HUGE REFACTORING; Implementing ldap networks, new port mappings, heal script optimizing etc.

2025-08-29 15:06:26 +02:00 · 2025-01-30 15:04:23 +01:00
parent 61890dcf1f
commit 4c0aba2eea
79 changed files with 294 additions and 335 deletions
--- a/roles/docker-matrix-compose/tasks/main.yml
+++ b/roles/docker-matrix-compose/tasks/main.yml
@@ -5,8 +5,8 @@
 - name: "include task certbot-matomo.yml"
  include_tasks: certbot-matomo.yml
  vars:
-    domain:     "{{synapse_domain}}"
-    http_port:  "{{synapse_http_port}}"
+    domain:     "{{domains.matrix_synapse}}"
+    http_port:  "{{ports.localhost.http_port[matrix_synapse]}}"

 - name: create {{well_known_directory}}
  file:
@@ -19,20 +19,20 @@
    src:  "well-known.j2" 
    dest: "{{well_known_directory}}server"

- name: create {{synapse_domain}}.conf
+- name: create {{domains.matrix_synapse}}.conf
  template: 
    src:  "templates/nginx.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{synapse_domain}}.conf"
+    dest: "{{nginx_servers_directory}}{{domains.matrix_synapse}}.conf"
  vars:
-    domain:     "{{synapse_domain}}"
-    http_port:  "{{synapse_http_port}}"
+    domain:     "{{domains.matrix_synapse}}"
+    http_port:  "{{ports.localhost.http_port[matrix_synapse]}}"
  notify: restart nginx
        
 - name: "include tasks nginx-docker-proxy-domain.yml for element"
  include_tasks: nginx-docker-proxy-domain.yml
  vars:        
-    domain:     "{{element_domain}}"
-    http_port:  "{{element_http_port}}"
+    domain:     "{{domains.matrix_element}}"
+    http_port:  "{{ports.localhost.http_port[matrix_element]}}"

 - name: include create-and-seed-database.yml for multiple bridges
  include_tasks: create-and-seed-database.yml
@@ -45,7 +45,7 @@
 # The following taks are necessary because a clean setup is necessary
 - name: shut down docker compose project 
  command:
-    cmd: docker-compose -p "{{docker_compose_project_name}}" down
+    cmd: docker-compose -p "{{application_id}}" down
    chdir: "{{ docker_compose_instance_directory }}"

 - name: "cleanup project folder"
@@ -82,13 +82,13 @@
 - name: add synapse log configuration
  template: 
    src:  "synapse/log.config.j2" 
-    dest: "{{docker_compose_instance_directory}}{{synapse_domain}}.log.config"
+    dest: "{{docker_compose_instance_directory}}{{domains.matrix_synapse}}.log.config"
  notify: docker compose project setup

 # https://github.com/matrix-org/synapse/issues/6303
 - name: set correct folder permissions
  command:
-    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{synapse_domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
+    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix_synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"

 - name: add docker-compose.yml
  template: 
@@ -100,13 +100,13 @@
 # @todo This should be moved to update-docker
 - name: docker compose pull
  command:
-    cmd: docker-compose -p "{{docker_compose_project_name}}" pull
+    cmd: docker-compose -p "{{application_id}}" pull
    chdir: "{{docker_compose_instance_directory}}"
  when: mode_update | bool

 - name: docker compose project setup
  command:
-    cmd: docker-compose -p "{{docker_compose_project_name}}" up -d
+    cmd: docker-compose -p "{{application_id}}" up -d
    chdir: "{{docker_compose_instance_directory}}"
  environment:
    COMPOSE_HTTP_TIMEOUT:   600
--- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2
+++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2
@@ -11,15 +11,15 @@ services:
    volumes:
      - synapse_data:/data
      - ./homeserver.yaml:/data/homeserver.yaml:ro
-      - ./{{synapse_domain}}.log.config:/data/{{synapse_domain}}.log.config:ro
+      - ./{{domains.matrix_synapse}}.log.config:/data/{{domains.matrix_synapse}}.log.config:ro
 {% for item in bridges %}
      - {{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}/registration.yaml:{{registration_file_folder}}{{item.bridge_name}}.registration.yaml:ro
 {% endfor %}
    environment:
-      - SYNAPSE_SERVER_NAME={{synapse_domain}}
+      - SYNAPSE_SERVER_NAME={{domains.matrix_synapse}}
      - SYNAPSE_REPORT_STATS=no
    ports:
-      - "127.0.0.1:{{synapse_http_port}}:8008"
+      - "127.0.0.1:{{ports.localhost.http_port[matrix_synapse]}}:8008"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8008/"]
      interval: 1m
@@ -39,7 +39,7 @@ services:
    volumes:
      - ./element-config.json:/app/config.json
    ports:
-      - "127.0.0.1:{{element_http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http_port[matrix_element]}}:80"
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"]
      interval: 1m
@@ -89,7 +89,7 @@ services:
 #      KEYV_URL: ''
 #      KEYV_BOT_ENCRYPTION: 'false'
 #      KEYV_BOT_STORAGE: 'true'
-#      MATRIX_HOMESERVER_URL: 'https://{{synapse_domain}}'
+#      MATRIX_HOMESERVER_URL: 'https://{{domains.matrix_synapse}}'
 #      MATRIX_BOT_USERNAME: '@chatgptbot:{{matrix_server_name}}'
 #      MATRIX_ACCESS_TOKEN: '{{ matrix_chatgpt_bridge_access_token | default('') }}'
 #      MATRIX_BOT_PASSWORD: '{{matrix_chatgpt_bridge_user_password}}'
--- a/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2
@@ -143,7 +143,7 @@ bridge:
    sync_direct_chat_list: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{matrix_server_name}}: {{synapse_domain}}
+        {{matrix_server_name}}: {{domains.matrix_synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2
@@ -134,7 +134,7 @@ bridge:
    double_puppet_allow_discovery: false
    # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
    double_puppet_server_map:
-        {{matrix_server_name}}: https://{{synapse_domain}}
+        {{matrix_server_name}}: https://{{domains.matrix_synapse}}
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
--- a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
@@ -141,7 +141,7 @@ bridge:
    federate_rooms: true
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{matrix_server_name}}: https://{{synapse_domain}}
+        {{matrix_server_name}}: https://{{domains.matrix_synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
@@ -118,7 +118,7 @@ bridge:

    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{matrix_server_name}}: https://{{synapse_domain}}
+        {{matrix_server_name}}: https://{{domains.matrix_synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
@@ -198,7 +198,7 @@ bridge:
    sync_direct_chat_list: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{matrix_server_name}}: https://{{synapse_domain}}
+        {{matrix_server_name}}: https://{{domains.matrix_synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
+++ b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
@@ -236,7 +236,7 @@ bridge:
    force_active_delivery_receipts: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{matrix_server_name}}: https://{{synapse_domain}}
+        {{matrix_server_name}}: https://{{domains.matrix_synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
@@ -24,8 +24,8 @@ report_stats:                   true
 macaroon_secret_key:            "{{matrix_macaroon_secret_key}}"
 form_secret:                    "{{matrix_form_secret}}"
 signing_key_path:               "/data/{{domains.matrix_synapse}}.signing.key"
-web_client_location:            "https://{{element_domain}}"
-public_baseurl:                 "https://{{synapse_domain}}"
+web_client_location:            "https://{{domains.matrix_element}}"
+public_baseurl:                 "https://{{domains.matrix_synapse}}"
 trusted_key_servers:
  - server_name: "matrix.org"
 admin_contact: 'mailto:{{administrator_email}}'
@@ -39,7 +39,7 @@ email:
  #require_transport_security:   true
  enable_tls:                   "{{ system_email.tls | upper }}"
  notif_from:                   "Your Friendly %(app)s homeserver <{{system_email.from}}>"
-  app_name:                     "Matrix on {{synapse_domain}}"
+  app_name:                     "Matrix on {{domains.matrix_synapse}}"
  enable_notifs:                true
  notif_for_new_users:          false
  client_base_url:              "{{domains.matrix_synapse}}"
--- a/roles/docker-matrix-compose/templates/synapse/log.config.j2
+++ b/roles/docker-matrix-compose/templates/synapse/log.config.j2
@@ -8,7 +8,7 @@ handlers:
  file:
    class: logging.handlers.RotatingFileHandler
    formatter: precise
-    filename: /data/{{synapse_domain}}.homeserver.log
+    filename: /data/{{domains.matrix_synapse}}.homeserver.log
    maxBytes: 10485760
    backupCount: 3
  console:
--- a/roles/docker-matrix-compose/templates/well-known.j2
+++ b/roles/docker-matrix-compose/templates/well-known.j2
@@ -1,3 +1,3 @@
 {
-    "m.server": "{{synapse_domain}}:443"
+    "m.server": "{{domains.matrix_synapse}}:443"
 }
--- a/roles/docker-matrix-compose/vars/main.yml
+++ b/roles/docker-matrix-compose/vars/main.yml
@@ -1,9 +1,9 @@
 ---
-docker_compose_project_name:  	      "matrix"
-database_password:  	                "{{matrix_database_password}}"
-database_type:                        "postgres"
-registration_file_folder:             "/data/"
-well_known_directory:                 "{{nginx_well_known_root}}/matrix/"
+application_id:  	        "matrix"
+database_password:  	    "{{matrix_database_password}}"
+database_type:            "postgres"
+registration_file_folder: "/data/"
+well_known_directory:     "{{nginx_well_known_root}}/matrix/"

 bridges:
  - database_password: "{{ mautrix_whatsapp_bridge_database_password }}"