diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1248b0d57..8447eb076 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -485,15 +485,6 @@ matrix_homeserver_container_federation_api_endpoint: |- }[matrix_homeserver_implementation] }} -matrix_homeserver_container_network: |- - {{ - { - 'synapse': (matrix_synapse_reverse_proxy_companion_container_network if matrix_synapse_reverse_proxy_companion_enabled else matrix_synapse_container_network), - 'dendrite': matrix_dendrite_container_network, - 'conduit': matrix_conduit_container_network, - }[matrix_homeserver_implementation] - }} - matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}" matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}" @@ -3785,6 +3776,8 @@ matrix_synapse_container_metrics_api_host_bind_port: "{{ (matrix_playbook_servic # For exposing the Synapse Manhole port (plain HTTP) to the local host. matrix_synapse_container_manhole_api_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9000') if matrix_synapse_metrics_enabled and matrix_playbook_service_host_bind_interface_prefix else '' }}" +matrix_synapse_container_network: "{{ matrix_homeserver_container_network }}" + matrix_synapse_container_additional_networks: | {{ ( @@ -4414,16 +4407,20 @@ matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_gener matrix_dendrite_enabled: "{{ matrix_homeserver_implementation == 'dendrite' }}" -# Normally, matrix-nginx-proxy is enabled and nginx can reach Dendrite over the container network. -# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, -# you can expose Dendrite's ports to the host. -# -# For exposing Dendrite's plain HTTP server to the local host. +matrix_dendrite_container_network: "{{ matrix_homeserver_container_network }}" + +matrix_dendrite_container_additional_networks: | + {{ + ( + ([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_container_network != matrix_dendrite_container_network and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else []) + ) + }} + matrix_dendrite_container_http_host_bind_address: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_dendrite_http_bind_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}" -# -# For exposing Dendrite's HTTPS server to the local host. matrix_dendrite_container_https_host_bind_address: "{{ '' if not matrix_dendrite_https_bind_port or not matrix_playbook_service_host_bind_interface_prefix else (matrix_playbook_service_host_bind_interface_prefix + matrix_dendrite_https_bind_port | string) }}" +matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" + matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}" matrix_dendrite_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" @@ -4452,11 +4449,9 @@ matrix_dendrite_self_check_validate_certificates: "{{ false if matrix_playbook_s matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else ['matrix.org', 'vector.im'] }}" -matrix_dendrite_systemd_required_services_list: | +matrix_dendrite_systemd_required_services_list_auto: | {{ - (['docker.service']) - + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else []) + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} @@ -4466,7 +4461,6 @@ matrix_dendrite_systemd_wanted_services_list: | (['matrix-coturn.service'] if matrix_coturn_enabled else []) }} -matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" ###################################################################### @@ -4475,6 +4469,7 @@ matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service # ###################################################################### + ###################################################################### # # matrix-conduit @@ -4483,10 +4478,7 @@ matrix_dendrite_app_service_config_files_auto: "{{ matrix_homeserver_app_service matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}" -matrix_conduit_systemd_required_services_list: | - {{ - (['docker.service']) - }} +matrix_conduit_container_network: "{{ matrix_homeserver_container_network }}" ###################################################################### # diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index b5cb15e5a..1905b170d 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -142,7 +142,7 @@ matrix_host_command_openssl: "/usr/bin/env openssl" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" # Specifies on which container network the homeserver is. -matrix_homeserver_container_network: "" +matrix_homeserver_container_network: "matrix-homeserver" # Specifies which systemd services are responsible for the homeserver matrix_homeserver_systemd_services_list: [] diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 5259837e4..24b9bd8ea 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -19,13 +19,16 @@ matrix_conduit_port_number: 6167 matrix_conduit_tmp_directory_size_mb: 500 # List of systemd services that matrix-conduit.service depends on -matrix_conduit_systemd_required_services_list: ["docker.service"] +matrix_conduit_systemd_required_services_list: "{{ matrix_conduit_systemd_required_services_list_default + matrix_conduit_systemd_required_services_list_auto + matrix_conduit_systemd_required_services_list_custom }}" +matrix_conduit_systemd_required_services_list_default: ["docker.service"] +matrix_conduit_systemd_required_services_list_auto: [] +matrix_conduit_systemd_required_services_list_custom: [] # List of systemd services that matrix-conduit.service wants matrix_conduit_systemd_wanted_services_list: [] # The base container network. It will be auto-created by this role if it doesn't exist already. -matrix_conduit_container_network: "{{ matrix_docker_network }}" +matrix_conduit_container_network: "" # A list of additional container networks that the container would be connected to. # The role does not create these networks, so make sure they already exist. diff --git a/roles/custom/matrix-conduit/tasks/main.yml b/roles/custom/matrix-conduit/tasks/main.yml index f48e385e0..d8389a5b9 100644 --- a/roles/custom/matrix-conduit/tasks/main.yml +++ b/roles/custom/matrix-conduit/tasks/main.yml @@ -6,6 +6,9 @@ - install-all - install-conduit block: + - when: matrix_conduit_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + - when: matrix_conduit_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" diff --git a/roles/custom/matrix-conduit/tasks/validate_config.yml b/roles/custom/matrix-conduit/tasks/validate_config.yml new file mode 100644 index 000000000..980fb6d6e --- /dev/null +++ b/roles/custom/matrix-conduit/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required Conduit settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_conduit_container_network', when: true} diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index e4b14a929..f5eaba34f 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -41,7 +41,7 @@ matrix_dendrite_http_bind_address: "{{ (':' + matrix_dendrite_http_bind_port | s matrix_dendrite_https_bind_address: "{{ (':' + matrix_dendrite_https_bind_port | string) if matrix_dendrite_https_bind_port else '' }}" # The base container network. It will be auto-created by this role if it doesn't exist already. -matrix_dendrite_container_network: "{{ matrix_docker_network }}" +matrix_dendrite_container_network: "" # A list of additional container networks that the container would be connected to. # The role does not create these networks, so make sure they already exist. @@ -80,7 +80,10 @@ matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_argumen matrix_dendrite_process_extra_arguments: [] # List of systemd services that matrix-dendrite.service depends on -matrix_dendrite_systemd_required_services_list: ["docker.service"] +matrix_dendrite_systemd_required_services_list: "{{ matrix_dendrite_systemd_required_services_list_default + matrix_dendrite_systemd_required_services_list_auto + matrix_dendrite_systemd_required_services_list_custom }}" +matrix_dendrite_systemd_required_services_list_default: ["docker.service"] +matrix_dendrite_systemd_required_services_list_auto: [] +matrix_dendrite_systemd_required_services_list_custom: [] # List of systemd services that matrix-dendrite.service wants matrix_dendrite_systemd_wanted_services_list: [] diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 5634864f2..504ac9fee 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -115,7 +115,7 @@ matrix_synapse_container_federation_api_tls_port: 8448 matrix_synapse_container_federation_api_plain_port: 8048 # The base container network. It will be auto-created by this role if it doesn't exist already. -matrix_synapse_container_network: "{{ matrix_docker_network }}" +matrix_synapse_container_network: '' # A list of additional container networks that the container would be connected to. # The role does not create these networks, so make sure they already exist.