot_chatgpt_systemd_service_result
|
@ -1,59 +0,0 @@
|
|||||||
---
|
|
||||||
# A moderation tool for Matrix
|
|
||||||
# Project source code URL: https://github.com/Gnuxie/Draupnir
|
|
||||||
|
|
||||||
matrix_bot_draupnir_enabled: true
|
|
||||||
|
|
||||||
matrix_bot_draupnir_version: "v1.80.1"
|
|
||||||
|
|
||||||
matrix_bot_draupnir_container_image_self_build: false
|
|
||||||
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git"
|
|
||||||
|
|
||||||
matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
|
|
||||||
matrix_bot_draupnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_container_global_registry_prefix }}"
|
|
||||||
matrix_bot_draupnir_docker_image_force_pull: "{{ matrix_bot_draupnir_docker_image.endswith(':latest') }}"
|
|
||||||
|
|
||||||
matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir"
|
|
||||||
matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
|
|
||||||
matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
|
|
||||||
matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
|
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
|
||||||
matrix_bot_draupnir_container_extra_arguments: []
|
|
||||||
|
|
||||||
# List of systemd services that matrix-bot-draupnir.service depends on
|
|
||||||
matrix_bot_draupnir_systemd_required_services_list: ['docker.service']
|
|
||||||
|
|
||||||
# List of systemd services that matrix-bot-draupnir.service wants
|
|
||||||
matrix_bot_draupnir_systemd_wanted_services_list: []
|
|
||||||
|
|
||||||
# The access token for the bot user
|
|
||||||
matrix_bot_draupnir_access_token: ""
|
|
||||||
|
|
||||||
# The room ID where people can use the bot. The bot has no access controls, so
|
|
||||||
# anyone in this room can use the bot - secure your room!
|
|
||||||
# This should be a room alias or room ID - not a matrix.to URL.
|
|
||||||
# Note: draupnir is fairly verbose - expect a lot of messages from it.
|
|
||||||
matrix_bot_draupnir_management_room: ""
|
|
||||||
|
|
||||||
# Default configuration template which covers the generic use case.
|
|
||||||
# You can customize it by controlling the various variables inside it.
|
|
||||||
#
|
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_bot_draupnir_configuration_extension_yaml`)
|
|
||||||
# or completely replace this variable with your own template.
|
|
||||||
matrix_bot_draupnir_configuration_yaml: "{{ lookup('template', 'templates/production.yaml.j2') }}"
|
|
||||||
|
|
||||||
matrix_bot_draupnir_configuration_extension_yaml: |
|
|
||||||
# Your custom YAML configuration goes here.
|
|
||||||
# This configuration extends the default starting configuration (`matrix_bot_draupnir_configuration_yaml`).
|
|
||||||
#
|
|
||||||
# You can override individual variables from the default configuration, or introduce new ones.
|
|
||||||
#
|
|
||||||
# If you need something more special, you can take full control by
|
|
||||||
# completely redefining `matrix_bot_draupnir_configuration_yaml`.
|
|
||||||
|
|
||||||
matrix_bot_draupnir_configuration_extension: "{{ matrix_bot_draupnir_configuration_extension_yaml | from_yaml if matrix_bot_draupnir_configuration_extension_yaml | from_yaml is mapping else {} }}"
|
|
||||||
|
|
||||||
# Holds the final configuration (a combination of the default and its extension).
|
|
||||||
# You most likely don't need to touch this variable. Instead, see `matrix_bot_draupnir_configuration_yaml`.
|
|
||||||
matrix_bot_draupnir_configuration: "{{ matrix_bot_draupnir_configuration_yaml | from_yaml | combine(matrix_bot_draupnir_configuration_extension, recursive=True) }}"
|
|
@ -1,74 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- ansible.builtin.set_fact:
|
|
||||||
matrix_bot_draupnir_requires_restart: false
|
|
||||||
|
|
||||||
- name: Ensure matrix-bot-draupnir paths exist
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item.path }}"
|
|
||||||
state: directory
|
|
||||||
mode: 0750
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
with_items:
|
|
||||||
- {path: "{{ matrix_bot_draupnir_base_path }}", when: true}
|
|
||||||
- {path: "{{ matrix_bot_draupnir_config_path }}", when: true}
|
|
||||||
- {path: "{{ matrix_bot_draupnir_data_path }}", when: true}
|
|
||||||
- {path: "{{ matrix_bot_draupnir_docker_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
|
|
||||||
when: "item.when | bool"
|
|
||||||
|
|
||||||
- name: Ensure draupnir Docker image is pulled
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ matrix_bot_draupnir_docker_image }}"
|
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
|
||||||
force_source: "{{ matrix_bot_draupnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_docker_image_force_pull }}"
|
|
||||||
when: "not matrix_bot_draupnir_container_image_self_build | bool"
|
|
||||||
register: result
|
|
||||||
retries: "{{ devture_playbook_help_container_retries_count }}"
|
|
||||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
|
||||||
until: result is not failed
|
|
||||||
|
|
||||||
- name: Ensure draupnir repository is present on self-build
|
|
||||||
ansible.builtin.git:
|
|
||||||
repo: "{{ matrix_bot_draupnir_container_image_self_build_repo }}"
|
|
||||||
dest: "{{ matrix_bot_draupnir_docker_src_files_path }}"
|
|
||||||
version: "{{ matrix_bot_draupnir_docker_image.split(':')[1] }}"
|
|
||||||
force: "yes"
|
|
||||||
become: true
|
|
||||||
become_user: "{{ matrix_user_username }}"
|
|
||||||
register: matrix_bot_draupnir_git_pull_results
|
|
||||||
when: "matrix_bot_draupnir_container_image_self_build | bool"
|
|
||||||
|
|
||||||
- name: Ensure draupnir Docker image is built
|
|
||||||
community.docker.docker_image:
|
|
||||||
name: "{{ matrix_bot_draupnir_docker_image }}"
|
|
||||||
source: build
|
|
||||||
force_source: "{{ matrix_bot_draupnir_git_pull_results.changed }}"
|
|
||||||
build:
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
path: "{{ matrix_bot_draupnir_docker_src_files_path }}"
|
|
||||||
pull: true
|
|
||||||
when: "matrix_bot_draupnir_container_image_self_build | bool"
|
|
||||||
|
|
||||||
- name: Ensure matrix-bot-draupnir config installed
|
|
||||||
ansible.builtin.copy:
|
|
||||||
content: "{{ matrix_bot_draupnir_configuration | to_nice_yaml(indent=2, width=999999) }}"
|
|
||||||
dest: "{{ matrix_bot_draupnir_config_path }}/production.yaml"
|
|
||||||
mode: 0644
|
|
||||||
owner: "{{ matrix_user_username }}"
|
|
||||||
group: "{{ matrix_user_groupname }}"
|
|
||||||
|
|
||||||
- name: Ensure matrix-bot-draupnir.service installed
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "{{ role_path }}/templates/systemd/matrix-bot-draupnir.service.j2"
|
|
||||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service"
|
|
||||||
mode: 0644
|
|
||||||
register: matrix_bot_draupnir_systemd_service_result
|
|
||||||
|
|
||||||
- name: Ensure matrix-bot-draupnir.service restarted, if necessary
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: "matrix-bot-draupnir.service"
|
|
||||||
state: restarted
|
|
||||||
daemon_reload: true
|
|
||||||
when: "matrix_bot_draupnir_requires_restart | bool"
|
|
@ -1,25 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Check existence of matrix-bot-draupnir service
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service"
|
|
||||||
register: matrix_bot_draupnir_service_stat
|
|
||||||
|
|
||||||
- when: matrix_bot_draupnir_service_stat.stat.exists | bool
|
|
||||||
block:
|
|
||||||
- name: Ensure matrix-bot-draupnir is stopped
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: matrix-bot-draupnir
|
|
||||||
state: stopped
|
|
||||||
enabled: false
|
|
||||||
daemon_reload: true
|
|
||||||
|
|
||||||
- name: Ensure matrix-bot-draupnir.service doesn't exist
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Ensure matrix-bot-draupnir paths don't exist
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ matrix_bot_draupnir_base_path }}"
|
|
||||||
state: absent
|
|
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Fail if required variables are undefined
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: "The `{{ item }}` variable must be defined and have a non-null value."
|
|
||||||
with_items:
|
|
||||||
- "matrix_bot_draupnir_access_token"
|
|
||||||
- "matrix_bot_draupnir_management_room"
|
|
||||||
when: "vars[item] == '' or vars[item] is none"
|
|
@ -1,256 +0,0 @@
|
|||||||
# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API),
|
|
||||||
# set this to the pantalaimon URL if you're using that.
|
|
||||||
homeserverUrl: "{{ matrix_homeserver_url }}"
|
|
||||||
|
|
||||||
# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
|
|
||||||
# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
|
|
||||||
rawHomeserverUrl: "{{ matrix_homeserver_url }}"
|
|
||||||
|
|
||||||
# Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.
|
|
||||||
accessToken: "{{ matrix_bot_draupnir_access_token }}"
|
|
||||||
|
|
||||||
# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
|
|
||||||
#pantalaimon:
|
|
||||||
# # Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
|
|
||||||
# # set to `true` if you're using pantalaimon.
|
|
||||||
# #
|
|
||||||
# # Be sure to point homeserverUrl to the pantalaimon instance.
|
|
||||||
# #
|
|
||||||
# # Draupnir will log in using the given username and password once,
|
|
||||||
# # then store the resulting access token in a file under dataPath.
|
|
||||||
# use: false
|
|
||||||
#
|
|
||||||
# # The username to login with.
|
|
||||||
# username: draupnir
|
|
||||||
#
|
|
||||||
# # The password Draupnir will login with.
|
|
||||||
# #
|
|
||||||
# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
|
|
||||||
# password: your_password
|
|
||||||
|
|
||||||
# The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.
|
|
||||||
dataPath: "/data"
|
|
||||||
|
|
||||||
# If true (the default), Draupnir will only accept invites from users present in managementRoom.
|
|
||||||
autojoinOnlyIfManager: true
|
|
||||||
|
|
||||||
# If `autojoinOnlyIfManager` is false, only the members in this space can invite
|
|
||||||
# the bot to new rooms.
|
|
||||||
#acceptInvitesFromSpace: "!example:example.org"
|
|
||||||
|
|
||||||
# Whether Draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true).
|
|
||||||
recordIgnoredInvites: false
|
|
||||||
|
|
||||||
# The room ID (or room alias) of the management room, anyone in this room can issue commands to Draupnir.
|
|
||||||
#
|
|
||||||
# Draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!
|
|
||||||
#
|
|
||||||
# This should be a room alias or room ID - not a matrix.to URL.
|
|
||||||
#
|
|
||||||
# Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
|
|
||||||
# (see verboseLogging to adjust this a bit.)
|
|
||||||
managementRoom: "{{ matrix_bot_draupnir_management_room }}"
|
|
||||||
|
|
||||||
# Whether Draupnir should log a lot more messages in the room,
|
|
||||||
# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.
|
|
||||||
verboseLogging: false
|
|
||||||
|
|
||||||
# The log level of terminal (or container) output,
|
|
||||||
# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
|
|
||||||
#
|
|
||||||
# This should be at INFO or DEBUG in order to get support for Draupnir problems.
|
|
||||||
logLevel: "INFO"
|
|
||||||
|
|
||||||
# Whether or not Draupnir should synchronize policy lists immediately after startup.
|
|
||||||
# Equivalent to running '!draupnir sync'.
|
|
||||||
syncOnStartup: true
|
|
||||||
|
|
||||||
# Whether or not Draupnir should check moderation permissions in all protected rooms on startup.
|
|
||||||
# Equivalent to running `!draupnir verify`.
|
|
||||||
verifyPermissionsOnStartup: true
|
|
||||||
|
|
||||||
# Whether or not Draupnir should actually apply bans and policy lists,
|
|
||||||
# turn on to trial some untrusted configuration or lists.
|
|
||||||
noop: false
|
|
||||||
|
|
||||||
# Whether Draupnir should check member lists quicker (by using a different endpoint),
|
|
||||||
# keep in mind that enabling this will miss invited (but not joined) users.
|
|
||||||
#
|
|
||||||
# Turn on if your bot is in (very) large rooms, or in large amounts of rooms.
|
|
||||||
fasterMembershipChecks: false
|
|
||||||
|
|
||||||
# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
|
|
||||||
#
|
|
||||||
# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,
|
|
||||||
# it will also remove the user's messages automatically.
|
|
||||||
#
|
|
||||||
# Typically this is useful to avoid having to give two commands to the bot.
|
|
||||||
# Advanced: Use asterisks to have the reason match using "globs"
|
|
||||||
# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting").
|
|
||||||
#
|
|
||||||
# See here for more info: https://www.digitalocean.com/community/tools/glob
|
|
||||||
# Note: Keep in mind that glob is NOT regex!
|
|
||||||
automaticallyRedactForReasons:
|
|
||||||
- "spam"
|
|
||||||
- "advertising"
|
|
||||||
|
|
||||||
# A list of rooms to protect. Draupnir will add this to the list it knows from its account data.
|
|
||||||
#
|
|
||||||
# It won't, however, add it to the account data.
|
|
||||||
# Manually add the room via '!draupnir rooms add' to have it stay protected regardless if this config value changes.
|
|
||||||
#
|
|
||||||
# Note: These must be matrix.to URLs
|
|
||||||
#protectedRooms:
|
|
||||||
# - "https://matrix.to/#/#yourroom:example.org"
|
|
||||||
|
|
||||||
# Whether or not to add all joined rooms to the "protected rooms" list
|
|
||||||
# (excluding the management room and watched policy list rooms, see below).
|
|
||||||
#
|
|
||||||
# Note that this effectively makes the protectedRooms and associated commands useless
|
|
||||||
# for regular rooms.
|
|
||||||
#
|
|
||||||
# Note: the management room is *excluded* from this condition.
|
|
||||||
# Explicitly add it as a protected room to protect it.
|
|
||||||
#
|
|
||||||
# Note: Ban list rooms the bot is watching but didn't create will not be protected.
|
|
||||||
# Explicitly add these rooms as a protected room list if you want them protected.
|
|
||||||
protectAllJoinedRooms: false
|
|
||||||
|
|
||||||
# Increase this delay to have Draupnir wait longer between two consecutive backgrounded
|
|
||||||
# operations. The total duration of operations will be longer, but the homeserver won't
|
|
||||||
# be affected as much. Conversely, decrease this delay to have Draupnir chain operations
|
|
||||||
# faster. The total duration of operations will generally be shorter, but the performance
|
|
||||||
# of the homeserver may be more impacted.
|
|
||||||
backgroundDelayMS: 500
|
|
||||||
|
|
||||||
# Server administration commands, these commands will only work if Draupnir is
|
|
||||||
# a global server administrator, and the bot's server is a Synapse instance.
|
|
||||||
admin:
|
|
||||||
# Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
|
|
||||||
# (with enough permissions) to "make" a user an admin.
|
|
||||||
#
|
|
||||||
# This only works if a local user with enough admin permissions is present in the room.
|
|
||||||
enableMakeRoomAdminCommand: false
|
|
||||||
|
|
||||||
# Misc options for command handling and commands
|
|
||||||
commands:
|
|
||||||
# Whether or not the `!draupnir` prefix is necessary to submit commands.
|
|
||||||
#
|
|
||||||
# If `true`, will allow commands like `!ban`, `!help`, etc.
|
|
||||||
#
|
|
||||||
# Note: Draupnir can also be pinged by display name instead of having to use
|
|
||||||
# the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"
|
|
||||||
# will address only my_moderator_bot.
|
|
||||||
allowNoPrefix: false
|
|
||||||
|
|
||||||
# Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`.
|
|
||||||
additionalPrefixes:
|
|
||||||
- "draupnir-bot"
|
|
||||||
- "draupnir_bot"
|
|
||||||
- "draupnir"
|
|
||||||
|
|
||||||
# Whether or not commands with a wildcard (*) will require an additional `--force` argument
|
|
||||||
# in the command to be able to be submitted.
|
|
||||||
confirmWildcardBan: true
|
|
||||||
|
|
||||||
# The default reasons to be prompted with if the reason is missing from a ban command.
|
|
||||||
ban:
|
|
||||||
defaultReasons:
|
|
||||||
- "spam"
|
|
||||||
- "brigading"
|
|
||||||
- "harassment"
|
|
||||||
- "disagreement"
|
|
||||||
|
|
||||||
# Configuration specific to certain toggle-able protections
|
|
||||||
#protections:
|
|
||||||
# # Configuration for the wordlist plugin, which can ban users based if they say certain
|
|
||||||
# # blocked words shortly after joining.
|
|
||||||
# wordlist:
|
|
||||||
# # A list of case-insensitive keywords that the WordList protection will watch for from new users.
|
|
||||||
# #
|
|
||||||
# # WordList will ban users who use these words when first joining a room, so take caution when selecting them.
|
|
||||||
# #
|
|
||||||
# # For advanced usage, regex can also be used, see the following links for more information;
|
|
||||||
# # - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions
|
|
||||||
# # - https://regexr.com/
|
|
||||||
# # - https://regexone.com/
|
|
||||||
# words:
|
|
||||||
# - "LoReM"
|
|
||||||
# - "IpSuM"
|
|
||||||
# - "DoLoR"
|
|
||||||
# - "aMeT"
|
|
||||||
#
|
|
||||||
# # For how long (in minutes) the user is "new" to the WordList plugin.
|
|
||||||
# #
|
|
||||||
# # After this time, the user will no longer be banned for using a word in the above wordlist.
|
|
||||||
# #
|
|
||||||
# # Set to zero to disable the timeout and make users *always* appear "new".
|
|
||||||
# # (users will always be banned if they say a bad word)
|
|
||||||
# minutesBeforeTrusting: 20
|
|
||||||
|
|
||||||
# Options for advanced monitoring of the health of the bot.
|
|
||||||
health:
|
|
||||||
# healthz options. These options are best for use in container environments
|
|
||||||
# like Kubernetes to detect how healthy the service is. The bot will report
|
|
||||||
# that it is unhealthy until it is able to process user requests. Typically
|
|
||||||
# this means that it'll flag itself as unhealthy for a number of minutes
|
|
||||||
# before saying "Now monitoring rooms" and flagging itself healthy.
|
|
||||||
#
|
|
||||||
# Health is flagged through HTTP status codes, defined below.
|
|
||||||
healthz:
|
|
||||||
# Whether the healthz integration should be enabled (default false)
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
# The port to expose the webserver on. Defaults to 8080.
|
|
||||||
port: 8080
|
|
||||||
|
|
||||||
# The address to listen for requests on. Defaults to all addresses.
|
|
||||||
address: "0.0.0.0"
|
|
||||||
|
|
||||||
# The path to expose the monitoring endpoint at. Defaults to `/healthz`
|
|
||||||
endpoint: "/healthz"
|
|
||||||
|
|
||||||
# The HTTP status code which reports that the bot is healthy/ready to
|
|
||||||
# process requests. Typically this should not be changed. Defaults to
|
|
||||||
# 200.
|
|
||||||
healthyStatus: 200
|
|
||||||
|
|
||||||
# The HTTP status code which reports that the bot is not healthy/ready.
|
|
||||||
# Defaults to 418.
|
|
||||||
unhealthyStatus: 418
|
|
||||||
|
|
||||||
# Options for exposing web APIs.
|
|
||||||
#web:
|
|
||||||
# # Whether to enable web APIs.
|
|
||||||
# enabled: false
|
|
||||||
#
|
|
||||||
# # The port to expose the webserver on. Defaults to 8080.
|
|
||||||
# port: 8080
|
|
||||||
#
|
|
||||||
# # The address to listen for requests on. Defaults to only the current
|
|
||||||
# # computer.
|
|
||||||
# address: localhost
|
|
||||||
#
|
|
||||||
# # Alternative setting to open to the entire web. Be careful,
|
|
||||||
# # as this will increase your security perimeter:
|
|
||||||
# #
|
|
||||||
# # address: "0.0.0.0"
|
|
||||||
#
|
|
||||||
# # A web API designed to intercept Matrix API
|
|
||||||
# # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}
|
|
||||||
# # and display readable abuse reports in the moderation room.
|
|
||||||
# #
|
|
||||||
# # If you wish to take advantage of this feature, you will need
|
|
||||||
# # to configure a reverse proxy, see e.g. test/nginx.conf
|
|
||||||
# abuseReporting:
|
|
||||||
# # Whether to enable this feature.
|
|
||||||
# enabled: false
|
|
||||||
|
|
||||||
# Whether or not to actively poll synapse for abuse reports, to be used
|
|
||||||
# instead of intercepting client calls to synapse's abuse endpoint, when that
|
|
||||||
# isn't possible/practical.
|
|
||||||
pollReports: false
|
|
||||||
|
|
||||||
# Whether or not new reports, received either by webapi or polling,
|
|
||||||
# should be printed to our managementRoom.
|
|
||||||
displayReports: false
|
|
@ -1,20 +1,20 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- tags:
|
- block:
|
||||||
- setup-all
|
|
||||||
- setup-bot-go-neb
|
|
||||||
- install-all
|
|
||||||
- install-bot-go-neb
|
|
||||||
block:
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
|
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
|
||||||
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
|
when: "run_setup | bool and matrix_bot_go_neb_enabled | bool"
|
||||||
|
tags:
|
||||||
- tags:
|
|
||||||
- setup-all
|
- setup-all
|
||||||
- setup-bot-go-neb
|
- setup-bot-go-neb
|
||||||
block:
|
- install-all
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
|
- install-bot-go-neb
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
|
when: "run_setup | bool and not matrix_bot_go_neb_enabled | bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-bot-go-neb
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
BIND_ADDRESS=:4050
|
|
||||||
|
|
||||||
DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}
|
|
||||||
DATABASE_URL={{ matrix_bot_go_neb_storage_database }}
|
|
||||||
|
|
||||||
BASE_URL={{ matrix_bot_go_neb_base_url }}
|
|
||||||
|
|
||||||
CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}
|
|
@ -1,45 +0,0 @@
|
|||||||
{% if matrix_bot_go_neb_container_labels_traefik_enabled %}
|
|
||||||
traefik.enable=true
|
|
||||||
|
|
||||||
{% if matrix_bot_go_neb_container_labels_traefik_docker_network %}
|
|
||||||
traefik.docker.network={{ matrix_bot_go_neb_container_labels_traefik_docker_network }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% set middlewares = [] %}
|
|
||||||
|
|
||||||
{% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %}
|
|
||||||
traefik.http.middlewares.matrix-bot-go-neb-slashless-redirect.redirectregex.regex=({{ matrix_bot_go_neb_container_labels_traefik_path_prefix | quote }})$
|
|
||||||
traefik.http.middlewares.matrix-bot-go-neb-slashless-redirect.redirectregex.replacement=${1}/
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-go-neb-slashless-redirect'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_bot_go_neb_container_labels_traefik_path_prefix != '/' %}
|
|
||||||
traefik.http.middlewares.matrix-bot-go-neb-strip-prefix.stripprefix.prefixes={{ matrix_bot_go_neb_container_labels_traefik_path_prefix }}
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-go-neb-strip-prefix'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_bot_go_neb_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
|
|
||||||
{% for name, value in matrix_bot_go_neb_container_labels_traefik_additional_response_headers.items() %}
|
|
||||||
traefik.http.middlewares.matrix-bot-go-neb-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
|
|
||||||
{% endfor %}
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-go-neb-add-headers'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
traefik.http.routers.matrix-bot-go-neb.rule={{ matrix_bot_go_neb_container_labels_traefik_rule }}
|
|
||||||
{% if matrix_bot_go_neb_container_labels_traefik_priority | int > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-go-neb.priority={{ matrix_bot_go_neb_container_labels_traefik_priority }}
|
|
||||||
{% endif %}
|
|
||||||
traefik.http.routers.matrix-bot-go-neb.service=matrix-bot-go-neb
|
|
||||||
{% if middlewares | length > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-go-neb.middlewares={{ middlewares | join(',') }}
|
|
||||||
{% endif %}
|
|
||||||
traefik.http.routers.matrix-bot-go-neb.entrypoints={{ matrix_bot_go_neb_container_labels_traefik_entrypoints }}
|
|
||||||
traefik.http.routers.matrix-bot-go-neb.tls={{ matrix_bot_go_neb_container_labels_traefik_tls | to_json }}
|
|
||||||
{% if matrix_bot_go_neb_container_labels_traefik_tls %}
|
|
||||||
traefik.http.routers.matrix-bot-go-neb.tls.certResolver={{ matrix_bot_go_neb_container_labels_traefik_tls_certResolver }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
traefik.http.services.matrix-bot-go-neb.loadbalancer.server.port=4050
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{{ matrix_bot_go_neb_container_labels_additional_labels }}
|
|
@ -1,20 +1,20 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- tags:
|
- block:
|
||||||
- setup-all
|
|
||||||
- setup-bot-honoroit
|
|
||||||
- install-all
|
|
||||||
- install-bot-honoroit
|
|
||||||
block:
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
|
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
|
||||||
|
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
|
when: "run_setup | bool and matrix_bot_honoroit_enabled | bool"
|
||||||
|
tags:
|
||||||
- tags:
|
|
||||||
- setup-all
|
- setup-all
|
||||||
- setup-bot-honoroit
|
- setup-bot-honoroit
|
||||||
block:
|
- install-all
|
||||||
|
- install-bot-honoroit
|
||||||
|
|
||||||
|
- block:
|
||||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
|
when: "run_setup | bool and not matrix_bot_honoroit_enabled | bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-bot-honoroit
|
||||||
|
@ -1,45 +0,0 @@
|
|||||||
{% if matrix_bot_honoroit_container_labels_traefik_enabled %}
|
|
||||||
traefik.enable=true
|
|
||||||
|
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_docker_network %}
|
|
||||||
traefik.docker.network={{ matrix_bot_honoroit_container_labels_traefik_docker_network }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% set middlewares = [] %}
|
|
||||||
|
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %}
|
|
||||||
traefik.http.middlewares.matrix-bot-honoroit-slashless-redirect.redirectregex.regex=({{ matrix_bot_honoroit_container_labels_traefik_path_prefix | quote }})$
|
|
||||||
traefik.http.middlewares.matrix-bot-honoroit-slashless-redirect.redirectregex.replacement=${1}/
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-honoroit-slashless-redirect'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_path_prefix != '/' %}
|
|
||||||
traefik.http.middlewares.matrix-bot-honoroit-strip-prefix.stripprefix.prefixes={{ matrix_bot_honoroit_container_labels_traefik_path_prefix }}
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-honoroit-strip-prefix'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
|
|
||||||
{% for name, value in matrix_bot_honoroit_container_labels_traefik_additional_response_headers.items() %}
|
|
||||||
traefik.http.middlewares.matrix-bot-honoroit-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
|
|
||||||
{% endfor %}
|
|
||||||
{% set middlewares = middlewares + ['matrix-bot-honoroit-add-headers'] %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
traefik.http.routers.matrix-bot-honoroit.rule={{ matrix_bot_honoroit_container_labels_traefik_rule }}
|
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_priority | int > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-honoroit.priority={{ matrix_bot_honoroit_container_labels_traefik_priority }}
|
|
||||||
{% endif %}
|
|
||||||
traefik.http.routers.matrix-bot-honoroit.service=matrix-bot-honoroit
|
|
||||||
{% if middlewares | length > 0 %}
|
|
||||||
traefik.http.routers.matrix-bot-honoroit.middlewares={{ middlewares | join(',') }}
|
|
||||||
{% endif %}
|
|
||||||
traefik.http.routers.matrix-bot-honoroit.entrypoints={{ matrix_bot_honoroit_container_labels_traefik_entrypoints }}
|
|
||||||
traefik.http.routers.matrix-bot-honoroit.tls={{ matrix_bot_honoroit_container_labels_traefik_tls | to_json }}
|
|
||||||
{% if matrix_bot_honoroit_container_labels_traefik_tls %}
|
|
||||||
traefik.http.routers.matrix-bot-honoroit.tls.certResolver={{ matrix_bot_honoroit_container_labels_traefik_tls_certResolver }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
traefik.http.services.matrix-bot-honoroit.loadbalancer.server.port=8080
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{{ matrix_bot_honoroit_container_labels_additional_labels }}
|
|
@ -1,20 +1,20 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- tags:
|
- block:
|
||||||
- setup-all
|
|
||||||
- setup-bot-matrix-registration-bot
|
|
||||||
- install-all
|
|
||||||
- install-bot-matrix-registration-bot
|
|
||||||
block:
|
|
||||||
- when: matrix_bot_matrix_registration_bot_enabled | bool
|
- when: matrix_bot_matrix_registration_bot_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
|
||||||
- when: matrix_bot_matrix_registration_bot_enabled | bool
|
- when: matrix_bot_matrix_registration_bot_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
|
tags:
|
||||||
- tags:
|
|
||||||
- setup-all
|
- setup-all
|
||||||
- setup-bot-matrix-registration-bot
|
- setup-bot-matrix-registration-bot
|
||||||
block:
|
- install-all
|
||||||
|
- install-bot-matrix-registration-bot
|
||||||
|
|
||||||
|
- block:
|
||||||
- when: not matrix_bot_matrix_registration_bot_enabled | bool
|
- when: not matrix_bot_matrix_registration_bot_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-bot-matrix-registration-bot
|
||||||
|
@ -1,20 +1,20 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- tags:
|
- block:
|
||||||
- setup-all
|
|
||||||
- setup-bot-matrix-reminder-bot
|
|
||||||
- install-all
|
|
||||||
- install-bot-matrix-reminder-bot
|
|
||||||
block:
|
|
||||||
- when: matrix_bot_matrix_reminder_bot_enabled | bool
|
- when: matrix_bot_matrix_reminder_bot_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
|
||||||
- when: matrix_bot_matrix_reminder_bot_enabled | bool
|
- when: matrix_bot_matrix_reminder_bot_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
|
tags:
|
||||||
- tags:
|
|
||||||
- setup-all
|
- setup-all
|
||||||
- setup-bot-matrix-reminder-bot
|
- setup-bot-matrix-reminder-bot
|
||||||
block:
|
- install-all
|
||||||
|
- install-bot-matrix-reminder-bot
|
||||||
|
|
||||||
|
- block:
|
||||||
- when: not matrix_bot_matrix_reminder_bot_enabled | bool
|
- when: not matrix_bot_matrix_reminder_bot_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-bot-matrix-reminder-bot
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue