THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs

2025-08-30 23:38:13 +02:00 · 2025-08-15 15:15:48 +02:00
parent 0228014d34
commit 022800425d
271 changed files with 1098 additions and 916 deletions
--- a/roles/web-app-matrix/templates/docker-compose.yml.j2
+++ b/roles/web-app-matrix/templates/docker-compose.yml.j2
@@ -1,27 +1,27 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
  synapse:
 {% set container_port = 8008 %}
-    image: "{{ matrix_synapse_image }}:{{ matrix_synapse_version }}"
-    container_name: {{ matrix_synapse_name }}
-    restart: {{DOCKER_RESTART_POLICY}}
+    image: "{{ MATRIX_SYNAPSE_IMAGE }}:{{ MATRIX_SYNAPSE_VERSION }}"
+    container_name: {{ MATRIX_SYNAPSE_NAME }}
+    restart: {{ DOCKER_RESTART_POLICY }}
    logging:
      driver: journald
    volumes:
      - synapse_data:/data
-      - ./homeserver.yaml:/data/homeserver.yaml:ro
-      - ./{{domains[application_id].synapse}}.log.config:/data/{{domains[application_id].synapse}}.log.config:ro
-{% for item in bridges %}
-      - {{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/registration.yaml:{{registration_file_folder}}{{item.bridge_name}}.registration.yaml:ro
+      - {{ MATRIX_SYNAPSE_CONFIG_PATH_HOST }}:{{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }}:ro
+      - {{ MATRIX_SYNAPSE_LOG_PATH_HOST }}:{{ MATRIX_SYNAPSE_LOG_PATH_CONTAINER }}:ro
+{% for item in MATRIX_BRIDGES %}
+      - {{ docker_compose.directories.instance }}mautrix/{{ item.bridge_name }}/registration.yaml:{{ MATRIX_REGISTRATION_FILE_FOLDER }}{{ item.bridge_name }}.registration.yaml:ro
 {% endfor %}
    environment:
-      - SYNAPSE_SERVER_NAME={{domains[application_id].synapse}}
+      - SYNAPSE_SERVER_NAME={{ MATRIX_SYNAPSE_DOMAIN }}
      - SYNAPSE_REPORT_STATS=no
    ports:
      - "127.0.0.1:{{ports.localhost.http['web-app-matrix_synapse']}}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
-{% if bridges | length > 0 %}
-{% for item in bridges %}
-      mautrix-{{item.bridge_name}}:
+{% if MATRIX_BRIDGES | length > 0 %}
+{% for item in MATRIX_BRIDGES %}
+      mautrix-{{ item.bridge_name }}:
        condition: service_healthy
 {% endfor %}
 {% else %}
@@ -30,25 +30,25 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
  element:
 {% set container_port = 80 %}
-    image: "{{ matrix_element_image }}:{{ matrix_element_version }}"
-    container_name: {{ matrix_element_name }}
-    restart: {{DOCKER_RESTART_POLICY}}
+    image: "{{ MATRIX_ELEMENT_IMAGE }}:{{ MATRIX_ELEMENT_VERSION }}"
+    container_name: {{ MATRIX_ELEMENT_NAME }}
+    restart: {{ DOCKER_RESTART_POLICY }}
    volumes:
-      - ./element-config.json:/app/config.json
+      - {{ MATRIX_ELEMENT_CONFIG_PATH_HOST }}:/app/config.json
    ports:
-      - "127.0.0.1:{{ports.localhost.http['web-app-matrix_element']}}:{{ container_port }}"
+      - "127.0.0.1:{{ MATRIX_ELEMENT_PORT }}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% for item in bridges %}
-  mautrix-{{item.bridge_name}}:
-    container_name: matrix-{{item.bridge_name}}
+{% for item in MATRIX_BRIDGES %}
+  mautrix-{{ item.bridge_name }}:
+    container_name: matrix-{{ item.bridge_name }}
    image: dock.mau.dev/mautrix/{{ item.bridge_name }}:latest
-    restart: {{DOCKER_RESTART_POLICY}}
+    restart: {{ DOCKER_RESTART_POLICY }}
    volumes:
-      - ./mautrix/{{item.bridge_name}}:/data
+      - ./mautrix/{{ item.bridge_name }}:/data
    healthcheck:
-      test: ["CMD-SHELL", "test -f {{registration_file_folder}}registration.yaml || exit 1"]
+      test: ["CMD-SHELL", "test -f {{ MATRIX_REGISTRATION_FILE_FOLDER }}registration.yaml || exit 1"]
      interval: 1m
      timeout: 10s
      retries: 3
@@ -56,7 +56,7 @@
 {% endfor %}
 {% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %}
  matrix-chatgpt-bot:
-    restart: {{DOCKER_RESTART_POLICY}}
+    restart: {{ DOCKER_RESTART_POLICY }}
    container_name: matrix-chatgpt
    image: ghcr.io/matrixgpt/matrix-chatgpt-bot:latest
    volumes:
@@ -81,10 +81,10 @@
      KEYV_URL: ''
      KEYV_BOT_ENCRYPTION: 'false'
      KEYV_BOT_STORAGE: 'true'
-      MATRIX_HOMESERVER_URL: '{{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}'
+      MATRIX_HOMESERVER_URL: '{{ MATRIX_SYNAPSE_URL }}'
      MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}'
      MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}'
-      MATRIX_BOT_PASSWORD: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}}'
+      MATRIX_BOT_PASSWORD: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True) }}'
      MATRIX_DEFAULT_PREFIX: '!chatgpt'
      MATRIX_DEFAULT_PREFIX_REPLY: 'false'
      #MATRIX_BLACKLIST: ''
@@ -98,7 +98,7 @@

 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  synapse_data:
-    name: {{ matrix_synapse_data }}
+    name: {{ MATRIX_SYNAPSE_VOLUME }}
 {% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %}
  chatgpt_data:
 {% endif %}
--- a/roles/web-app-matrix/templates/element.config.json.j2
+++ b/roles/web-app-matrix/templates/element.config.json.j2
@@ -1,8 +1,8 @@
 {
    "default_server_config": {
        "m.homeserver": {
-            "base_url": "{{ WEB_PROTOCOL }}://{{domains[application_id].synapse}}",
-            "server_name": "{{domains[application_id].synapse}}"
+            "base_url": "{{ MATRIX_SYNAPSE_URL }}",
+            "server_name": "{{ MATRIX_SYNAPSE_DOMAIN }}"
        },
        "m.identity_server": {
            "base_url": "{{ WEB_PROTOCOL }}://{{ PRIMARY_DOMAIN }}"
--- a/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2
@@ -143,7 +143,7 @@ bridge:
    sync_direct_chat_list: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains[application_id].synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_DOMAIN }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2
@@ -134,7 +134,7 @@ bridge:
    double_puppet_allow_discovery: false
    # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
--- a/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2
@@ -141,7 +141,7 @@ bridge:
    federate_rooms: true
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2
@@ -118,7 +118,7 @@ bridge:

    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2
@@ -198,7 +198,7 @@ bridge:
    sync_direct_chat_list: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2
@@ -236,7 +236,7 @@ bridge:
    force_active_delivery_receipts: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ WEB_PROTOCOL }}://{{ domains[application_id].synapse }}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ MATRIX_SYNAPSE_URL }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/nginx.conf.j2
+++ b/roles/web-app-matrix/templates/nginx.conf.j2
@@ -1,16 +1,16 @@
 server {
    {# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #}
    {# Could be that this is related to the set_fact use #}
-    {% set domain = domains[application_id].synapse %}
-    {% set http_port = ports.localhost.http['web-app-matrix_synapse'] %}
-    {% set federation_port = ports.public.federation['web-app-matrix_synapse'] %}
+    {% set domain = MATRIX_SYNAPSE_DOMAIN | mandatory("MATRIX_SYNAPSE_DOMAIN is required") %}
+    {% set http_port = MATRIX_SYNAPSE_PORT | mandatory("MATRIX_PORT is required") %}
+    {% set FEDERATION_PORT = http_port %}

-    server_name {{domains[application_id].synapse}};
+    server_name {{ domain }};
    {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
    
    # For the federation port
-    listen {{ federation_port }} ssl default_server;
-    listen [::]:{{ federation_port }} ssl default_server;
+    listen {{ FEDERATION_PORT }} ssl default_server;
+    listen [::]:{{ FEDERATION_PORT }} ssl default_server;

    {% include 'roles/srv-web-7-7-inj-compose/templates/server.conf.j2'%}

--- a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2
+++ b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2
@@ -18,15 +18,15 @@ database:
    host: "{{database_host}}"
    cp_min: 5
    cp_max: 10
-log_config:                     "/data/{{domains[application_id].synapse}}.log.config"
+log_config:                     "{{ MATRIX_SYNAPSE_LOG_PATH_CONTAINER }}"
 media_store_path:               "/data/media_store"
 registration_shared_secret:     "{{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}"
 report_stats:                   true
 macaroon_secret_key:            "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}"
 form_secret:                    "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}"
-signing_key_path:               "/data/{{domains[application_id].synapse}}.signing.key"
+signing_key_path:               "/data/{{ MATRIX_SYNAPSE_DOMAIN }}.signing.key"
 web_client_location:            "{{ WEB_PROTOCOL }}://{{domains[application_id].element}}"
-public_baseurl:                 "{{ WEB_PROTOCOL }}://{{domains[application_id].synapse}}"
+public_baseurl:                 "{{ MATRIX_SYNAPSE_URL }}"
 trusted_key_servers:
  - server_name: "matrix.org"
 admin_contact: 'mailto:{{ users.administrator.email }}'
@@ -40,20 +40,20 @@ email:
  #require_transport_security:   true
  enable_tls:                   "{{ system_email.tls | upper }}"
  notif_from:                   "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
-  app_name:                     "Matrix on {{domains[application_id].synapse}}"
+  app_name:                     "Matrix on {{ MATRIX_SYNAPSE_DOMAIN }}"
  enable_notifs:                true
  notif_for_new_users:          false
-  client_base_url:              "{{domains[application_id].synapse}}"
+  client_base_url:              "{{ MATRIX_SYNAPSE_DOMAIN }}"
  validation_token_lifetime:    15m

 {% if applications | get_app_conf(application_id, 'features.oidc', False) %}
 # @See https://matrix-org.github.io/synapse/latest/openid.html
 oidc_providers:
  - idp_id: keycloak
-    idp_name:       "{{oidc.button_text}}"
-    issuer:         "{{oidc.client.issuer_url}}"
-    client_id:      "{{oidc.client.id}}"
-    client_secret:  "{{oidc.client.secret}}"
+    idp_name:       "{{ oidc.button_text }}"
+    issuer:         "{{ oidc.client.issuer_url }}"
+    client_id:      "{{ oidc.client.id }}"
+    client_secret:  "{{ oidc.client.secret }}"
    scopes: ["openid", "profile"]
    user_mapping_provider:
      config:
@@ -62,9 +62,9 @@ oidc_providers:
    backchannel_logout_enabled: true
 {% endif %}

-{% if bridges | bool %}
+{% if MATRIX_BRIDGES | bool %}
 app_service_config_files:
-{% for item in bridges %}
-  - {{registration_file_folder}}{{item.bridge_name}}.registration.yaml
+{% for item in MATRIX_BRIDGES %}
+  - {{ MATRIX_REGISTRATION_FILE_FOLDER }}{{ item.bridge_name }}.registration.yaml
 {% endfor %}
 {% endif %}
--- a/roles/web-app-matrix/templates/synapse/log.config.j2
+++ b/roles/web-app-matrix/templates/synapse/log.config.j2
@@ -8,7 +8,7 @@ handlers:
  file:
    class: logging.handlers.RotatingFileHandler
    formatter: precise
-    filename: /data/{{domains[application_id].synapse}}.homeserver.log
+    filename: /data/{{ MATRIX_SYNAPSE_DOMAIN }}.homeserver.log
    maxBytes: 10485760
    backupCount: 3
  console:
--- a/roles/web-app-matrix/templates/well-known.j2
+++ b/roles/web-app-matrix/templates/well-known.j2
@@ -1,3 +1,3 @@
 {
-    "m.server": "{{domains[application_id].synapse}}:{{ WEB_PORT }}"
+    "m.server": "{{ MATRIX_SYNAPSE_DOMAIN }}:{{ WEB_PORT }}"
 }