mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-06-26 11:17:51 +02:00
Merge branch 'master' into element-call-integration
This commit is contained in:
Slavi Pantaleev
@ -1,3 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2020 - 2022 Aaron Raimist
|
||||
# SPDX-FileCopyrightText: 2020 - 2024 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2020 - 2025 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2020 Dan Arnfield
|
||||
# SPDX-FileCopyrightText: 2021 Ahmad Haghighi
|
||||
# SPDX-FileCopyrightText: 2021 Paul Tötterman
|
||||
# SPDX-FileCopyrightText: 2022 - 2023 Julian-Samuel Gebühr
|
||||
# SPDX-FileCopyrightText: 2022 - 2025 Nikita Chernyi
|
||||
# SPDX-FileCopyrightText: 2022 Christos Karamolegkos
|
||||
# SPDX-FileCopyrightText: 2022 Joe Kappus
|
||||
# SPDX-FileCopyrightText: 2022 Marko Weltzer
|
||||
# SPDX-FileCopyrightText: 2023 Igor Goldenberg
|
||||
# SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
|
||||
# SPDX-FileCopyrightText: 2023 Samuel Meenzen
|
||||
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
---
|
||||
# Project source code URL: https://github.com/element-hq/element-web
|
||||
|
||||
@ -10,11 +28,13 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
|
||||
# - https://github.com/element-hq/element-web/issues/19544
|
||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||
|
||||
# renovate: datasource=docker depName=vectorim/element-web
|
||||
matrix_client_element_version: v1.11.86
|
||||
# renovate: datasource=docker depName=ghcr.io/element-hq/element-web
|
||||
matrix_client_element_version: v1.11.95
|
||||
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_registry_prefix }}element-hq/element-web:{{ matrix_client_element_version }}"
|
||||
matrix_client_element_docker_image_registry_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_client_element_docker_image_registry_prefix_upstream }}"
|
||||
matrix_client_element_docker_image_registry_prefix_upstream: "{{ matrix_client_element_docker_image_registry_prefix_upstream_default }}"
|
||||
matrix_client_element_docker_image_registry_prefix_upstream_default: ghcr.io/
|
||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
|
||||
@ -28,9 +48,16 @@ matrix_client_element_container_network: ''
|
||||
# Use this to expose this container to a reverse proxy, which runs in a different container network.
|
||||
matrix_client_element_container_additional_networks: []
|
||||
|
||||
# Controls the in-container port that Element will use.
|
||||
#
|
||||
# Also see: `matrix_client_element_container_http_host_bind_port`
|
||||
matrix_client_element_container_port: 8080
|
||||
|
||||
# Controls whether the matrix-client-element container exposes its HTTP port (tcp/8080 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
|
||||
#
|
||||
# Also see: `matrix_client_element_container_port`
|
||||
matrix_client_element_container_http_host_bind_port: ''
|
||||
|
||||
# matrix_client_element_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
||||
@ -83,6 +110,14 @@ matrix_client_element_container_extra_arguments: []
|
||||
# List of systemd services that matrix-client-element.service depends on
|
||||
matrix_client_element_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
|
||||
|
||||
# Controls the healthcheck command for the container.
|
||||
#
|
||||
# Leave empty to use the default (upstream) command.
|
||||
#
|
||||
# The default command is a patch until https://github.com/element-hq/element-web/pull/29471
|
||||
# lands in a release.
|
||||
matrix_client_element_container_healthcheck_cmd: "wget -q --spider http://localhost:$ELEMENT_WEB_PORT/config.json"
|
||||
|
||||
# Specifies the value of the `X-XSS-Protection` header
|
||||
# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
|
||||
#
|
||||
@ -255,7 +290,7 @@ matrix_client_element_self_check_validate_certificates: true
|
||||
# don't show the registration button on welcome page
|
||||
matrix_client_element_registration_enabled: false
|
||||
|
||||
# Default country code on welcome page when login by phone number
|
||||
# An optional ISO 3166 alpha2 country code (eg: GB, the default) to use when showing phone number inputs
|
||||
matrix_client_element_default_country_code: "GB"
|
||||
|
||||
# Controls whether presence will be enabled
|
||||
@ -379,3 +414,19 @@ matrix_client_element_location_sharing_map_style_content_sources_localsource_til
|
||||
# matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution: "© <a href=\"https://www.openstreetmap.org/copyright\" target=\"_blank\">OpenStreetMap</a> contributors"
|
||||
# Leave blank, if map does not require attribution.
|
||||
matrix_client_element_location_sharing_map_style_content_sources_localsource_attribution: ""
|
||||
|
||||
# Optional URL to redirect the user to after they have logged out.
|
||||
# See https://github.com/element-hq/element-web/blob/develop/docs/config.md#sso-setup
|
||||
matrix_client_element_logout_redirect_url: ''
|
||||
|
||||
# Controls the `ELEMENT_WEB_PORT` environment variable.
|
||||
matrix_client_element_environment_variable_element_web_port: "{{ matrix_client_element_container_port }}"
|
||||
|
||||
# Additional environment variables to pass to the container.
|
||||
#
|
||||
# Environment variables take priority over settings in the configuration file.
|
||||
#
|
||||
# Example:
|
||||
# matrix_client_element_environment_variables_extension: |
|
||||
# ELEMENT_WEB_PORT=8080
|
||||
matrix_client_element_environment_variables_extension: ''
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2020 - 2023 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2022 Marko Weltzer
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
---
|
||||
|
||||
- tags:
|
||||
|
||||
@ -1,3 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2020 - 2023 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2022 Marko Weltzer
|
||||
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
---
|
||||
|
||||
#
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2022 Marko Weltzer
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
---
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
|
||||
@ -1,3 +1,14 @@
|
||||
# SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2022 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2022 Marko Weltzer
|
||||
# SPDX-FileCopyrightText: 2022 Nikita Chernyi
|
||||
# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
|
||||
# SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
|
||||
# SPDX-FileCopyrightText: 2024 David Mehren
|
||||
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
---
|
||||
|
||||
- name: Ensure Element Web paths exists
|
||||
@ -84,12 +95,17 @@
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
|
||||
- {src: "{{ role_path }}/templates/labels.j2", name: "labels"}
|
||||
- {src: "{{ role_path }}/templates/env.j2", name: "env"}
|
||||
- {src: "{{ matrix_client_element_page_template_welcome_path }}", name: "welcome.html"}
|
||||
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
|
||||
when: "item.src is not none"
|
||||
|
||||
- name: Ensure Element Web nginx.conf file is removed
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_client_element_data_path }}/nginx.conf"
|
||||
state: absent
|
||||
|
||||
- name: Ensure Element Web config files removed
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"
|
||||
|
||||
@ -1,3 +1,10 @@
|
||||
# SPDX-FileCopyrightText: 2021 - 2023 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2022 Marko Weltzer
|
||||
# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
|
||||
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
---
|
||||
|
||||
- name: Check existence of matrix-client-element.service
|
||||
|
||||
@ -1,3 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2020 - 2025 Slavi Pantaleev
|
||||
# SPDX-FileCopyrightText: 2022 MDAD project contributors
|
||||
# SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
---
|
||||
|
||||
- name: Fail if required Element Web settings not defined
|
||||
@ -23,7 +29,7 @@
|
||||
msg: >-
|
||||
Riot has been renamed to Element (https://element.io/blog/welcome-to-element/).
|
||||
The playbook will migrate your existing configuration and data automatically, but you need to adjust variable names.
|
||||
Please change your configuration (vars.yml) to rename all riot-web variables (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
|
||||
Also note that DNS configuration changes may be necessary.
|
||||
when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
|
||||
with_items:
|
||||
@ -33,7 +39,7 @@
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
|
||||
when: "item.old in vars"
|
||||
with_items:
|
||||
- {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'}
|
||||
@ -45,6 +51,7 @@
|
||||
- {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'}
|
||||
- {'old': 'matrix_client_element_jitsi_preferredDomain', 'new': 'matrix_client_element_jitsi_preferred_domain'}
|
||||
- {'old': 'matrix_client_element_welcome_user_id', 'new': '<removed>'}
|
||||
- {'old': 'matrix_client_element_docker_image_name_prefix', 'new': 'matrix_client_element_docker_image_registry_prefix'}
|
||||
|
||||
- when: matrix_client_element_container_labels_traefik_enabled | bool
|
||||
block:
|
||||
|
||||
@ -40,6 +40,7 @@
|
||||
{% if matrix_client_element_location_sharing_enabled %}
|
||||
"map_style_url": {{ matrix_client_element_map_style_url | to_json }},
|
||||
{% endif %}
|
||||
"logout_redirect_url": {{ matrix_client_element_logout_redirect_url | to_json }},
|
||||
"branding": {
|
||||
"auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }},
|
||||
"auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }},
|
||||
|
||||
@ -0,0 +1,6 @@
|
||||
SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
|
||||
SPDX-FileCopyrightText: 2020 Aaron Raimist
|
||||
SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2023 Igor Goldenberg
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
9
roles/custom/matrix-client-element/templates/env.j2
Normal file
9
roles/custom/matrix-client-element/templates/env.j2
Normal file
@ -0,0 +1,9 @@
|
||||
{#
|
||||
SPDX-FileCopyrightText: 2025 Slavi Pantaleev
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
#}
|
||||
|
||||
ELEMENT_WEB_PORT={{ matrix_client_element_environment_variable_element_web_port }}
|
||||
|
||||
{{ matrix_client_element_environment_variables_extension }}
|
||||
@ -1,3 +1,9 @@
|
||||
{#
|
||||
SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
#}
|
||||
|
||||
{% if matrix_client_element_container_labels_traefik_enabled %}
|
||||
traefik.enable=true
|
||||
|
||||
|
||||
@ -0,0 +1,3 @@
|
||||
SPDX-FileCopyrightText: 2022 MDAD project contributors
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
@ -1,66 +0,0 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# This is a custom nginx configuration file that we use in the container (instead of the default one),
|
||||
# because it allows us to run nginx with a non-root user.
|
||||
#
|
||||
# For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed.
|
||||
# (mounting `/dev/null` over `/etc/nginx/conf.d/default.conf` works well)
|
||||
#
|
||||
# The following changes have been done compared to a default nginx configuration file:
|
||||
# - default server port is changed (80 -> 8080), so that a non-root user can bind it
|
||||
# - various temp paths are changed to `/tmp`, so that a non-root user can write to them
|
||||
# - the `user` directive was removed, as we don't want nginx to switch users
|
||||
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
proxy_temp_path /tmp/proxy_temp;
|
||||
client_body_temp_path /tmp/client_temp;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
server_name localhost;
|
||||
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
location / {
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
location ~* ^/(config(.+)?\.json$|(.+)\.html$|i18n) {
|
||||
expires -1;
|
||||
}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -10,9 +10,13 @@ DefaultDependencies=no
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
|
||||
|
||||
{#
|
||||
The custom healthcheck command is a patch until https://github.com/element-hq/element-web/pull/29471
|
||||
lands in a release.
|
||||
#}
|
||||
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||
--rm \
|
||||
--name=matrix-client-element \
|
||||
@ -22,11 +26,15 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||
--read-only \
|
||||
--network={{ matrix_client_element_container_network }} \
|
||||
{% if matrix_client_element_container_http_host_bind_port %}
|
||||
-p {{ matrix_client_element_container_http_host_bind_port }}:8080 \
|
||||
-p {{ matrix_client_element_container_http_host_bind_port }}:{{ matrix_client_element_container_port }} \
|
||||
{% endif %}
|
||||
--label-file={{ matrix_client_element_data_path }}/labels \
|
||||
--env-file={{ matrix_client_element_data_path }}/env \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
|
||||
--tmpfs=/var/cache/nginx:rw,mode=777 \
|
||||
--tmpfs=/var/run:rw,mode=777 \
|
||||
--tmpfs=/tmp/element-web-config:rw,mode=777 \
|
||||
--tmpfs=/etc/nginx/conf.d:rw,mode=777 \
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \
|
||||
{% if matrix_client_element_location_sharing_enabled %}
|
||||
@ -36,6 +44,9 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_client_element_data_path }}/welcome.html,dst=/app/welcome.html,ro \
|
||||
{% if matrix_client_element_container_healthcheck_cmd %}
|
||||
--health-cmd="{{ matrix_client_element_container_healthcheck_cmd }}" \
|
||||
{% endif %}
|
||||
{% for arg in matrix_client_element_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
@ -47,7 +58,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
|
||||
|
||||
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-element
|
||||
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
|
||||
|
||||
Restart=always
|
||||
|
||||
@ -0,0 +1,5 @@
|
||||
SPDX-FileCopyrightText: 2020 - 2025 Slavi Pantaleev
|
||||
SPDX-FileCopyrightText: 2022 MDAD project contributors
|
||||
SPDX-FileCopyrightText: 2024 Suguru Hirahara
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
@ -0,0 +1,9 @@
|
||||
SPDX-FileCopyrightText: 2019 Daniel Hoffend
|
||||
SPDX-FileCopyrightText: 2019 Hugues De Keyzer
|
||||
SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
|
||||
SPDX-FileCopyrightText: 2020 Clement Renaud
|
||||
SPDX-FileCopyrightText: 2020 Stefan Warnat
|
||||
SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
|
||||
SPDX-FileCopyrightText: 2024 MDAD project contributors
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
@ -1,3 +1,7 @@
|
||||
# SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
---
|
||||
|
||||
matrix_client_element_embedded_pages_home_url: "{{ ('' if matrix_client_element_embedded_pages_home_path is none else 'home.html') }}"
|
||||
|
||||
Reference in New Issue
Block a user