From 69ca30d1b1347ae222d3b77c5470702a416fcfc2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 14 Jan 2024 11:57:51 +0200 Subject: [PATCH] Add support for the internal Traefik entrypoint to matrix-media-repo --- group_vars/matrix_servers | 8 +++---- .../matrix-media-repo/defaults/main.yml | 7 ++++++ .../tasks/validate_config.yml | 1 + .../templates/media-repo/labels.j2 | 23 +++++++++++++++++++ 4 files changed, 34 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2cff98357..04abf0427 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3263,6 +3263,9 @@ matrix_media_repo_container_labels_traefik_docker_network: "{{ matrix_playbook_r matrix_media_repo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_media_repo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +matrix_media_repo_container_labels_traefik_internal_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" +matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" + matrix_media_repo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_media_repo_database_username: matrix_media_repo matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}" @@ -4844,11 +4847,6 @@ matrix_dendrite_container_labels_public_federation_api_traefik_entrypoints: "{{ matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}" matrix_dendrite_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}" -matrix_dendrite_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" -matrix_dendrite_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" - -matrix_dendrite_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" - matrix_dendrite_metrics_enabled: "{{ prometheus_enabled }}" matrix_dendrite_metrics_proxying_enabled: "{{ matrix_dendrite_metrics_enabled and matrix_metrics_exposure_enabled }}" diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index a1925f5e8..d62037603 100755 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -71,6 +71,13 @@ matrix_media_repo_container_labels_traefik_media_entrypoints: web-secure matrix_media_repo_container_labels_traefik_media_tls: "{{ matrix_media_repo_container_labels_traefik_media_entrypoints != 'web' }}" matrix_media_repo_container_labels_traefik_media_tls_certResolver: default # noqa var-naming +# This is like `matrix_media_repo_container_labels_traefik_media_*`, but on an internal Traefik entrypoint. +matrix_media_repo_container_labels_traefik_internal_media_enabled: false +matrix_media_repo_container_labels_traefik_internal_media_path_prefix: "{{ matrix_media_repo_container_labels_traefik_media_path_prefix }}" +matrix_media_repo_container_labels_traefik_internal_media_rule: "PathPrefix(`{{ matrix_media_repo_container_labels_traefik_internal_media_path_prefix | quote }}`)" +matrix_media_repo_container_labels_traefik_internal_media_priority: "{{ matrix_media_repo_container_labels_traefik_media_priority }}" +matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "" + # /_matrix/client/r0/logout # /_matrix/client/r0/logout/all matrix_media_repo_container_labels_traefik_logout_path_prefix: "/_matrix/client/{version:(r0|v1|v3|unstable)}/{endpoint:(logout|logout/all)}" diff --git a/roles/custom/matrix-media-repo/tasks/validate_config.yml b/roles/custom/matrix-media-repo/tasks/validate_config.yml index 7ee39ccc2..2f31ba03c 100644 --- a/roles/custom/matrix-media-repo/tasks/validate_config.yml +++ b/roles/custom/matrix-media-repo/tasks/validate_config.yml @@ -7,6 +7,7 @@ when: "item.when | bool and vars[item.name] == ''" with_items: - {'name': 'matrix_media_repo_database_hostname', when: true} + - {'name': 'matrix_media_repo_container_labels_traefik_internal_media_entrypoints', when: "{{ matrix_media_repo_container_labels_traefik_internal_media_enabled }}"} - name: (Deprecation) Catch and report renamed matrix-media-repo settings ansible.builtin.fail: diff --git a/roles/custom/matrix-media-repo/templates/media-repo/labels.j2 b/roles/custom/matrix-media-repo/templates/media-repo/labels.j2 index 6014d1906..effc9dad0 100755 --- a/roles/custom/matrix-media-repo/templates/media-repo/labels.j2 +++ b/roles/custom/matrix-media-repo/templates/media-repo/labels.j2 @@ -45,6 +45,29 @@ traefik.http.routers.matrix-media-repo-public-media.tls.certResolver={{ matrix_m #} +{# + Internal Media (/_matrix/media) +#} +{% if matrix_media_repo_container_labels_traefik_internal_media_enabled %} +traefik.http.routers.matrix-media-repo-internal-media.rule={{ matrix_media_repo_container_labels_traefik_internal_media_rule }} + +{% if matrix_media_repo_container_labels_traefik_internal_media_priority | int > 0 %} +traefik.http.routers.matrix-media-repo-internal-media.priority={{ matrix_media_repo_container_labels_traefik_internal_media_priority }} +{% endif %} + +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-media-repo-internal-media.middlewares={{ middlewares | join(',') }} +{% endif %} + +traefik.http.routers.matrix-media-repo-internal-media.service=matrix-media-repo +traefik.http.routers.matrix-media-repo-internal-media.entrypoints={{ matrix_media_repo_container_labels_traefik_internal_media_entrypoints }} + +{% endif %} +{# + /Internal Media (/_matrix/media) +#} + + {# Public Client Logout (/_matrix/client/r0/logout, /_matrix/client/r0/logout/all) #}