From ea992496a3d3c3fd5d5d52639eae75384ed32bbe Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 Jan 2024 09:53:01 +0200 Subject: [PATCH] Add matrix-cactus-comments-client role This is split out from matrix-cactus-comments (see 241779b583a4730c), but also heavily inspired by `matrix-static-files`. --- docs/configuring-playbook-cactus-comments.md | 29 +++-- group_vars/matrix_servers | 32 ++++++ .../defaults/main.yml | 102 ++++++++++++++++++ .../tasks/install.yml | 83 ++++++++++++++ .../tasks/main.yml | 20 ++++ .../tasks/uninstall.yml | 25 +++++ .../tasks/validate_config.yml | 11 ++ .../templates/env.j2 | 6 ++ .../templates/labels.j2 | 47 ++++++++ .../matrix-cactus-comments-client.service.j2 | 48 +++++++++ .../matrix-cactus-comments/defaults/main.yml | 3 +- .../tasks/setup_install.yml | 12 +-- .../tasks/setup_uninstall.yml | 2 +- .../tasks/validate_config.yml | 2 +- setup.yml | 1 + 15 files changed, 405 insertions(+), 18 deletions(-) create mode 100644 roles/custom/matrix-cactus-comments-client/defaults/main.yml create mode 100644 roles/custom/matrix-cactus-comments-client/tasks/install.yml create mode 100644 roles/custom/matrix-cactus-comments-client/tasks/main.yml create mode 100644 roles/custom/matrix-cactus-comments-client/tasks/uninstall.yml create mode 100644 roles/custom/matrix-cactus-comments-client/tasks/validate_config.yml create mode 100644 roles/custom/matrix-cactus-comments-client/templates/env.j2 create mode 100644 roles/custom/matrix-cactus-comments-client/templates/labels.j2 create mode 100755 roles/custom/matrix-cactus-comments-client/templates/systemd/matrix-cactus-comments-client.service.j2 diff --git a/docs/configuring-playbook-cactus-comments.md b/docs/configuring-playbook-cactus-comments.md index 1b37ce7ba..8b3cfdd1a 100644 --- a/docs/configuring-playbook-cactus-comments.md +++ b/docs/configuring-playbook-cactus-comments.md @@ -1,13 +1,19 @@ # Setting up Cactus Comments (optional) -The playbook can install and configure [Cactus Comments](https://cactus.chat) for you. +The playbook can install and configure the [Cactus Comments](https://cactus.chat) system for you. -Cactus Comments is a **federated comment system** built on Matrix. The role allows you to self-host the system. -It respects your privacy, and puts you in control. +Cactus Comments is a **federated comment system** built on Matrix. It respects your privacy, and puts you in control. See the project's [documentation](https://cactus.chat/docs/getting-started/introduction/) to learn what it does and why it might be useful to you. +The playbook contains 2 roles for configuring different pieces of the Cactus Comments system: + +- `matrix-cactus-comments` - the backend appservice integrating with the Matrix homeserver + +- `matrix-cactus-comments-client` - a static website server serving the [cactus-client](https://cactus.chat/docs/client/introduction/) static assets (`cactus.js` and `styles.css`) + +You can enable whichever component you need (typically both). ## Configuration @@ -26,15 +32,21 @@ matrix_cactus_comments_enabled: true # If you don't know which one you use: The default is Synapse ;) # matrix_synapse_allow_guest_access: true # matrix_dendrite_allow_guest_access: true + +# This enables client assets static files serving on `https://matrix.DOMAIN/cactus-comments`. +# When the backend (appservice) is enabled, this is also enabled automatically, +# but we explicitly enable it here. +matrix_cactus_comments_client_enabled: true + +# Uncomment and adjust if you'd like to host the client assets at a different location. +# These variables are only make used if (`matrix_cactus_comments_client_enabled: true`) +# matrix_cactus_comments_client_hostname: "{{ matrix_server_fqn_matrix }}" +# matrix_cactus_comments_client_path_prefix: /cactus-comments ``` ## Installing -After configuring the playbook, run the [installation](installing.md) command again: - -``` -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` +After configuring the playbook, run the [installation](installing.md) command again. ## Usage @@ -49,7 +61,6 @@ Now you are good to go and can include the comment section on your website! Insert the following snippet into you page and make sure to replace `example.com` with your base domain! - ```html diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 79d7f7b15..723a99d25 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -311,6 +311,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-cactus-comments.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments']}] if matrix_cactus_comments_enabled else []) + + ([{'name': 'matrix-cactus-comments-client.service', 'priority': 2000, 'groups': ['matrix', 'cactus-comments-client']}] if matrix_cactus_comments_client_enabled else []) + + ([{'name': 'matrix-client-cinny.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'cinny', 'client-cinny']}] if matrix_client_cinny_enabled else []) + ([{'name': 'matrix-client-element.service', 'priority': 2000, 'groups': ['matrix', 'clients', 'element', 'client-element']}] if matrix_client_element_enabled else []) @@ -2593,6 +2595,36 @@ matrix_cactus_comments_homeserver_url: "{{ matrix_addons_homeserver_client_api_u # ###################################################################### +###################################################################### +# +# matrix-cactus-comments-client +# +###################################################################### + +matrix_cactus_comments_client_enabled: "{{ matrix_cactus_comments_enabled }}" + +matrix_cactus_comments_client_hostname: "{{ matrix_server_fqn_matrix }}" + +matrix_cactus_comments_client_container_network: "{{ matrix_addons_container_network }}" + +matrix_cactus_comments_client_container_additional_networks_auto: |- + {{ + ( + ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_cactus_comments_client_container_labels_traefik_enabled) else []) + ) | unique + }} + +matrix_cactus_comments_client_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_cactus_comments_client_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_cactus_comments_client_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_cactus_comments_client_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +###################################################################### +# +# /matrix-cactus-comments-client +# +###################################################################### + ###################################################################### # # matrix-corporal diff --git a/roles/custom/matrix-cactus-comments-client/defaults/main.yml b/roles/custom/matrix-cactus-comments-client/defaults/main.yml new file mode 100644 index 000000000..df20cbeaf --- /dev/null +++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml @@ -0,0 +1,102 @@ +--- +# Cactus Comments is a federated comment system built on Matrix. +# This role installs the client assets (JS, CSS files). +# Project source code URL: https://gitlab.com/cactus-comments/cactus-client + +matrix_cactus_comments_client_enabled: true + +matrix_cactus_comments_client_hostname: '' +matrix_cactus_comments_client_path_prefix: /cactus-comments + +matrix_cactus_comments_client_base_path: "{{ matrix_base_data_path }}/cactus-comments-client" +matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_base_path }}/public" +matrix_cactus_comments_client_public_path_file_permissions: "0644" + +# renovate: datasource=docker depName=joseluisq/static-web-server +matrix_cactus_comments_client_version: 2.24.2 + +matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}" +matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}" +matrix_cactus_comments_client_container_image_force_pull: "{{ matrix_cactus_comments_client_container_image.endswith(':latest') }}" + +matrix_cactus_comments_client_container_network: "" + +matrix_cactus_comments_client_container_additional_networks: "{{ matrix_cactus_comments_client_container_additional_networks_auto + matrix_cactus_comments_client_container_additional_networks_custom }}" +matrix_cactus_comments_client_container_additional_networks_auto: [] +matrix_cactus_comments_client_container_additional_networks_custom: [] + +# Controls whether the matrix-cactus-comments-client container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8080"), or empty string to not expose. +matrix_cactus_comments_client_container_http_host_bind_port: '' + +# matrix_cactus_comments_client_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. +# See `../templates/labels.j2` for details. +# +# To inject your own other container labels, see `matrix_cactus_comments_client_container_labels_additional_labels`. +matrix_cactus_comments_client_container_labels_traefik_enabled: true +matrix_cactus_comments_client_container_labels_traefik_docker_network: "{{ matrix_cactus_comments_client_container_network }}" +matrix_cactus_comments_client_container_labels_traefik_entrypoints: web-secure +matrix_cactus_comments_client_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls whether labels will be added that serve the /public directory. +matrix_cactus_comments_client_container_labels_public_enabled: true +matrix_cactus_comments_client_container_labels_public_traefik_hostname: "{{ matrix_cactus_comments_client_hostname }}" +matrix_cactus_comments_client_container_labels_public_traefik_path_prefix: "{{ matrix_cactus_comments_client_path_prefix }}" +matrix_cactus_comments_client_container_labels_public_traefik_rule: "Host(`{{ matrix_cactus_comments_client_container_labels_public_traefik_hostname }}`){% if matrix_cactus_comments_client_container_labels_public_traefik_path_prefix != '/' %} && PathPrefix(`{{ matrix_cactus_comments_client_container_labels_public_traefik_path_prefix }}`){% endif %}" +matrix_cactus_comments_client_container_labels_public_traefik_priority: 0 +matrix_cactus_comments_client_container_labels_public_traefik_entrypoints: "{{ matrix_cactus_comments_client_container_labels_traefik_entrypoints }}" +matrix_cactus_comments_client_container_labels_public_traefik_tls: "{{ matrix_cactus_comments_client_container_labels_public_traefik_entrypoints != 'web' }}" +matrix_cactus_comments_client_container_labels_public_traefik_tls_certResolver: "{{ matrix_cactus_comments_client_container_labels_traefik_tls_certResolver }}" # noqa var-naming + +# matrix_cactus_comments_client_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_cactus_comments_client_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_cactus_comments_client_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_cactus_comments_client_container_extra_arguments: [] + +# Controls the SERVER_PORT environment variable. +# See: https://static-web-server.net/configuration/environment-variables/ +matrix_cactus_comments_client_environment_variable_server_port: 8080 + +# Controls the SERVER_LOG_LEVEL environment variable. +# See: https://static-web-server.net/configuration/environment-variables/ +# Valid values: error, warn, info, debug or trace +matrix_cactus_comments_client_environment_variable_server_log_level: error + +# Controls the SERVER_LOG_REMOTE_ADDRESS environment variable. +# See: https://static-web-server.net/configuration/environment-variables/ +matrix_cactus_comments_client_environment_variable_server_log_remote_address: false + +# Controls the SERVER_CONFIG_FILE environment variable. +# See: https://static-web-server.net/configuration/environment-variables/ +matrix_cactus_comments_client_environment_variable_server_config_file: /config/config.toml + +# Additional environment variables. +matrix_cactus_comments_client_environment_variables_additional_variables: '' + +# The released & compiled client is uploaded to a URL that changes per commit. Therefore it is necessary to check the +# available versions and adjust the url manually. +# For available versions, see: https://gitlab.com/cactus-comments/cactus-client/-/releases +# Also see: `matrix_cactus_comments_client_local_dir` +matrix_cactus_comments_client_webclient_js_url: "https://gateway.pinata.cloud/ipfs/QmSiWN27KZZ1XE32jKwifBnS3nWTUcFGNArKzur2nmDgoL/v0.13.0/cactus.js" +matrix_cactus_comments_client_webclient_css_url: "https://gateway.pinata.cloud/ipfs/QmSiWN27KZZ1XE32jKwifBnS3nWTUcFGNArKzur2nmDgoL/v0.13.0/style.css" + +# matrix_cactus_comments_client_local_dir specifies a local directory (on the Ansible controller, not on the remote server) with cactus-client files to use. +# This is an alternative to `matrix_cactus_comments_client_client_version`, to be used when you'd like to +# provide the files locally / manually. +matrix_cactus_comments_client_local_dir: '' + +# List of systemd services that matrix-cactus-comments-client.service depends on +matrix_cactus_comments_client_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-cactus-comments-client.service wants +matrix_cactus_comments_client_systemd_wanted_services_list: "{{ matrix_cactus_comments_client_systemd_wanted_services_list_auto + matrix_cactus_comments_client_systemd_wanted_services_list_custom }}" +matrix_cactus_comments_client_systemd_wanted_services_list_auto: [] +matrix_cactus_comments_client_systemd_wanted_services_list_custom: [] diff --git a/roles/custom/matrix-cactus-comments-client/tasks/install.yml b/roles/custom/matrix-cactus-comments-client/tasks/install.yml new file mode 100644 index 000000000..f0c797b65 --- /dev/null +++ b/roles/custom/matrix-cactus-comments-client/tasks/install.yml @@ -0,0 +1,83 @@ +--- + +- name: Ensure matrix-cactus-comments-client paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_cactus_comments_client_base_path }}", when: true} + - {path: "{{ matrix_cactus_comments_client_public_path }}", when: true} + when: "item.when | bool" + +- name: Ensure matrix-cactus-comments-client is configured + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + with_items: + - src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_cactus_comments_client_base_path }}/env" + + - src: "{{ role_path }}/templates/labels.j2" + dest: "{{ matrix_cactus_comments_client_base_path }}/labels" + +- when: matrix_cactus_comments_client_local_dir | length == 0 + block: + - name: Download web client js + ansible.builtin.get_url: + url: "{{ matrix_cactus_comments_client_webclient_js_url }}" + dest: "{{ matrix_cactus_comments_client_public_path }}/cactus.js" + mode: "{{ matrix_cactus_comments_client_public_path_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Download web client css + ansible.builtin.get_url: + url: "{{ matrix_cactus_comments_client_webclient_css_url }}" + dest: "{{ matrix_cactus_comments_client_public_path }}/style.css" + mode: "{{ matrix_cactus_comments_client_public_path_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- when: matrix_cactus_comments_client_local_dir | length > 0 + block: + - name: Upload locally distributed client JS + ansible.builtin.copy: + src: "{{ matrix_cactus_comments_client_local_dir }}/src/cactus.js" + dest: "{{ matrix_cactus_comments_client_public_path }}/cactus.js" + mode: "{{ matrix_cactus_comments_client_public_path_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Upload locally distributed client CSS + ansible.builtin.copy: + src: "{{ matrix_cactus_comments_client_local_dir }}/src/style.css" + dest: "{{ matrix_cactus_comments_client_public_path }}/style.css" + mode: "{{ matrix_cactus_comments_client_public_path_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-cactus-comments-client container image is pulled + community.docker.docker_image: + name: "{{ matrix_cactus_comments_client_container_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_cactus_comments_client_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_cactus_comments_client_container_image_force_pull }}" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-cactus-comments-client container network is created + community.general.docker_network: + name: "{{ matrix_cactus_comments_client_container_network }}" + driver: bridge + +- name: Ensure matrix-cactus-comments-client.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-cactus-comments-client.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments-client.service" + mode: 0644 diff --git a/roles/custom/matrix-cactus-comments-client/tasks/main.yml b/roles/custom/matrix-cactus-comments-client/tasks/main.yml new file mode 100644 index 000000000..9423aada2 --- /dev/null +++ b/roles/custom/matrix-cactus-comments-client/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- tags: + - setup-all + - setup-cactus-comments-client + - install-all + - install-cactus-comments-client + block: + - when: matrix_cactus_comments_client_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_cactus_comments_client_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-cactus-comments-client + block: + - when: not matrix_cactus_comments_client_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-cactus-comments-client/tasks/uninstall.yml b/roles/custom/matrix-cactus-comments-client/tasks/uninstall.yml new file mode 100644 index 000000000..df6c55324 --- /dev/null +++ b/roles/custom/matrix-cactus-comments-client/tasks/uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-cactus-comments-client service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments-client.service" + register: matrix_cactus_comments_client_service_stat + +- when: matrix_cactus_comments_client_service_stat.stat.exists | bool + block: + - name: Ensure cactus comments is stopped + ansible.builtin.service: + name: matrix-cactus-comments-client + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-cactus-comments-client.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments-client.service" + state: absent + + - name: Ensure Matrix cactus comments paths don't exist + ansible.builtin.file: + path: "{{ matrix_cactus_comments_client_base_path }}" + state: absent diff --git a/roles/custom/matrix-cactus-comments-client/tasks/validate_config.yml b/roles/custom/matrix-cactus-comments-client/tasks/validate_config.yml new file mode 100644 index 000000000..c1142ce32 --- /dev/null +++ b/roles/custom/matrix-cactus-comments-client/tasks/validate_config.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if required matrix-cactus-comments-client settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - matrix_cactus_comments_client_hostname + - matrix_cactus_comments_client_path_prefix + - matrix_cactus_comments_client_container_network diff --git a/roles/custom/matrix-cactus-comments-client/templates/env.j2 b/roles/custom/matrix-cactus-comments-client/templates/env.j2 new file mode 100644 index 000000000..8dd39d28c --- /dev/null +++ b/roles/custom/matrix-cactus-comments-client/templates/env.j2 @@ -0,0 +1,6 @@ +SERVER_PORT={{ matrix_cactus_comments_client_environment_variable_server_port }} + +SERVER_LOG_LEVEL={{ matrix_cactus_comments_client_environment_variable_server_log_level }} +SERVER_LOG_REMOTE_ADDRESS={{ 'true' if matrix_cactus_comments_client_environment_variable_server_log_remote_address else 'false' }} + +{{ matrix_cactus_comments_client_environment_variables_additional_variables }} diff --git a/roles/custom/matrix-cactus-comments-client/templates/labels.j2 b/roles/custom/matrix-cactus-comments-client/templates/labels.j2 new file mode 100644 index 000000000..e1e535d11 --- /dev/null +++ b/roles/custom/matrix-cactus-comments-client/templates/labels.j2 @@ -0,0 +1,47 @@ +{% if matrix_cactus_comments_client_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_cactus_comments_client_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_cactus_comments_client_container_labels_traefik_docker_network }} +{% endif %} + +traefik.http.services.matrix-cactus-comments-client.loadbalancer.server.port={{ matrix_cactus_comments_client_environment_variable_server_port }} + +{# + Public +#} +{% if matrix_cactus_comments_client_container_labels_public_enabled %} + +{% set public_middlewares = [] %} + +{% if matrix_cactus_comments_client_container_labels_public_traefik_path_prefix != '/' %} +{% set public_middlewares = public_middlewares + ['matrix-cactus-comments-client-strip-prefix'] %} +traefik.http.middlewares.matrix-cactus-comments-client-strip-prefix.stripprefix.prefixes={{ matrix_cactus_comments_client_container_labels_public_traefik_path_prefix }} +{% endif %} + +traefik.http.routers.matrix-cactus-comments-client-base-domain.rule={{ matrix_cactus_comments_client_container_labels_public_traefik_rule }} + +{% if matrix_cactus_comments_client_container_labels_public_traefik_priority | int > 0 %} +traefik.http.routers.matrix-cactus-comments-client-base-domain.priority={{ matrix_cactus_comments_client_container_labels_public_traefik_priority }} +{% endif %} + +{% if public_middlewares | length > 0 %} +traefik.http.routers.matrix-cactus-comments-client-base-domain.middlewares={{ public_middlewares | join(',') }} +{% endif %} + +traefik.http.routers.matrix-cactus-comments-client-base-domain.service=matrix-cactus-comments-client +traefik.http.routers.matrix-cactus-comments-client-base-domain.entrypoints={{ matrix_cactus_comments_client_container_labels_public_traefik_entrypoints }} + +traefik.http.routers.matrix-cactus-comments-client-base-domain.tls={{ matrix_cactus_comments_client_container_labels_public_traefik_tls | to_json }} +{% if matrix_cactus_comments_client_container_labels_public_traefik_tls %} +traefik.http.routers.matrix-cactus-comments-client-base-domain.tls.certResolver={{ matrix_cactus_comments_client_container_labels_public_traefik_tls_certResolver }} +{% endif %} + +{% endif %} +{# + /Public +#} + +{% endif %} + +{{ matrix_cactus_comments_client_container_labels_additional_labels }} diff --git a/roles/custom/matrix-cactus-comments-client/templates/systemd/matrix-cactus-comments-client.service.j2 b/roles/custom/matrix-cactus-comments-client/templates/systemd/matrix-cactus-comments-client.service.j2 new file mode 100755 index 000000000..10fd74d94 --- /dev/null +++ b/roles/custom/matrix-cactus-comments-client/templates/systemd/matrix-cactus-comments-client.service.j2 @@ -0,0 +1,48 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-cactus-comments-client server +{% for service in matrix_cactus_comments_client_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_cactus_comments_client_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-cactus-comments-client 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments-client 2>/dev/null || true' + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-cactus-comments-client \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_cactus_comments_client_container_network }} \ + {% if matrix_cactus_comments_client_container_http_host_bind_port %} + -p {{ matrix_cactus_comments_client_container_http_host_bind_port }}:{{ matrix_cactus_comments_client_environment_variable_server_port }} \ + {% endif %} + --env-file={{ matrix_cactus_comments_client_base_path }}/env \ + --label-file={{ matrix_cactus_comments_client_base_path }}/labels \ + --mount type=bind,src={{ matrix_cactus_comments_client_public_path }},dst=/public,ro \ + {{ matrix_cactus_comments_client_container_image }} + +{% for network in matrix_cactus_comments_client_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-cactus-comments-client +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-cactus-comments-client + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-cactus-comments-client 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-cactus-comments-client 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-cactus-comments-client + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-cactus-comments/defaults/main.yml b/roles/custom/matrix-cactus-comments/defaults/main.yml index 6f0526f50..5f6a0a478 100644 --- a/roles/custom/matrix-cactus-comments/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments/defaults/main.yml @@ -1,5 +1,6 @@ --- -# Cactus Comments is a federated comment system built on Matrix +# Cactus Comments is a federated comment system built on Matrix. +# This role installs the backend appservice. # Project source code URL: https://gitlab.com/cactus-comments/cactus-appservice matrix_cactus_comments_enabled: true diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml index 6a98bb9fb..b79611595 100644 --- a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml +++ b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml @@ -1,6 +1,6 @@ --- -- name: Ensure cactus comments paths exist +- name: Ensure matrix-cactus-comments paths exist ansible.builtin.file: path: "{{ item.path }}" state: directory @@ -13,7 +13,7 @@ - {path: "{{ matrix_cactus_comments_docker_src_files_path }}", when: matrix_cactus_comments_container_image_self_build} when: "item.when | bool" -- name: Ensure cactus comments environment file created +- name: Ensure matrix-cactus-comments environment file created ansible.builtin.template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_cactus_comments_app_service_env_file }}" @@ -21,7 +21,7 @@ group: "{{ matrix_user_groupname }}" mode: 0640 -- name: Ensure cactus comments appservice file created +- name: Ensure matrix-cactus-comments appservice file created ansible.builtin.template: src: "{{ role_path }}/templates/cactus_appservice.yaml.j2" dest: "{{ matrix_cactus_comments_app_service_config_file }}" @@ -29,7 +29,7 @@ group: "{{ matrix_user_groupname }}" mode: 0640 -- name: Ensure cactus comments image is pulled +- name: Ensure matrix-cactus-comments image is pulled community.docker.docker_image: name: "{{ matrix_cactus_comments_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" @@ -41,7 +41,7 @@ delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- name: Ensure cactus comments repository is present on self-build +- name: Ensure matrix-cactus-comments repository is present on self-build ansible.builtin.git: repo: "{{ matrix_cactus_comments_docker_repo }}" version: "{{ matrix_cactus_comments_docker_repo_version }}" @@ -52,7 +52,7 @@ register: matrix_cactus_comments_git_pull_results when: "matrix_cactus_comments_container_image_self_build | bool" -- name: Ensure cactus comments image is built +- name: Ensure matrix-cactus-comments image is built community.docker.docker_image: name: "{{ matrix_cactus_comments_docker_image }}" source: build diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml index e3a5f3909..833708aa7 100644 --- a/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-cactus-comments/tasks/setup_uninstall.yml @@ -19,7 +19,7 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-cactus-comments.service" state: absent - - name: Ensure Matrix cactus comments paths don't exist + - name: Ensure matrix-cactus-comments paths don't exist ansible.builtin.file: path: "{{ matrix_cactus_comments_base_path }}" state: absent diff --git a/roles/custom/matrix-cactus-comments/tasks/validate_config.yml b/roles/custom/matrix-cactus-comments/tasks/validate_config.yml index 2e47c0ccf..683b2f0d9 100644 --- a/roles/custom/matrix-cactus-comments/tasks/validate_config.yml +++ b/roles/custom/matrix-cactus-comments/tasks/validate_config.yml @@ -11,7 +11,7 @@ - {'old': 'matrix_bot_cactus_comments_systemd_wanted_services_list', 'new': 'matrix_cactus_comments_systemd_wanted_services_list'} - {'old': 'matrix_cactus_comments_client_endpoint', 'new': 'matrix_cactus_comments_client_path_prefix'} - {'old': 'matrix_cactus_comments_client_nginx_path', 'new': ''} - - {'old': 'matrix_cactus_comments_client_path', 'new': 'matrix_cactus_comments_client_base_path'} + - {'old': 'matrix_cactus_comments_client_path', 'new': ''} - {'old': 'matrix_cactus_comments_serve_client_enabled', 'new': 'matrix_cactus_comments_client_enabled'} - name: Fail if required matrix-cactus-comments settings not defined diff --git a/setup.yml b/setup.yml index b2bf54a4e..31c15f9b4 100644 --- a/setup.yml +++ b/setup.yml @@ -85,6 +85,7 @@ - custom/matrix-bot-draupnir - custom/matrix-bot-chatgpt - custom/matrix-cactus-comments + - custom/matrix-cactus-comments-client - custom/matrix-rageshake - custom/matrix-synapse - custom/matrix-synapse-auto-compressor