From a1ee824f8415beae7feaae1ff45214a83a01bc1c Mon Sep 17 00:00:00 2001 From: saibotk Date: Wed, 22 Sep 2021 02:48:46 +0200 Subject: [PATCH] matrix: Remove delegate config BREAKING: Please use the new matrix_delegate role for this. --- roles/matrix/README.md | 2 +- roles/matrix/defaults/main.yml | 5 +- roles/matrix/handlers/main.yml | 31 -------- roles/matrix/tasks/main.yml | 30 -------- roles/matrix/templates/client-delegation.json | 5 -- roles/matrix/templates/delegate-nginx.conf | 74 ------------------- roles/matrix/templates/docker-compose.yml | 40 +--------- roles/matrix/templates/server-delegation.json | 3 - 8 files changed, 3 insertions(+), 187 deletions(-) delete mode 100644 roles/matrix/handlers/main.yml delete mode 100644 roles/matrix/templates/client-delegation.json delete mode 100644 roles/matrix/templates/delegate-nginx.conf delete mode 100644 roles/matrix/templates/server-delegation.json diff --git a/roles/matrix/README.md b/roles/matrix/README.md index 6719222..8013035 100644 --- a/roles/matrix/README.md +++ b/roles/matrix/README.md @@ -2,7 +2,7 @@ Matrix ========= This will setup a Matrix (Synapse) instance using their official docker container and traefik as a reverse proxy. -Additionally this will setup an Element Web instance and the required delegation if needed. +Additionally, you may need to configure delegation, to do so take a look at the matrix_delegation role. Requirements ------------ diff --git a/roles/matrix/defaults/main.yml b/roles/matrix/defaults/main.yml index d596b5e..91f1256 100644 --- a/roles/matrix/defaults/main.yml +++ b/roles/matrix/defaults/main.yml @@ -4,7 +4,7 @@ # Infrastructure # Ansible instructions to deploy the infrastructure # Copyright (C) 2019-2020 Christoph (Sheogorath) Kern -# Copyright (C) 2020 Saibotk +# Copyright (C) 2021 Saibotk # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -46,13 +46,10 @@ matrix_database_password: "{{ lookup('passwordstore', matrix_synapse_domain + matrix_synapse_version: "1.43.0" # renovate: depName=docker.io/library/postgres matrix_database_version: "13.4" -# renovate: depName=docker.io/library/nginx -matrix_delegate_nginx_version: "1.21" # Container tag definitions matrix_synapse_image_version: "v{{ matrix_synapse_version }}" matrix_database_image_version: "{{ matrix_database_version }}-alpine" -matrix_delegate_nginx_image_version: "{{ matrix_delegate_nginx_version }}-alpine" # Enable or disable selinux handling matrix_selinux_enabled: true diff --git a/roles/matrix/handlers/main.yml b/roles/matrix/handlers/main.yml deleted file mode 100644 index 2d27823..0000000 --- a/roles/matrix/handlers/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Handlers file for the matrix role - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2019-2020 Alexander (w4tsn) Wellbrock -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -- name: restart matrix delegate nginx - docker_compose: - services: - - delegate - state: present - project_src: "{{ matrix_install_location }}" - restarted: true - tags: - - docker - - matrix - become: true diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml index 8abf6d4..5d11d16 100644 --- a/roles/matrix/tasks/main.yml +++ b/roles/matrix/tasks/main.yml @@ -65,36 +65,6 @@ - matrix become: true -- name: Deploy delegation config files - template: - src: "{{ item }}" - dest: "{{ matrix_install_location }}/{{ item }}" - setype: "container_file_t" - mode: '0644' - owner: 'root' - group: 'root' - with_items: - - "server-delegation.json" - - "client-delegation.json" - tags: - - docker - - matrix - become: true - -- name: Deploy nginx delegate config - template: - src: "delegate-nginx.conf" - dest: "{{ matrix_install_location }}/nginx.conf" - setype: "container_file_t" - mode: '0600' - owner: 'root' - group: 'root' - tags: - - docker - - matrix - notify: restart matrix delegate nginx - become: true - - name: Check if homeserver.yaml (config) exists stat: path: "{{ matrix_data_location }}/homeserver.yaml" diff --git a/roles/matrix/templates/client-delegation.json b/roles/matrix/templates/client-delegation.json deleted file mode 100644 index 3eb6ce4..0000000 --- a/roles/matrix/templates/client-delegation.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "m.homeserver": { - "base_url": "https://{{ matrix_synapse_domain }}" - } -} diff --git a/roles/matrix/templates/delegate-nginx.conf b/roles/matrix/templates/delegate-nginx.conf deleted file mode 100644 index bdcc2dd..0000000 --- a/roles/matrix/templates/delegate-nginx.conf +++ /dev/null @@ -1,74 +0,0 @@ -{{ ansible_managed | comment }} - -# From https://git.shivering-isles.com/w4tsn/infrastructure/-/blob/2d8d03a025b833e11533fa8610cc77cff7a59bb9/roles/matrix/templates/delegate-nginx.conf.j2 - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2019-2020 Alexander (w4tsn) Wellbrock -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -worker_processes 1; - -error_log stderr; - -pid /tmp/nginx.pid; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - access_log off; - - # Turn off the bloody buffering to temp files - proxy_buffering off; - - sendfile on; - keepalive_timeout 120; - - gzip on; - gzip_types text/plain application/json; - - server_names_hash_bucket_size 128; - - # These two should be the same or nginx will start writing - # large request bodies to temp files - client_body_buffer_size 10m; - client_max_body_size 10m; - - server { - listen 80; - server_name localhost; - server_tokens off; - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - - location /.well-known/matrix { - root /usr/share/nginx/html; - {# - A somewhat long expires value is used to prevent outages - in case this is unreachable due to network failure or - due to the base domain's server completely dying. - #} - expires 4h; - default_type application/json; - add_header Access-Control-Allow-Origin *; - } - } -} diff --git a/roles/matrix/templates/docker-compose.yml b/roles/matrix/templates/docker-compose.yml index 2c9b550..f144f41 100644 --- a/roles/matrix/templates/docker-compose.yml +++ b/roles/matrix/templates/docker-compose.yml @@ -3,7 +3,7 @@ # Ansible instructions to deploy the infrastructure # Copyright (C) 2019-2020 Christoph (Sheogorath) Kern # Copyright (C) 2019-2020 Alexander (w4tsn) Wellbrock -# Copyright (C) 2020 Saibotk +# Copyright (C) 2021 Saibotk # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -90,44 +90,6 @@ services: database: restart: always - delegate: - image: docker.io/library/nginx:{{ matrix_delegate_nginx_image_version }} - mem_limit: 256mb - memswap_limit: 512mb - read_only: true - tmpfs: - - "/var/cache/nginx:size=10M" - - "/run/nginx:size=512K" - - "/tmp:size=128K" - security_opt: - - no-new-privileges - volumes: - - "{{ matrix_install_location }}/server-delegation.json:/usr/share/nginx/html/.well-known/matrix/server:ro" - - "{{ matrix_install_location }}/client-delegation.json:/usr/share/nginx/html/.well-known/matrix/client:ro" - - "{{ matrix_install_location }}/nginx.conf:/etc/nginx/nginx.conf:ro" - labels: - - "traefik.enable=true" - - - "traefik.http.routers.matrix-delegate.rule=Host(`{{ matrix_synapse_servername }}`) && PathPrefix(`/.well-known/matrix`)" - - "traefik.http.routers.matrix-delegate.entrypoints=websecure" - - "traefik.http.routers.matrix-delegate.tls.certresolver={{ matrix_traefik_certresolver }}" - - "traefik.http.routers.matrix-delegate.middlewares=matrix-delegate,compress" - - "traefik.http.middlewares.matrix-delegate.headers.sslredirect=true" - - "traefik.http.middlewares.matrix-delegate.headers.stsSeconds=63072000" - - "traefik.http.middlewares.matrix-delegate.headers.referrerPolicy=no-referrer" - -{% if proxy_network is defined %} - - "traefik.docker.network={{ proxy_network }}" -{% endif %} -{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %} - - "traefik.http.middlewares.matrix-delegate.headers.customresponseheaders.alt-svc:h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000" -{% endif %} - restart: always -{% if proxy_network is defined %} - networks: - {{ proxy_network }}: -{% endif %} - networks: database: internal: true diff --git a/roles/matrix/templates/server-delegation.json b/roles/matrix/templates/server-delegation.json deleted file mode 100644 index 3163298..0000000 --- a/roles/matrix/templates/server-delegation.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "m.server": "{{ matrix_synapse_domain }}:443" -}