Merge pull request #2510 from gnunicorn/ben-adding-rageshake

Add rageshake server
This commit is contained in:
Slavi Pantaleev 2023-02-25 14:05:42 +02:00 committed by GitHub
commit c5dbeeae91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 605 additions and 2 deletions

View File

@ -1,3 +1,12 @@
# 2023-02-25
## Rageshake support
Thanks to [Benjamin Kampmann](https://github.com/gnunicorn), the playbook can now install and configure the [Rageshake](https://github.com/matrix-org/rageshake) bug report server.
Additional details are available in [Setting up Rageshake](docs/configuring-playbook-rageshake.md).
# 2023-02-17 # 2023-02-17
## Synapse templates customization support ## Synapse templates customization support

View File

@ -27,7 +27,7 @@ You can always re-run the playbook later to add or remove components.
The homeserver is the backbone of your matrix system. Choose one from the following list. The homeserver is the backbone of your matrix system. Choose one from the following list.
| Name | Default? | Description | Documentation | | Name | Default? | Description | Documentation |
| ---- | -------- | ----------- | ------------- | | ---- | -------- | ----------- | ------------- |
| [Synapse](https://github.com/matrix-org/synapse) | ✓ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) | | [Synapse](https://github.com/matrix-org/synapse) | ✓ | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network | [Link](docs/configuring-playbook-synapse.md) |
| [Conduit](https://conduit.rs) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) | | [Conduit](https://conduit.rs) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements | [Link](docs/configuring-playbook-conduit.md) |
| [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) | | [Dendrite](https://github.com/matrix-org/dendrite) | x | Storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse. | [Link](docs/configuring-playbook-dendrite.md) |
@ -66,7 +66,7 @@ Services that run on the server to make the various parts of your installation w
Extend and modify how users are authenticated on your homeserver. Extend and modify how users are authenticated on your homeserver.
| Name | Default? | Description | Documentation | | Name | Default? | Description | Documentation |
| ---- | -------- | ----------- | ------------- | | ---- | -------- | ----------- | ------------- |
| [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) (advanced) | x | REST authentication password provider module | [Link](docs/configuring-playbook-rest-auth.md) | | [matrix-synapse-rest-auth](https://github.com/ma1uta/matrix-synapse-rest-password-provider) (advanced) | x | REST authentication password provider module | [Link](docs/configuring-playbook-rest-auth.md) |
|[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | x | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) | |[matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth) (advanced) | x | Password provider module | [Link](docs/configuring-playbook-shared-secret-auth.md) |
| [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | x | LDAP Auth password provider module | [Link](configuring-playbook-ldap-auth.md) | | [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3) (advanced) | x | LDAP Auth password provider module | [Link](configuring-playbook-ldap-auth.md) |
@ -144,6 +144,7 @@ Services that help you in administrating and monitoring your matrix installation
| [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) | x | A web UI tool for administrating users and rooms on your Matrix server | [Link](docs/configuring-playbook-synapse-admin.md) | | [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) | x | A web UI tool for administrating users and rooms on your Matrix server | [Link](docs/configuring-playbook-synapse-admin.md) |
| Metrics and Graphs | x | Consists of the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI | [Link](docs/configuring-playbook-prometheus-grafana.md) | | Metrics and Graphs | x | Consists of the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI | [Link](docs/configuring-playbook-prometheus-grafana.md) |
| [Borg](https://borgbackup.org) | x | Backups | [Link](docs/configuring-playbook-backup-borg.md) | | [Borg](https://borgbackup.org) | x | Backups | [Link](docs/configuring-playbook-backup-borg.md) |
| [Rageshake](https://github.com/matrix-org/rageshake) | x | Bug report server | [Link](docs/configuring-playbook-rageshake.md) |
### Misc ### Misc

View File

@ -0,0 +1,65 @@
# Setting up Rageshake (optional)
The playbook can install and configure the [rageshake](https://github.com/matrix-org/rageshake) bug report server for you.
This is useful if you're developing your own applications and would like to collect bug reports for them.
## Decide on a domain and path
By default, Rageshake is configured to use its own dedicated domain (`rageshake.DOMAIN`) and requires you to [adjust your DNS records](#adjusting-dns-records).
You can override the domain and path like this:
```yaml
# Switch to the domain used for Matrix services (`matrix.DOMAIN`),
# so we won't need to an additional DNS records for Rageshake.
matrix_rageshake_hostname: "{{ matrix_server_fqn_matrix }}"
# Expose under the /rageshake subpath
matrix_rageshake_path_prefix: /rageshake
```
**NOTE**: When using `matrix-nginx-proxy` instead of Traefik, you won't be able to override the path prefix. You can only override the domain, but that needs to happen using another variable: `matrix_server_fqn_rageshake` (e.g. `matrix_server_fqn_rageshake: "some-domain.{{ matrix_domain }}"`).
## Adjusting DNS records
Once you've decided on the domain and path, **you may need to adjust your DNS** records to point the Rageshake domain to the Matrix server.
If you've decided to reuse the `matrix.` domain, you won't need to do any extra DNS configuration.
## Enabling the Rageshake service
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
```yaml
matrix_rageshake_enabled: true
```
Rageshake has various options which don't have dedicated Ansible variables. You can see the full list of options in the [`rageshake.sample.yaml` file](https://github.com/matrix-org/rageshake/blob/master/rageshake.sample.yaml).
To set these, you can make use of the `matrix_rageshake_configuration_extension_yaml` variable like this:
```yaml
matrix_rageshake_configuration_extension_yaml: |
github_token: secrettoken
github_project_mappings:
my-app: octocat/HelloWorld
```
## Installing
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage
Refer to the [rageshake documentation](https://github.com/matrix-org/rageshake) for available APIs, etc.

View File

@ -198,3 +198,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional) - [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional)
- [Setting up a Cactus Comments server](configuring-playbook-cactus-comments.md) - a federated comment system built on Matrix (optional) - [Setting up a Cactus Comments server](configuring-playbook-cactus-comments.md) - a federated comment system built on Matrix (optional)
- [Setting up the Rageshake bug report server](configuring-playbook-rageshake.md) (optional)

View File

@ -296,6 +296,8 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': 'matrix-coturn.service', 'priority': 4000, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else []) ([{'name': 'matrix-coturn.service', 'priority': 4000, 'groups': ['matrix', 'coturn']}] if matrix_coturn_enabled else [])
+ +
([{'name': 'matrix-rageshake.service', 'priority': 4000, 'groups': ['matrix', 'rageshake']}] if matrix_rageshake_enabled else [])
+
([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else []) ([{'name': 'matrix-coturn-reload.timer', 'priority': 5000, 'groups': ['matrix', 'coturn']}] if (matrix_coturn_enabled and matrix_coturn_tls_enabled) else [])
+ +
([{'name': 'matrix-dimension.service', 'priority': 4000, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else []) ([{'name': 'matrix-dimension.service', 'priority': 4000, 'groups': ['matrix', 'integration-managers', 'dimension']}] if matrix_dimension_enabled else [])
@ -1995,6 +1997,36 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
# #
###################################################################### ######################################################################
######################################################################
#
# matrix-rageshake
#
######################################################################
# We don't enable rageshake by default.
matrix_rageshake_enabled: false
matrix_rageshake_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_rageshake_hostname: "{{ matrix_server_fqn_rageshake }}"
matrix_rageshake_container_network: "{{ matrix_docker_network if matrix_playbook_reverse_proxy_type == 'playbook-managed-nginx' else 'matrix-rageshake' }}"
matrix_rageshake_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
matrix_rageshake_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9110') if matrix_playbook_service_host_bind_interface_prefix else '' }}"
matrix_rageshake_container_labels_traefik_enabled: "{{ matrix_playbook_traefik_labels_enabled }}"
matrix_rageshake_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
matrix_rageshake_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
######################################################################
#
# /matrix-rageshake
#
######################################################################
###################################################################### ######################################################################
# #
# matrix-coturn # matrix-coturn
@ -2383,6 +2415,7 @@ matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled an
matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}"
matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}" matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}"
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
@ -2483,6 +2516,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
+ +
(['matrix-dimension.service'] if matrix_dimension_enabled else []) (['matrix-dimension.service'] if matrix_dimension_enabled else [])
+ +
(['matrix-rageshake.service'] if matrix_rageshake_enabled else [])
+
(['matrix-sygnal.service'] if matrix_sygnal_enabled else []) (['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
+ +
([(ntfy_identifier + '.service')] if ntfy_enabled else []) ([(ntfy_identifier + '.service')] if ntfy_enabled else [])
@ -2524,6 +2559,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+ +
([ntfy_hostname] if ntfy_enabled else []) ([ntfy_hostname] if ntfy_enabled else [])
+ +
([matrix_server_fqn_rageshake] if matrix_rageshake_enabled else [])
+
(matrix_bot_postmoogle_domains if matrix_bot_postmoogle_enabled else []) (matrix_bot_postmoogle_domains if matrix_bot_postmoogle_enabled else [])
+ +
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])

View File

@ -82,6 +82,7 @@
- custom/matrix-bot-draupnir - custom/matrix-bot-draupnir
- custom/matrix-bot-chatgpt - custom/matrix-bot-chatgpt
- custom/matrix-cactus-comments - custom/matrix-cactus-comments
- custom/matrix-rageshake
- custom/matrix-synapse - custom/matrix-synapse
- custom/matrix-synapse-reverse-proxy-companion - custom/matrix-synapse-reverse-proxy-companion
- custom/matrix-dendrite - custom/matrix-dendrite

View File

@ -90,6 +90,9 @@ matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}"
# This is where you access the ntfy push notification service. # This is where you access the ntfy push notification service.
matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
# This is where you access rageshake.
matrix_server_fqn_rageshake: "rageshake.{{ matrix_domain }}"
matrix_federation_public_port: 8448 matrix_federation_public_port: 8448
# The name of the Traefik entrypoint for handling Matrix Federation # The name of the Traefik entrypoint for handling Matrix Federation

View File

@ -257,6 +257,10 @@ matrix_nginx_proxy_proxy_matrix_federation_port: 8448
matrix_nginx_proxy_proxy_dimension_enabled: false matrix_nginx_proxy_proxy_dimension_enabled: false
matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}" matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}"
# Controls whether proxying the rageshake domain should be done.
matrix_nginx_proxy_proxy_rageshake_enabled: false
matrix_nginx_proxy_proxy_rageshake_hostname: "{{ matrix_server_fqn_rageshake }}"
# Controls whether proxying the etherpad domain should be done. # Controls whether proxying the etherpad domain should be done.
matrix_nginx_proxy_proxy_etherpad_enabled: false matrix_nginx_proxy_proxy_etherpad_enabled: false
matrix_nginx_proxy_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}" matrix_nginx_proxy_proxy_etherpad_hostname: "{{ matrix_server_fqn_etherpad }}"
@ -444,6 +448,9 @@ matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf).
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to Rageshake's server configuration (matrix-rageshake.conf).
matrix_nginx_proxy_proxy_rageshake_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to etherpad's server configuration (matrix-etherpad.conf). # A list of strings containing additional configuration blocks to add to etherpad's server configuration (matrix-etherpad.conf).
matrix_nginx_proxy_proxy_etherpad_additional_server_configuration_blocks: [] matrix_nginx_proxy_proxy_etherpad_additional_server_configuration_blocks: []

View File

@ -129,6 +129,13 @@
mode: 0644 mode: 0644
when: matrix_nginx_proxy_proxy_dimension_enabled | bool when: matrix_nginx_proxy_proxy_dimension_enabled | bool
- name: Ensure Matrix nginx-proxy configuration for rageshake domain exists
ansible.builtin.template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-rageshake.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-rageshake.conf"
mode: 0644
when: matrix_nginx_proxy_proxy_rageshake_enabled | bool
- name: Ensure Matrix nginx-proxy configuration for etherpad domain exists - name: Ensure Matrix nginx-proxy configuration for etherpad domain exists
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-etherpad.conf.j2" src: "{{ role_path }}/templates/nginx/conf.d/matrix-etherpad.conf.j2"
@ -291,6 +298,12 @@
state: absent state: absent
when: "not matrix_nginx_proxy_proxy_dimension_enabled | bool" when: "not matrix_nginx_proxy_proxy_dimension_enabled | bool"
- name: Ensure Matrix nginx-proxy configuration for rageshake domain deleted
ansible.builtin.file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-rageshake.conf"
state: absent
when: "not matrix_nginx_proxy_proxy_rageshake_enabled | bool"
- name: Ensure Matrix nginx-proxy configuration for goneb domain deleted - name: Ensure Matrix nginx-proxy configuration for goneb domain deleted
ansible.builtin.file: ansible.builtin.file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf" path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf"

View File

@ -0,0 +1,100 @@
#jinja2: lstrip_blocks: "True"
{% macro render_vhost_directives() %}
gzip on;
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
{% if matrix_nginx_proxy_hsts_preload_enabled %}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
{% else %}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
{% endif %}
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
add_header X-Content-Type-Options nosniff;
{% if matrix_nginx_proxy_floc_optout_enabled %}
add_header Permissions-Policy interest-cohort=() always;
{% endif %}
{% for configuration_block in matrix_nginx_proxy_proxy_rageshake_additional_server_configuration_blocks %}
{{- configuration_block }}
{% endfor %}
location / {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
set $backend "matrix-rageshake:9110";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:9110;
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
}
{% endmacro %}
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_rageshake_hostname }};
server_tokens off;
root /dev/null;
{% if matrix_nginx_proxy_https_enabled %}
location /.well-known/acme-challenge {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
set $backend "matrix-certbot:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
{% endif %}
}
location / {
return 301 https://$http_host$request_uri;
}
{% else %}
{{ render_vhost_directives() }}
{% endif %}
}
{% if matrix_nginx_proxy_https_enabled %}
server {
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
server_name {{ matrix_nginx_proxy_proxy_rageshake_hostname }};
server_tokens off;
root /dev/null;
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_rageshake_hostname }}/fullchain.pem;
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_rageshake_hostname }}/privkey.pem;
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
{% endif %}
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
{% if matrix_nginx_proxy_ocsp_stapling_enabled %}
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_rageshake_hostname }}/chain.pem;
{% endif %}
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
ssl_session_tickets off;
{% endif %}
ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }};
ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }};
{{ render_vhost_directives() }}
}
{% endif %}

View File

@ -0,0 +1,114 @@
---
# rageshake is a issue submission service from matrix.org
# Project source code URL: https://github.com/matrix-org/rageshake/
matrix_rageshake_enabled: true
matrix_rageshake_scheme: https
# The hostname at which rageshake is served.
matrix_rageshake_hostname: ''
# The path at which rageshake is exposed.
# This value must either be `/` or not end with a slash (e.g. `/rageshake`).
matrix_rageshake_path_prefix: /
# There are no stable container image tags yet.
# See: https://github.com/matrix-org/rageshake/issues/69
matrix_rageshake_version: "master"
matrix_rageshake_base_path: "{{ matrix_base_data_path }}/rageshake"
matrix_rageshake_config_path: "{{ matrix_rageshake_base_path }}/config"
matrix_rageshake_data_path: "{{ matrix_rageshake_base_path }}/data"
matrix_rageshake_container_src_files_path: "{{ matrix_rageshake_base_path }}/container-src"
matrix_rageshake_container_image: "{{ matrix_rageshake_container_image_name_prefix }}matrix-org/rageshake:{{ matrix_rageshake_container_image_tag }}"
matrix_rageshake_container_image_name_prefix: "{{ 'localhost/' if matrix_rageshake_container_image_self_build else matrix_rageshake_container_registry_prefix }}"
matrix_rageshake_container_image_force_pull: "{{ matrix_rageshake_container_image.endswith(':master') }}"
matrix_rageshake_container_image_tag: "{{ matrix_rageshake_version }}"
matrix_rageshake_container_registry_prefix: ghcr.io/
matrix_rageshake_container_image_self_build: false
matrix_rageshake_container_image_self_build_repo: "https://github.com/matrix-org/rageshake/"
matrix_rageshake_container_image_self_build_repo_version: "{{ matrix_rageshake_version }}"
# Controls whether the container exposes its HTTP port (tcp/9110 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9110"), or empty string to not expose.
matrix_rageshake_container_http_host_bind_port: ''
# The base container network. It will be auto-created by this role if it doesn't exist already.
matrix_rageshake_container_network: matrix-rageshake
# A list of additional container networks that the container would be connected to.
# The role does not create these networks, so make sure they already exist.
# Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_rageshake_container_additional_networks: []
# matrix_rageshake_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details.
#
# To inject your own other container labels, see `matrix_rageshake_container_labels_additional_labels`.
matrix_rageshake_container_labels_traefik_enabled: true
matrix_rageshake_container_labels_traefik_docker_network: "{{ matrix_rageshake_container_network }}"
matrix_rageshake_container_labels_traefik_hostname: "{{ matrix_rageshake_hostname }}"
# The path prefix must either be `/` or not end with a slash (e.g. `/rageshake`).
matrix_rageshake_container_labels_traefik_path_prefix: "{{ matrix_rageshake_path_prefix }}"
matrix_rageshake_container_labels_traefik_rule: "Host(`{{ matrix_rageshake_container_labels_traefik_hostname }}`){% if matrix_rageshake_container_labels_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_rageshake_container_labels_traefik_path_prefix }}`){% endif %}"
matrix_rageshake_container_labels_traefik_priority: 0
matrix_rageshake_container_labels_traefik_entrypoints: web-secure
matrix_rageshake_container_labels_traefik_tls: "{{ matrix_rageshake_container_labels_traefik_entrypoints != 'web' }}"
matrix_rageshake_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_rageshake_container_labels_traefik_additional_response_headers_custom`
matrix_rageshake_container_labels_traefik_additional_response_headers: "{{ matrix_rageshake_container_labels_traefik_additional_response_headers_auto | combine(matrix_rageshake_container_labels_traefik_additional_response_headers_custom) }}"
matrix_rageshake_container_labels_traefik_additional_response_headers_auto: {}
matrix_rageshake_container_labels_traefik_additional_response_headers_custom: {}
# matrix_rageshake_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
# See `../templates/labels.j2` for details.
#
# Example:
# matrix_rageshake_container_labels_additional_labels: |
# my.label=1
# another.label="here"
matrix_rageshake_container_labels_additional_labels: ''
# A list of extra arguments to pass to the container
matrix_rageshake_container_extra_arguments: []
# List of systemd services that matrix-rageshake.service depends on
matrix_rageshake_systemd_required_services_list: ["docker.service"]
# List of systemd services that matrix-rageshake.service wants
matrix_rageshake_systemd_wanted_services_list: []
matrix_rageshake_config_api_prefix: "{{ matrix_rageshake_scheme }}://{{ matrix_rageshake_hostname }}{{ matrix_rageshake_path_prefix }}{{ '' if matrix_rageshake_path_prefix == '/' else '/' }}api/"
# Default Rageshake configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_rageshake_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_rageshake_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}"
matrix_rageshake_configuration_extension_yaml: |
# Your custom YAML configuration for Synapse goes here.
# This configuration extends the default starting configuration (`matrix_rageshake_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_rageshake_configuration_yaml`.
#
# Example configuration extension follows:
#
# github_project_mappings:
# my-app: octocat/HelloWorld
matrix_rageshake_configuration_extension: "{{ matrix_rageshake_configuration_extension_yaml | from_yaml if matrix_rageshake_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final Synapse configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_rageshake_configuration_yaml`.
matrix_rageshake_configuration: "{{ matrix_rageshake_configuration_yaml | from_yaml | combine(matrix_rageshake_configuration_extension, recursive=True) }}"

View File

@ -0,0 +1,76 @@
---
- name: Ensure rageshake paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- path: "{{ matrix_rageshake_config_path }}"
when: true
- path: "{{ matrix_rageshake_data_path }}"
when: true
- path: "{{ matrix_rageshake_container_src_files_path }}"
when: matrix_rageshake_container_image_self_build | bool
when: "item.when | bool"
- name: Ensure rageshake config file created
ansible.builtin.copy:
content: "{{ matrix_rageshake_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_rageshake_config_path }}/config.yml"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure rageshake labels installed
ansible.builtin.template:
src: "{{ role_path }}/templates/labels.j2"
dest: "{{ matrix_rageshake_base_path }}/labels"
mode: 0640
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure rageshake image is pulled
community.docker.docker_image:
name: "{{ matrix_rageshake_container_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_rageshake_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_rageshake_container_image_force_pull }}"
when: "not matrix_rageshake_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure rageshake repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_rageshake_container_image_self_build_repo }}"
version: "{{ matrix_rageshake_container_image_self_build_version }}"
dest: "{{ matrix_rageshake_container_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_rageshake_git_pull_results
when: "matrix_rageshake_container_image_self_build | bool"
- name: Ensure rageshake container image is built
ansible.builtin.command:
cmd: |-
{{ devture_systemd_docker_base_host_command_docker }} buildx build
--tag={{ matrix_rageshake_container_image }}
--file={{ matrix_rageshake_container_src_files_path }}/Dockerfile
{{ matrix_rageshake_container_src_files_path }}
when: matrix_rageshake_container_image_self_build | bool
- name: Ensure rageshake container network is created
community.general.docker_network:
name: "{{ matrix_rageshake_container_network }}"
driver: bridge
- name: Ensure matrix-rageshake.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-rageshake.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rageshake.service"
mode: 0644

View File

@ -0,0 +1,19 @@
---
- block:
- when: matrix_rageshake_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_rageshake_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
tags:
- setup-all
- setup-rageshake
- install-all
- install-rageshake
- block:
- when: not matrix_rageshake_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
tags:
- setup-all
- setup-rageshake

View File

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-rageshake service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rageshake.service"
register: matrix_rageshake_service_stat
- when: matrix_rageshake_service_stat.stat.exists | bool
block:
- name: Ensure matrix-rageshake is stopped
ansible.builtin.service:
name: matrix-rageshake
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-rageshake.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-rageshake.service"
state: absent
- name: Ensure rageshake paths don't exist
ansible.builtin.file:
path: "{{ matrix_rageshake_base_path }}"
state: absent

View File

@ -0,0 +1,31 @@
---
- name: Fail if required rageshake settings not defined
ansible.builtin.fail:
msg: >
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- matrix_rageshake_hostname
- matrix_rageshake_path_prefix
- matrix_rageshake_container_network
- when: matrix_rageshake_container_labels_traefik_enabled | bool
block:
- name: Fail if required rageshake Traefik settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- matrix_rageshake_container_labels_traefik_hostname
- matrix_rageshake_container_labels_traefik_path_prefix
# We ensure it doesn't end with a slash, because we handle both (slash and no-slash).
# Knowing that `matrix_rageshake_container_labels_traefik_path_prefix` does not end with a slash
# ensures we know how to set these routes up without having to do "does it end with a slash" checks elsewhere.
- name: Fail if matrix_rageshake_container_labels_traefik_path_prefix ends with a slash
ansible.builtin.fail:
msg: >-
matrix_rageshake_container_labels_traefik_path_prefix (`{{ matrix_rageshake_container_labels_traefik_path_prefix }}`) must either be `/` or not end with a slash (e.g. `/rageshake`).
when: "matrix_rageshake_container_labels_traefik_path_prefix != '/' and matrix_rageshake_container_labels_traefik_path_prefix[-1] == '/'"

View File

@ -0,0 +1,4 @@
# Default configuration for Rageshake.
# To extend it, use `matrix_rageshake_configuration_extension_yaml`.
api_prefix: {{ matrix_rageshake_config_api_prefix | to_json }}

View File

@ -0,0 +1,45 @@
{% if matrix_rageshake_container_labels_traefik_enabled %}
traefik.enable=true
{% if matrix_rageshake_container_labels_traefik_docker_network %}
traefik.docker.network={{ matrix_rageshake_container_labels_traefik_docker_network }}
{% endif %}
{% set middlewares = [] %}
{% if matrix_rageshake_container_labels_traefik_path_prefix != '/' %}
traefik.http.middlewares.matrix-rageshake-slashless-redirect.redirectregex.regex=({{ matrix_rageshake_container_labels_traefik_path_prefix | quote }})$
traefik.http.middlewares.matrix-rageshake-slashless-redirect.redirectregex.replacement=${1}/
{% set middlewares = middlewares + ['matrix-rageshake-slashless-redirect'] %}
{% endif %}
{% if matrix_rageshake_container_labels_traefik_path_prefix != '/' %}
traefik.http.middlewares.matrix-rageshake-strip-prefix.stripprefix.prefixes={{ matrix_rageshake_container_labels_traefik_path_prefix }}
{% set middlewares = middlewares + ['matrix-rageshake-strip-prefix'] %}
{% endif %}
{% if matrix_rageshake_container_labels_traefik_additional_response_headers.keys() | length > 0 %}
{% for name, value in matrix_rageshake_container_labels_traefik_additional_response_headers.items() %}
traefik.http.middlewares.matrix-rageshake-add-headers.headers.customresponseheaders.{{ name }}={{ value }}
{% endfor %}
{% set middlewares = middlewares + ['matrix-rageshake-add-headers'] %}
{% endif %}
traefik.http.routers.matrix-rageshake.rule={{ matrix_rageshake_container_labels_traefik_rule }}
{% if matrix_rageshake_container_labels_traefik_priority | int > 0 %}
traefik.http.routers.matrix-rageshake.priority={{ matrix_rageshake_container_labels_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-rageshake.service=matrix-rageshake
{% if middlewares | length > 0 %}
traefik.http.routers.matrix-rageshake.middlewares={{ middlewares | join(',') }}
{% endif %}
traefik.http.routers.matrix-rageshake.entrypoints={{ matrix_rageshake_container_labels_traefik_entrypoints }}
traefik.http.routers.matrix-rageshake.tls={{ matrix_rageshake_container_labels_traefik_tls | to_json }}
{% if matrix_rageshake_container_labels_traefik_tls %}
traefik.http.routers.matrix-rageshake.tls.certResolver={{ matrix_rageshake_container_labels_traefik_tls_certResolver }}
{% endif %}
traefik.http.services.matrix-rageshake.loadbalancer.server.port=9110
{% endif %}
{{ matrix_rageshake_container_labels_additional_labels }}

View File

@ -0,0 +1,51 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Rageshake Service
{% for service in matrix_rageshake_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_rageshake_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-rageshake 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rageshake 2>/dev/null || true'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-rageshake \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs /tmp \
--network={{ matrix_rageshake_container_network }} \
--mount type=bind,src={{ matrix_rageshake_config_path }},dst=/config \
--mount type=bind,src={{ matrix_rageshake_data_path }},dst=/bugs \
--label-file={{ matrix_rageshake_base_path }}/labels \
{% for arg in matrix_rageshake_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_rageshake_container_image }} \
--config /config/config.yml
{% for network in matrix_rageshake_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-rageshake
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-rageshake
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-rageshake 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-rageshake 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-rageshake
[Install]
WantedBy=multi-user.target