diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ff904091..41305969a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,19 @@ +# 2024-09-27 + +## (BC Break) Postgres & Traefik roles have been relocated and variable names need adjustments + +Various roles have been relocated from the [devture](https://github.com/devture) organization to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization. + +Along with the relocation, the `devture_` prefix was dropped from their variable names, so you need to adjust your `vars.yml` configuration. + +You need to do the following replacements: + +- `devture_postgres_` -> `postgres_` +- `devture_traefik_` -> `traefik_` + +As always, the playbook would let you know about this and point out any variables you may have missed. + + # 2024-09-12 ## Support for baibot @@ -118,7 +134,7 @@ If you're using the playbook's Traefik instance to reverse-proxy to some other s If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp). -If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand. +If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand. ### HTTP/3 is enabled by default @@ -135,7 +151,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a To **disable HTTP/3**, you can use the following configuration: ```yml -devture_traefik_config_entrypoint_web_secure_http3_enabled: false +traefik_config_entrypoint_web_secure_http3_enabled: false # Disabling HTTP/3 for the web-secure entrypoint (above), # automatically disables it for the Matrix Federation entrypoint as well, @@ -457,9 +473,9 @@ Because [Traefik has an extra job now](#traefik-now-has-an-extra-job), you need ### People fronting Traefik with another reverse proxy need to do minor changes -We've already previously mentioned that you need to do some minor [configuration changes related to `devture_traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy). +We've already previously mentioned that you need to do some minor [configuration changes related to `traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy). -If you don't do these changes (switching from `devture_traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job). +If you don't do these changes (switching from `traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job). ### Supported reverse proxy types are now fewer @@ -572,17 +588,17 @@ I don't actively use all the ~100 components offered by the playbook (no one doe If you're on the default setup (using the Traefik reverse-proxy as installed by the playbook), you don't need to do anything. -People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `devture_traefik_additional_entrypoints_auto` in their `vars.yml` configuration. +People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `traefik_additional_entrypoints_auto` in their `vars.yml` configuration. Such a full variable redefinion is intrustive, because it prevents the playbook from injecting additional entrypoints into the Traefik webserver. In the future, the playbook may have a need to do so. -For this reason, we no longer recommend completely redefining `devture_traefik_additional_entrypoints_auto`. -The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `devture_traefik_additional_entrypoints_auto`. +For this reason, we no longer recommend completely redefining `traefik_additional_entrypoints_auto`. +The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `traefik_additional_entrypoints_auto`. Adapt your configuration as seen below: ```diff --devture_traefik_additional_entrypoints_auto: +-traefik_additional_entrypoints_auto: - - name: matrix-federation - port: 8449 - host_bind_port: '127.0.0.1:8449' @@ -711,7 +727,7 @@ From now on, the [Postgres Ansible role](https://github.com/devture/com.devture. Our [Tuning PostgreSQL](docs/maintenance-postgres.md#tuning-postgresql) documentation page has details about how you can turn auto-tuning off or adjust the automatically-determined Postgres configuration parameters manually. -People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `devture_postgres_process_extra_arguments`). There's a new variable (`devture_postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers. +People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `postgres_process_extra_arguments`). There's a new variable (`postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers. # 2023-08-31 @@ -1070,7 +1086,7 @@ Unless we have some regression, **existing `matrix-nginx-proxy` users should be ```yaml matrix_playbook_reverse_proxy_type: playbook-managed-traefik -devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS +traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS ``` You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed. @@ -1097,7 +1113,7 @@ As mentioned above, Traefik still reverse-proxies to some (most) services by goi As Traefik support becomes complete and proves to be stable for a while, especially as a playbook default, we will **most likely remove `matrix-nginx-proxy` completely**. It will likely be some months before this happens though. Keeping support for both Traefik and nginx in the playbook will be a burden, especially with most of us running Traefik in the future. The Traefik role should do everything nginx does in a better and cleaner way. Users who use their own `nginx` server on the Matrix server will be inconvenienced, as nothing will generate ready-to-include nginx configuration for them. Still, we hope it won't be too hard to migrate their setup to another way of doing things, like: - not using nginx anymore. A common reason for using nginx until now was that you were running other containers and you need your own nginx to reverse-proxy to all of them. Just switch them to Traefik as well. -- running Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`). +- running Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`). ### How do I help? @@ -1107,7 +1123,7 @@ You can help by: - **adding native Traefik support to a role** (requires adding Traefik labels, etc.) - for inspiration, see these roles ([prometheus_node_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter), [prometheus_postgres_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter)) and how they're hooked into the playbook via [group_vars/matrix_servers](group_vars/matrix_servers). -- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server +- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server # 2023-02-10 @@ -1232,14 +1248,14 @@ See our [Setting up matrix-bot-chatgpt](docs/configuring-playbook-bot-chatgpt.md Just like we've [replaced Postgres with an external role](#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role) on 2022-11-28, we're now replacing `matrix-postgres-backup` with an external role - [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup). -You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `devture_postgres_backup` prefix. +You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `postgres_backup` prefix. # 2022-11-28 ## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role -**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `devture_postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`). +**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`). The `matrix-postgres` role that has been part of the playbook for a long time has been replaced with the [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres) role. This was done as part of our work to [use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) for better code re-use and maintainability. diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index da3e170c5..cc4790962 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -123,7 +123,75 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/the-draupnir-project/Draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot. +You can refer to the upstream [documentation](https://the-draupnir-project.github.io/draupnir-documentation/) for additional ways to use and configure Draupnir and for a more detailed usage guide. + +Below is a **non-exhaustive quick-start guide** for the impatient. + +### Making Draupnir join and protect a room + +Draupnir can be told to self-join public rooms, but it's better to follow this flow which works well for all kinds of rooms: + +1. Invite the bot to the room manually ([inviting Draupnir to rooms](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#inviting-draupnir-to-rooms)). Before joining, the bot *may* ask for confirmation in the Management Room + +2. [Give the bot permissions to do its job](#giving-draupnir-permissions-to-do-its-job) + +3. Tell it to protect the room (using the [rooms command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#using-the-draupnir-rooms-command)) by sending the following command to the Management Room: `!draupnir rooms add !ROOM_ID:DOMAIN` + +To have Draupnir provide useful room protection, you need do to a bit more work (at least the first time around). +You may wish to [Subscribe to a public policy list](#subscribing-to-a-public-policy-list), [Create your own own policy and rules](#creating-your-own-policy-lists-and-rules) and [Enabling built-in protections](#enabling-built-in-protections). + +### Giving Draupnir permissions to do its job + +For Draupnir to do its job, you need to [give it permissions](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#giving-draupnir-permissions) in rooms it's protecting. This involves **giving it an Administrator power level**. + +**We recommend setting this power level as soon as the bot joins your room** (and before you create new rules), so that it can apply rules as soon as they are available. If the bot is under-privileged, it may fail to apply protections and may not retry for a while (or until your restart it). + +### Subscribing to a public policy list + +We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms). + +Polcy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room. + +You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev` + +#### Creating your own policy lists and rules + +We also recommend **creating your own policy lists** with the [list create](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-list-create-command-to-create-a-policy-room) command. + +You can do so by sending the following command to the Management Room: `!draupnir list create my-bans my-bans-bl`. This will create a policy list having a name (shortcode) of `my-bans` and stored in a public `#my-bans-bl:DOMAIN` room on your server. As soon as you run this command, the bot will invite you to the policy list room. + +A policy list does nothing by itself, so the next step is **adding some rules to your policy list**. Policies target a so-called `entity` (one of: `user`, `room` or `server`). These entities are mentioned on the [policy lists](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists) documentation page and in the Matrix Spec [here](https://spec.matrix.org/v1.11/client-server-api/#mban-recommendation). + +The simplest and most useful entity to target is `user`. Below are a few examples using the [ban command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#the-ban-command) and targeting users. + +To create rules, you run commands in the Management Room (**not** in the policy list room). + +- (ban a single user on a given homeserver): `!draupnir ban @someone:example.com my-bans Rude to others` +- (ban all users on a given homeserver by using a [wildcard](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#wildcards)): `!draupnir ban @*:example.org my-bans Spam server - all users are fake` + +As a result of running these commands, you may observe: + +- Draupnir creating `m.policy.rule.user` state events in the `#my-bans-bl:DOMAIN` room on your server +- applying these rules against all rooms that Draupnir is an Administrator in + +You can undo bans with the [unban command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#the-unban-command). + +### Enabling built-in protections + +You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only"). + +To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room. + +To **see the configuration options for a given protection**, send a `!draupnir config get PROTECTION_NAME` (e.g. `!draupnir config get JoinWaveShortCircuit`). + +To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`). + +To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`). + +To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`). + + +## Extending the configuration You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md index d3c16cd97..952b474b7 100644 --- a/docs/configuring-playbook-external-postgres.md +++ b/docs/configuring-playbook-external-postgres.md @@ -10,7 +10,7 @@ If you'd like to use an external PostgreSQL server that you manage, you can edit If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this: ```yaml -devture_postgres_enabled: false +postgres_enabled: false # Rewire Synapse to use your external Postgres server matrix_synapse_database_host: "your-postgres-server-hostname" diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 7b4bd9cb7..df923c467 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -227,20 +227,20 @@ To make Traefik reverse-proxy to these additional JVBs (living on other hosts), # Traefik proxying for additional JVBs. These can't be configured using Docker # labels, like the first JVB is, because they run on different hosts, so we add # the necessary configuration to the file provider. -devture_traefik_provider_configuration_extension_yaml: | +traefik_provider_configuration_extension_yaml: | http: routers: {% for host in groups['jitsi_jvb_servers'] %} additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: entryPoints: - - "{{ devture_traefik_entrypoint_primary }}" + - "{{ traefik_entrypoint_primary }}" rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service - {% if devture_traefik_entrypoint_primary != 'web' %} + {% if traefik_entrypoint_primary != 'web' %} tls: - certResolver: "{{ devture_traefik_certResolver_primary }}" + certResolver: "{{ traefik_certResolver_primary }}" {% endif %} diff --git a/docs/configuring-playbook-matrix-media-repo.md b/docs/configuring-playbook-matrix-media-repo.md index 170bc714b..e33162e9e 100644 --- a/docs/configuring-playbook-matrix-media-repo.md +++ b/docs/configuring-playbook-matrix-media-repo.md @@ -123,7 +123,7 @@ To import the Synapse media store, you're supposed to invoke the `import_synapse This guide here is adapted from the [upstream documentation about the import_synapse script](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse). -Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file): +Run the following command on the server (after replacing `postgres_connection_password` in it with the value found in your `vars.yml` file): ```sh docker exec -it matrix-media-repo \ @@ -132,7 +132,7 @@ docker exec -it matrix-media-repo \ -dbHost matrix-postgres \ -dbPort 5432 \ -dbUsername matrix \ - -dbPassword devture_postgres_connection_password + -dbPassword postgres_connection_password ``` Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing. @@ -145,7 +145,7 @@ If you're using the [Dendrite](configuring-playbook-dendrite.md) homeserver inst To import the Dendrite media store, you're supposed to invoke the `import_dendrite` tool which is part of the matrix-media-repo container image. Your Dendrite database is called `dendrite_mediaapi` by default, unless you've changed it by modifying `matrix_dendrite_media_api_database`. -Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file): +Run the following command on the server (after replacing `postgres_connection_password` in it with the value found in your `vars.yml` file): ```sh docker exec -it matrix-media-repo \ @@ -154,7 +154,7 @@ docker exec -it matrix-media-repo \ -dbHost matrix-postgres \ -dbPort 5432 \ -dbUsername matrix \ - -dbPassword devture_postgres_connection_password + -dbPassword postgres_connection_password ``` Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing. diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 399d8a9f1..98a89ba1d 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -21,7 +21,7 @@ To have the playbook install and use Traefik, use configuration like this (as se ```yaml matrix_playbook_reverse_proxy_type: playbook-managed-traefik -devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS +traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS ``` Traefik will manage SSL certificates for all services seamlessly. @@ -38,7 +38,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container # Adjust to point to your Traefik container matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container -devture_traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory" +traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory" # Uncomment and tweak the variable below if the name of your federation entrypoint is different # than the default value (matrix-federation). @@ -148,18 +148,18 @@ matrix_playbook_ssl_enabled: true # Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval. # This has the side-effect of also automatically disabling TLS for the matrix-federation entrypoint # (by toggling `matrix_federation_traefik_entrypoint_tls`). -devture_traefik_config_entrypoint_web_secure_enabled: false +traefik_config_entrypoint_web_secure_enabled: false # If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81` -devture_traefik_container_web_host_bind_port: '127.0.0.1:81' +traefik_container_web_host_bind_port: '127.0.0.1:81' # We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from # a reverse-proxy running on the local machine is safe enough. -# If you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interface: -# - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below -# - uncomment and adjust the `devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below -devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true -# devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY'] +# If you're publishing the port (`traefik_container_web_host_bind_port` above) to a public network interface: +# - remove the `traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below +# - uncomment and adjust the `traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below +traefik_config_entrypoint_web_forwardedHeaders_insecure: true +# traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY'] # Expose the federation entrypoint on a custom port (other than port 8448, which is normally used publicly). # diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 9ea3c60eb..097d8d7ce 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -10,7 +10,7 @@ For a more complete backup solution (one that includes not only Postgres, but al Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup: ```yaml -devture_postgres_backup_enabled: true +postgres_backup_enabled: true ``` Refer to the table below for additional configuration variables and their default values. @@ -18,13 +18,13 @@ Refer to the table below for additional configuration variables and their defaul | Name | Default value | Description | | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | -|`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| -|`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| -|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep| -|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| -|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep| -|`devture_postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_backup_data_path` | -|`devture_postgres_backup_data_path` | `"{{ devture_postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups | +|`postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| +|`postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| +|`postgres_backup_keep_days`|`7`|Number of daily backups to keep| +|`postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| +|`postgres_backup_keep_months`|`12`|Number of monthly backups to keep| +|`postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `postgres_backup_data_path` | +|`postgres_backup_data_path` | `"{{ postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups | ## Installing diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 4d086eeb9..935af7d51 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -12,7 +12,7 @@ For testing purposes, you may wish to use staging certificates provide by Let's You can do this with the following configuration: ```yaml -devture_traefik_config_certificatesResolvers_acme_use_staging: true +traefik_config_certificatesResolvers_acme_use_staging: true ``` @@ -23,7 +23,7 @@ For testing or other purposes, you may wish to install services without SSL term You can do this with the following configuration: ```yaml -devture_traefik_config_entrypoint_web_secure_enabled: false +traefik_config_entrypoint_web_secure_enabled: false ``` @@ -46,16 +46,16 @@ To use your own SSL certificates with Traefik, you need to: ```yaml # Disable ACME / Let's Encrypt support. -devture_traefik_config_certificatesResolvers_acme_enabled: false +traefik_config_certificatesResolvers_acme_enabled: false # Disabling ACME support (above) automatically disables the creation of the SSL directory. # Force-enable it here, because we'll add our certificate files there. -devture_traefik_ssl_dir_enabled: true +traefik_ssl_dir_enabled: true # Tell Traefik to load our custom configuration file (certificates.yml). # The file is created below, in `aux_file_definitions`. # The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it! -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | providers: file: filename: /config/certificates.yml @@ -66,7 +66,7 @@ devture_traefik_configuration_extension_yaml: | aux_file_definitions: # Create the privkey.pem file on the server by # uploading a file from the computer where Ansible is running. - - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem" + - dest: "{{ traefik_ssl_dir_path }}/privkey.pem" src: /path/on/your/Ansible/computer/to/privkey.pem # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. # Note the indentation level. @@ -76,7 +76,7 @@ aux_file_definitions: # Create the cert.pem file on the server # uploading a file from the computer where Ansible is running. - - dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem" + - dest: "{{ traefik_ssl_dir_path }}/cert.pem" src: /path/on/your/Ansible/computer/to/cert.pem # Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline. # Note the indentation level. @@ -86,7 +86,7 @@ aux_file_definitions: # Create the custom Traefik configuration. # The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them! - - dest: "{{ devture_traefik_config_dir_path }}/certificates.yml" + - dest: "{{ traefik_config_dir_path }}/certificates.yml" content: | tls: certificates: @@ -109,12 +109,12 @@ You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt This is an example for how to edit the `vars.yml` file if you're using Cloudflare: ```yaml -devture_traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true -devture_traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare" -devture_traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60 -devture_traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers: +traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true +traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare" +traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60 +traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers: - "1.1.1.1:53" -devture_traefik_environment_variables_additional_variables: | +traefik_environment_variables_additional_variables: | CF_API_EMAIL=redacted CF_ZONE_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index b165b1a14..41470cd5d 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -75,7 +75,7 @@ The only thing you **cannot** do is mix [generic workers](#generic-workers) and #### Effect of enabling workers on the rest of your server -When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `devture_postgres_max_connections` variable. +When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `postgres_max_connections` variable. A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly. diff --git a/docs/configuring-playbook-traefik.md b/docs/configuring-playbook-traefik.md index dc4d88cf6..eaee8bf52 100644 --- a/docs/configuring-playbook-traefik.md +++ b/docs/configuring-playbook-traefik.md @@ -12,7 +12,7 @@ See the dedicated [Adjusting SSL certificate retrieval](configuring-playbook-ssl ## Increase logging verbosity ```yaml -devture_traefik_config_log_level: DEBUG +traefik_config_log_level: DEBUG ``` ## Disable access logs @@ -20,7 +20,7 @@ devture_traefik_config_log_level: DEBUG This will disable access logging. ```yaml -devture_traefik_config_accessLog_enabled: false +traefik_config_accessLog_enabled: false ``` ## Enable Traefik Dashboard @@ -28,23 +28,23 @@ devture_traefik_config_accessLog_enabled: false This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.DOMAIN/dashboard/` (note the trailing `/`). ```yaml -devture_traefik_dashboard_enabled: true -devture_traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}" -devture_traefik_dashboard_basicauth_enabled: true -devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE -devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE +traefik_dashboard_enabled: true +traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}" +traefik_dashboard_basicauth_enabled: true +traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE +traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE ``` **WARNING**: Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts. ## Additional configuration -Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists. +Use the `traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists. ```yaml # This is a contrived example. # You can enable and secure the Dashboard using dedicated variables. See above. -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | api: dashboard: true ``` @@ -66,8 +66,8 @@ First, we have to adjust the static configuration of Traefik, so that we can add ```yaml # We enable all config files in the /config/ folder to be loaded. # `/config` is the path as it appears in the Traefik container. -# On the host, it's actually `/matrix/traefik/config` (as defined in `devture_traefik_config_dir_path`). -devture_traefik_configuration_extension_yaml: | +# On the host, it's actually `/matrix/traefik/config` (as defined in `traefik_config_dir_path`). +traefik_configuration_extension_yaml: | providers: file: directory: /config/ @@ -79,7 +79,7 @@ If you are using a self-signed certificate on your webserver, you can tell Traef ```yaml # We enable all config files in the /config/ folder to be loaded and -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | providers: file: directory: /config/ @@ -90,11 +90,11 @@ devture_traefik_configuration_extension_yaml: | ``` -Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates. +Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates. ```yaml aux_file_definitions: - - dest: "{{ devture_traefik_config_dir_path }}/provider_my_fancy_website.yml" + - dest: "{{ traefik_config_dir_path }}/provider_my_fancy_website.yml" content: | http: routers: @@ -117,7 +117,7 @@ If you do not want to terminate SSL at the Traefik instance (for example, becaus ```yaml aux_file_definitions: - - dest: "{{ devture_traefik_config_dir_path }}/providers_my_fancy_website.yml" + - dest: "{{ traefik_config_dir_path }}/providers_my_fancy_website.yml" content: | tcp: routers: @@ -134,9 +134,9 @@ aux_file_definitions: ``` Changing the `url` to one with an `http://` prefix would allow to connect to the server via HTTP. -With these changes, all TCP traffic will be reverse-proxied to the target system. +With these changes, all TCP traffic will be reverse-proxied to the target system. -**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```. +**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```. ## Traefik behind a `proxy_protocol` reverse-proxy @@ -144,7 +144,7 @@ With these changes, all TCP traffic will be reverse-proxied to the target system If you run a reverse-proxy which speaks `proxy_protocol`, add the following to your configuration file: ```yaml -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | entryPoints: web-secure: proxyProtocol: diff --git a/docs/howto-srv-server-delegation.md b/docs/howto-srv-server-delegation.md index ba45a1c09..8e293ad87 100644 --- a/docs/howto-srv-server-delegation.md +++ b/docs/howto-srv-server-delegation.md @@ -58,29 +58,29 @@ We cannot just disable the default resolver as that would disable SSL in quite a ```yaml # 1. Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | certificatesResolvers: dns: acme: # To use a staging endpoint for testing purposes, uncomment the line below. # caServer: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }} + email: {{ traefik_config_certificatesResolvers_acme_email | to_json }} dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "8.8.8.8:53" - storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }} + storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }} # 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare) -devture_traefik_environment_variables: | +traefik_environment_variables: | CF_API_EMAIL=redacted CF_ZONE_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted LEGO_DISABLE_CNAME_SUPPORT=true # 3. Instruct the playbook to use the new ACME configuration -devture_traefik_certResolver_primary: dns +traefik_certResolver_primary: dns ``` ## Adjust Coturn's configuration @@ -105,16 +105,16 @@ matrix_coturn_container_additional_volumes: | ( [ { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), 'dst': '/certificate.crt', 'options': 'ro', }, { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), 'dst': '/privatekey.key', 'options': 'ro', }, - ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] + ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] ) }} ``` @@ -124,7 +124,7 @@ matrix_coturn_container_additional_volumes: | ```yaml # Choosing the reverse proxy implementation matrix_playbook_reverse_proxy_type: playbook-managed-traefik -devture_traefik_config_certificatesResolvers_acme_email: redacted@example.com +traefik_config_certificatesResolvers_acme_email: redacted@example.com # To serve the federation from any domain, as long as the path matches matrix_synapse_container_labels_public_federation_api_traefik_rule: PathPrefix(`/_matrix/federation`) @@ -135,25 +135,25 @@ matrix_synapse_container_labels_additional_labels: | traefik.http.routers.matrix-synapse-federation-api.tls.domains.sans="*.example.com" # Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | certificatesResolvers: dns: acme: # To use a staging endpoint for testing purposes, uncomment the line below. # caServer: https://acme-staging-v02.api.letsencrypt.org/directory - email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }} + email: {{ traefik_config_certificatesResolvers_acme_email | to_json }} dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "8.8.8.8:53" - storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }} + storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }} # Instruct thep laybook to use the new ACME configuration -devture_traefik_certResolver_primary: "dns" +traefik_certResolver_primary: "dns" # Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare) -devture_traefik_environment_variables: | +traefik_environment_variables: | CF_API_EMAIL=redacted CF_ZONE_API_TOKEN=redacted CF_DNS_API_TOKEN=redacted @@ -168,16 +168,16 @@ matrix_coturn_container_additional_volumes: | ( [ { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'), 'dst': '/certificate.crt', 'options': 'ro', }, { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'), 'dst': '/privatekey.key', 'options': 'ro', }, - ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] + ] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else [] ) }} ``` diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index 4350a6a50..ccb6629c1 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -107,12 +107,12 @@ Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"` PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process. The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. -You can manually influence some of the tuning variables . These parameters (variables) are injected via the `devture_postgres_postgres_process_extra_arguments_auto` variable. +You can manually influence some of the tuning variables . These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable. Most users should be fine with the automatically-done tuning. However, you may wish to: -- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable +- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable -- **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []` +- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []` -- **add additional tuning parameters**: define your additional Postgres configuration parameters in `devture_postgres_postgres_process_extra_arguments_custom`. See `devture_postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration +- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration diff --git a/examples/vars.yml b/examples/vars.yml index dd9a97c4c..3eaf20de4 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -34,13 +34,13 @@ matrix_playbook_reverse_proxy_type: playbook-managed-traefik # you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`). # # Example value: someone@example.com -devture_traefik_config_certificatesResolvers_acme_email: '' +traefik_config_certificatesResolvers_acme_email: '' # A Postgres password to use for the superuser Postgres user (called `matrix` by default). # # The playbook creates additional Postgres users and databases (one for each enabled service) # using this superuser account. -devture_postgres_connection_password: '' +postgres_connection_password: '' # By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file. # If this value is an external IP address, you can skip this section. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 3df71e737..62d3b3407 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -28,23 +28,23 @@ matrix_playbook_docker_installation_daemon_options_auto: matrix_playbook_docker_installation_daemon_options_custom: {} # Controls whether to attach Traefik labels to services. -# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook, +# This is separate from `traefik_enabled`, because you may wish to disable Traefik installation by the playbook, # yet still use Traefik installed in another way. matrix_playbook_traefik_labels_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" -matrix_playbook_reverse_proxy_container_network: "{{ devture_traefik_container_network if devture_traefik_enabled else 'traefik' }}" -matrix_playbook_reverse_proxy_hostname: "{{ devture_traefik_identifier if devture_traefik_enabled else 'traefik' }}" +matrix_playbook_reverse_proxy_container_network: "{{ traefik_container_network if traefik_enabled else 'traefik' }}" +matrix_playbook_reverse_proxy_hostname: "{{ traefik_identifier if traefik_enabled else 'traefik' }}" # A separate Matrix Federation entrypoint is always enabled, unless the federation port matches one of the ports for existing (default) entrypoints -matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [devture_traefik_config_entrypoint_web_port, devture_traefik_config_entrypoint_web_secure_port] }}" +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled: "{{ matrix_federation_public_port not in [traefik_config_entrypoint_web_port, traefik_config_entrypoint_web_secure_port] }}" # We only enable HTTP/3 on the federation entrypoint if the main web-secure entrypoint has it enabled. -matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ devture_traefik_config_entrypoint_web_secure_http3_enabled }}" +matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: "{{ traefik_config_entrypoint_web_secure_http3_enabled }}" -# `devture_traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not. +# `traefik_config_entrypoint_web_secure_enabled` is the variable we currently follow to determine if SSL is enabled or not. # `matrix_playbook_ssl_enabled` is merely an indicator if (when looked at it publicly), the server supports SSL or not, # and affects how services configure their public URLs. -matrix_federation_traefik_entrypoint_tls: "{{ devture_traefik_config_entrypoint_web_secure_enabled }}" +matrix_federation_traefik_entrypoint_tls: "{{ traefik_config_entrypoint_web_secure_enabled }}" ######################################################################## # # @@ -226,7 +226,7 @@ matrix_homeserver_app_service_config_files_auto: | matrix_addons_homeserver_container_network: "{{ matrix_playbook_reverse_proxy_container_network if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_network }}" matrix_addons_homeserver_client_api_url: "{{ ('http://' + matrix_playbook_reverse_proxy_hostname + ':' + matrix_playbook_internal_matrix_client_api_traefik_entrypoint_port | string) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_container_url }}" -matrix_addons_homeserver_systemd_services_list: "{{ ([devture_traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}" +matrix_addons_homeserver_systemd_services_list: "{{ ([traefik_identifier + '.service'] if matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' else []) if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else matrix_homeserver_systemd_services_list }}" # Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else (matrix_homeserver_url if matrix_homeserver_implementation in ['conduit'] else '') }}" @@ -415,9 +415,9 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (ntfy_identifier + '.service'), 'priority': 800, 'groups': ['matrix', 'ntfy']}] if ntfy_enabled else []) + - ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if devture_postgres_enabled else []) + ([{'name': (postgres_identifier + '.service'), 'priority': 500, 'groups': ['matrix', 'postgres']}] if postgres_enabled else []) + - ([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else []) + ([{'name': (postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['matrix', 'backup', 'postgres-backup']}] if postgres_backup_enabled else []) + ([{'name': (prometheus_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus']}] if prometheus_enabled else []) + @@ -463,9 +463,9 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 200, 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else []) + - ([{'name': (devture_traefik_identifier + '.service'), 'priority': 250, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else []) + ([{'name': (traefik_identifier + '.service'), 'priority': 250, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if traefik_enabled else []) + - ([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 300, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else []) + ([{'name': (traefik_certs_dumper_identifier + '.service'), 'priority': 300, 'groups': ['matrix', 'traefik-certs-dumper']}] if traefik_certs_dumper_enabled else []) }} ######################################################################## @@ -598,8 +598,8 @@ matrix_alertmanager_receiver_container_additional_networks_auto: |- matrix_alertmanager_receiver_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_alertmanager_receiver_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_alertmanager_receiver_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_alertmanager_receiver_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_alertmanager_receiver_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_alertmanager_receiver_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -635,7 +635,7 @@ matrix_appservice_discord_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_discord_database_hostname == postgres_connection_hostname) else []) }} matrix_appservice_discord_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9005') if matrix_playbook_service_host_bind_interface_prefix else '' }}" @@ -647,7 +647,7 @@ matrix_appservice_discord_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname and matrix_appservice_discord_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_appservice_discord_database_hostname == postgres_connection_hostname and matrix_appservice_discord_container_network != postgres_container_network) else []) ) | unique }} @@ -660,8 +660,8 @@ matrix_appservice_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_ # We only make this use Postgres if our own Postgres server is enabled. # It's only then (for now) that we can automatically create the necessary database and user for this service. -matrix_appservice_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_appservice_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_discord_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_appservice_discord_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_appservice_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.discord.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -704,8 +704,8 @@ matrix_appservice_webhooks_container_additional_networks_auto: |- matrix_appservice_webhooks_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_appservice_webhooks_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_appservice_webhooks_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_appservice_webhooks_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_appservice_webhooks_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_appservice_webhooks_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'webhook.as.token', rounds=655555) | to_uuid }}" @@ -736,7 +736,7 @@ matrix_appservice_slack_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_slack_database_hostname == postgres_connection_hostname) else []) }} matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -750,7 +750,7 @@ matrix_appservice_slack_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname and matrix_appservice_slack_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_appservice_slack_database_hostname == postgres_connection_hostname and matrix_appservice_slack_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_appservice_slack_container_labels_traefik_enabled) else []) ) | unique @@ -758,8 +758,8 @@ matrix_appservice_slack_container_additional_networks_auto: |- matrix_appservice_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_appservice_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_appservice_slack_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_appservice_slack_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_appservice_slack_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_appservice_slack_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.as.token', rounds=655555) | to_uuid }}" @@ -769,10 +769,10 @@ matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'slack.id.token', rounds=655555) | to_uuid }}" # Postgres is the default, except if not using internal Postgres server -matrix_appservice_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}" -matrix_appservice_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_slack_database_engine: "{{ 'postgres' if postgres_enabled else 'nedb' }}" +matrix_appservice_slack_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_appservice_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.slack.db', rounds=655555) | to_uuid }}" -matrix_appservice_slack_database_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else '' }}" +matrix_appservice_slack_database_container_network: "{{ postgres_container_network if postgres_enabled else '' }}" ###################################################################### # @@ -793,7 +793,7 @@ matrix_appservice_irc_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_irc_database_hostname == postgres_connection_hostname) else []) }} matrix_appservice_irc_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -807,7 +807,7 @@ matrix_appservice_irc_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname and matrix_appservice_irc_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_appservice_irc_database_hostname == postgres_connection_hostname and matrix_appservice_irc_container_network != postgres_container_network) else []) ) | unique }} @@ -820,10 +820,10 @@ matrix_appservice_irc_appservice_token: "{{ '%s' | format(matrix_homeserver_gene matrix_appservice_irc_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" matrix_appservice_irc_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'irc.hs.token', rounds=655555) | to_uuid }}" -matrix_appservice_irc_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'nedb' }}" -matrix_appservice_irc_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_irc_database_engine: "{{ 'postgres' if postgres_enabled else 'nedb' }}" +matrix_appservice_irc_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.irc.db', rounds=655555) | to_uuid }}" -matrix_appservice_irc_database_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else '' }}" +matrix_appservice_irc_database_container_network: "{{ postgres_container_network if postgres_enabled else '' }}" ###################################################################### # @@ -844,7 +844,7 @@ matrix_appservice_kakaotalk_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_kakaotalk_database_hostname == postgres_connection_hostname) else []) }} matrix_appservice_kakaotalk_container_network: "{{ matrix_addons_container_network }}" @@ -854,7 +854,7 @@ matrix_appservice_kakaotalk_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname and matrix_appservice_kakaotalk_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_appservice_kakaotalk_database_hostname == postgres_connection_hostname and matrix_appservice_kakaotalk_container_network != postgres_container_network) else []) ) | unique }} @@ -865,8 +865,8 @@ matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserve matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_appservice_kakaotalk_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_appservice_kakaotalk_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -889,7 +889,7 @@ matrix_beeper_linkedin_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_beeper_linkedin_database_hostname == postgres_connection_hostname) else []) }} matrix_beeper_linkedin_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" @@ -901,7 +901,7 @@ matrix_beeper_linkedin_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname and matrix_beeper_linkedin_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_beeper_linkedin_database_hostname == postgres_connection_hostname and matrix_beeper_linkedin_container_network != postgres_container_network) else []) ) | unique }} @@ -923,7 +923,7 @@ matrix_beeper_linkedin_login_shared_secret: |- matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" -matrix_beeper_linkedin_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_beeper_linkedin_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maulinkedin.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -946,7 +946,7 @@ matrix_go_skype_bridge_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname) else []) }} matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -958,7 +958,7 @@ matrix_go_skype_bridge_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname and matrix_go_skype_bridge_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname and matrix_go_skype_bridge_container_network != postgres_container_network) else []) ) | unique }} @@ -970,8 +970,8 @@ matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_gen matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" # Postgres is the default, except if not using internal Postgres server -matrix_go_skype_bridge_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_go_skype_bridge_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_go_skype_bridge_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_go_skype_bridge_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -999,7 +999,7 @@ matrix_mautrix_discord_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname else []) + ([postgres_container_network] if postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname else []) ) | unique }} @@ -1007,7 +1007,7 @@ matrix_mautrix_discord_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_discord_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok', rounds=655555) | to_uuid }}" @@ -1030,8 +1030,8 @@ matrix_mautrix_discord_bridge_login_shared_secret_map_auto: |- }} # Postgres is the default, except if not using internal Postgres server -matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_discord_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_discord_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1054,7 +1054,7 @@ matrix_mautrix_slack_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_slack_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_slack_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" @@ -1066,7 +1066,7 @@ matrix_mautrix_slack_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_slack_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_slack_database_hostname == postgres_connection_hostname and matrix_mautrix_slack_container_network != postgres_container_network) else []) ) | unique }} @@ -1085,8 +1085,8 @@ matrix_mautrix_slack_double_puppet_secrets_auto: |- }} # Postgres is the default, except if not using internal Postgres server -matrix_mautrix_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_slack_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_slack_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.db', rounds=655555) | to_uuid }}" matrix_mautrix_slack_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.slack.prov', rounds=655555) | to_uuid }}" @@ -1112,7 +1112,7 @@ matrix_mautrix_facebook_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -1126,7 +1126,7 @@ matrix_mautrix_facebook_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_facebook_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname and matrix_mautrix_facebook_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_facebook_container_labels_traefik_enabled) else []) ) | unique @@ -1134,8 +1134,8 @@ matrix_mautrix_facebook_container_additional_networks_auto: |- matrix_mautrix_facebook_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_facebook_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_facebook_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_facebook_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_facebook_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_facebook_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_facebook_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1162,8 +1162,8 @@ matrix_mautrix_facebook_metrics_proxying_path_prefix: "{{ matrix_metrics_exposur # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. -matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_facebook_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_facebook_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_facebook_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_facebook_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1186,7 +1186,7 @@ matrix_mautrix_googlechat_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_googlechat_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -1200,7 +1200,7 @@ matrix_mautrix_googlechat_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_googlechat_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_googlechat_database_hostname == postgres_connection_hostname and matrix_mautrix_googlechat_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_gmessages_container_labels_traefik_enabled) else []) ) | unique @@ -1208,8 +1208,8 @@ matrix_mautrix_googlechat_container_additional_networks_auto: |- matrix_mautrix_googlechat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_googlechat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_googlechat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_googlechat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_googlechat_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_googlechat_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_googlechat_container_labels_public_endpoint_hostname: "{{ matrix_server_fqn_matrix }}" @@ -1239,8 +1239,8 @@ matrix_mautrix_googlechat_metrics_proxying_hostname: "{{ matrix_metrics_exposure matrix_mautrix_googlechat_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-googlechat" # Postgres is the default, except if not using internal Postgres server -matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_googlechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_googlechat_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_googlechat_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_googlechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.gc.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1263,7 +1263,7 @@ matrix_mautrix_hangouts_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_hangouts_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -1277,7 +1277,7 @@ matrix_mautrix_hangouts_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_hangouts_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_hangouts_database_hostname == postgres_connection_hostname and matrix_mautrix_hangouts_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_gmessages_container_labels_traefik_enabled) else []) ) | unique @@ -1285,8 +1285,8 @@ matrix_mautrix_hangouts_container_additional_networks_auto: |- matrix_mautrix_hangouts_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_hangouts_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_hangouts_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_hangouts_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_hangouts_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_hangouts_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_hangouts_container_labels_public_endpoint_hostname: "{{ matrix_server_fqn_matrix }}" @@ -1307,8 +1307,8 @@ matrix_mautrix_hangouts_metrics_proxying_hostname: "{{ matrix_metrics_exposure_h matrix_mautrix_hangouts_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-hangouts" # Postgres is the default, except if not using internal Postgres server -matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_hangouts_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_hangouts_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_hangouts_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_hangouts_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.hangouts.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1331,7 +1331,7 @@ matrix_mautrix_instagram_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_instagram_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_instagram_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -1343,7 +1343,7 @@ matrix_mautrix_instagram_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_instagram_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_instagram_database_hostname == postgres_connection_hostname and matrix_mautrix_instagram_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_instagram_container_labels_traefik_enabled else []) ) | unique @@ -1351,8 +1351,8 @@ matrix_mautrix_instagram_container_additional_networks_auto: |- matrix_mautrix_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_instagram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_instagram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_instagram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_instagram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1374,8 +1374,8 @@ matrix_mautrix_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposu # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. -matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_instagram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.ig.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1397,7 +1397,7 @@ matrix_mautrix_signal_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_signal_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" @@ -1409,7 +1409,7 @@ matrix_mautrix_signal_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_signal_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_signal_database_hostname == postgres_connection_hostname and matrix_mautrix_signal_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_signal_container_labels_traefik_enabled else []) ) | unique @@ -1417,8 +1417,8 @@ matrix_mautrix_signal_container_additional_networks_auto: |- matrix_mautrix_signal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_signal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_signal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_signal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_signal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_signal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_signal_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1444,8 +1444,8 @@ matrix_mautrix_signal_metrics_proxying_enabled: "{{ matrix_mautrix_signal_metric matrix_mautrix_signal_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_signal_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-signal" -matrix_mautrix_signal_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_signal_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_signal_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}" matrix_mautrix_signal_provisioning_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.prov', rounds=655555) | to_uuid }}" @@ -1471,7 +1471,7 @@ matrix_mautrix_meta_messenger_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_meta_messenger_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_meta_messenger_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_meta_messenger_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -1483,7 +1483,7 @@ matrix_mautrix_meta_messenger_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_meta_messenger_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_meta_messenger_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_meta_messenger_database_hostname == postgres_connection_hostname and matrix_mautrix_meta_messenger_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_meta_messenger_container_labels_traefik_enabled) else []) ) | unique @@ -1491,8 +1491,8 @@ matrix_mautrix_meta_messenger_container_additional_networks_auto: |- matrix_mautrix_meta_messenger_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_meta_messenger_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_meta_messenger_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_meta_messenger_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_meta_messenger_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1520,9 +1520,9 @@ matrix_mautrix_meta_messenger_metrics_proxying_path_prefix: "{{ matrix_metrics_e # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. -matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite3-fk-wal' }}" -matrix_mautrix_meta_messenger_database_hostname: "{{ devture_postgres_connection_hostname if (devture_postgres_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres') else '' }}" -matrix_mautrix_meta_messenger_database_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid) if (devture_postgres_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres') else '' }}" +matrix_mautrix_meta_messenger_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}" +matrix_mautrix_meta_messenger_database_hostname: "{{ postgres_connection_hostname if (postgres_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres') else '' }}" +matrix_mautrix_meta_messenger_database_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid) if (postgres_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres') else '' }}" ###################################################################### # @@ -1545,7 +1545,7 @@ matrix_mautrix_meta_instagram_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_meta_instagram_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_meta_instagram_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_meta_instagram_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -1557,7 +1557,7 @@ matrix_mautrix_meta_instagram_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_meta_instagram_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_meta_instagram_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_meta_instagram_database_hostname == postgres_connection_hostname and matrix_mautrix_meta_instagram_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_meta_instagram_container_labels_traefik_enabled) else []) ) | unique @@ -1565,8 +1565,8 @@ matrix_mautrix_meta_instagram_container_additional_networks_auto: |- matrix_mautrix_meta_instagram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_meta_instagram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_meta_instagram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_meta_instagram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_meta_instagram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1594,9 +1594,9 @@ matrix_mautrix_meta_instagram_metrics_proxying_path_prefix: "{{ matrix_metrics_e # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. -matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite3-fk-wal' }}" -matrix_mautrix_meta_instagram_database_hostname: "{{ devture_postgres_connection_hostname if (devture_postgres_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres') else '' }}" -matrix_mautrix_meta_instagram_database_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid) if (devture_postgres_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres') else '' }}" +matrix_mautrix_meta_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite3-fk-wal' }}" +matrix_mautrix_meta_instagram_database_hostname: "{{ postgres_connection_hostname if (postgres_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres') else '' }}" +matrix_mautrix_meta_instagram_database_password: "{{ ('%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.fb.db', rounds=655555) | to_uuid) if (postgres_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres') else '' }}" ###################################################################### # @@ -1621,7 +1621,7 @@ matrix_mautrix_telegram_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname) else []) }} # Images are multi-arch (amd64 and arm64, but not arm32). @@ -1638,7 +1638,7 @@ matrix_mautrix_telegram_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_telegram_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname and matrix_mautrix_telegram_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_telegram_container_labels_traefik_enabled) else []) ) | unique @@ -1646,8 +1646,8 @@ matrix_mautrix_telegram_container_additional_networks_auto: |- matrix_mautrix_telegram_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_telegram_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_telegram_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_telegram_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_telegram_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_telegram_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_telegram_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1678,8 +1678,8 @@ matrix_mautrix_telegram_metrics_proxying_hostname: "{{ matrix_metrics_exposure_h matrix_mautrix_telegram_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-telegram" # Postgres is the default, except if not using internal Postgres server -matrix_mautrix_telegram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_telegram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_telegram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_telegram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.telegram.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1701,7 +1701,7 @@ matrix_mautrix_twitter_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_twitter_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_twitter_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -1713,7 +1713,7 @@ matrix_mautrix_twitter_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_twitter_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_twitter_database_hostname == postgres_connection_hostname and matrix_mautrix_twitter_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_twitter_container_labels_traefik_enabled else []) ) | unique @@ -1721,8 +1721,8 @@ matrix_mautrix_twitter_container_additional_networks_auto: |- matrix_mautrix_twitter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_twitter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_twitter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_twitter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_twitter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_twitter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_twitter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1751,8 +1751,8 @@ matrix_mautrix_twitter_metrics_proxying_enabled: "{{ matrix_mautrix_twitter_metr matrix_mautrix_twitter_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}" matrix_mautrix_twitter_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-twitter" -matrix_mautrix_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if devture_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db', rounds=655555) | to_uuid if postgres_enabled else '' }}" ###################################################################### # @@ -1773,7 +1773,7 @@ matrix_mautrix_gmessages_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" @@ -1785,7 +1785,7 @@ matrix_mautrix_gmessages_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_gmessages_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_gmessages_database_hostname == postgres_connection_hostname and matrix_mautrix_gmessages_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_gmessages_container_labels_traefik_enabled) else []) ) | unique @@ -1793,8 +1793,8 @@ matrix_mautrix_gmessages_container_additional_networks_auto: |- matrix_mautrix_gmessages_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_gmessages_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_gmessages_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_gmessages_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_gmessages_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_gmessages_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1820,8 +1820,8 @@ matrix_mautrix_gmessages_metrics_proxying_hostname: "{{ matrix_metrics_exposure_ matrix_mautrix_gmessages_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-gmessages" # Postgres is the default, except if not using internal Postgres server -matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_gmessages_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_gmessages_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maugmessages.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1843,7 +1843,7 @@ matrix_mautrix_wsproxy_systemd_required_services_list_default: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == postgres_connection_hostname) else []) }} matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}" @@ -1862,16 +1862,16 @@ matrix_mautrix_wsproxy_container_additional_networks: | + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_mautrix_wsproxy_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mautrix_wsproxy_syncproxy_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_mautrix_wsproxy_container_network) else []) ) | unique }} matrix_mautrix_wsproxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -matrix_mautrix_wsproxy_syncproxy_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_wsproxy_syncproxy_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_wsproxy_syncproxy_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wsproxy.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1893,7 +1893,7 @@ matrix_wechat_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_wechat_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_wechat_database_hostname == postgres_connection_hostname) else []) }} matrix_wechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -1907,7 +1907,7 @@ matrix_wechat_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_wechat_database_hostname == devture_postgres_connection_hostname and matrix_wechat_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_wechat_database_hostname == postgres_connection_hostname and matrix_wechat_container_network != postgres_container_network) else []) ) | unique }} @@ -1921,8 +1921,8 @@ matrix_wechat_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shar matrix_wechat_bridge_listen_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'wechat.lstn', rounds=655555) | to_uuid }}" # Postgres is the default, except if not using internal Postgres server -matrix_wechat_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_wechat_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_wechat_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_wechat_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_wechat_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gowechat.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -1949,7 +1949,7 @@ matrix_mautrix_whatsapp_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if devture_postgres_enabled and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname else []) + ([postgres_container_network] if postgres_enabled and matrix_mautrix_whatsapp_database_hostname == postgres_connection_hostname else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_mautrix_whatsapp_container_labels_traefik_enabled else []) ) | unique @@ -1957,8 +1957,8 @@ matrix_mautrix_whatsapp_container_additional_networks_auto: |- matrix_mautrix_whatsapp_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mautrix_whatsapp_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mautrix_whatsapp_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mautrix_whatsapp_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mautrix_whatsapp_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_mautrix_whatsapp_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -1967,7 +1967,7 @@ matrix_mautrix_whatsapp_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_mautrix_whatsapp_database_hostname == postgres_connection_hostname else []) }} matrix_mautrix_whatsapp_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'whats.as.token', rounds=655555) | to_uuid }}" @@ -1995,8 +1995,8 @@ matrix_mautrix_whatsapp_metrics_proxying_hostname: "{{ matrix_metrics_exposure_h matrix_mautrix_whatsapp_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-whatsapp" # Postgres is the default, except if not using internal Postgres server -matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mautrix_whatsapp_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mautrix_whatsapp_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauwhatsapp.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2018,7 +2018,7 @@ matrix_sms_bridge_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname) else []) }} matrix_sms_bridge_container_network: "{{ matrix_addons_container_network }}" @@ -2069,8 +2069,8 @@ matrix_heisenbridge_container_additional_networks_auto: |- matrix_heisenbridge_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_heisenbridge_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_heisenbridge_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_heisenbridge_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_heisenbridge_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_heisenbridge_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_heisenbridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'heisen.as.tok', rounds=655555) | to_uuid }}" @@ -2140,8 +2140,8 @@ matrix_hookshot_container_http_host_bind_ports: "{{ matrix_hookshot_container_ht matrix_hookshot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_hookshot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_hookshot_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_hookshot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_hookshot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret and matrix_dimension_enabled }}" @@ -2178,7 +2178,7 @@ matrix_mx_puppet_slack_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_slack_database_hostname == postgres_connection_hostname) else []) }} matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2190,7 +2190,7 @@ matrix_mx_puppet_slack_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_slack_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_slack_database_hostname == postgres_connection_hostname and matrix_mx_puppet_slack_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mx_puppet_slack_container_labels_traefik_enabled) else []) ) | unique @@ -2198,8 +2198,8 @@ matrix_mx_puppet_slack_container_additional_networks_auto: |- matrix_mx_puppet_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mx_puppet_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mx_puppet_slack_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mx_puppet_slack_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mx_puppet_slack_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mx_puppet_slack_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mx_puppet_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxslk.as.tok', rounds=655555) | to_uuid }}" @@ -2211,8 +2211,8 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov matrix_mx_puppet_slack_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}" # Postgres is the default, except if not using internal Postgres server -matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_slack_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_slack_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.slack.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2236,7 +2236,7 @@ matrix_mx_puppet_twitter_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_twitter_database_hostname == postgres_connection_hostname) else []) }} matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2250,7 +2250,7 @@ matrix_mx_puppet_twitter_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_twitter_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_twitter_database_hostname == postgres_connection_hostname and matrix_mx_puppet_twitter_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_mx_puppet_twitter_container_labels_traefik_enabled) else []) ) | unique @@ -2258,8 +2258,8 @@ matrix_mx_puppet_twitter_container_additional_networks_auto: |- matrix_mx_puppet_twitter_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_mx_puppet_twitter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_mx_puppet_twitter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_mx_puppet_twitter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_mx_puppet_twitter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_mx_puppet_twitter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_mx_puppet_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxtwt.as.tok', rounds=655555) | to_uuid }}" @@ -2271,8 +2271,8 @@ matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_pr matrix_mx_puppet_twitter_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}" # Postgres is the default, except if not using internal Postgres server -matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_twitter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_twitter_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_twitter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.twitter.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2295,7 +2295,7 @@ matrix_mx_puppet_instagram_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_instagram_database_hostname == postgres_connection_hostname) else []) }} matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2307,7 +2307,7 @@ matrix_mx_puppet_instagram_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_instagram_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_instagram_database_hostname == postgres_connection_hostname and matrix_mx_puppet_instagram_container_network != postgres_container_network) else []) ) | unique }} @@ -2321,8 +2321,8 @@ matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_ matrix_mx_puppet_instagram_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}" # Postgres is the default, except if not using internal Postgres server -matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_instagram_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_instagram_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_instagram_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.ig.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2344,7 +2344,7 @@ matrix_mx_puppet_discord_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname) else []) }} matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2356,7 +2356,7 @@ matrix_mx_puppet_discord_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_discord_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname and matrix_mx_puppet_discord_container_network != postgres_container_network) else []) ) | unique }} @@ -2370,8 +2370,8 @@ matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_pr matrix_mx_puppet_discord_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}" # Postgres is the default, except if not using internal Postgres server -matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_discord_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_discord_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2393,7 +2393,7 @@ matrix_mx_puppet_steam_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_steam_database_hostname == postgres_connection_hostname) else []) }} matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" @@ -2405,7 +2405,7 @@ matrix_mx_puppet_steam_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_steam_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_steam_database_hostname == postgres_connection_hostname and matrix_mx_puppet_steam_container_network != postgres_container_network) else []) ) | unique }} @@ -2419,8 +2419,8 @@ matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_prov matrix_mx_puppet_steam_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}" # Postgres is the default, except if not using internal Postgres server -matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_steam_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_steam_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_steam_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.steam.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2443,7 +2443,7 @@ matrix_mx_puppet_groupme_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else []) }} matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2455,7 +2455,7 @@ matrix_mx_puppet_groupme_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname and matrix_mx_puppet_groupme_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname and matrix_mx_puppet_groupme_container_network != postgres_container_network) else []) ) | unique }} @@ -2469,8 +2469,8 @@ matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_pr matrix_mx_puppet_groupme_presence_enabled: "{{ matrix_homeserver_implementation != 'synapse' or matrix_synapse_presence_enabled }}" # Postgres is the default, except if not using internal Postgres server -matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_mx_puppet_groupme_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_mx_puppet_groupme_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_mx_puppet_groupme_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.groupme.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2493,7 +2493,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname else []) }} matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -2505,15 +2505,15 @@ matrix_bot_matrix_reminder_bot_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else []) + ([postgres_container_network] if postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname else []) ) | unique }} matrix_bot_matrix_reminder_bot_matrix_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}" # Postgres is the default, except if not using internal Postgres server -matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_bot_matrix_reminder_bot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_bot_matrix_reminder_bot_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}" matrix_bot_matrix_reminder_bot_allowlist_enabled: true @@ -2571,7 +2571,7 @@ matrix_bot_maubot_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_bot_maubot_database_hostname == postgres_connection_hostname) else []) }} matrix_bot_maubot_hostname: "{{ matrix_server_fqn_matrix }}" @@ -2583,7 +2583,7 @@ matrix_bot_maubot_homeserver_secret: |- { 'synapse': matrix_synapse_registration_shared_secret | default(''), 'dendrite': matrix_dendrite_client_api_registration_shared_secret | default(''), - }[matrix_homeserver_implementation] + }[matrix_homeserver_implementation] | default('') }} matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" @@ -2597,7 +2597,7 @@ matrix_bot_maubot_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname and matrix_bot_maubot_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_bot_maubot_database_hostname == postgres_connection_hostname and matrix_bot_maubot_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_maubot_container_labels_traefik_enabled else []) ) | unique @@ -2605,14 +2605,14 @@ matrix_bot_maubot_container_additional_networks_auto: |- matrix_bot_maubot_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_bot_maubot_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_maubot_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_maubot_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_maubot_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_maubot_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_bot_maubot_container_labels_management_hostname: "{{ matrix_server_fqn_matrix }}" # Postgres is the default, except if not using internal Postgres server -matrix_bot_maubot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_bot_maubot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_maubot_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_bot_maubot_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2639,7 +2639,7 @@ matrix_bot_honoroit_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_bot_honoroit_database_hostname == postgres_connection_hostname else []) }} matrix_bot_honoroit_container_network: "{{ matrix_addons_container_network }}" @@ -2649,7 +2649,7 @@ matrix_bot_honoroit_container_additional_networks: | ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname and matrix_bot_honoroit_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_bot_honoroit_database_hostname == postgres_connection_hostname and matrix_bot_honoroit_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_honoroit_container_labels_traefik_enabled else []) ) | unique @@ -2657,8 +2657,8 @@ matrix_bot_honoroit_container_additional_networks: | matrix_bot_honoroit_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_bot_honoroit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_honoroit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_honoroit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_honoroit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # For consistency with other things hosted at the matrix FQN, we adjust the metrics endpoint # so that metrics would be served at something like `/metrics/SERVICE_NAME`, and not at the default path for the role (`PREFIX/metrics`). @@ -2667,8 +2667,8 @@ matrix_bot_honoroit_container_labels_traefik_metrics_path: "{{ matrix_metrics_ex matrix_bot_honoroit_homeserver: "{{ matrix_addons_homeserver_client_api_url }}" # Postgres is the default, except if not using internal Postgres server -matrix_bot_honoroit_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_bot_honoroit_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_honoroit_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_bot_honoroit_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_bot_honoroit_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'honoroit.bot.db', rounds=655555) | to_uuid }}" matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -2693,7 +2693,7 @@ matrix_bot_buscarron_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_bot_buscarron_database_hostname == postgres_connection_hostname) else []) }} matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -2705,7 +2705,7 @@ matrix_bot_buscarron_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname and matrix_bot_buscarron_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_bot_buscarron_database_hostname == postgres_connection_hostname and matrix_bot_buscarron_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and matrix_bot_buscarron_container_labels_traefik_enabled else []) ) | unique @@ -2713,14 +2713,14 @@ matrix_bot_buscarron_container_additional_networks_auto: |- matrix_bot_buscarron_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_bot_buscarron_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_buscarron_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_buscarron_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_bot_buscarron_homeserver: "{{ matrix_addons_homeserver_client_api_url }}" # Postgres is the default, except if not using internal Postgres server -matrix_bot_buscarron_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_bot_buscarron_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_buscarron_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_bot_buscarron_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -2778,8 +2778,8 @@ matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in matrix_bot_postmoogle_ssl_path: |- {{ { - 'playbook-managed-traefik': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': (devture_traefik_certs_dumper_dumped_certificates_dir_path if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (traefik_certs_dumper_dumped_certificates_dir_path if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2790,8 +2790,8 @@ matrix_playbook_bot_postmoogle_traefik_key: "{% for domain in matrix_bot_postmoo matrix_bot_postmoogle_tls_cert: |- {{ { - 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_tls_cert if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_tls_cert if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_tls_cert if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -2799,26 +2799,26 @@ matrix_bot_postmoogle_tls_cert: |- matrix_bot_postmoogle_tls_key: |- {{ { - 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_key if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': (matrix_playbook_bot_postmoogle_traefik_key if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': (matrix_playbook_bot_postmoogle_traefik_key if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} -matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services: "{% for domain in matrix_bot_postmoogle_domains %}{{ devture_traefik_certs_dumper_identifier }}-wait-for-domain@{{ domain }}.service {% endfor %}" +matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services: "{% for domain in matrix_bot_postmoogle_domains %}{{ traefik_certs_dumper_identifier }}-wait-for-domain@{{ domain }}.service {% endfor %}" matrix_bot_postmoogle_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_bot_postmoogle_database_hostname == matrix_bot_postmoogle_database_hostname else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_bot_postmoogle_database_hostname == matrix_bot_postmoogle_database_hostname else []) + - (matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled else []) + (matrix_playbook_bot_postmoogle_traefik_certs_dumper_waiter_services | trim | split(' ') if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled else []) }} # Postgres is the default, except if not using internal Postgres server -matrix_bot_postmoogle_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_bot_postmoogle_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_bot_postmoogle_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_bot_postmoogle_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db', rounds=655555) | to_uuid }}" matrix_bot_postmoogle_homeserver: "{{ matrix_addons_homeserver_client_api_url }}" @@ -2830,7 +2830,7 @@ matrix_bot_postmoogle_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if devture_postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname else []) + ([postgres_container_network] if postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname else []) ) | unique }} @@ -2899,8 +2899,8 @@ matrix_bot_go_neb_container_additional_networks: | matrix_bot_go_neb_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_bot_go_neb_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_go_neb_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_go_neb_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -2983,8 +2983,8 @@ matrix_bot_draupnir_raw_homeserver_url: "{{ matrix_addons_homeserver_client_api_ matrix_bot_draupnir_container_labels_traefik_enabled: "{{ matrix_bot_draupnir_web_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_bot_draupnir_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_bot_draupnir_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_bot_draupnir_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -3006,7 +3006,7 @@ matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == postgres_connection_hostname) else []) }} matrix_appservice_draupnir_for_all_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" @@ -3018,14 +3018,14 @@ matrix_appservice_draupnir_for_all_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname and matrix_appservice_draupnir_for_all_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == postgres_connection_hostname and matrix_appservice_draupnir_for_all_container_network != postgres_container_network) else []) ) | unique }} matrix_appservice_draupnir_for_all_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.as.token', rounds=655555) | to_uuid }}" matrix_appservice_draupnir_for_all_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'd4a.hs.token', rounds=655555) | to_uuid }}" -matrix_appservice_draupnir_for_all_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_appservice_draupnir_for_all_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_appservice_draupnir_for_all_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.d4a.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -3097,18 +3097,18 @@ backup_borg_username: "{{ matrix_user_username }}" backup_borg_uid: "{{ matrix_user_uid }}" backup_borg_gid: "{{ matrix_user_gid }}" -backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}" +backup_borg_container_network: "{{ postgres_container_network if postgres_enabled else backup_borg_identifier }}" -backup_borg_postgresql_version_detection_devture_postgres_role_name: "{{ 'galaxy/postgres' if devture_postgres_enabled else '' }}" +backup_borg_postgresql_version_detection_postgres_role_name: "{{ 'galaxy/postgres' if postgres_enabled else '' }}" backup_borg_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" -backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}" -backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" -backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" -backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" -backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" -backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" +backup_borg_postgresql_enabled: "{{ postgres_enabled }}" +backup_borg_postgresql_databases_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" +backup_borg_postgresql_databases_username: "{{ postgres_connection_username if postgres_enabled else '' }}" +backup_borg_postgresql_databases_password: "{{ postgres_connection_password if postgres_enabled else '' }}" +backup_borg_postgresql_databases_port: "{{ postgres_connection_port if postgres_enabled else 5432 }}" +backup_borg_postgresql_databases: "{{ postgres_managed_databases | map(attribute='name') if postgres_enabled else [] }}" backup_borg_location_source_directories: - "{{ matrix_base_data_path }}" @@ -3117,14 +3117,14 @@ backup_borg_location_exclude_patterns: | {{ ([matrix_synapse_media_store_path + '/local_thumbnails', matrix_synapse_media_store_path + '/remote_thumbnail', matrix_synapse_media_store_path + '/url_cache', matrix_synapse_media_store_path + '/url_cache_thumbnails'] if matrix_homeserver_implementation == 'synapse' else []) + - ([devture_postgres_data_path] if devture_postgres_enabled else []) + ([postgres_data_path] if postgres_enabled else []) }} backup_borg_systemd_required_services_list: | {{ [devture_systemd_docker_base_docker_service_name] + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + ([postgres_identifier ~ '.service'] if postgres_enabled else []) }} ###################################################################### @@ -3188,8 +3188,8 @@ matrix_cactus_comments_client_container_additional_networks_auto: |- matrix_cactus_comments_client_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_cactus_comments_client_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_cactus_comments_client_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_cactus_comments_client_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_cactus_comments_client_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_cactus_comments_client_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -3228,8 +3228,8 @@ matrix_corporal_container_additional_networks: | matrix_corporal_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_corporal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_corporal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_corporal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_corporal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_corporal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_corporal_matrix_homeserver_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" @@ -3270,8 +3270,8 @@ matrix_rageshake_container_http_host_bind_port: "{{ (matrix_playbook_service_hos matrix_rageshake_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_rageshake_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_rageshake_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_rageshake_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -3304,8 +3304,8 @@ matrix_coturn_tls_enabled: "{{ matrix_playbook_ssl_enabled }}" matrix_coturn_tls_cert_path: |- {{ { - 'playbook-managed-traefik': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': ('/certificate.crt' if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': ('/certificate.crt' if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': ('/certificate.crt' if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -3313,8 +3313,8 @@ matrix_coturn_tls_cert_path: |- matrix_coturn_tls_key_path: |- {{ { - 'playbook-managed-traefik': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''), - 'other-traefik-container': ('/privatekey.key' if devture_traefik_certs_dumper_enabled else ''), + 'playbook-managed-traefik': ('/privatekey.key' if traefik_certs_dumper_enabled else ''), + 'other-traefik-container': ('/privatekey.key' if traefik_certs_dumper_enabled else ''), 'none': '', }[matrix_playbook_reverse_proxy_type] }} @@ -3324,16 +3324,16 @@ matrix_coturn_container_additional_volumes: | ( [ { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/certificate.crt'), 'dst': '/certificate.crt', 'options': 'ro', }, { - 'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'), + 'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/' + matrix_server_fqn_matrix + '/privatekey.key'), 'dst': '/privatekey.key', 'options': 'ro', }, - ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled and (matrix_coturn_tls_cert_path and matrix_coturn_tls_key_path)) else [] + ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled and (matrix_coturn_tls_cert_path and matrix_coturn_tls_key_path)) else [] ) }} @@ -3341,7 +3341,7 @@ matrix_coturn_systemd_required_services_list: | {{ [devture_systemd_docker_base_docker_service_name] + - ([devture_traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []) + ([traefik_certs_dumper_identifier + '-wait-for-domain@' + matrix_server_fqn_matrix + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []) }} ###################################################################### @@ -3375,7 +3375,7 @@ matrix_dimension_container_additional_networks: | + ([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_dimension_container_network else []) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_dimension_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_dimension_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_dimension_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_dimension_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) ) | unique @@ -3385,8 +3385,8 @@ matrix_dimension_container_http_host_bind_port: "{{ (matrix_playbook_service_hos matrix_dimension_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_dimension_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_dimension_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_dimension_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_dimension_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_dimension_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_dimension_homeserver_clientServerUrl: "{{ matrix_addons_homeserver_client_api_url }}" matrix_dimension_homeserver_federationUrl: "{{ matrix_homeserver_container_federation_url }}" @@ -3402,13 +3402,13 @@ matrix_dimension_systemd_required_services_list_auto: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_dimension_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_dimension_database_hostname == postgres_connection_hostname) else []) ) | unique }} # Postgres is the default, except if not using internal Postgres server -matrix_dimension_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_dimension_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_dimension_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_dimension_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_dimension_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dimension.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -3446,23 +3446,23 @@ etherpad_container_additional_networks: | ( ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != etherpad_container_network else []) + ([postgres_container_network] if postgres_enabled and postgres_container_network != etherpad_container_network else []) ) | unique }} etherpad_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" etherpad_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -etherpad_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -etherpad_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +etherpad_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +etherpad_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" etherpad_systemd_required_services_list: | {{ [devture_systemd_docker_base_docker_service_name] + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + ([postgres_identifier ~ '.service'] if postgres_enabled else []) }} -etherpad_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +etherpad_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" etherpad_database_name: matrix_etherpad etherpad_database_username: matrix_etherpad etherpad_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'etherpad.db', rounds=655555) | to_uuid }}" @@ -3561,8 +3561,8 @@ jitsi_prosody_container_additional_networks_auto: | jitsi_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" jitsi_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +jitsi_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +jitsi_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" jitsi_jibri_xmpp_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}" jitsi_jicofo_auth_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}" @@ -3645,8 +3645,8 @@ matrix_ldap_registration_proxy_container_additional_networks_auto: |- matrix_ldap_registration_proxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_ldap_registration_proxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_ldap_registration_proxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_ldap_registration_proxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -3716,7 +3716,7 @@ matrix_ma1sd_container_additional_networks_auto: | ( ([matrix_homeserver_container_network] if (matrix_ma1sd_container_network != matrix_homeserver_container_network) else []) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname and matrix_ma1sd_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_ma1sd_database_hostname == postgres_connection_hostname and matrix_ma1sd_container_network != postgres_container_network) else []) + ([exim_relay_container_network] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier and matrix_ma1sd_container_network != exim_relay_container_network) else []) + @@ -3726,8 +3726,8 @@ matrix_ma1sd_container_additional_networks_auto: | matrix_ma1sd_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_ma1sd_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_ma1sd_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_ma1sd_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_ma1sd_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_ma1sd_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # We enable Synapse integration via its Postgres database by default. # When using another Identity store, you might wish to disable this and define @@ -3752,7 +3752,7 @@ matrix_ma1sd_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_ma1sd_database_hostname == postgres_connection_hostname) else []) }} matrix_ma1sd_systemd_wanted_services_list_auto: | @@ -3761,8 +3761,8 @@ matrix_ma1sd_systemd_wanted_services_list_auto: | }} # Postgres is the default, except if not using internal Postgres server -matrix_ma1sd_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_ma1sd_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_ma1sd_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_ma1sd_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -3786,7 +3786,7 @@ matrix_media_repo_container_additional_networks: | ( ([matrix_homeserver_container_network] if (matrix_media_repo_container_network != matrix_homeserver_container_network) else []) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_media_repo_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_media_repo_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_media_repo_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_media_repo_container_labels_traefik_enabled) else []) ) | unique @@ -3794,8 +3794,8 @@ matrix_media_repo_container_additional_networks: | matrix_media_repo_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_media_repo_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_media_repo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_media_repo_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_media_repo_container_labels_traefik_internal_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" @@ -3809,7 +3809,7 @@ matrix_media_repo_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" -matrix_media_repo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_media_repo_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_media_repo_database_username: matrix_media_repo matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}" matrix_media_repo_database_name: matrix_media_repo @@ -3818,7 +3818,7 @@ matrix_media_repo_systemd_required_services_list_auto: | {{ matrix_addons_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_media_repo_database_hostname == postgres_connection_hostname else []) }} matrix_media_repo_generate_signing_key: "{{ matrix_homeserver_implementation == 'synapse' or matrix_homeserver_implementation == 'dendrite'}}" @@ -3863,35 +3863,35 @@ matrix_media_repo_homeserver_federation_enabled: "{{ matrix_homeserver_federatio ######################################################################## # # -# com.devture.ansible.role.postgres # +# postgres # # # ######################################################################## -# To completely disable installing Postgres, use `devture_postgres_enabled: false`. +# To completely disable installing Postgres, use `postgres_enabled: false`. -devture_postgres_identifier: matrix-postgres +postgres_identifier: matrix-postgres -devture_postgres_architecture: "{{ matrix_architecture }}" +postgres_architecture: "{{ matrix_architecture }}" -devture_postgres_base_path: "{{ matrix_base_data_path }}/postgres" +postgres_base_path: "{{ matrix_base_data_path }}/postgres" -devture_postgres_uid: "{{ matrix_user_uid }}" -devture_postgres_gid: "{{ matrix_user_gid }}" +postgres_uid: "{{ matrix_user_uid }}" +postgres_gid: "{{ matrix_user_gid }}" -devture_postgres_connection_username: matrix -devture_postgres_db_name: matrix +postgres_connection_username: matrix +postgres_db_name: matrix -devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}" +postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (postgres_identifier + '.service')) }}" -devture_postgres_max_connections: "{{ 500 if matrix_synapse_workers_enabled else 200 }}" +postgres_max_connections: "{{ 500 if matrix_synapse_workers_enabled else 200 }}" -devture_postgres_managed_databases_auto: | +postgres_managed_databases_auto: | {{ ([{ 'name': matrix_synapse_database_database, 'username': matrix_synapse_database_user, 'password': matrix_synapse_database_password, - }] if (matrix_synapse_enabled and matrix_synapse_database_host == devture_postgres_connection_hostname) else []) + }] if (matrix_synapse_enabled and matrix_synapse_database_host == postgres_connection_hostname) else []) + ([{ 'name': matrix_dendrite_federation_api_database, @@ -3929,7 +3929,7 @@ devture_postgres_managed_databases_auto: | 'name': matrix_dendrite_mscs_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, - }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_dendrite_enabled and matrix_dendrite_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_sliding_sync_database_name, @@ -3941,133 +3941,133 @@ devture_postgres_managed_databases_auto: | 'name': matrix_ma1sd_database_name, 'username': matrix_ma1sd_database_username, 'password': matrix_ma1sd_database_password, - }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_matrix_reminder_bot_database_name, 'username': matrix_bot_matrix_reminder_bot_database_username, 'password': matrix_bot_matrix_reminder_bot_database_password, - }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_bot_matrix_reminder_bot_enabled and matrix_bot_matrix_reminder_bot_database_engine == 'postgres' and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_honoroit_database_name, 'username': matrix_bot_honoroit_database_username, 'password': matrix_bot_honoroit_database_password, - }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_postmoogle_database_name, 'username': matrix_bot_postmoogle_database_username, 'password': matrix_bot_postmoogle_database_password, - }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_maubot_database_name, 'username': matrix_bot_maubot_database_username, 'password': matrix_bot_maubot_database_password, - }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_bot_maubot_enabled and matrix_bot_maubot_database_engine == 'postgres' and matrix_bot_maubot_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_bot_buscarron_database_name, 'username': matrix_bot_buscarron_database_username, 'password': matrix_bot_buscarron_database_password, - }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_registration_database_name, 'username': matrix_registration_database_username, 'password': matrix_registration_database_password, - }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_registration_enabled and matrix_registration_database_engine == 'postgres' and matrix_registration_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_discord_database_name, 'username': matrix_appservice_discord_database_username, 'password': matrix_appservice_discord_database_password, - }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_appservice_discord_enabled and matrix_appservice_discord_database_engine == 'postgres' and matrix_appservice_discord_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_draupnir_for_all_database_name, 'username': matrix_appservice_draupnir_for_all_database_username, 'password': matrix_appservice_draupnir_for_all_database_password, - }] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_slack_database_name, 'username': matrix_appservice_slack_database_username, 'password': matrix_appservice_slack_database_password, - }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_irc_database_name, 'username': matrix_appservice_irc_database_username, 'password': matrix_appservice_irc_database_password, - }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_appservice_kakaotalk_database_name, 'username': matrix_appservice_kakaotalk_database_username, 'password': matrix_appservice_kakaotalk_database_password, - }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_beeper_linkedin_database_name, 'username': matrix_beeper_linkedin_database_username, 'password': matrix_beeper_linkedin_database_password, - }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_go_skype_bridge_database_name, 'username': matrix_go_skype_bridge_database_username, 'password': matrix_go_skype_bridge_database_password, - }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_wechat_database_name, 'username': matrix_wechat_database_username, 'password': matrix_wechat_database_password, - }] if (matrix_wechat_enabled and matrix_wechat_database_engine == 'postgres' and matrix_wechat_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_wechat_enabled and matrix_wechat_database_engine == 'postgres' and matrix_wechat_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_facebook_database_name, 'username': matrix_mautrix_facebook_database_username, 'password': matrix_mautrix_facebook_database_password, - }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_database_engine == 'postgres' and matrix_mautrix_facebook_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_hangouts_database_name, 'username': matrix_mautrix_hangouts_database_username, 'password': matrix_mautrix_hangouts_database_password, - }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_googlechat_database_name, 'username': matrix_mautrix_googlechat_database_username, 'password': matrix_mautrix_googlechat_database_password, - }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_googlechat_enabled and matrix_mautrix_googlechat_database_engine == 'postgres' and matrix_mautrix_googlechat_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_instagram_database_name, 'username': matrix_mautrix_instagram_database_username, 'password': matrix_mautrix_instagram_database_password, - }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_signal_database_name, 'username': matrix_mautrix_signal_database_username, 'password': matrix_mautrix_signal_database_password, - }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_meta_messenger_database_name, 'username': matrix_mautrix_meta_messenger_database_username, 'password': matrix_mautrix_meta_messenger_database_password, - }] if (matrix_mautrix_meta_messenger_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres' and matrix_mautrix_meta_messenger_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_meta_messenger_enabled and matrix_mautrix_meta_messenger_database_engine == 'postgres' and matrix_mautrix_meta_messenger_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_meta_instagram_database_name, 'username': matrix_mautrix_meta_instagram_database_username, 'password': matrix_mautrix_meta_instagram_database_password, - }] if (matrix_mautrix_meta_instagram_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres' and matrix_mautrix_meta_instagram_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_meta_instagram_enabled and matrix_mautrix_meta_instagram_database_engine == 'postgres' and matrix_mautrix_meta_instagram_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_wsproxy_syncproxy_database_name, @@ -4079,149 +4079,149 @@ devture_postgres_managed_databases_auto: | 'name': matrix_mautrix_telegram_database_name, 'username': matrix_mautrix_telegram_database_username, 'password': matrix_mautrix_telegram_database_password, - }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_twitter_database_name, 'username': matrix_mautrix_twitter_database_username, 'password': matrix_mautrix_twitter_database_password, - }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_gmessages_database_name, 'username': matrix_mautrix_gmessages_database_username, 'password': matrix_mautrix_gmessages_database_password, - }] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_whatsapp_database_name, 'username': matrix_mautrix_whatsapp_database_username, 'password': matrix_mautrix_whatsapp_database_password, - }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_discord_database_name, 'username': matrix_mautrix_discord_database_username, 'password': matrix_mautrix_discord_database_password, - }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mautrix_slack_database_name, 'username': matrix_mautrix_slack_database_username, 'password': matrix_mautrix_slack_database_password, - }] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_slack_database_name, 'username': matrix_mx_puppet_slack_database_username, 'password': matrix_mx_puppet_slack_database_password, - }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mx_puppet_slack_enabled and matrix_mx_puppet_slack_database_engine == 'postgres' and matrix_mx_puppet_slack_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_twitter_database_name, 'username': matrix_mx_puppet_twitter_database_username, 'password': matrix_mx_puppet_twitter_database_password, - }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mx_puppet_twitter_enabled and matrix_mx_puppet_twitter_database_engine == 'postgres' and matrix_mx_puppet_twitter_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_instagram_database_name, 'username': matrix_mx_puppet_instagram_database_username, 'password': matrix_mx_puppet_instagram_database_password, - }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mx_puppet_instagram_enabled and matrix_mx_puppet_instagram_database_engine == 'postgres' and matrix_mx_puppet_instagram_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_discord_database_name, 'username': matrix_mx_puppet_discord_database_username, 'password': matrix_mx_puppet_discord_database_password, - }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mx_puppet_discord_enabled and matrix_mx_puppet_discord_database_engine == 'postgres' and matrix_mx_puppet_discord_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_steam_database_name, 'username': matrix_mx_puppet_steam_database_username, 'password': matrix_mx_puppet_steam_database_password, - }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_groupme_database_name, 'username': matrix_mx_puppet_groupme_database_username, 'password': matrix_mx_puppet_groupme_database_password, - }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_dimension_database_name, 'username': matrix_dimension_database_username, 'password': matrix_dimension_database_password, - }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': etherpad_database_name, 'username': etherpad_database_username, 'password': etherpad_database_password, - }] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == devture_postgres_connection_hostname) else []) + }] if (etherpad_enabled and etherpad_database_engine == 'postgres' and etherpad_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': prometheus_postgres_exporter_database_name, 'username': prometheus_postgres_exporter_database_username, 'password': prometheus_postgres_exporter_database_password, - }] if (prometheus_postgres_exporter_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else []) + }] if (prometheus_postgres_exporter_enabled and prometheus_postgres_exporter_database_hostname == postgres_connection_hostname) else []) + ([{ 'name': matrix_media_repo_database_name, 'username': matrix_media_repo_database_username, 'password': matrix_media_repo_database_password, - }] if (matrix_media_repo_enabled and matrix_media_repo_database_hostname == devture_postgres_connection_hostname) else []) + }] if (matrix_media_repo_enabled and matrix_media_repo_database_hostname == postgres_connection_hostname) else []) }} ######################################################################## # # -# /com.devture.ansible.role.postgres # +# /postgres # # # ######################################################################## ######################################################################## # # -# com.devture.ansible.role.postgres_backup # +# postgres_backup # # # ######################################################################## -devture_postgres_backup_enabled: false +postgres_backup_enabled: false -devture_postgres_backup_identifier: matrix-postgres-backup +postgres_backup_identifier: matrix-postgres-backup -devture_postgres_backup_architecture: "{{ matrix_architecture }}" +postgres_backup_architecture: "{{ matrix_architecture }}" -devture_postgres_backup_base_path: "{{ matrix_base_data_path }}/postgres-backup" +postgres_backup_base_path: "{{ matrix_base_data_path }}/postgres-backup" -devture_postgres_backup_systemd_required_services_list_auto: | +postgres_backup_systemd_required_services_list_auto: | {{ - ([(devture_postgres_identifier + '.service')] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else []) + ([(postgres_identifier + '.service')] if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname) else []) }} -devture_postgres_backup_container_network: "{{ (devture_postgres_container_network if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else devture_postgres_backup_identifier) }}" +postgres_backup_container_network: "{{ (postgres_container_network if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname) else postgres_backup_identifier) }}" -devture_postgres_backup_container_additional_networks_auto: |- +postgres_backup_container_additional_networks_auto: |- {{ - ([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname and devture_postgres_backup_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname and postgres_backup_container_network != postgres_container_network) else []) }} -devture_postgres_backup_uid: "{{ matrix_user_uid }}" -devture_postgres_backup_gid: "{{ matrix_user_gid }}" +postgres_backup_uid: "{{ matrix_user_uid }}" +postgres_backup_gid: "{{ matrix_user_gid }}" -devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" -devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" -devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" -devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" +postgres_backup_connection_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" +postgres_backup_connection_port: "{{ postgres_connection_port if postgres_enabled else 5432 }}" +postgres_backup_connection_username: "{{ postgres_connection_username if postgres_enabled else '' }}" +postgres_backup_connection_password: "{{ postgres_connection_password if postgres_enabled else '' }}" -devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}" -devture_postgres_backup_postgres_role_include_name: galaxy/postgres +postgres_backup_postgres_data_path: "{{ postgres_data_path if postgres_enabled else '' }}" +postgres_backup_postgres_role_include_name: galaxy/postgres -devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" +postgres_backup_databases: "{{ postgres_managed_databases | map(attribute='name') if postgres_enabled else [] }}" ######################################################################## # # -# /com.devture.ansible.role.postgres_backup # +# /postgres_backup # # # ######################################################################## @@ -4247,8 +4247,8 @@ matrix_sygnal_container_http_host_bind_port: "{{ (matrix_playbook_service_host_b matrix_sygnal_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_sygnal_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_sygnal_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_sygnal_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_sygnal_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_sygnal_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -4279,8 +4279,8 @@ ntfy_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_inter ntfy_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" ntfy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -ntfy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -ntfy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +ntfy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +ntfy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ntfy_visitor_request_limit_exempt_hosts_hostnames_auto: | {{ @@ -4366,8 +4366,8 @@ matrix_client_element_container_additional_networks: "{{ [matrix_playbook_revers matrix_client_element_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_client_element_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_client_element_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_client_element_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_element_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_client_element_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_client_element_default_hs_url: "{{ matrix_homeserver_url }}" matrix_client_element_default_is_url: "{{ matrix_identity_server_url }}" @@ -4415,8 +4415,8 @@ matrix_client_hydrogen_container_additional_networks: "{{ [matrix_playbook_rever matrix_client_hydrogen_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_client_hydrogen_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_hydrogen_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_client_hydrogen_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_client_hydrogen_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" @@ -4448,8 +4448,8 @@ matrix_client_cinny_container_additional_networks: "{{ [matrix_playbook_reverse_ matrix_client_cinny_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_client_cinny_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_client_cinny_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_cinny_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_client_cinny_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_client_cinny_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}" @@ -4483,8 +4483,8 @@ matrix_client_schildichat_container_additional_networks: "{{ [matrix_playbook_re matrix_client_schildichat_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_client_schildichat_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_client_schildichat_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_client_schildichat_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_client_schildichat_default_hs_url: "{{ matrix_homeserver_url }}" matrix_client_schildichat_default_is_url: "{{ matrix_identity_server_url }}" @@ -4551,7 +4551,7 @@ matrix_synapse_container_additional_networks_auto: | ( ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == devture_postgres_connection_hostname) else []) + ([postgres_container_network] if (postgres_enabled and postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == postgres_connection_hostname) else []) + ([redis_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else []) + @@ -4565,8 +4565,8 @@ matrix_synapse_container_additional_networks_auto: | matrix_synapse_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_synapse_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_synapse_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_synapse_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_synapse_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_synapse_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_synapse_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" matrix_synapse_container_labels_matrix_labels_enabled: "{{ not matrix_synapse_workers_enabled }}" @@ -4590,7 +4590,7 @@ matrix_synapse_container_labels_internal_client_api_traefik_entrypoints: "{{ mat # For exposing the Synapse worker (and metrics) ports to the local host. matrix_synapse_workers_container_host_bind_address: "{{ matrix_playbook_service_host_bind_interface_prefix[0:-1] if (matrix_synapse_workers_enabled and matrix_playbook_service_host_bind_interface_prefix) else '' }}" -matrix_synapse_database_host: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_synapse_database_host: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_synapse_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.db', rounds=655555) | to_uuid }}" matrix_synapse_macaroon_secret_key: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'synapse.mac', rounds=655555) | to_uuid }}" @@ -4635,7 +4635,7 @@ matrix_synapse_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled matrix_synapse_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and devture_postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == postgres_connection_hostname) else []) + ([redis_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == redis_identifier else []) + @@ -4685,11 +4685,11 @@ matrix_synapse_auto_compressor_enabled: false matrix_synapse_auto_compressor_uid: "{{ matrix_user_uid }}" matrix_synapse_auto_compressor_gid: "{{ matrix_user_gid }}" -matrix_synapse_auto_compressor_postgres_image: "{{ devture_postgres_container_image_to_use }}" +matrix_synapse_auto_compressor_postgres_image: "{{ postgres_container_image_to_use }}" matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" -matrix_synapse_auto_compressor_container_network: "{{ (devture_postgres_container_network if (devture_postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == devture_postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}" +matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}" matrix_synapse_auto_compressor_database_username: "{{ matrix_synapse_database_user if matrix_synapse_enabled else '' }}" matrix_synapse_auto_compressor_database_password: "{{ matrix_synapse_database_password if matrix_synapse_enabled else '' }}" @@ -4699,7 +4699,7 @@ matrix_synapse_auto_compressor_database_name: "{{ matrix_synapse_database_databa matrix_synapse_auto_compressor_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if (matrix_synapse_auto_compressor_container_network == devture_postgres_container_network) else []) + ([postgres_identifier ~ '.service'] if (matrix_synapse_auto_compressor_container_network == postgres_container_network) else []) }} ###################################################################### @@ -4737,8 +4737,8 @@ matrix_synapse_reverse_proxy_companion_container_federation_api_host_bind_port: matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_synapse_reverse_proxy_companion_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_synapse_reverse_proxy_companion_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_synapse_reverse_proxy_companion_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname: "{{ matrix_server_fqn_matrix }}" matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_client_api_enabled: "{{ matrix_synapse_container_labels_public_client_synapse_client_api_enabled }}" @@ -4794,8 +4794,8 @@ matrix_synapse_admin_container_additional_networks: "{{ [matrix_playbook_reverse matrix_synapse_admin_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_synapse_admin_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_synapse_admin_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_synapse_admin_config_asManagedUsers_auto: | {{ @@ -5002,8 +5002,8 @@ matrix_synapse_usage_exporter_container_additional_networks: "{{ [matrix_playboo matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}" matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ###################################################################### # @@ -5034,8 +5034,8 @@ prometheus_node_exporter_container_additional_networks: "{{ [matrix_playbook_rev prometheus_node_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}" prometheus_node_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -5068,27 +5068,27 @@ prometheus_postgres_exporter_container_network: "{{ matrix_monitoring_container_ prometheus_postgres_exporter_container_additional_networks: | {{ - ([devture_postgres_container_network] if (devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname and prometheus_postgres_exporter_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and prometheus_postgres_exporter_database_hostname == postgres_connection_hostname and prometheus_postgres_exporter_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network and prometheus_postgres_exporter_container_labels_traefik_enabled else []) }} prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}" prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" -prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +prometheus_postgres_exporter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" prometheus_postgres_exporter_database_username: matrix_prometheus_postgres_exporter prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}" prometheus_postgres_exporter_database_name: matrix_prometheus_postgres_exporter prometheus_postgres_exporter_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and prometheus_postgres_exporter_database_hostname == postgres_connection_hostname) else []) }} ###################################################################### @@ -5119,8 +5119,8 @@ matrix_prometheus_nginxlog_exporter_container_additional_networks_auto: |- matrix_prometheus_nginxlog_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}" matrix_prometheus_nginxlog_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -5274,8 +5274,8 @@ grafana_container_additional_networks_auto: | grafana_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" grafana_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +grafana_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +grafana_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" grafana_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '3000') if matrix_playbook_service_host_bind_interface_prefix else '' }}" @@ -5345,7 +5345,7 @@ matrix_registration_path_prefix: /matrix-registration matrix_registration_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_registration_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname) else []) }} matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -5359,7 +5359,7 @@ matrix_registration_container_additional_networks_auto: |- ( ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network]) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_registration_database_hostname == devture_postgres_connection_hostname and matrix_mautrix_facebook_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname and matrix_mautrix_facebook_container_network != postgres_container_network) else []) + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_registration_container_labels_traefik_enabled) else []) ) | unique @@ -5367,8 +5367,8 @@ matrix_registration_container_additional_networks_auto: |- matrix_registration_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_registration_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_registration_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_registration_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_registration_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_registration_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_registration_riot_instance: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else 'https://element.io/app/' }}" @@ -5386,8 +5386,8 @@ matrix_registration_server_location: "{{ matrix_addons_homeserver_client_api_url matrix_registration_api_validate_certs: "{{ matrix_playbook_ssl_enabled }}" # Postgres is the default, except if not using internal Postgres server -matrix_registration_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" -matrix_registration_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_registration_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}" +matrix_registration_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_registration_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mx.registr.db', rounds=655555) | to_uuid }}" ###################################################################### @@ -5423,14 +5423,14 @@ matrix_sliding_sync_container_additional_networks: | + ([] if matrix_homeserver_container_network in ['', matrix_sliding_sync_container_network] else [matrix_homeserver_container_network]) + - ([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_sliding_sync_container_network else []) + ([postgres_container_network] if postgres_enabled and postgres_container_network != matrix_sliding_sync_container_network else []) ) | unique }} matrix_sliding_sync_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" @@ -5439,13 +5439,13 @@ matrix_sliding_sync_systemd_required_services_list_auto: | {{ matrix_homeserver_systemd_services_list + - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_sliding_sync_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_sliding_sync_database_hostname == postgres_connection_hostname) else []) }} matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_container_url }}" matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.secret', rounds=655555) | to_uuid }}" -matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_sliding_sync_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}" matrix_sliding_sync_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}" @@ -5480,7 +5480,7 @@ matrix_dendrite_container_additional_networks_auto: | ( ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_dendrite_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if (devture_postgres_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname and devture_postgres_container_network != matrix_dendrite_container_network) else []) + ([postgres_container_network] if (postgres_enabled and matrix_dendrite_database_hostname == postgres_connection_hostname and postgres_container_network != matrix_dendrite_container_network) else []) ) | unique }} @@ -5489,8 +5489,8 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if not matrix_dendrite matrix_dendrite_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}" matrix_dendrite_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_dendrite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_dendrite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_dendrite_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_dendrite_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_dendrite_container_labels_public_client_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}" @@ -5512,7 +5512,7 @@ matrix_dendrite_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_p matrix_dendrite_client_api_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss', rounds=655555) | to_uuid }}" -matrix_dendrite_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_dendrite_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db', rounds=655555) | to_uuid }}" @@ -5542,7 +5542,7 @@ matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1 matrix_dendrite_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if (devture_postgres_enabled and matrix_dendrite_database_hostname == devture_postgres_connection_hostname) else []) + ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_dendrite_database_hostname == postgres_connection_hostname) else []) + (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) }} @@ -5585,8 +5585,8 @@ matrix_conduit_container_additional_networks_auto: | matrix_conduit_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and not matrix_synapse_workers_enabled }}" matrix_conduit_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_conduit_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_conduit_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_conduit_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_conduit_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_conduit_container_labels_public_client_root_redirection_enabled: "{{ matrix_conduit_container_labels_public_client_root_redirection_url != '' }}" matrix_conduit_container_labels_public_client_root_redirection_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_element) if matrix_client_element_enabled else '' }}" @@ -5747,8 +5747,8 @@ matrix_static_files_container_network: "{{ (matrix_static_files_identifier if ma matrix_static_files_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}" matrix_static_files_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" -matrix_static_files_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -matrix_static_files_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_static_files_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +matrix_static_files_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" matrix_static_files_container_labels_well_known_matrix_endpoint_traefik_hostname: "{{ matrix_server_fqn_matrix }}" @@ -5808,34 +5808,34 @@ devture_container_socket_proxy_api_containers_enabled: true ######################################################################## # # -# com.devture.ansible.role.traefik # +# traefik # # # ######################################################################## -devture_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" +traefik_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" -devture_traefik_identifier: matrix-traefik +traefik_identifier: matrix-traefik -devture_traefik_base_path: "{{ matrix_base_data_path }}/traefik" +traefik_base_path: "{{ matrix_base_data_path }}/traefik" -devture_traefik_uid: "{{ matrix_user_uid }}" -devture_traefik_gid: "{{ matrix_user_gid }}" +traefik_uid: "{{ matrix_user_uid }}" +traefik_gid: "{{ matrix_user_gid }}" -devture_traefik_additional_entrypoints_auto: | +traefik_additional_entrypoints_auto: | {{ ([matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition] if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled else []) + ([matrix_playbook_internal_matrix_client_api_traefik_entrypoint_definition] if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else []) }} -devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" +traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" -devture_traefik_container_additional_networks_auto: | +traefik_container_additional_networks_auto: | {{ ([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else []) }} -devture_traefik_systemd_required_services_list: | +traefik_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name]) + @@ -5844,31 +5844,31 @@ devture_traefik_systemd_required_services_list: | ######################################################################## # # -# /com.devture.ansible.role.traefik # +# /traefik # # # ######################################################################## ######################################################################## # # -# com.devture.ansible.role.traefik_certs_dumper # +# traefik_certs_dumper # # # ######################################################################## -devture_traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and devture_traefik_config_entrypoint_web_secure_enabled and devture_traefik_config_certificatesResolvers_acme_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}" +traefik_certs_dumper_enabled: "{{ (matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and traefik_config_entrypoint_web_secure_enabled and traefik_config_certificatesResolvers_acme_enabled) or matrix_playbook_reverse_proxy_type == 'other-traefik-container' }}" -devture_traefik_certs_dumper_identifier: matrix-traefik-certs-dumper +traefik_certs_dumper_identifier: matrix-traefik-certs-dumper -devture_traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumper" +traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumper" -devture_traefik_certs_dumper_uid: "{{ matrix_user_uid }}" -devture_traefik_certs_dumper_gid: "{{ matrix_user_gid }}" +traefik_certs_dumper_uid: "{{ matrix_user_uid }}" +traefik_certs_dumper_gid: "{{ matrix_user_gid }}" -devture_traefik_certs_dumper_ssl_dir_path: "{{ devture_traefik_ssl_dir_path if devture_traefik_enabled else '' }}" +traefik_certs_dumper_ssl_dir_path: "{{ traefik_ssl_dir_path if traefik_enabled else '' }}" ######################################################################## # # -# /com.devture.ansible.role.traefik_certs_dumper # +# /traefik_certs_dumper # # # ######################################################################## diff --git a/requirements.yml b/requirements.yml index 8a8054f7c..27144b2f4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -22,10 +22,10 @@ version: v4.98-r0-1-1 name: exim_relay - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git - version: v11.1.4-1 + version: v11.1.7-0 name: grafana - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v9646-1 + version: v9753-0 name: jitsi - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git version: v6.3.4-3 @@ -42,11 +42,11 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 name: playbook_state_preserver -- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.4-0 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git + version: v17.0-1 name: postgres -- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: ccfd8db07fd8725119f0e06ba5144b8f58a67890 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git + version: v16-0 name: postgres_backup - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.54.1-1 @@ -69,9 +69,9 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 name: timesync -- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v3.1.3-1 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git + version: v3.1.3-2 name: traefik -- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git - version: v2.8.3-4 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git + version: v2.8.3-5 name: traefik_certs_dumper diff --git a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml index 57aa252de..cf53828a5 100644 --- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml +++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml @@ -6,7 +6,7 @@ matrix_alertmanager_receiver_enabled: true # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver -matrix_alertmanager_receiver_version: 2024.9.18 +matrix_alertmanager_receiver_version: 2024.10.2 matrix_alertmanager_receiver_scheme: https diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 36b248b1f..7d34808e7 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -216,15 +216,15 @@ matrix_metrics_exposure_http_basic_auth_users: '' # # - `playbook-managed-traefik` # - the playbook will run a managed Traefik instance (matrix-traefik) -# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`) -# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email` +# - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`) +# - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email` # # - `other-traefik-container` # - this playbook will not install Traefik # - nevertheless, the playbook expects that you would install Traefik yourself via other means # - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.) # - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network -# - Traefik certs dumper will be enabled by default (`devture_traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`) +# - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_dir_path`) # # - `none` # - no reverse-proxy will be installed @@ -244,7 +244,7 @@ matrix_playbook_reverse_proxyable_services_additional_network: "{{ matrix_playbo # Controls if various services think if SSL is enabled or not. # Disabling this does not actually disable Treafik's web-secure entrypoint and TLS termination settings. -# For that, you'd need to use another variable (`devture_traefik_config_entrypoint_web_secure_enabled`). +# For that, you'd need to use another variable (`traefik_config_entrypoint_web_secure_enabled`). # This variable merely serves as an indicator if SSL is used or not. matrix_playbook_ssl_enabled: true @@ -302,7 +302,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition: # # Routers enabled on this entrypoint should use Traefik rules which do NOT do Host-matching (Host/HostRegexp), # because addon services (e.g. bridges, bots) cannot properly pass a `Host` HTTP header when making -# requests to the endpoint's address (e.g. `http://devture-traefik:8008/`). +# requests to the endpoint's address (e.g. `http://matrix-traefik:8008/`). # This entrypoint only aims to handle a single "virtual host" - one dealing with the homeserver's Client-Server API. matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-internal-matrix-client-api diff --git a/roles/custom/matrix-bot-baibot/defaults/main.yml b/roles/custom/matrix-bot-baibot/defaults/main.yml index d8005b4f7..eab2ed506 100644 --- a/roles/custom/matrix-bot-baibot/defaults/main.yml +++ b/roles/custom/matrix-bot-baibot/defaults/main.yml @@ -11,7 +11,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src" # renovate: datasource=docker depName=ghcr.io/etkecc/baibot -matrix_bot_baibot_version: v1.1.1 +matrix_bot_baibot_version: v1.2.0 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_name_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}" matrix_bot_baibot_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else 'ghcr.io/' }}" matrix_bot_baibot_container_image_force_pull: "{{ matrix_bot_baibot_container_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 53723c625..57681484e 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -15,7 +15,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" dst: "{{ matrix_bot_buscarron_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml index fb495420a..b2a57a56e 100644 --- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml @@ -15,7 +15,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" dst: "{{ matrix_bot_honoroit_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index ccda0f634..28e53ad8e 100644 --- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index d88b06e3e..a15330d9d 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_mjolnir_enabled: true # renovate: datasource=docker depName=matrixdotorg/mjolnir -matrix_bot_mjolnir_version: "v1.7.0" +matrix_bot_mjolnir_version: "v1.8.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" diff --git a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml index b771dbbae..026f1e4f6 100644 --- a/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml @@ -12,7 +12,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}" dst: "{{ matrix_bot_postmoogle_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml index fed72d1e1..623a91852 100644 --- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" dst: "{{ matrix_appservice_discord_database_connString }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml index 6a3edb895..70e561e30 100644 --- a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml @@ -2,8 +2,8 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: - msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate." - when: "not devture_postgres_enabled | bool" + msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot migrate." + when: "not postgres_enabled | bool" # Defaults @@ -16,7 +16,7 @@ - name: Ensure Postgres is started ansible.builtin.service: - name: "{{ devture_postgres_identifier }}" + name: "{{ postgres_identifier }}" state: started daemon_reload: true register: postgres_service_start_result diff --git a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml index 63f746228..dac2a6c28 100644 --- a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml +++ b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml @@ -2,8 +2,8 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: - msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate." - when: "not devture_postgres_enabled | bool" + msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot migrate." + when: "not postgres_enabled | bool" # Defaults @@ -16,7 +16,7 @@ - name: Ensure Postgres is started ansible.builtin.service: - name: "{{ devture_postgres_identifier }}" + name: "{{ postgres_identifier }}" state: started daemon_reload: true register: postgres_service_start_result diff --git a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml index 81bd439e9..ba4984287 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" dst: "{{ matrix_go_skype_bridge_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 519ff75ee..d36dfd7a9 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -153,6 +153,7 @@ matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matr # No need to change these matrix_hookshot_generic_enabled: true +matrix_hookshot_generic_outbound: true matrix_hookshot_generic_enableHttpGet: false # noqa var-naming # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/webhook" diff --git a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 index 346310933..5f6ab67bf 100644 --- a/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 @@ -74,6 +74,7 @@ generic: # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments # enabled: {{ matrix_hookshot_generic_enabled | to_json }} + outbound: {{ matrix_hookshot_generic_outbound | to_json }} enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }} urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }} userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml index d8732329a..93b34a219 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_discord_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 17a846374..d89f0be33 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_facebook_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml index cd414a43a..5c9841793 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_gmessages_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index fb0e41c38..17eb3d756 100644 --- a/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_googlechat_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index d14bb55f3..97fb4824e 100644 --- a/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_hangouts_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml index 5a16120ac..a46b1e9ac 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_meta_instagram_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_meta_instagram_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml index c70f5cd44..1010fbaf0 100644 --- a/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml +++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_meta_messenger_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_meta_messenger_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 7c70d4a47..474893f4e 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_signal_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_signal_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index 213b1e1f1..1efabf6e3 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -148,6 +148,9 @@ matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}" matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}" +# This pickle key value is backward-compatible with the old bridge. +# See: https://github.com/mautrix/slack/releases/tag/v0.1.0 +matrix_mautrix_slack_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsapp matrix_mautrix_slack_provisioning_shared_secret: '' matrix_mautrix_slack_public_media_signing_key: '' diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml index f22bb83de..7e9851024 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_slack_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 index f1ce5dbe0..5c02dd946 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 @@ -376,7 +376,7 @@ encryption: allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }} # Pickle key for encrypting encryption keys in the bridge database. # If set to generate, a random key will be generated. - pickle_key: generate + pickle_key: {{ matrix_mautrix_slack_bridge_encryption_pickle_key | to_json }} # Options for deleting megolm sessions from the bridge. delete_keys: # Beeper-specific: delete outbound sessions when hungryserv confirms diff --git a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index b377897fc..117fdaf16 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_telegram_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 737b2e48d..0bc2394e5 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index c95cd530c..216e06262 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -50,7 +50,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_discord_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 28e80446c..1285ccb39 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -51,7 +51,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index aab15cb49..5d2648059 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index e296cb96d..9d931d7ae 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -44,7 +44,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_slack_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 17f42b605..f280bc579 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -51,7 +51,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_steam_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index d30d4ee7e..c683fc388 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -51,7 +51,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}" dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 01c062a83..b70354625 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.78 +matrix_client_element_version: v1.11.79 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-dendrite/templates/systemd/matrix-dendrite.service.j2 b/roles/custom/matrix-dendrite/templates/systemd/matrix-dendrite.service.j2 index 0a06dda6e..7dff4e0f9 100644 --- a/roles/custom/matrix-dendrite/templates/systemd/matrix-dendrite.service.j2 +++ b/roles/custom/matrix-dendrite/templates/systemd/matrix-dendrite.service.j2 @@ -16,7 +16,7 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' -{% if (devture_postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %} +{% if (postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %} # Dendrite is too quick to start in relation to its Postgres dependency. # Delay Dendrite startup to avoid failing with: "failed to connect to accounts db" ("pq: the database system is starting up"). ExecStartPre={{ matrix_host_command_sleep }} 5 diff --git a/roles/custom/matrix-dimension/tasks/setup_install.yml b/roles/custom/matrix-dimension/tasks/setup_install.yml index 3f4e3f021..573db94c5 100644 --- a/roles/custom/matrix-dimension/tasks/setup_install.yml +++ b/roles/custom/matrix-dimension/tasks/setup_install.yml @@ -55,7 +55,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_dimension_sqlite_database_path_local }}" dst: "{{ matrix_dimension_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-ma1sd/tasks/setup_install.yml b/roles/custom/matrix-ma1sd/tasks/setup_install.yml index 9e363fc0f..d5ff4ddcd 100644 --- a/roles/custom/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/custom/matrix-ma1sd/tasks/setup_install.yml @@ -31,7 +31,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_ma1sd_sqlite_database_path_local }}" dst: "{{ matrix_ma1sd_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-registration/tasks/setup_install.yml b/roles/custom/matrix-registration/tasks/setup_install.yml index b29a05e60..a1bb0da22 100644 --- a/roles/custom/matrix-registration/tasks/setup_install.yml +++ b/roles/custom/matrix-registration/tasks/setup_install.yml @@ -16,7 +16,7 @@ name: galaxy/com.devture.ansible.role.postgres tasks_from: migrate_db_to_postgres vars: - devture_postgres_db_migration_request: + postgres_db_migration_request: src: "{{ matrix_registration_sqlite_database_path_local }}" dst: "{{ matrix_registration_database_connection_string }}" caller: "{{ role_path | basename }}" diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index ea4edabb0..62f8a1602 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -14,7 +14,7 @@ matrix_synapse_admin_container_image_self_build: false matrix_synapse_admin_container_image_self_build_repo: "https://github.com/etkecc/synapse-admin.git" # renovate: datasource=docker depName=ghcr.io/etkecc/synapse-admin -matrix_synapse_admin_version: v0.10.3-etke16 +matrix_synapse_admin_version: v0.10.3-etke17 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}etkecc/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else 'ghcr.io/' }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" @@ -175,6 +175,9 @@ matrix_synapse_admin_configuration: "{{ matrix_synapse_admin_configuration_defau # restricts the homeserver(s), so that the user can no longer define a homeserver manually during login. matrix_synapse_admin_config_restrictBaseUrl: "{{ [matrix_homeserver_url] }}" # noqa var-naming +# Controls the supportURL configuration setting, which, if defined, replaces the default link to the Synapse Admin GitHub repository. +matrix_synapse_admin_config_supportURL: '' # noqa var-naming + # Controls the asManagedUsers configuration setting (managed by playbook), which, if defined, # restricts modifications of the specified users (e.g., bridge-managed). # You should use JS regex syntax to match the user IDs. diff --git a/roles/custom/matrix-synapse-admin/templates/config.json.j2 b/roles/custom/matrix-synapse-admin/templates/config.json.j2 index dcf44aeb6..a6fbd824f 100644 --- a/roles/custom/matrix-synapse-admin/templates/config.json.j2 +++ b/roles/custom/matrix-synapse-admin/templates/config.json.j2 @@ -1,4 +1,5 @@ { "restrictBaseUrl": {{ matrix_synapse_admin_config_restrictBaseUrl | to_json }}, - "asManagedUsers": {{ matrix_synapse_admin_config_asManagedUsers | to_json }} + "asManagedUsers": {{ matrix_synapse_admin_config_asManagedUsers | to_json }}, + "supportURL": {{ matrix_synapse_admin_config_supportURL | to_json }}, } diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 6569e6172..9cb0d5754 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_enabled: true matrix_synapse_github_org_and_repo: element-hq/synapse # renovate: datasource=docker depName=ghcr.io/element-hq/synapse -matrix_synapse_version: v1.115.0 +matrix_synapse_version: v1.116.0 matrix_synapse_username: '' matrix_synapse_uid: '' diff --git a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 07fdbd1b1..300571059 100644 --- a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -9,7 +9,7 @@ {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} --cap-drop=ALL - --network={{ devture_postgres_container_network }} + --network={{ postgres_container_network }} --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work {{ matrix_synapse_rust_synapse_compress_state_docker_image }} {{ matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path }} -t -o /work/state-compressor.sql @@ -31,15 +31,15 @@ ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_psql_import_command: >- {{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import - --user={{ devture_postgres_uid }}:{{ devture_postgres_gid }} + --user={{ postgres_uid }}:{{ postgres_gid }} --cap-drop=ALL - --network={{ devture_postgres_container_network }} - --env-file={{ devture_postgres_base_path }}/env-postgres-psql + --network={{ postgres_container_network }} + --env-file={{ postgres_base_path }}/env-postgres-psql --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work,ro --entrypoint=/bin/sh - {{ devture_postgres_container_image_latest }} + {{ postgres_container_image_latest }} -c "cat /work/state-compressor.sql | - psql -v ON_ERROR_STOP=1 -h {{ devture_postgres_connection_hostname }} -d {{ matrix_synapse_database_database }}" + psql -v ON_ERROR_STOP=1 -h {{ postgres_connection_hostname }} -d {{ matrix_synapse_database_database }}" - name: Import compression SQL into Postgres ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}" diff --git a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 8f781e519..ebde9d106 100644 --- a/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/custom/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -3,8 +3,8 @@ - name: Fail if Postgres not enabled ansible.builtin.fail: - msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot use rust-synapse-compress-state." - when: "not devture_postgres_enabled | bool" + msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot use rust-synapse-compress-state." + when: "not postgres_enabled | bool" # Defaults @@ -57,7 +57,7 @@ - name: Generate rust-synapse-compress-state room find SQL command ansible.builtin.set_fact: matrix_synapse_rust_synapse_compress_state_find_rooms_command: >- - {{ devture_postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;" + {{ postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;" - name: Find rooms eligible for compression with rust-synapse-compress-state ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}" diff --git a/roles/custom/matrix-synapse/tasks/update_user_password.yml b/roles/custom/matrix-synapse/tasks/update_user_password.yml index 799c15a81..cfa611a45 100644 --- a/roles/custom/matrix-synapse/tasks/update_user_password.yml +++ b/roles/custom/matrix-synapse/tasks/update_user_password.yml @@ -13,11 +13,11 @@ - name: Fail if not using integrated Postgres database ansible.builtin.fail: msg: "This command is working only when Postgres is installed via the the integrated com.devture.ansible.role.postgres role" - when: "not devture_postgres_enabled | bool" + when: "not postgres_enabled | bool" - name: Ensure Postgres is started ansible.builtin.service: - name: "{{ devture_postgres_identifier }}" + name: "{{ postgres_identifier }}" state: started daemon_reload: true register: postgres_start_result @@ -42,7 +42,7 @@ - name: Generate user password-change SQL command ansible.builtin.set_fact: matrix_synapse_user_password_change_command: >- - {{ devture_postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "UPDATE users SET password_hash='{{ password_hash.stdout }}' WHERE name = '@{{ username }}:{{ matrix_domain }}'" + {{ postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "UPDATE users SET password_hash='{{ password_hash.stdout }}' WHERE name = '@{{ username }}:{{ matrix_domain }}'" - name: Update user password hash ansible.builtin.command: diff --git a/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml b/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml index 413c1385c..0b299279f 100644 --- a/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml +++ b/roles/custom/matrix_playbook_migration/tasks/devture_traefik_to_matrix_traefik.yml @@ -1,20 +1,20 @@ --- -# This migrates Traefik from the old path (`/devture-traefik`) to the new path (`/matrix/traefik`, controlled by `devture_traefik_base_path`), -# and from the old hardcoded systemd service name (`devture-traefik.service`) to the new one (`matrix-traefik.service`, controlled by `devture_traefik_identifier`). +# This migrates Traefik from the old path (`/devture-traefik`) to the new path (`/matrix/traefik`, controlled by `traefik_base_path`), +# and from the old hardcoded systemd service name (`devture-traefik.service`) to the new one (`matrix-traefik.service`, controlled by `traefik_identifier`). # # Here, we merely disable (and stop) the old systemd service and relocate the data (`/devture-traefik` directory). # The Traefik role itself (running later) will then ensure this data is up-to-date and will set up the new systemd service. # It only makes sense to migrate if the identifier or path are different than the default (what we were using before). -- when: "devture_traefik_identifier != 'devture-traefik' or devture_traefik_base_path != '/devture-traefik'" +- when: "traefik_identifier != 'devture-traefik' or traefik_base_path != '/devture-traefik'" block: - name: Check existence of devture-traefik.service systemd service ansible.builtin.stat: path: "{{ devture_systemd_docker_base_systemd_path }}/devture-traefik.service" - register: devture_traefik_service_stat + register: traefik_service_stat - - when: devture_traefik_service_stat.stat.exists | bool + - when: traefik_service_stat.stat.exists | bool block: - name: Ensure devture-traefik.service systemd service is stopped ansible.builtin.systemd: @@ -25,8 +25,8 @@ - name: Ensure Traefik directory relocated ansible.builtin.command: - cmd: "mv /devture-traefik {{ devture_traefik_base_path }}" - creates: "{{ devture_traefik_base_path }}" + cmd: "mv /devture-traefik {{ traefik_base_path }}" + creates: "{{ traefik_base_path }}" removes: "/devture-traefik" - name: Ensure Traefik systemd service doesn't exist diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml index 0064d0627..f72e2b03c 100644 --- a/roles/custom/matrix_playbook_migration/tasks/main.yml +++ b/roles/custom/matrix_playbook_migration/tasks/main.yml @@ -61,7 +61,7 @@ block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_matrix_mailer.yml" -- when: devture_traefik_enabled | bool +- when: traefik_enabled | bool tags: - setup-all - install-all diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index 77991ec9c..7f0affa1e 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -36,8 +36,8 @@ - {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'} - {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': ''} - {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': ''} - - {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'devture_traefik_certs_dumper_enabled'} - - {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'devture_traefik_enabled'} + - {'old': 'matrix_playbook_traefik_certs_dumper_role_enabled', 'new': 'traefik_certs_dumper_enabled'} + - {'old': 'matrix_playbook_traefik_role_enabled', 'new': 'traefik_enabled'} # Most important variables from the old Prometheus role here, for people who miss the changelog entry - {'old': 'matrix_prometheus_enabled', 'new': 'prometheus_enabled'} @@ -72,7 +72,7 @@ The matrix-postgres-backup role in the playbook has been replaced with the com.devture.ansible.role.postgres_backup role (https://github.com/devture/com.devture.ansible.role.postgres_backup). The new role is pretty much the same, but uses differently named variables. - Please change your configuration (vars.yml) to rename all `matrix_postgres`-prefixed variables (`matrix_postgres_*` -> `devture_postgres_*`). + Please change your configuration (vars.yml) to rename all `matrix_postgres`-prefixed variables (`matrix_postgres_*` -> `postgres_*`). The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | map (attribute='key') | join(', ') }} when: "vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | list | items2dict" @@ -300,7 +300,7 @@ - {'old': 'matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks', 'new': ''} - - {'old': 'matrix_nginx_proxy_access_log_enabled', 'new': 'devture_traefik_config_accessLog_enabled'} + - {'old': 'matrix_nginx_proxy_access_log_enabled', 'new': 'traefik_config_accessLog_enabled'} - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname', 'new': 'matrix_server_fqn_matrix_federation'} - {'old': 'etherpad_nginx_proxy_dimension_integration_enabled', 'new': ''} - {'old': 'etherpad_nginx_proxy_dimension_integration_path_prefix', 'new': ''} @@ -310,7 +310,7 @@ - {'old': 'matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host', 'new': ''} - {'old': 'matrix_docker_network', 'new': ''} - {'old': 'matrix_playbook_ssl_retrieval_method', 'new': ''} - - {'old': 'matrix_ssl_lets_encrypt_support_email', 'new': 'devture_traefik_config_certificatesResolvers_acme_email'} + - {'old': 'matrix_ssl_lets_encrypt_support_email', 'new': 'traefik_config_certificatesResolvers_acme_email'} - {'old': 'matrix_federation_traefik_entrypoint', 'new': 'matrix_federation_traefik_entrypoint_name'} - when: matrix_playbook_migration_matrix_nginx_proxy_leftover_variable_validation_checks_enabled | bool @@ -362,3 +362,47 @@ msg: >- We found usage of the following variables which are now removed: {{ matrix_playbook_migration_matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_vars.keys() | join(', ') }} when: "matrix_playbook_migration_matrix_synapse_reverse_proxy_companion_container_labels_public_client_synapse_oidc_vars | length > 0" + +- name: (Deprecation) Catch and report devture_postgres_backup variables + ansible.builtin.fail: + msg: |- + The postgres-backup role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_postgres_backup_`-prefixed variables (`devture_postgres_backup_*` -> `postgres_backup_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_backup_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_backup_.*') | list | items2dict" + +- name: (Deprecation) Catch and report devture_postgres variables + ansible.builtin.fail: + msg: |- + The postgres role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-postgres). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_postgres_`-prefixed variables (`devture_postgres_*` -> `postgres_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | list | items2dict" + +- name: (Deprecation) Catch and report traefik_certs_dumper variables + ansible.builtin.fail: + msg: |- + The traefik-certs-dumper role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_traefik_certs_dumper_`-prefixed variables (`devture_traefik_certs_dumper_*` -> `traefik_certs_dumper_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | list | items2dict" + +- name: (Deprecation) Catch and report devture_traefik variables + ansible.builtin.fail: + msg: |- + The traefik role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_traefik_`-prefixed variables (`devture_traefik_*` -> `traefik_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | list | items2dict"