mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-11-06 02:37:31 +01:00
Switch Docker image to official one
Switching from from avhost/docker-matrix (silviof/docker-matrix) to matrixdotorg/synapse. The avhost/docker-matrix (silviof/docker-matrix) image used to bundle in the coturn STUN/TURN server, so as part of the move, we're separating this to a separately-ran service (matrix-coturn.service, powered by instrumentisto/coturn-docker-image)
This commit is contained in:
parent
3af3ef48fc
commit
b3e62126db
@ -16,4 +16,8 @@ host_specific_matrix_ssl_support_email: YOUR_EMAIL_ADDRESS_HERE
|
||||
# (for configuration purposes).
|
||||
#
|
||||
# Example value: example.com
|
||||
host_specific_hostname_identity: YOUR_BARE_DOMAIN_NAME_HERE
|
||||
host_specific_hostname_identity: YOUR_BARE_DOMAIN_NAME_HERE
|
||||
|
||||
# A shared secret (between Synapse and Coturn) used for authentication.
|
||||
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
||||
matrix_coturn_turn_static_auth_secret: ""
|
@ -36,25 +36,34 @@ matrix_postgres_data_path: "{{ matrix_base_data_path }}/postgres"
|
||||
matrix_nginx_proxy_data_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
||||
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_data_path }}/conf.d"
|
||||
matrix_nginx_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
||||
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
|
||||
matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf"
|
||||
matrix_scratchpad_dir: "{{ matrix_base_data_path }}/scratchpad"
|
||||
|
||||
docker_postgres_image: "postgres:9.6.8-alpine"
|
||||
docker_matrix_image: "avhost/docker-matrix:v0.28.1"
|
||||
docker_matrix_image: "matrixdotorg/synapse:v0.30.0"
|
||||
docker_nginx_image: "nginx:1.13.12-alpine"
|
||||
docker_riot_image: "avhost/docker-matrix-riot:v0.14.2"
|
||||
docker_s3fs_image: "xueshanf/s3fs:latest"
|
||||
docker_goofys_image: "cloudproto/goofys:latest"
|
||||
docker_coturn_image: "instrumentisto/coturn:4.5.0.7"
|
||||
|
||||
# To avoid Synapse's macaroon secret key from changing every time
|
||||
# a new config is built from scratch, you can specify one here.
|
||||
matrix_synapse_macaroon_secret_key: null
|
||||
|
||||
|
||||
# A shared secret (between Synapse and Coturn) used for authentication.
|
||||
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
||||
matrix_coturn_turn_static_auth_secret: ""
|
||||
|
||||
# UDP port-range to use for TURN
|
||||
matrix_coturn_turn_udp_min_port: 49152
|
||||
matrix_coturn_turn_udp_max_port: 49172
|
||||
|
||||
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
|
||||
|
||||
|
||||
matrix_max_upload_size_mb: 10
|
||||
matrix_max_log_file_size_mb: 100
|
||||
matrix_max_log_files_count: 10
|
||||
|
@ -28,10 +28,16 @@
|
||||
- setup-main
|
||||
- setup-goofys
|
||||
|
||||
- include: tasks/setup_coturn.yml
|
||||
tags:
|
||||
- setup-main
|
||||
- setup-coturn
|
||||
|
||||
- include: tasks/setup_synapse.yml
|
||||
tags:
|
||||
- setup-main
|
||||
- setup-synapse
|
||||
- setup-coturn
|
||||
|
||||
- include: tasks/setup_riot_web.yml
|
||||
tags:
|
||||
|
42
roles/matrix-server/tasks/setup_coturn.yml
Normal file
42
roles/matrix-server/tasks/setup_coturn.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
|
||||
- name: Fail if Coturn secret is missing
|
||||
fail:
|
||||
msg: "You need to set a secret in the matrix_coturn_turn_static_auth_secret variable"
|
||||
when: "matrix_coturn_turn_static_auth_secret == ''"
|
||||
|
||||
- name: Ensure Coturn image is pulled
|
||||
docker_image:
|
||||
name: "{{ docker_coturn_image }}"
|
||||
|
||||
- name: Ensure Coturn configuration path exists
|
||||
file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
|
||||
- name: Ensure turnserver.conf installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/coturn/turnserver.conf.j2"
|
||||
dest: "{{ matrix_coturn_config_path }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Ensure matrix-coturn.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
|
||||
dest: "/etc/systemd/system/matrix-coturn.service"
|
||||
mode: 0644
|
||||
|
||||
- name: Allow access to Coturn ports in firewalld
|
||||
firewalld:
|
||||
port: "{{ item }}"
|
||||
state: enabled
|
||||
immediate: yes
|
||||
permanent: yes
|
||||
with_items:
|
||||
- '3478/tcp' # STUN
|
||||
- '3478/udp' # STUN
|
||||
- "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN
|
||||
when: ansible_os_family == 'RedHat'
|
@ -49,8 +49,9 @@
|
||||
cleanup: yes
|
||||
command: generate
|
||||
env:
|
||||
SERVER_NAME: "{{ hostname_matrix }}"
|
||||
REPORT_STATS: "no"
|
||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
||||
SYNAPSE_SERVER_NAME: "{{ hostname_matrix }}"
|
||||
SYNAPSE_REPORT_STATS: "no"
|
||||
user: "{{ matrix_user_uid }}:{{ matrix_user_gid }}"
|
||||
volumes:
|
||||
- "{{ matrix_synapse_config_dir_path }}:/data"
|
||||
@ -74,6 +75,7 @@
|
||||
line: '{{ item.line }}'
|
||||
with_items:
|
||||
- {"regexp": "^log_file:", "line": 'log_file: "/matrix-run/homeserver.log"'}
|
||||
- {"regexp": "^uploads_path:", "line": 'uploads_path: "/matrix-run/uploads"'}
|
||||
- {"regexp": "^server_name:", "line": 'server_name: "{{ hostname_identity }}"'}
|
||||
- {"regexp": "^turn_allow_guests:", "line": 'turn_allow_guests: False'}
|
||||
- {"regexp": "^url_preview_enabled:", "line": 'url_preview_enabled: True'}
|
||||
@ -117,15 +119,14 @@
|
||||
regexp: '(.*)name: "psycopg2"((?:.|\n)*?)\n\n'
|
||||
replace: '\1name: "psycopg2"\n\1args:\n\1\1user: "{{ matrix_postgres_connection_username }}"\n\1\1password: "{{ matrix_postgres_connection_password }}"\n\1\1database: "{{ matrix_postgres_db_name }}"\n\1\1host: "{{ matrix_postgres_connection_hostname }}"\n\1\1cp_min: 5\n\1\1cp_max: 10\n\n'
|
||||
|
||||
- name: Augment Matrix config (configure Coturn)
|
||||
lineinfile: "dest={{ matrix_synapse_config_dir_path }}/turnserver.conf"
|
||||
- name: Augment Matrix config (configure TURN)
|
||||
lineinfile: "dest={{ matrix_synapse_config_dir_path }}/homeserver.yaml"
|
||||
args:
|
||||
regexp: "^{{ item.variable }}="
|
||||
line: '{{ item.variable }}={{ item.value }}'
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: '{{ item.line }}'
|
||||
with_items:
|
||||
- {'variable': 'min-port', 'value': "{{ matrix_coturn_turn_udp_min_port }}"}
|
||||
- {'variable': 'max-port', 'value': "{{ matrix_coturn_turn_udp_max_port }}"}
|
||||
- {'variable': 'external-ip', 'value': "{{ matrix_coturn_turn_external_ip_address }}"}
|
||||
- {"regexp": "^turn_uris:", "line": 'turn_uris: ["turn:{{ hostname_matrix }}:3478?transport=udp", "turn:{{ hostname_matrix }}:3478?transport=tcp"]'}
|
||||
- {"regexp": "^turn_shared_secret:", "line": 'turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret }}"'}
|
||||
|
||||
- name: Allow access to Matrix ports in firewalld
|
||||
firewalld:
|
||||
@ -135,9 +136,6 @@
|
||||
permanent: yes
|
||||
with_items:
|
||||
- '8448/tcp' # Matrix federation
|
||||
- '3478/tcp' # STUN
|
||||
- '3478/udp' # STUN
|
||||
- "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Ensure matrix-synapse.service installed
|
||||
|
@ -8,6 +8,9 @@
|
||||
service: name=matrix-goofys enabled=yes state=restarted daemon_reload=yes
|
||||
when: matrix_s3_media_store_enabled
|
||||
|
||||
- name: Ensure matrix-coturn autoruns and is restarted
|
||||
service: name=matrix-coturn enabled=yes state=restarted daemon_reload=yes
|
||||
|
||||
- name: Ensure matrix-synapse autoruns and is restarted
|
||||
service: name=matrix-synapse enabled=yes state=restarted daemon_reload=yes
|
||||
|
||||
|
15
roles/matrix-server/templates/coturn/turnserver.conf.j2
Normal file
15
roles/matrix-server/templates/coturn/turnserver.conf.j2
Normal file
@ -0,0 +1,15 @@
|
||||
lt-cred-mech
|
||||
use-auth-secret
|
||||
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
|
||||
realm=turn.{{ hostname_matrix }}
|
||||
cert=/matrix-config/{{ hostname_matrix }}.tls.crt
|
||||
pkey=/matrix-config/{{ hostname_matrix }}.tls.key
|
||||
dh-file=/matrix-config/{{ hostname_matrix }}.tls.dh
|
||||
cipher-list="HIGH"
|
||||
min-port={{ matrix_coturn_turn_udp_min_port }}
|
||||
max-port={{ matrix_coturn_turn_udp_max_port }}
|
||||
external-ip={{ matrix_coturn_turn_external_ip_address }}
|
||||
log-file=stdout
|
||||
pidfile=/var/tmp/turnserver.pid
|
||||
userdb=/var/tmp/turnserver.db
|
||||
no-cli
|
@ -0,0 +1,25 @@
|
||||
[Unit]
|
||||
Description=Matrix Coturn server
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-coturn
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-coturn
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
-p 3478:3478 \
|
||||
-p 3478:3478/udp \
|
||||
-p {{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
|
||||
-v {{ matrix_synapse_config_dir_path }}:/matrix-config:ro \
|
||||
-v {{ matrix_coturn_config_path }}:/turnserver.conf:ro \
|
||||
{{ docker_coturn_image }} \
|
||||
-c /turnserver.conf
|
||||
ExecStop=-/usr/bin/docker kill matrix-coturn
|
||||
ExecStop=-/usr/bin/docker rm matrix-coturn
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -10,6 +10,8 @@ After=matrix-postgres.service
|
||||
After=matrix-goofys.service
|
||||
Requires=matrix-goofys.service
|
||||
{% endif %}
|
||||
After=matrix-coturn.service
|
||||
Requires=matrix-coturn.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
@ -29,12 +31,10 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
||||
{% if not matrix_nginx_proxy_enabled %}
|
||||
-p 127.0.0.1:8008:8008 \
|
||||
{% endif %}
|
||||
-p 3478:3478 \
|
||||
-p 3478:3478/udp \
|
||||
-p {{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
|
||||
-v {{ matrix_synapse_config_dir_path }}:/data \
|
||||
-v {{ matrix_synapse_run_path }}:/matrix-run \
|
||||
-v {{ matrix_synapse_storage_path }}:/matrix-storage:slave \
|
||||
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml \
|
||||
{{ docker_matrix_image }}
|
||||
ExecStop=-/usr/bin/docker kill matrix-synapse
|
||||
ExecStop=-/usr/bin/docker rm matrix-synapse
|
||||
|
Loading…
Reference in New Issue
Block a user