From f3374eb7f03596ea7d98f7a71b231e8519790385 Mon Sep 17 00:00:00 2001
From: saibotk <git@saibotk.de>
Date: Wed, 22 Sep 2021 02:05:06 +0200
Subject: [PATCH] matrix_elementweb: Add / extract role from matrix role

---
 playbooks/matrix_elementweb.yml               | 27 ++++++
 playbooks/site.yml                            |  1 +
 roles/matrix_elementweb/README.md             | 37 ++++++++
 roles/matrix_elementweb/defaults/main.yml     | 65 +++++++++++++
 roles/matrix_elementweb/handlers/main.yml     | 32 +++++++
 roles/matrix_elementweb/meta/main.yml         | 17 ++++
 roles/matrix_elementweb/tasks/main.yml        | 94 +++++++++++++++++++
 roles/matrix_elementweb/templates/config.json | 23 +++++
 .../templates/docker-compose.yml              | 63 +++++++++++++
 9 files changed, 359 insertions(+)
 create mode 100644 playbooks/matrix_elementweb.yml
 create mode 100644 roles/matrix_elementweb/README.md
 create mode 100644 roles/matrix_elementweb/defaults/main.yml
 create mode 100644 roles/matrix_elementweb/handlers/main.yml
 create mode 100644 roles/matrix_elementweb/meta/main.yml
 create mode 100644 roles/matrix_elementweb/tasks/main.yml
 create mode 100644 roles/matrix_elementweb/templates/config.json
 create mode 100644 roles/matrix_elementweb/templates/docker-compose.yml

diff --git a/playbooks/matrix_elementweb.yml b/playbooks/matrix_elementweb.yml
new file mode 100644
index 0000000..aa7fef4
--- /dev/null
+++ b/playbooks/matrix_elementweb.yml
@@ -0,0 +1,27 @@
+---
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2021       Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+- hosts: matrix_elementweb
+  roles:
+    - docker
+    - docker_compose
+    - docker_cleanup
+    - traefik
+    - matrix_elementweb
+  environment:
+    PYTHONPATH: /opt/ansible-dependencies/lib/python{{ env_ansible_deps_python_version | default(2.7) }}/site-packages
diff --git a/playbooks/site.yml b/playbooks/site.yml
index 45d31d0..97f4b8e 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -28,6 +28,7 @@
 - import_playbook: mastodon.yml
 - import_playbook: codimd.yml
 - import_playbook: matrix.yml
+- import_playbook: matrix_elementweb.yml
 - import_playbook: matrix_webhooks.yml
 - import_playbook: matrix_maubot.yml
 - import_playbook: static_websites.yml
diff --git a/roles/matrix_elementweb/README.md b/roles/matrix_elementweb/README.md
new file mode 100644
index 0000000..55d5b3e
--- /dev/null
+++ b/roles/matrix_elementweb/README.md
@@ -0,0 +1,37 @@
+Matrix-Webhooks
+=========
+
+This will setup a [Element Web](https://github.com/vector-im/element-web) instance using the official docker container and traefik as a reverse proxy.
+
+Requirements
+------------
+
+You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles.
+
+**This role assumes that you have setup traefik with an endpoint called `websecure`.**
+
+**You will also need to manually copy the appservice's registration file to your homeserver's directory and enable it in the config for this appservice to work!**
+
+Role Variables
+--------------
+
+**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
+
+**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**  
+
+### Global variables, that are used:
+
+- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional)
+- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional)
+
+Dependencies
+------------
+
+- docker
+- docker-compose
+- traefik
+
+License
+-------
+
+GPL-3.0-only
diff --git a/roles/matrix_elementweb/defaults/main.yml b/roles/matrix_elementweb/defaults/main.yml
new file mode 100644
index 0000000..79a0612
--- /dev/null
+++ b/roles/matrix_elementweb/defaults/main.yml
@@ -0,0 +1,65 @@
+---
+# Default variables for the matrix_elementweb role
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2021       Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# The install location
+matrix_elementweb_install_location: /srv/matrix-elementweb
+
+# The location to store elementweb related data in
+matrix_elementweb_data_location: "{{ matrix_elementweb_install_location }}/data"
+
+# Under which domain should the service be reachable via traefik
+matrix_elementweb_domain: "element.example.com"
+
+# The certresolver that is used by traefik for this domain
+matrix_elementweb_traefik_certresolver: letsencrypt_http
+
+# renovate: depName=docker.io/vectorim/element-web
+matrix_elementweb_version: "v1.8.5"
+
+# Container versions
+matrix_elementweb_image_version: "{{ matrix_elementweb_version }}"
+
+# Enable or disable selinux handling
+matrix_elementweb_selinux_enabled: true
+
+# The homeserver URL and display name
+matrix_elementweb_base_url: "https://matrix.example.com"
+matrix_elementweb_servername: "example.com"
+
+# Controls whether Element shows the presence feature for all (empty list) or specific servers (key = value list with the key being the server url)
+matrix_elementweb_enable_presence_by_hs_url: []
+
+# Should users only be allowed to use this instance with the given matrix server?
+matrix_elementweb_disable_custom_urls: true
+
+# Should Element-Web disable guests? (without sign-in)
+matrix_elementweb_disable_guests: true
+
+# Should Element-Web disable 3PID login? (Login with Email etc)
+matrix_elementweb_disable_3pid_login: false
+
+# Integration Server URLs to use (see https://github.com/vector-im/element-web/blob/develop/docs/config.md)
+matrix_elementweb_integrations_ui_url: "https://scalar.vector.im/"
+matrix_elementweb_integrations_rest_url: "https://scalar.vector.im/api"
+matrix_elementweb_integrations_widgets_urls: ["https://scalar.vector.im/api"]
+matrix_elementweb_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
+
+# Element Web public room directory server(s)
+matrix_elementweb_roomdir_servers: ['matrix.org']
diff --git a/roles/matrix_elementweb/handlers/main.yml b/roles/matrix_elementweb/handlers/main.yml
new file mode 100644
index 0000000..1833c89
--- /dev/null
+++ b/roles/matrix_elementweb/handlers/main.yml
@@ -0,0 +1,32 @@
+---
+# Handlers file for the matrix-elementweb role
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2021  Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+- name: restart matrix elementweb
+  docker_compose:
+    services:
+      - elementweb
+    state: present
+    project_src: "{{ matrix_elementweb_install_location }}"
+    restarted: true
+  tags:
+    - docker
+    - matrix
+    - elementweb
+  become: true
diff --git a/roles/matrix_elementweb/meta/main.yml b/roles/matrix_elementweb/meta/main.yml
new file mode 100644
index 0000000..9dee890
--- /dev/null
+++ b/roles/matrix_elementweb/meta/main.yml
@@ -0,0 +1,17 @@
+galaxy_info:
+  author: saibotk
+  description: Deploys a elementweb server via docker using traefik.
+  license: GPL-3.0-only
+  min_ansible_version: 2.9
+
+  platforms:
+    - name: CentOS
+      versions:
+        - 7
+
+  galaxy_tags: []
+
+dependencies:
+  - docker
+  - docker_compose
+  - traefik
diff --git a/roles/matrix_elementweb/tasks/main.yml b/roles/matrix_elementweb/tasks/main.yml
new file mode 100644
index 0000000..aa26960
--- /dev/null
+++ b/roles/matrix_elementweb/tasks/main.yml
@@ -0,0 +1,94 @@
+---
+# Tasks file for the matrix-elementweb role
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
+# Copyright (C) 2019-2020  Alexander (w4tsn) Wellbrock
+# Copyright (C) 2020-2021  Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+- name: Update default SELinux contexts
+  sefcontext:
+    target: '{{ item }}(/.*)?'
+    setype: "container_file_t"
+    state: present
+  with_items:
+    - "{{ matrix_elementweb_data_location }}"
+  when:
+    - matrix_elementweb_selinux_enabled
+  become: true
+
+- name: Create install directory
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0700'
+    owner: 'root'
+    group: 'root'
+  with_items:
+    - "{{ matrix_elementweb_install_location }}"
+  become: true
+
+- name: Create data directory
+  file:  # noqa risky-file-permissions # Container manages permissions on its own
+    path: "{{ item }}"
+    state: directory
+    setype: "container_file_t"
+  with_items:
+    - "{{ matrix_elementweb_data_location }}"
+  become: true
+
+- name: Deploy docker-compose.yml
+  template:
+    src: "docker-compose.yml"
+    dest: "{{ matrix_elementweb_install_location }}/docker-compose.yml"
+    mode: '0600'
+    owner: 'root'
+    group: 'root'
+    validate: docker-compose -f %s config -q
+  tags:
+    - matrix
+    - elementweb
+  become: true
+
+- name: Deploy elementweb config files
+  template:
+    src: "{{ item }}"
+    dest: "{{ matrix_elementweb_data_location }}/{{ item }}"
+    setype: "container_file_t"
+    mode: '0644'
+    owner: '991'
+    group: '991'
+  with_items:
+    - "config.json"
+  tags:
+    - docker
+    - matrix
+    - elementweb
+  notify: restart matrix elementweb
+  become: true
+
+- name: Compose matrix-elementweb
+  docker_compose:
+    state: present
+    project_src: "{{ matrix_elementweb_install_location }}"
+    pull: true
+    remove_orphans: true
+  tags:
+    - docker
+    - matrix
+    - elementweb
+  become: true
diff --git a/roles/matrix_elementweb/templates/config.json b/roles/matrix_elementweb/templates/config.json
new file mode 100644
index 0000000..0819300
--- /dev/null
+++ b/roles/matrix_elementweb/templates/config.json
@@ -0,0 +1,23 @@
+{
+	"default_server_config": {
+		"m.homeserver": {
+			"base_url": {{ matrix_elementweb_base_url | string | to_json }},
+			"server_name": {{ matrix_elementweb_servername | string | to_json }}
+		}
+	},
+	"disable_custom_urls": {{ matrix_elementweb_disable_custom_urls | to_json }},
+    "disable_3pid_login": {{ matrix_elementweb_disable_3pid_login | to_json }},
+	"disable_guests": {{ matrix_elementweb_disable_guests | to_json }},
+	"integrations_ui_url": {{ matrix_elementweb_integrations_ui_url | string | to_json }},
+	"integrations_rest_url": {{ matrix_elementweb_integrations_rest_url | string | to_json }},
+	"integrations_widgets_urls": {{ matrix_elementweb_integrations_widgets_urls | to_json }},
+	"integrations_jitsi_widget_url": {{ matrix_elementweb_integrations_jitsi_widget_url | string | to_json }},
+	"bug_report_endpoint_url": "https://element.io/bugreports/submit",
+	"enableLabs": true,
+{% if matrix_elementweb_enable_presence_by_hs_url %}
+	"enable_presence_by_hs_url": {{ matrix_elementweb_enable_presence_by_hs_url | to_json }},
+{% endif %}
+	"roomDirectory": {
+		"servers": {{ matrix_elementweb_roomdir_servers | to_json }}
+	}
+}
diff --git a/roles/matrix_elementweb/templates/docker-compose.yml b/roles/matrix_elementweb/templates/docker-compose.yml
new file mode 100644
index 0000000..e397ec8
--- /dev/null
+++ b/roles/matrix_elementweb/templates/docker-compose.yml
@@ -0,0 +1,63 @@
+---
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
+# Copyright (C) 2019-2020  Alexander (w4tsn) Wellbrock
+# Copyright (C) 2021       Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+version: '2'
+services:
+  elementweb:
+    image: docker.io/vectorim/element-web:{{ matrix_elementweb_image_version }}
+    mem_limit: 512mb
+    memswap_limit: 768mb
+    read_only: true
+    security_opt:
+      - no-new-privileges
+    tmpfs:
+      - "/var/cache/nginx:size=10M"
+      - "/run:size=512K"
+      - "/tmp:rw,noexec,nosuid,size=10M"
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.routers.matrix-elementweb.rule=Host(`{{ matrix_elementweb_domain }}`) && PathPrefix(`/`)"
+      - "traefik.http.routers.matrix-elementweb.entrypoints=websecure"
+      - "traefik.http.routers.matrix-elementweb.tls.certresolver={{ matrix_elementweb_traefik_certresolver }}"
+      - "traefik.http.routers.matrix-elementweb.middlewares=matrix-elementweb,compress"
+      - "traefik.http.middlewares.matrix-elementweb.headers.sslredirect=true"
+      - "traefik.http.middlewares.matrix-elementweb.headers.stsSeconds=63072000"
+      - "traefik.http.middlewares.matrix-elementweb.headers.referrerPolicy=no-referrer"
+
+{% if proxy_network is defined %}
+      - "traefik.docker.network={{ proxy_network }}"
+{% endif %}
+{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
+      - "traefik.http.middlewares.matrix-elementweb.headers.customresponseheaders.alt-svc:h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
+{% endif %}
+    volumes:
+      - "{{ matrix_elementweb_data_location }}/config.json:/app/config.json:ro"
+{% if proxy_network is defined %}
+    networks:
+      {{ proxy_network }}:
+{% endif %}
+    restart: always
+
+{% if proxy_network is defined %}
+networks:
+  {{ proxy_network }}:
+    external: true
+{% endif %}