diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index 9e685b98b..773150ceb 100755 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -99,6 +99,27 @@ matrix_coturn_enabled: true +###################################################################### +# +# matrix-dimension +# +###################################################################### + +matrix_dimension_enabled: false + +# Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# the Dimension HTTP port to the local host (`127.0.0.1:8184`). +matrix_dimension_container_expose_port: {{ not matrix_nginx_proxy_enabled }} + +###################################################################### +# +# /matrix-dimension +# +###################################################################### + + + ###################################################################### # # matrix-mailer diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 5c1459d3d..6b0bf87fb 100755 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -1,15 +1,22 @@ matrix_dimension_enabled: false +# You are required to specify an access token for Dimension to work. # For information on how to acquire an access token, visit https://t2bot.io/docs/access_tokens -matrix_dimension_access_token: CHANGEME +matrix_dimension_access_token: "" # Users in form: ['@user1:domain.com', '@user2:domain.com'] -matrix_dimension_admin: [] +matrix_dimension_admins: [] matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension" matrix_dimension_docker_image: "turt2live/matrix-dimension:latest" +# The user and group id correspond to the node user in the `turt2live/matrix-dimension` image. +matrix_dimension_user_uid: 1000 +matrix_dimension_user_gid: 1000 + +matrix_dimension_container_expose_port: false + matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/riot" matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar" matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/matrix-dimension/tasks/main.yml index 4aa0d0810..dd3bfc516 100755 --- a/roles/matrix-dimension/tasks/main.yml +++ b/roles/matrix-dimension/tasks/main.yml @@ -2,6 +2,12 @@ tags: - always +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: run_setup + tags: + - setup-all + - setup-dimension + - import_tasks: "{{ role_path }}/tasks/setup_dimension.yml" when: run_setup tags: diff --git a/roles/matrix-dimension/tasks/setup_dimension.yml b/roles/matrix-dimension/tasks/setup_dimension.yml index 83d01dda4..30ed5a838 100755 --- a/roles/matrix-dimension/tasks/setup_dimension.yml +++ b/roles/matrix-dimension/tasks/setup_dimension.yml @@ -8,16 +8,18 @@ file: path: "{{ matrix_dimension_base_path }}" state: directory - mode: 0750 + mode: 0770 owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_username }}" + group: "{{ matrix_dimension_user_gid }}" when: matrix_dimension_enabled - name: Ensure dimension environment variables file created template: src: "{{ role_path }}/templates/config.yaml.j2" dest: "{{ matrix_dimension_base_path }}/config.yaml" - mode: 0644 + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_dimension_user_gid }}" when: matrix_dimension_enabled - name: Ensure dimension image is pulled @@ -46,6 +48,7 @@ stat: path: "/etc/systemd/system/matrix-dimension.service" register: matrix_dimension_service_stat + when: not matrix_dimension_enabled - name: Ensure matrix-dimension is stopped service: diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/matrix-dimension/tasks/validate_config.yml new file mode 100644 index 000000000..f5960142b --- /dev/null +++ b/roles/matrix-dimension/tasks/validate_config.yml @@ -0,0 +1,7 @@ +- name: Fail if required Dimension settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) for using Dimension. + with_items: + - "matrix_dimension_access_token" + when: "matrix_dimension_enabled and vars[item] == ''" diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/matrix-dimension/templates/config.yaml.j2 index 887ecf68b..4eb2ae933 100755 --- a/roles/matrix-dimension/templates/config.yaml.j2 +++ b/roles/matrix-dimension/templates/config.yaml.j2 @@ -12,7 +12,7 @@ homeserver: # The URL that Dimension, go-neb, and other services provisioned by Dimension should # use to access the homeserver with. - clientServerUrl: "https://{{ matrix_domain }}" + clientServerUrl: "https://{{ matrix_server_fqn_matrix }}" # The URL that Dimension should use when trying to communicate with federated APIs on # the homeserver. If not supplied or left empty Dimension will try to resolve the address diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index 04c70d7dc..554713d84 100755 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -9,9 +9,12 @@ ExecStartPre=-/usr/bin/docker kill matrix-dimension ExecStartPre=-/usr/bin/docker rm matrix-dimension ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ --log-driver=none \ + --user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ + {% if matrix_dimension_container_expose_port %} -p 127.0.0.1:8184:8184 \ + {% endif %} -v {{ matrix_dimension_base_path }}:/data:rw \ {{ matrix_dimension_docker_image }} ExecStop=-/usr/bin/docker kill matrix-dimension