61 Commits

Author SHA1 Message Date
Slavi Pantaleev
1468c08065 Wire matrix_server_fqn_matrix_federation to matrix_SERVICE_*_public_federation_api_traefik_hostname for ease of use 2024-01-26 16:04:55 +02:00
Slavi Pantaleev
dafeee92f4 Adjust matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname validation check message to mention matrix_static_files_file_matrix_server_property_m_server 2024-01-26 12:17:49 +02:00
Slavi Pantaleev
b48b06d2f8 Add missing bracket 2024-01-26 12:10:34 +02:00
Slavi Pantaleev
5ca4d6ebc5 Add validation check for matrix_nginx_proxy_container_labels_traefik_proxy_matrix_federation_hostname 2024-01-26 12:09:54 +02:00
Slavi Pantaleev
042c74f90c Remove some useless oidc variables and /_synapse/oidc route handling
After some checking, it seems like there's `/_synapse/client/oidc`,
but no such thing as `/_synapse/oidc`.

I'm not sure why we've been reverse-proxying these paths for so long
(even in as far back as the `matrix-nginx-proxy` days), but it's time we
put a stop to it.

The OIDC docs have been simplified. There's no need to ask people to
expose the useless `/_synapse/oidc` endpoint. OIDC requires
`/_synapse/client/oidc` and `/_synapse/client` is exposed by default
already.
2024-01-17 14:45:19 +02:00
Slavi Pantaleev
1036ae212f Update deprecation message for matrix_playbook_ssl_retrieval_method 2024-01-16 10:12:43 +02:00
Slavi Pantaleev
b91ad453be Adjust TLS variables for homeservers to follow devture_traefik_config_entrypoint_web_secure_enabled (via matrix_federation_traefik_entrypoint_tls) 2024-01-15 09:39:36 +02:00
Slavi Pantaleev
f4f3d57520 Remove all traces of matrix-nginx-proxy, add validation & uninstallation tasks 2024-01-14 18:42:14 +02:00
Slavi Pantaleev
aff57d67c0 Adjust Synapse OIDC variable wiring and docs
Auto-enabling the OIDC APIs is convenient for people
using the new `matrix_synapse_oidc_*` variables.
2024-01-14 12:34:25 +02:00
Slavi Pantaleev
b2aeb8cde9 Rename label-related variables for homeservers
We'd be adding integration with an internal Traefik entrypoint
(`matrix_playbook_internal_matrix_client_api_traefik_entrypoint`),
so renaming helps disambiguate things.

There's no need for deperecation tasks, because the old names
have only been part of this `bye-bye-nginx-proxy` branch and not used by
anyone publicly.
2024-01-14 10:48:54 +02:00
Slavi Pantaleev
39bddefd39 Make addons communicate with the homeserver via a new internal Traefik entrypoint
This also adds labels for Synapse. Support for other homeservers and
components will be added later.
2024-01-14 10:48:54 +02:00
Slavi Pantaleev
49066d41a9 Deprecate matrix_docker_network 2024-01-13 17:49:38 +02:00
Slavi Pantaleev
07d0ec4217 Fix variable name typo in validation task 2024-01-13 17:48:39 +02:00
Slavi Pantaleev
d6e91116ab Update documentation related to variables for prometheus-node-exporter/prometheus-postgres-exporter metrics exposure 2024-01-12 18:04:18 +02:00
Slavi Pantaleev
c468a860f8 Switch to exposing prometheus-postgres-exporter via native Traefik labels, not via matrix-prometheus-services-proxy-connect.. and remove matrix-prometheus-services-proxy-connect role
This requires at least `v0.14.0-2` of the `prometheus-postgres-exporter`
Ansible role.
2024-01-12 17:54:54 +02:00
Slavi Pantaleev
beb0f2387d Switch to exposing prometheus-node-exporter via native Traefik labels, not via matrix-prometheus-services-proxy-connect
This requires at least `v1.7.0-2` of the `prometheus-node-exporter`
Ansible role.
2024-01-12 17:41:54 +02:00
Slavi Pantaleev
7fba83924c Remove etherpad-proxy-connect role 2024-01-12 17:22:46 +02:00
Slavi Pantaleev
41a52945d6 Add support for exposing metrics for Synapse workers 2024-01-12 12:16:06 +02:00
Slavi Pantaleev
bea41e28b0 Remove Dendrite support from matrix-nginx-proxy 2024-01-11 11:33:33 +02:00
Slavi Pantaleev
f78adfde47 Remove Synapse support from matrix-nginx-proxy 2024-01-11 09:24:01 +02:00
Slavi Pantaleev
030e8065e4 Remove Conduit support from matrix-nginx-proxy 2024-01-11 09:21:00 +02:00
Slavi Pantaleev
aea66442a1 Move matrix-ma1sd to its own container network and add native Traefik support 2024-01-09 15:27:13 +02:00
Slavi Pantaleev
377fce5855 Merge branch 'master' into bye-bye-nginx-proxy 2024-01-05 17:55:49 +02:00
Slavi Pantaleev
ba0a4e864a Replace matrix-mailer with an external role 2024-01-05 17:54:50 +02:00
Slavi Pantaleev
abde681b56 Clean up some matrix_nginx_proxy_proxy_matrix_metrics_* references 2024-01-04 12:49:00 +02:00
Slavi Pantaleev
54fb153acf Expose /_synapse/* APIs via matrix-synapse-reverse-proxy-companion
This also updates validation tasks and documentation, pointing to
variables in the matrix-synapse role which don't currently exist yet
(e.g. `matrix_synapse_container_labels_client_synapse_admin_api_enabled`).

These variables will be added soon, as Traefik labels are added to the
`matrix-synapse` role. At that point, the `matrix-synapse-reverse-proxy-companion` role
will be updated to also use them.
2024-01-04 11:37:17 +02:00
Slavi Pantaleev
84cedff355 Adjust validation message 2024-01-04 10:38:07 +02:00
Slavi Pantaleev
4752e7f9a0 Get rid of matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain 2024-01-04 10:27:32 +02:00
Slavi Pantaleev
e81a395a98 Drop some matrix_nginx_proxy_proxy_riot_compat_* variables
matrix-nginx-proxy is going away and this is one of the features it
offered.

This feature will have no equivalent in our new Traefik-only
setup, although it's possible to implement it manually by using
`matrix_client_element_container_labels_additional_labels`
2024-01-03 14:43:45 +02:00
Slavi Pantaleev
cc75be9c65 Add support for serving the base domain via matrix-static-files 2024-01-03 14:39:17 +02:00
Slavi Pantaleev
da48a605bb More progress on matrix-static-files role and cleaning up of matrix-base and matrix-nginx-proxy 2024-01-03 13:46:25 +02:00
Slavi Pantaleev
065b70203d [WIP] Initial work on matrix-static-files role 2024-01-03 13:05:59 +02:00
Slavi Pantaleev
4a6287c528 Initial work on matrix-homeserver-proxy role and eliminating matrix-nginx-proxy
This is still very far from usable.

Various bridges and bots are still talking to
`matrix-nginx-proxy` instead of the new `matrix-homeserver-proxy` role.
These services need to be reworked. While reworking them,
various cleanups are being done as well as adding Traefik-labels to
those that need them.
2024-01-02 16:07:40 +02:00
Slavi Pantaleev
1d00d15482 Switch to exported Jitsi role 2023-04-03 08:53:46 +03:00
Slavi Pantaleev
14b8efcad2 Replace matrix-prometheus with an external Prometheus role 2023-03-21 07:38:12 +02:00
Slavi Pantaleev
d974c0c166 Make yamllint happy 2023-03-20 11:09:59 +02:00
Slavi Pantaleev
220d80ac3a Move matrix-aux outside of this playbook 2023-03-20 11:06:27 +02:00
Slavi Pantaleev
30f1034767 Remove matrix_playbook_traefik_role_enabled variable and devture-traefik references
The variable was necessary when multiple playbooks could have
potentially tried to manage a shared `devture-traefik.serivce` systemd service
and shared `/devture-traefik` directory.

Since adcc6d9723086f65f1a72, we use our own `/matrix/traefik`
(`matrix-traefik.service`) installation and no conflicts can arise.
It's safe to always enable the role, just like we do with all the other roles.
2023-03-06 09:51:14 +02:00
Slavi Pantaleev
6085e3a816 Add validation tasks for Etherpad migration (matrix_etherpad -> etherpad) 2023-03-03 10:38:11 +02:00
Slavi Pantaleev
f7149103e4 Remove matrix_playbook_traefik_certs_dumper_role_enabled in favor of just devture_traefik_certs_dumper_enabled
We don't need these 2 roughly-the-same settings related to the
traefik-certs-dumper role.

For Traefik, it makes sense, because it's a component used by the
various related playbooks and they could step onto each other's toes
if the role is enabled, but Traefik is disabled (in that case, uninstall
tasks will run).

As for Traefik certs dumper, the other related playbooks don't have it,
so there's no conflict. Even if they used it, each one would use its own
instance (different `devture_traefik_certs_dumper_identifier`), so there
wouldn't be a conflict and uninstall tasks can run without any danger.
2023-03-01 09:31:48 +02:00
Slavi Pantaleev
990a6369e1 Switch to using an external Redis role 2023-02-17 16:23:59 +02:00
Slavi Pantaleev
b291459bf3 Fix syntax error 2023-02-17 10:13:34 +02:00
Slavi Pantaleev
964aa0e84d Switch to using an external Ntfy role
The newly extracted role also has native Traefik support,
so we no longer need to rely on `matrix-nginx-proxy` for
reverse-proxying to Ntfy.

The new role uses port `80` inside the container (not `8080`, like
before), because that's the default assumption of the officially
published container image. Using a custom port (like `8080`), means the
default healthcheck command (which hardcodes port `80`) doesn't work.
Instead of fiddling to override the healthcheck command, we've decided
to stick to the default port instead. This only affects the
inside-the-container port, not any external ports.

The new role also supports adding the network ranges of the container's
multiple additional networks as "exempt hosts". Previously, only one
network's address range was added to "exempt hosts".
2023-02-17 09:54:33 +02:00
Slavi Pantaleev
1006b8d899 Replace matrix-grafana with an external role 2023-02-15 10:32:24 +02:00
Slavi Pantaleev
38904c08b0 Wire backup_borg_username
It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.
2023-02-13 11:01:54 +02:00
Slavi Pantaleev
78c35136b2 Replace matrix-backup-borg with an external role 2023-02-13 10:53:11 +02:00
Slavi Pantaleev
be78b74fbd Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role 2023-02-05 10:32:09 +02:00
Slavi Pantaleev
9ed2e04d80 Switch from matrix-prometheus-node-exporter to an external prometheus_node_exporter role 2023-01-21 11:07:04 +02:00
Slavi Pantaleev
4eed49f931 Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
2022-11-30 11:01:19 +02:00
Slavi Pantaleev
04b9483f0d Switch from matrix-postgres to com.devture.ansible.role.postgres 2022-11-27 08:04:31 +02:00