mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-31 23:37:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,752 Commits 6 Branches 0 Tags
4fe601546413d87e7c571f82d084e60648d103c3
Commit Graph

512 Commits

Author SHA1 Message Date
Slavi Pantaleev
7c5826f1c3 Break dependency between matrix-prometheus-nginxlog-exporter and the Grafana role 
Wiring happens via `group_vars/matrix_servers` now.
 2023-02-15 10:52:25 +02:00
Slavi Pantaleev
1006b8d899 Replace matrix-grafana with an external role 2023-02-15 10:32:24 +02:00
Slavi Pantaleev
94124263a7 Add matrix_prometheus_container_network/matrix_prometheus_container_additional_networks 2023-02-15 08:56:11 +02:00
Slavi Pantaleev
c85d48c45c Remove Traefik labels for Hydrogen & Cinny from matrix-nginx-proxy 
Related to 6a52be7987 and 28e7ef9c71f02
 2023-02-14 22:46:34 +02:00
Slavi Pantaleev
f28e7ef9c7 Add (native) Traefik support to matrix-client-cinny 
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
 2023-02-14 11:29:53 +02:00
Slavi Pantaleev
6a52be7987 Add (native) Traefik support to matrix-client-hydrogen 
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Serving at a path other than `/` doesn't work well yet.
 2023-02-14 09:58:35 +02:00
Slavi Pantaleev
e51e4eec09 Add (native) Traefik support to matrix-client-element 
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
 2023-02-13 19:03:20 +02:00
Slavi Pantaleev
b2d8718233 Fix synapse-admin reverse-proxying regression for "playbook-managed-nginx" 
Regression since 3d9aa8387e
 2023-02-13 16:08:59 +02:00
Slavi Pantaleev
6cda711c0b Fix incorrect host_bind_port syntax (extra :) affecting certain deployments 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2474

Seems like this affected all "own webserver" deployments, which required
port exposure.

`playbook-managed-traefik` and `playbook-managed-nginx` were not affected.
 2023-02-13 15:38:24 +02:00
Slavi Pantaleev
3d9aa8387e Add (native) Traefik support to synapse-admin 
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now.
 2023-02-13 15:08:42 +02:00
Aine
33b4f7031b restore borg prefixes 2023-02-13 10:44:42 +00:00
Slavi Pantaleev
266195ab45 Upgrade backup_borg (v1.2.3-1.7.5-1 -> v1.2.3-1.7.6-0) 
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2472
 2023-02-13 12:26:49 +02:00
Slavi Pantaleev
23f7720247 Add missing backup_borg_base_path override 2023-02-13 11:44:19 +02:00
Slavi Pantaleev
38904c08b0 Wire backup_borg_username 
It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.
 2023-02-13 11:01:54 +02:00
Slavi Pantaleev
78c35136b2 Replace matrix-backup-borg with an external role 2023-02-13 10:53:11 +02:00
Slavi Pantaleev
972043cfaf Fix trying to start devture-traefik when not necessarily enabled 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2465
 2023-02-12 17:14:25 +02:00
Slavi Pantaleev
f1a1ce8a91 Merge pull request #2464 from spantaleev/traefik 
Reverse-proxy configuration changes and initial Traefik support
 2023-02-12 16:05:56 +02:00
Slavi Pantaleev
b3f6436a0d Do not enable the Traefik role when reverse-proxy = other-traefik-container 2023-02-12 15:50:18 +02:00
Catalan Lover
be471250dd Move services that crash without hs connectivity to after proxy. 2023-02-11 17:58:19 +01:00
Slavi Pantaleev
94be74e633 Improve traefik-certs-dumper defaults for other-traefik-container setups 
We'd like to auto-enable traefik-certs-dumper for these setups.

`devture_traefik_certs_dumper_ssl_dir_path` will be empty though,
so the role's validation will point people in the right direction.
 2023-02-11 08:54:07 +02:00
Slavi Pantaleev
f37a7a21f1 Delay Postmoogle startup to help Traefik-based setups 2023-02-11 08:53:32 +02:00
Slavi Pantaleev
8309a21303 Rename reverse proxy types and fix Hookshot http/https urlPrefix issue 2023-02-11 08:44:11 +02:00
Slavi Pantaleev
97f65e8dff Minor fixes to allow for Traefik without SSL 2023-02-10 19:36:06 +02:00
Slavi Pantaleev
28d2eb593c Add matrix_playbook_reverse_proxy_type variable which influences all other services 2023-02-10 16:04:34 +02:00
Slavi Pantaleev
06ccd71edc Merge branch 'master' into traefik 2023-02-10 14:37:59 +02:00
Slavi Pantaleev
01ccec2dbe Merge branch 'master' into pr-jitsi-matrix-authentication 2023-02-10 14:12:47 +02:00
Slavi Pantaleev
7cdf59d79b Merge pull request #2451 from FSG-Cat/draupnir 
Add Draupnir support to the project.
 2023-02-10 11:43:30 +02:00
Slavi Pantaleev
a5683a6449 Upgrade com.devture.ansible.role.traefik and rename some variables 2023-02-09 10:12:09 +02:00
Catalan Lover
7b42ff4b75 Finalise moving draupnir to a fully testable state. 2023-02-08 18:55:08 +01:00
Slavi Pantaleev
88a26758e1 Merge branch 'master' into traefik 2023-02-08 18:48:10 +02:00
Slavi Pantaleev
c71567477a Stop using deprecated matrix_bot_postmoogle_domain variable in group vars 2023-02-08 18:48:01 +02:00
Slavi Pantaleev
1338963b6c Add support for obtaining additional SSL certificates via Traefik 2023-02-08 18:47:19 +02:00
Slavi Pantaleev
9a71a5696b Allow Postmoogle to work with SSL certificates extracted from Traefik 2023-02-08 16:45:03 +02:00
Slavi Pantaleev
ddf6b2d4ee Handle matrix_playbook_reverse_proxy_type being "none" when deciding on Coturn certificate parameters 2023-02-08 16:24:43 +02:00
Slavi Pantaleev
d44d4b637f Allow Coturn to work with SSL certificates extracted from Traefik 2023-02-08 16:06:46 +02:00
Slavi Pantaleev
c07630ed51 Add com.devture.ansible.role.traefik_certs_dumper role 
With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper
 2023-02-08 16:05:38 +02:00
Paul N
96dd86d33b Set default values where sensible and remove unnecessary conditionals in .env.j2. 
Check for empty string instead of Null to verify if an openid_server_name is pinned.
 2023-02-06 15:26:08 +01:00
Paul N
d67d8c07f5 Remove remnant comment. 2023-02-06 15:26:08 +01:00
jakicoll
6499b6536a Decoupling: Do not use variables user-verification-service role inside the jitsi role. 2023-02-06 15:18:25 +01:00
Paul N
1d99f17b4a Disable matrix-user-verification-service in group_vars and update docs accordingly. 2023-02-06 13:23:11 +01:00
Paul N
50c1e9d695 Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly. 2023-02-06 13:14:34 +01:00
Paul N
07d9ea5e87 Stick to port 3003 instead of changing the port based on the status of grafana. 2023-02-06 13:06:35 +01:00
jakicoll
0e0ae2f3e6 Assign default log level in role instead of matrix_servers file. 2023-02-06 13:04:06 +01:00
jakicoll
f53731756d Change comment 
Applying the assumption, that synapse is always managed by this playbook.
 2023-02-06 12:15:54 +01:00
Slavi Pantaleev
8155f780e5 Add support for reverse-proxying Matric (Client & Federation) via Traefik 2023-02-06 13:08:11 +02:00
jakicoll
94830b582b Wording: change collection -> playbook 2023-02-06 11:58:50 +01:00
Slavi Pantaleev
f983604695 Initial work on Traefik support 
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
 2023-02-06 10:34:51 +02:00
Slavi Pantaleev
be78b74fbd Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role 2023-02-05 10:32:09 +02:00
Slavi Pantaleev
d7c0239e40 Enable metrics endpoint for mautrix bridges by default when Prometheus is enabled 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427

This just enables the endpoint, which is somewhat helpful, but not
really enough to scrape them. Ideally, we'd be injecting these targets
into the Prometheus scrape config too.
For now, registering targets with Prometheus is very manual
(`matrix_prometheus_scraper_postgres_enabled`, `matrix_prometheus_scraper_hookshot_enabled`, ..).
This should be redone - e.g. a new `matrix_prometheus_scrape_config_jobs_auto` variable,
which is dynamically built in `group_vars/matrix_servers`.
 2023-01-30 08:53:28 +02:00
Slavi Pantaleev
9ed2e04d80 Switch from matrix-prometheus-node-exporter to an external prometheus_node_exporter role 2023-01-21 11:07:04 +02:00