Add native Traefik support to Dimension

2025-06-25 18:57:50 +02:00 · 2023-02-26 23:06:36 +02:00
parent b84f25309b
commit 058a54fd05
10 changed files with 275 additions and 40 deletions
--- a/roles/custom/matrix-dimension/templates/config.yaml.j2
+++ b/roles/custom/matrix-dimension/templates/config.yaml.j2
@ -9,30 +9,30 @@ web:
 homeserver:
  # The domain name of the homeserver. This is used in many places, such as with go-neb
  # setups, to identify the homeserver.
-  name: "{{ matrix_domain }}"
+  name: {{ matrix_domain | to_json }}

  # The URL that Dimension, go-neb, and other services provisioned by Dimension should
  # use to access the homeserver with.
-  clientServerUrl: "{{ matrix_homeserver_container_url }}"
+  clientServerUrl: {{ matrix_dimension_homeserver_clientServerUrl | to_json }}

  # The URL that Dimension should use when trying to communicate with federated APIs on
  # the homeserver. If not supplied or left empty Dimension will try to resolve the address
  # through the normal federation process.
-  federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
+  federationUrl: {{ matrix_dimension_homeserver_federationUrl | to_json }}

  # The URL that Dimension will redirect media requests to for downloading media such as
  # stickers. If not supplied or left empty Dimension will use the clientServerUrl.
-  mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
+  mediaUrl: {{ matrix_dimension_homeserver_mediaUrl | to_json }}

  # The access token Dimension should use for miscellaneous access to the homeserver. This
  # should be for a user on the configured homeserver: any user will do, however it is
  # recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
  # how to acquire an access token, visit https://t2bot.io/docs/access_tokens
-  accessToken: "{{ matrix_dimension_access_token }}"
+  accessToken: {{ matrix_dimension_access_token | to_json }}

 # These users can modify the integrations this Dimension supports.
 # To access the admin interface, open Dimension in Element and click the settings icon.
-admins: {{ matrix_dimension_admins|to_json }}
+admins: {{ matrix_dimension_admins | to_json }}

 # IPs and CIDR ranges listed here will be blocked from being widgets.
 # Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
@ -72,4 +72,4 @@ goneb:
 dimension:
  # This is where Dimension is accessible from clients. Be sure to set this
  # to your own Dimension instance.
-  publicUrl: "https://{{ matrix_server_fqn_dimension }}"
+  publicUrl: {{ matrix_dimension_dimension_publicUrl | to_json }}
--- a/roles/custom/matrix-dimension/templates/labels.j2
+++ b/roles/custom/matrix-dimension/templates/labels.j2
@ -0,0 +1,45 @@
+{% if matrix_dimension_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_dimension_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_dimension_container_labels_traefik_docker_network }}
+{% endif %}
+
+{% set middlewares = [] %}
+
+{% if matrix_dimension_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-dimension-slashless-redirect.redirectregex.regex=({{ matrix_dimension_container_labels_traefik_path_prefix | quote }})$
+traefik.http.middlewares.matrix-dimension-slashless-redirect.redirectregex.replacement=${1}/
+{% set middlewares = middlewares + ['matrix-dimension-slashless-redirect'] %}
+{% endif %}
+
+{% if matrix_dimension_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-dimension-strip-prefix.stripprefix.prefixes={{ matrix_dimension_container_labels_traefik_path_prefix }}
+{% set middlewares = middlewares + ['matrix-dimension-strip-prefix'] %}
+{% endif %}
+
+{% if matrix_dimension_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
+{% for name, value in matrix_dimension_container_labels_traefik_additional_response_headers.items() %}
+traefik.http.middlewares.matrix-dimension-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
+{% endfor %}
+{% set middlewares = middlewares + ['matrix-dimension-add-headers'] %}
+{% endif %}
+
+traefik.http.routers.matrix-dimension.rule={{ matrix_dimension_container_labels_traefik_rule }}
+{% if matrix_dimension_container_labels_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-dimension.priority={{ matrix_dimension_container_labels_traefik_priority }}
+{% endif %}
+traefik.http.routers.matrix-dimension.service=matrix-dimension
+{% if middlewares | length > 0 %}
+traefik.http.routers.matrix-dimension.middlewares={{ middlewares | join(',') }}
+{% endif %}
+traefik.http.routers.matrix-dimension.entrypoints={{ matrix_dimension_container_labels_traefik_entrypoints }}
+traefik.http.routers.matrix-dimension.tls={{ matrix_dimension_container_labels_traefik_tls | to_json }}
+{% if matrix_dimension_container_labels_traefik_tls %}
+traefik.http.routers.matrix-dimension.tls.certResolver={{ matrix_dimension_container_labels_traefik_tls_certResolver }}
+{% endif %}
+
+traefik.http.services.matrix-dimension.loadbalancer.server.port=8184
+{% endif %}
+
+{{ matrix_dimension_container_labels_additional_labels }}
--- a/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2
+++ b/roles/custom/matrix-dimension/templates/systemd/matrix-dimension.service.j2
@ -21,25 +21,35 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s
 ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_sqlite_database_path_local }}
 {% endif %}

-ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-dimension \
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+			--rm \
+			--name=matrix-dimension \
 			--log-driver=none \
 			--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
 			--cap-drop=ALL \
-			--network={{ matrix_docker_network }} \
+			--network={{ matrix_dimension_container_network }} \
 			{% if matrix_dimension_widgets_allow_self_signed_ssl_certificates %}
 			-e NODE_TLS_REJECT_UNAUTHORIZED=0 \
 			{% endif %}
 			{% if matrix_dimension_container_http_host_bind_port %}
 			-p {{ matrix_dimension_container_http_host_bind_port }}:8184 \
 			{% endif %}
+			--label-file={{ matrix_dimension_base_path }}/labels \
 			--mount type=bind,src={{ matrix_dimension_base_path }},dst=/data \
 			{% for arg in matrix_dimension_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
 			{{ matrix_dimension_docker_image }}

+{% for network in matrix_dimension_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-dimension
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-dimension
+
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-dimension 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dimension 2>/dev/null || true'
+
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-dimension