Commit Graph

525 Commits

Author SHA1 Message Date
Slavi Pantaleev
8309a21303 Rename reverse proxy types and fix Hookshot http/https urlPrefix issue 2023-02-11 08:44:11 +02:00
Slavi Pantaleev
97f65e8dff Minor fixes to allow for Traefik without SSL 2023-02-10 19:36:06 +02:00
Slavi Pantaleev
28d2eb593c Add matrix_playbook_reverse_proxy_type variable which influences all other services 2023-02-10 16:04:34 +02:00
Slavi Pantaleev
06ccd71edc Merge branch 'master' into traefik 2023-02-10 14:37:59 +02:00
Slavi Pantaleev
01ccec2dbe Merge branch 'master' into pr-jitsi-matrix-authentication 2023-02-10 14:12:47 +02:00
Slavi Pantaleev
7cdf59d79b
Merge pull request #2451 from FSG-Cat/draupnir
Add Draupnir support to the project.
2023-02-10 11:43:30 +02:00
Slavi Pantaleev
a5683a6449 Upgrade com.devture.ansible.role.traefik and rename some variables 2023-02-09 10:12:09 +02:00
Catalan Lover
7b42ff4b75
Finalise moving draupnir to a fully testable state. 2023-02-08 18:55:08 +01:00
Slavi Pantaleev
88a26758e1 Merge branch 'master' into traefik 2023-02-08 18:48:10 +02:00
Slavi Pantaleev
c71567477a Stop using deprecated matrix_bot_postmoogle_domain variable in group vars 2023-02-08 18:48:01 +02:00
Slavi Pantaleev
1338963b6c Add support for obtaining additional SSL certificates via Traefik 2023-02-08 18:47:19 +02:00
Slavi Pantaleev
9a71a5696b Allow Postmoogle to work with SSL certificates extracted from Traefik 2023-02-08 16:45:03 +02:00
Slavi Pantaleev
ddf6b2d4ee Handle matrix_playbook_reverse_proxy_type being "none" when deciding on Coturn certificate parameters 2023-02-08 16:24:43 +02:00
Slavi Pantaleev
d44d4b637f Allow Coturn to work with SSL certificates extracted from Traefik 2023-02-08 16:06:46 +02:00
Slavi Pantaleev
c07630ed51 Add com.devture.ansible.role.traefik_certs_dumper role
With this, other roles (like Coturn, Postmoogle) will be able
to use SSL certificates extracted from Traefik
via https://github.com/ldez/traefik-certs-dumper
2023-02-08 16:05:38 +02:00
Paul N
96dd86d33b Set default values where sensible and remove unnecessary conditionals in .env.j2.
Check for empty string instead of Null to verify if an openid_server_name is pinned.
2023-02-06 15:26:08 +01:00
Paul N
d67d8c07f5 Remove remnant comment. 2023-02-06 15:26:08 +01:00
jakicoll
6499b6536a Decoupling: Do not use variables user-verification-service role inside the jitsi role. 2023-02-06 15:18:25 +01:00
Paul N
1d99f17b4a Disable matrix-user-verification-service in group_vars and update docs accordingly. 2023-02-06 13:23:11 +01:00
Paul N
50c1e9d695 Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly. 2023-02-06 13:14:34 +01:00
Paul N
07d9ea5e87 Stick to port 3003 instead of changing the port based on the status of grafana. 2023-02-06 13:06:35 +01:00
jakicoll
0e0ae2f3e6 Assign default log level in role instead of matrix_servers file. 2023-02-06 13:04:06 +01:00
jakicoll
f53731756d Change comment
Applying the assumption, that synapse is always managed by this playbook.
2023-02-06 12:15:54 +01:00
Slavi Pantaleev
8155f780e5 Add support for reverse-proxying Matric (Client & Federation) via Traefik 2023-02-06 13:08:11 +02:00
jakicoll
94830b582b Wording: change collection -> playbook 2023-02-06 11:58:50 +01:00
Slavi Pantaleev
f983604695 Initial work on Traefik support
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2023-02-06 10:34:51 +02:00
Slavi Pantaleev
be78b74fbd Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role 2023-02-05 10:32:09 +02:00
Slavi Pantaleev
d7c0239e40 Enable metrics endpoint for mautrix bridges by default when Prometheus is enabled
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427

This just enables the endpoint, which is somewhat helpful, but not
really enough to scrape them. Ideally, we'd be injecting these targets
into the Prometheus scrape config too.
For now, registering targets with Prometheus is very manual
(`matrix_prometheus_scraper_postgres_enabled`, `matrix_prometheus_scraper_hookshot_enabled`, ..).
This should be redone - e.g. a new `matrix_prometheus_scrape_config_jobs_auto` variable,
which is dynamically built in `group_vars/matrix_servers`.
2023-01-30 08:53:28 +02:00
Slavi Pantaleev
9ed2e04d80 Switch from matrix-prometheus-node-exporter to an external prometheus_node_exporter role 2023-01-21 11:07:04 +02:00
Slavi Pantaleev
4e40ac5ad8
Merge pull request #2227 from xangelix/add-matrix-mautrix-slack-role
Add matrix-bridge-mautrix-slack role
2023-01-11 10:35:45 +02:00
Slavi Pantaleev
ddfab60427 Enable self-building for chatgpt for arm32 2023-01-10 17:20:50 +02:00
Slavi Pantaleev
8d3ce50d1b Disable chatgpt from group_vars/matrix_servers by default 2023-01-10 17:20:33 +02:00
bertybuttface
0ec1868b95 Add matrix-bot-chatgpt.
Co-Authored-By: Slavi Pantaleev <slavi@devture.com>
2023-01-10 13:57:38 +00:00
Thomas Baer
c86720eeae
convert to list from generator
selectattr() returns a generator object, an iterator. This leads to an exception later, lists can't concated to iterators, only to other lists. So '| list' converts the iterator to a list and the script runs happily.
2023-01-05 14:10:06 +01:00
jakicoll
42e4e50f5b Matrix Authentication Support for Jitsi
This extends the collection with support for seamless authentication at the Jitsi server using Matrix OpenID.

1. New role for installing the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)
2. Changes to Jitsi role: Installing Jitsi Prosody Mods and configuring Jitsi Auth
3. Changes to Jitsi and nginx-proxy roles: Serving .well-known/element/jitsi from jitsi.DOMAIN
4. We updated the Jitsi documentation on authentication and added documentation for the user verification service.
2023-01-04 14:27:16 +01:00
Cody Wyatt Neiman
2e0dfb2dc1
Update slack bridge implementation 2023-01-02 20:07:04 -05:00
Cody Wyatt Neiman
784e5492d5
Add matrix-bridge-mautrix-slack role 2023-01-02 19:13:17 -05:00
Samuel Meenzen
0179b0f165
Remove conduit workaround
Conduit update 0.5.0 fixed the issue, so this is no longer needed.
2022-12-21 18:28:34 +01:00
Matthew Cengia
3453fff901
Use upstream Docker image for amd64 rather than self-build 2022-12-11 21:25:43 +11:00
Slavi Pantaleev
da82c3bd4f
Merge pull request #2327 from ikkemaniac/fix-nginxlog-prometheus
fix: nginxlog prometheus config port
2022-12-08 13:15:34 +02:00
ikkemaniac
e6fc6b7a86 fix: nginxlog prometheus config port 2022-12-08 01:10:05 +01:00
ikkemaniac
8ef6341fd7 fix: systemd entry 2022-12-08 00:02:54 +01:00
ikkemaniac
8ebf18a885
add prometheus-nginxlog-exporter role (#2315)
* add prometheus-nginxlog-exporter role

* Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname

* avoid referencing variables from other roles, handover info using group_vars/matrix_servers

* fix: stop service when uninstalling

fix: typo

move available arch's into a var

fix: text

* fix: prometheus enabled condition

Co-authored-by: ikkemaniac <ikkemaniac@localhost>
2022-12-07 16:58:36 +02:00
Slavi Pantaleev
0a018ac22b Add internal Postgres instance (if enabled) to postgres-backup dependencies 2022-11-30 11:22:00 +02:00
Slavi Pantaleev
d5ea17d66f Make postgres-backup priority start later 2022-11-30 11:18:39 +02:00
Slavi Pantaleev
4eed49f931 Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
2022-11-30 11:01:19 +02:00
Slavi Pantaleev
de979bc6a2 Upgrade com.devture.ansible.role.postgres 2022-11-30 09:42:06 +02:00
Slavi Pantaleev
4b2d30a474 Fix matrix_dendrite_client_api_turn_shared_secret not being defined
Regression since https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2290
2022-11-28 18:33:18 +02:00
Slavi Pantaleev
81054bb19c Upgrade com.devture.ansible.role.postgres 2022-11-28 09:05:22 +02:00
Slavi Pantaleev
7b43ef34b7 Remove more hardcoded matrix-postgres references 2022-11-27 09:16:18 +02:00