forked from spantaleev/matrix-docker-ansible-deploy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
init.yml
141 lines (132 loc) · 7.35 KB
/
init.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-hookshot role needs to execute before the matrix-synapse role.
when: "matrix_hookshot_enabled and matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}"
when: matrix_hookshot_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
}}
matrix_synapse_app_service_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
+
["/hookshot-registration.yml"]
}}
when: matrix_hookshot_enabled | bool
- block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_configuration: |
location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
{% endif %}
proxy_set_header Host $host;
}
{% if matrix_hookshot_provisioning_enabled %}
location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
proxy_pass http://$backend/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
- name: Register hookshot proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_configuration]
}}
- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
location /metrics/hookshot {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
proxy_pass http://$backend/metrics;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
{% endif %}
}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
}}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
when: matrix_hookshot_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
URL endpoint to the matrix-hookshot container.
You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"