add FluffyChat (#4068)

* add FluffyChat

* capitalization

* Update group_vars/matrix_servers

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* fix link in readme

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

README.md

@@ -65,6 +65,7 @@ Web clients for Matrix that you can host on your own domains.
 | [Hydrogen](https://github.com/element-hq/hydrogen-web) | ❌ | Lightweight Matrix client with legacy and mobile browser support | [Link](docs/configuring-playbook-client-hydrogen.md) |
 | [Cinny](https://github.com/ajbura/cinny) |  ❌ | Simple, elegant and secure web client | [Link](docs/configuring-playbook-client-cinny.md) |
 | [SchildiChat Web](https://schildi.chat/) | ❌ | Based on Element Web, with a more traditional instant messaging experience | [Link](docs/configuring-playbook-client-schildichat-web.md) |
+| [FluffyChat Web](https://fluffychat.im/) | ❌ | The cutest messenger in Matrix | [Link](docs/configuring-playbook-client-fluffychat-web.md) |
 
 ### Server Components
 

docs/configuring-playbook-client-fluffychat-web.md

@@ -0,0 +1,59 @@
+# Setting up FluffyChat Web (optional)
+
+The playbook can install and configure the [FluffyChat Web](https://github.com/krille-chan/fluffychat) Matrix client for you.
+
+FluffyChat Web is a cute messenger for Matrix based.
+
+💡 **Note**: the latest version of FluffyChat Web is also available on the web, hosted by 3rd parties. If you trust giving your credentials to the following 3rd party Single Page Application, you can consider using it from there:
+
+- [fluffychat.im](https://fluffychat.im/web), hosted by the [FluffyChat](https://fluffychat.im/) developers
+
+## Adjusting DNS records
+
+By default, this playbook installs FluffyChat Web on the `fluffychat.` subdomain (`fluffychat.example.com`) and requires you to create a CNAME record for `fluffychat`, which targets `matrix.example.com`.
+
+When setting, replace `example.com` with your own.
+
+## Adjusting the playbook configuration
+
+To enable FluffyChat Web, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
+
+```yaml
+matrix_client_fluffychat_enabled: true
+```
+
+### Adjusting the FluffyChat Web URL (optional)
+
+By tweaking the `matrix_client_fluffychat_hostname` and `matrix_client_fluffychat_path_prefix` variables, you can easily make the service available at a **different hostname and/or path** than the default one.
+
+Example additional configuration for your `vars.yml` file:
+
+```yaml
+# Switch to the domain used for Matrix services (`matrix.example.com`),
+# so we won't need to add additional DNS records for FluffyChat Web.
+matrix_client_fluffychat_hostname: "{{ matrix_server_fqn_matrix }}"
+
+# Expose under the /fluffychat subpath
+matrix_client_fluffychat_path_prefix: /fluffychat
+```
+
+After changing the domain, **you may need to adjust your DNS** records to point the FluffyChat Web domain to the Matrix server.
+
+If you've decided to reuse the `matrix.` domain, you won't need to do any extra DNS configuration.
+
+## Installing
+
+After configuring the playbook and potentially [adjusting your DNS records](#adjusting-dns-records), run the playbook with [playbook tags](playbook-tags.md) as below:
+
+<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
+```sh
+ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+```
+
+The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
+
+`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
+
+## Troubleshooting
+
+As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-client-fluffychat`.

group_vars/matrix_servers

@@ -376,6 +376,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-client-schildichat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'schildichat', 'client-schildichat']}] if matrix_client_schildichat_enabled else [])
     +
+    ([{'name': 'matrix-client-fluffychat.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'fluffychat', 'client-fluffychat']}] if matrix_client_fluffychat_enabled else [])
+    +
     ([{'name': ('matrix-' + matrix_homeserver_implementation + '.service'), 'priority': 1000, 'groups': ['matrix', 'homeservers', matrix_homeserver_implementation]}] if matrix_homeserver_enabled else [])
     +
     ([{'name': 'matrix-corporal.service', 'priority': 1500, 'groups': ['matrix', 'corporal']}] if matrix_corporal_enabled else [])
@@ -4524,6 +4526,37 @@ matrix_client_schildichat_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-client-fluffychat
+#
+######################################################################
+
+matrix_client_fluffychat_enabled: false
+
+matrix_client_fluffychat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+
+matrix_client_fluffychat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+
+matrix_client_fluffychat_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '8770') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
+
+matrix_client_fluffychat_container_network: "{{ matrix_addons_container_network }}"
+
+matrix_client_fluffychat_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_client_fluffychat_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"
+
+matrix_client_fluffychat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
+matrix_client_fluffychat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+matrix_client_fluffychat_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
+matrix_client_fluffychat_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
+
+matrix_client_fluffychat_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
+
+######################################################################
+#
+# /matrix-client-fluffychat
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-synapse

roles/custom/matrix-base/defaults/main.yml

@@ -80,6 +80,9 @@ matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
 # This is where you access the SchildiChat Web from (if enabled via matrix_client_schildichat_enabled; disabled by default).
 matrix_server_fqn_schildichat: "schildichat.{{ matrix_domain }}"
 
+# This is where you access the FluffyChat Web from (if enabled via matrix_client_fluffychat_enabled; disabled by default).
+matrix_server_fqn_fluffychat: "fluffychat.{{ matrix_domain }}"
+
 # This is where you access the Buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default).
 matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
 

roles/custom/matrix-client-fluffychat/defaults/main.yml

@@ -0,0 +1,137 @@
+---
+# Project source code URL: https://github.com/krille-chan/fluffychat
+
+matrix_client_fluffychat_enabled: true
+
+matrix_client_fluffychat_container_image_self_build: false
+matrix_client_fluffychat_container_image_self_build_repo: "https://github.com/etkecc/fluffychat-web.git"
+matrix_client_fluffychat_container_image_self_build_version: "{{ 'main' if matrix_client_fluffychat_version == 'latest' else matrix_client_fluffychat_version }}"
+
+# renovate: datasource=docker depName=ghcr.io/etkecc/fluffychat-web
+matrix_client_fluffychat_version: v1.24.0
+matrix_client_fluffychat_docker_image: "{{ matrix_client_fluffychat_docker_image_name_prefix }}etkecc/fluffychat-web:{{ matrix_client_fluffychat_version }}"
+matrix_client_fluffychat_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_fluffychat_container_image_self_build else 'ghcr.io/' }}"
+matrix_client_fluffychat_docker_image_force_pull: "{{ matrix_client_fluffychat_docker_image.endswith(':latest') }}"
+
+matrix_client_fluffychat_data_path: "{{ matrix_base_data_path }}/client-fluffychat"
+matrix_client_fluffychat_container_src_files_path: "{{ matrix_client_fluffychat_data_path }}/docker-src"
+
+# The base container network
+matrix_client_fluffychat_container_network: ''
+
+# A list of additional container networks that the container would be connected to.
+# The role does not create these networks, so make sure they already exist.
+# Use this to expose this container to a reverse proxy, which runs in a different container network.
+matrix_client_fluffychat_container_additional_networks: []
+
+# Controls whether the matrix-client-fluffychat container exposes its HTTP port (tcp/8080 in the container).
+#
+# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8765"), or empty string to not expose.
+matrix_client_fluffychat_container_http_host_bind_port: ''
+
+# matrix_client_fluffychat_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
+# See `../templates/labels.j2` for details.
+#
+# To inject your own other container labels, see `matrix_client_fluffychat_container_labels_additional_labels`.
+matrix_client_fluffychat_container_labels_traefik_enabled: true
+matrix_client_fluffychat_container_labels_traefik_docker_network: "{{ matrix_client_fluffychat_container_network }}"
+matrix_client_fluffychat_container_labels_traefik_hostname: "{{ matrix_client_fluffychat_hostname }}"
+# The path prefix must either be `/` or not end with a slash (e.g. `/fluffychat`).
+matrix_client_fluffychat_container_labels_traefik_path_prefix: "{{ matrix_client_fluffychat_path_prefix }}"
+matrix_client_fluffychat_container_labels_traefik_rule: "Host(`{{ matrix_client_fluffychat_container_labels_traefik_hostname }}`){% if matrix_client_fluffychat_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_client_fluffychat_container_labels_traefik_path_prefix }}`){% endif %}"
+matrix_client_fluffychat_container_labels_traefik_priority: 0
+matrix_client_fluffychat_container_labels_traefik_entrypoints: web-secure
+matrix_client_fluffychat_container_labels_traefik_tls: "{{ matrix_client_fluffychat_container_labels_traefik_entrypoints != 'web' }}"
+matrix_client_fluffychat_container_labels_traefik_tls_certResolver: default  # noqa var-naming
+
+# Controls which additional headers to attach to all HTTP responses.
+# To add your own headers, use `matrix_client_fluffychat_container_labels_traefik_additional_response_headers_custom`
+matrix_client_fluffychat_container_labels_traefik_additional_response_headers: "{{ matrix_client_fluffychat_container_labels_traefik_additional_response_headers_auto | combine(matrix_client_fluffychat_container_labels_traefik_additional_response_headers_custom) }}"
+matrix_client_fluffychat_container_labels_traefik_additional_response_headers_auto: |
+  {{
+    {}
+    | combine ({'X-XSS-Protection': matrix_client_fluffychat_http_header_xss_protection} if matrix_client_fluffychat_http_header_xss_protection else {})
+    | combine ({'X-Frame-Options': matrix_client_fluffychat_http_header_frame_options} if matrix_client_fluffychat_http_header_frame_options else {})
+    | combine ({'X-Content-Type-Options': matrix_client_fluffychat_http_header_content_type_options} if matrix_client_fluffychat_http_header_content_type_options else {})
+    | combine ({'Content-Security-Policy': matrix_client_fluffychat_http_header_content_security_policy} if matrix_client_fluffychat_http_header_content_security_policy else {})
+    | combine ({'Permission-Policy': matrix_client_fluffychat_http_header_content_permission_policy} if matrix_client_fluffychat_http_header_content_permission_policy else {})
+    | combine ({'Strict-Transport-Security': matrix_client_fluffychat_http_header_strict_transport_security} if matrix_client_fluffychat_http_header_strict_transport_security and matrix_client_fluffychat_container_labels_traefik_tls else {})
+  }}
+matrix_client_fluffychat_container_labels_traefik_additional_response_headers_custom: {}
+
+# matrix_client_fluffychat_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
+# See `../templates/labels.j2` for details.
+#
+# Example:
+# matrix_client_fluffychat_container_labels_additional_labels: |
+#   my.label=1
+#   another.label="here"
+matrix_client_fluffychat_container_labels_additional_labels: ''
+
+# A list of extra arguments to pass to the container
+matrix_client_fluffychat_container_extra_arguments: []
+
+# List of systemd services that matrix-client-fluffychat.service depends on
+matrix_client_fluffychat_systemd_required_services_list: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
+
+# Specifies the value of the `X-XSS-Protection` header
+# Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
+#
+# Learn more about it is here:
+# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+# - https://portswigger.net/web-security/cross-site-scripting/reflected
+matrix_client_fluffychat_http_header_xss_protection: "1; mode=block"
+
+# Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+matrix_client_fluffychat_http_header_frame_options: SAMEORIGIN
+
+# Specifies the value of the `X-Content-Type-Options` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+matrix_client_fluffychat_http_header_content_type_options: nosniff
+
+# Specifies the value of the `Content-Security-Policy` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+matrix_client_fluffychat_http_header_content_security_policy: frame-ancestors 'self'
+
+# Specifies the value of the `Permission-Policy` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
+matrix_client_fluffychat_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_client_fluffychat_floc_optout_enabled else '' }}"
+
+# Specifies the value of the `Strict-Transport-Security` header.
+# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+matrix_client_fluffychat_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_client_fluffychat_hsts_preload_enabled else '' }}"
+
+# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
+#
+# Learn more about what it is here:
+# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
+# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
+# - https://amifloced.org/
+#
+# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
+# See: `matrix_client_fluffychat_content_permission_policy`
+matrix_client_fluffychat_floc_optout_enabled: true
+
+# Controls if HSTS preloading is enabled
+#
+# In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and
+# indicates a willingness to be "preloaded" into browsers:
+# `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
+# For more information visit:
+# - https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
+# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+# - https://hstspreload.org/#opt-in
+# See: `matrix_client_fluffychat_http_header_strict_transport_security`
+matrix_client_fluffychat_hsts_preload_enabled: false
+
+matrix_client_fluffychat_scheme: https
+# The hostname at which FluffyChat Web is served.
+matrix_client_fluffychat_hostname: "{{ matrix_server_fqn_fluffychat }}"
+
+# The path at which FluffyChat Web is exposed.
+# This value must either be `/` or not end with a slash (e.g. `/fluffychat`).
+matrix_client_fluffychat_path_prefix: /
+
+# Controls whether the self-check feature should validate SSL certificates.
+matrix_client_fluffychat_self_check_validate_certificates: true

roles/custom/matrix-client-fluffychat/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+
+- tags:
+    - setup-all
+    - setup-client-fluffychat
+    - install-all
+    - install-client-fluffychat
+  block:
+    - when: matrix_client_fluffychat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
+
+    - when: matrix_client_fluffychat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
+
+- tags:
+    - setup-all
+    - setup-client-fluffychat
+  block:
+    - when: not matrix_client_fluffychat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+
+- tags:
+    - self-check
+  block:
+    - when: matrix_client_fluffychat_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check.yml"

roles/custom/matrix-client-fluffychat/tasks/self_check.yml

@@ -0,0 +1,24 @@
+---
+
+- ansible.builtin.set_fact:
+    matrix_client_fluffychat_url_endpoint_public: "{{ matrix_client_fluffychat_scheme }}://{{ matrix_client_fluffychat_hostname }}/"
+
+- name: Check FluffyChat Web
+  ansible.builtin.uri:
+    url: "{{ matrix_client_fluffychat_url_endpoint_public }}"
+    follow_redirects: none
+    validate_certs: "{{ matrix_client_fluffychat_self_check_validate_certificates }}"
+  register: matrix_client_fluffychat_self_check_result
+  check_mode: false
+  ignore_errors: true
+  delegate_to: 127.0.0.1
+  become: false
+
+- name: Fail if FluffyChat Web not working
+  ansible.builtin.fail:
+    msg: "Failed checking FluffyChat Web is up at `{{ matrix_server_fqn_fluffychat }}` (checked endpoint: `{{ matrix_client_fluffychat_url_endpoint_public }}`). Is FluffyChat Web running? Is port 443 open in your firewall? Full error: {{ matrix_client_fluffychat_self_check_result }}"
+  when: "matrix_client_fluffychat_self_check_result.failed or 'json' not in matrix_client_fluffychat_self_check_result"
+
+- name: Report working FluffyChat Web
+  ansible.builtin.debug:
+    msg: "FluffyChat Web at `{{ matrix_server_fqn_fluffychat }}` is working (checked endpoint: `{{ matrix_client_fluffychat_url_endpoint_public }}`)"

roles/custom/matrix-client-fluffychat/tasks/setup_install.yml

@@ -0,0 +1,70 @@
+---
+
+- name: Ensure FluffyChat Web paths exists
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {path: "{{ matrix_client_fluffychat_data_path }}", when: true}
+    - {path: "{{ matrix_client_fluffychat_container_src_files_path }}", when: "{{ matrix_client_fluffychat_container_image_self_build }}"}
+  when: "item.when | bool"
+
+- name: Ensure FluffyChat Web container image is pulled
+  community.docker.docker_image:
+    name: "{{ matrix_client_fluffychat_docker_image }}"
+    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
+    force_source: "{{ matrix_client_fluffychat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_fluffychat_docker_image_force_pull }}"
+  when: "not matrix_client_fluffychat_container_image_self_build | bool"
+  register: result
+  retries: "{{ devture_playbook_help_container_retries_count }}"
+  delay: "{{ devture_playbook_help_container_retries_delay }}"
+  until: result is not failed
+
+- when: "matrix_client_fluffychat_container_image_self_build | bool"
+  block:
+    - name: Ensure FluffyChat Web repository is present on self-build
+      ansible.builtin.git:
+        repo: "{{ matrix_client_fluffychat_container_image_self_build_repo }}"
+        dest: "{{ matrix_client_fluffychat_container_src_files_path }}"
+        version: "{{ matrix_client_fluffychat_container_image_self_build_version }}"
+        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
+      register: matrix_client_fluffychat_git_pull_results
+
+    - name: Ensure FluffyChat Web container image is built
+      ansible.builtin.command:
+        cmd: |-
+          {{ devture_systemd_docker_base_host_command_docker }} buildx build
+          --tag={{ matrix_client_fluffychat_docker_image }}
+          --file={{ matrix_client_fluffychat_container_src_files_path }}/Dockerfile
+          {{ matrix_client_fluffychat_container_src_files_path }}
+      changed_when: true
+
+- name: Ensure FluffyChat Web config files installed
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ matrix_client_fluffychat_data_path }}/{{ item.name }}"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - {src: "{{ role_path }}/templates/labels.j2", name: "labels"}
+  when: "item.src is not none"
+
+- name: Ensure FluffyChat Web container network is created
+  community.general.docker_network:
+    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
+    name: "{{ matrix_client_fluffychat_container_network }}"
+    driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
+
+- name: Ensure matrix-client-fluffychat.service installed
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/systemd/matrix-client-fluffychat.service.j2"
+    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-fluffychat.service"
+    mode: 0644

roles/custom/matrix-client-fluffychat/tasks/setup_uninstall.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Check existence of matrix-client-fluffychat.service
+  ansible.builtin.stat:
+    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-fluffychat.service"
+  register: matrix_client_fluffychat_service_stat
+
+- when: matrix_client_fluffychat_service_stat.stat.exists | bool
+  block:
+    - name: Ensure matrix-client-fluffychat is stopped
+      ansible.builtin.service:
+        name: matrix-client-fluffychat
+        state: stopped
+        enabled: false
+        daemon_reload: true
+
+    - name: Ensure matrix-client-fluffychat.service doesn't exist
+      ansible.builtin.file:
+        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-client-fluffychat.service"
+        state: absent
+
+    - name: Ensure FluffyChat Web path doesn't exist
+      ansible.builtin.file:
+        path: "{{ matrix_client_fluffychat_data_path }}"
+        state: absent

roles/custom/matrix-client-fluffychat/tasks/validate_config.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Fail if required FluffyChat Web settings not defined
+  ansible.builtin.fail:
+    msg: >
+      You need to define a required configuration setting (`{{ item }}`) for using FluffyChat Web.
+  when: "vars[item] == ''"
+  with_items:
+    - matrix_client_fluffychat_container_network
+
+- when: matrix_client_fluffychat_container_labels_traefik_enabled | bool
+  block:
+    - name: Fail if required matrix-client-fluffychat Traefik settings not defined
+      ansible.builtin.fail:
+        msg: >-
+          You need to define a required configuration setting (`{{ item }}`).
+      when: "vars[item] == ''"
+      with_items:
+        - matrix_client_fluffychat_container_labels_traefik_hostname
+        - matrix_client_fluffychat_container_labels_traefik_path_prefix
+
+    # We ensure it doesn't end with a slash, because we handle both (slash and no-slash).
+    # Knowing that `matrix_client_fluffychat_container_labels_traefik_path_prefix` does not end with a slash
+    # ensures we know how to set these routes up without having to do "does it end with a slash" checks elsewhere.
+    - name: Fail if matrix_client_fluffychat_container_labels_traefik_path_prefix ends with a slash
+      ansible.builtin.fail:
+        msg: >-
+          matrix_client_fluffychat_container_labels_traefik_path_prefix (`{{ matrix_client_fluffychat_container_labels_traefik_path_prefix }}`) must either be `/` or not end with a slash (e.g. `/fluffychat`).
+      when: "matrix_client_fluffychat_container_labels_traefik_path_prefix != '/' and matrix_client_fluffychat_container_labels_traefik_path_prefix[-1] == '/'"

roles/custom/matrix-client-fluffychat/templates/labels.j2

@@ -0,0 +1,46 @@
+{% if matrix_client_fluffychat_container_labels_traefik_enabled %}
+traefik.enable=true
+
+{% if matrix_client_fluffychat_container_labels_traefik_docker_network %}
+traefik.docker.network={{ matrix_client_fluffychat_container_labels_traefik_docker_network }}
+{% endif %}
+
+traefik.http.services.matrix-client-fluffychat.loadbalancer.server.port=8080
+
+{% set middlewares = [] %}
+
+{% if matrix_client_fluffychat_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-client-fluffychat-slashless-redirect.redirectregex.regex=({{ matrix_client_fluffychat_container_labels_traefik_path_prefix | quote }})$
+traefik.http.middlewares.matrix-client-fluffychat-slashless-redirect.redirectregex.replacement=${1}/
+{% set middlewares = middlewares + ['matrix-client-fluffychat-slashless-redirect'] %}
+{% endif %}
+
+{% if matrix_client_fluffychat_container_labels_traefik_path_prefix != '/' %}
+traefik.http.middlewares.matrix-client-fluffychat-strip-prefix.stripprefix.prefixes={{ matrix_client_fluffychat_container_labels_traefik_path_prefix }}
+{% set middlewares = middlewares + ['matrix-client-fluffychat-strip-prefix'] %}
+{% endif %}
+
+{% if matrix_client_fluffychat_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
+{% for name, value in matrix_client_fluffychat_container_labels_traefik_additional_response_headers.items() %}
+traefik.http.middlewares.matrix-client-fluffychat-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
+{% endfor %}
+{% set middlewares = middlewares + ['matrix-client-fluffychat-add-headers'] %}
+{% endif %}
+
+traefik.http.routers.matrix-client-fluffychat.rule={{ matrix_client_fluffychat_container_labels_traefik_rule }}
+{% if matrix_client_fluffychat_container_labels_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-client-fluffychat.priority={{ matrix_client_fluffychat_container_labels_traefik_priority }}
+{% endif %}
+traefik.http.routers.matrix-client-fluffychat.service=matrix-client-fluffychat
+{% if middlewares | length > 0 %}
+traefik.http.routers.matrix-client-fluffychat.middlewares={{ middlewares | join(',') }}
+{% endif %}
+traefik.http.routers.matrix-client-fluffychat.entrypoints={{ matrix_client_fluffychat_container_labels_traefik_entrypoints }}
+traefik.http.routers.matrix-client-fluffychat.tls={{ matrix_client_fluffychat_container_labels_traefik_tls | to_json }}
+{% if matrix_client_fluffychat_container_labels_traefik_tls %}
+traefik.http.routers.matrix-client-fluffychat.tls.certResolver={{ matrix_client_fluffychat_container_labels_traefik_tls_certResolver }}
+{% endif %}
+
+{% endif %}
+
+{{ matrix_client_fluffychat_container_labels_additional_labels }}

roles/custom/matrix-client-fluffychat/templates/systemd/matrix-client-fluffychat.service.j2

@@ -0,0 +1,48 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=Matrix FluffyChat Web server
+{% for service in matrix_client_fluffychat_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-fluffychat 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-fluffychat 2>/dev/null || true'
+
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
+			--rm \
+			--name=matrix-client-fluffychat \
+			--log-driver=none \
+			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+			--cap-drop=ALL \
+			--read-only \
+			--network={{ matrix_client_fluffychat_container_network }} \
+			{% if matrix_client_fluffychat_container_http_host_bind_port %}
+			-p {{ matrix_client_fluffychat_container_http_host_bind_port }}:8080 \
+			{% endif %}
+			--label-file={{ matrix_client_fluffychat_data_path }}/labels \
+			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
+			{% for arg in matrix_client_fluffychat_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
+			{{ matrix_client_fluffychat_docker_image }}
+
+{% for network in matrix_client_fluffychat_container_additional_networks %}
+ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-client-fluffychat
+{% endfor %}
+
+ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-fluffychat
+
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-fluffychat 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-fluffychat 2>/dev/null || true'
+
+Restart=always
+RestartSec=30
+SyslogIdentifier=matrix-client-fluffychat
+
+[Install]
+WantedBy=multi-user.target

setup.yml

@@ -117,6 +117,7 @@
     - custom/matrix-client-hydrogen
     - custom/matrix-client-cinny
     - custom/matrix-client-schildichat
+    - custom/matrix-client-fluffychat
     - galaxy/jitsi
     - custom/matrix-user-verification-service
     - custom/matrix-ldap-registration-proxy