Fix stuff and add Podman/Fedora support (#986 rebase)

.gitignore

@@ -5,3 +5,4 @@
 /roles/*/files/scratchpad
 .DS_Store
 .python-version
+.ansible-retry

ansible.cfg

@@ -1,6 +1,7 @@
 [defaults]
-retry_files_enabled = False
+retry_files_enabled = True
 stdout_callback = yaml
+retry_files_save_path = ./.ansible-retry
 
 [connection]
 pipelining = True

docs/configuring-playbook-bridge-mautrix-signal.md

@@ -10,6 +10,7 @@ Use the following playbook configuration:
 
 ```yaml
 matrix_mautrix_signal_enabled: true
+matrix_mautrix_signal_admins: {"@YOUR_USER:YOUR_DOMAIN": "admin"}
 ```
 
 ## Set up Double Puppeting

group_vars/matrix_servers

@@ -348,6 +348,8 @@ matrix_mautrix_instagram_database_password: "{{ matrix_synapse_macaroon_secret_k
 # We don't enable bridges by default.
 matrix_mautrix_signal_enabled: false
 
+matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
 matrix_mautrix_signal_systemd_required_services_list: |
   {{
     ['docker.service']
@@ -433,6 +435,8 @@ matrix_mautrix_telegram_database_password: "{{ matrix_synapse_macaroon_secret_ke
 # We don't enable bridges by default.
 matrix_mautrix_whatsapp_enabled: false
 
+matrix_mautrix_whatsapp_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
 matrix_mautrix_whatsapp_systemd_required_services_list: |
   {{
     ['docker.service']
@@ -1013,6 +1017,7 @@ matrix_etherpad_database_password: "{{ matrix_synapse_macaroon_secret_key | pass
 ######################################################################
 
 matrix_dynamic_dns_enabled: false
+matrix_dynamic_dns_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
 
 ######################################################################
 #
@@ -1325,7 +1330,7 @@ matrix_postgres_architecture: "{{ matrix_architecture }}"
 # and tell users they need to set it (either here or in those variables).
 matrix_postgres_connection_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
 
-matrix_postgres_pgloader_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
+matrix_postgres_pgloader_container_image_self_build: false
 
 matrix_postgres_additional_databases: |
   {{

roles/matrix-base/defaults/main.yml

@@ -137,7 +137,7 @@ matrix_well_known_matrix_server_enabled: true
 matrix_docker_installation_enabled: true
 
 # Controls the Docker package that is installed.
-# Possible values are "docker-ce" (default) and "docker.io" (Debian).
+# Possible values are "docker-ce" (default), "docker.io" (Debian) and "podman-docker" (Fedora)
 matrix_docker_package_name: docker-ce
 
 # Variables to Control which parts of our roles run.

roles/matrix-base/tasks/server_base/setup.yml

@@ -3,6 +3,9 @@
 - include_tasks: "{{ role_path }}/tasks/server_base/setup_centos.yml"
   when: ansible_distribution == 'CentOS'
 
+- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
+  when: ansible_distribution == 'Fedora'
+
 - block:
   # ansible_lsb is only available if lsb-release is installed.
   - name: Ensure lsb-release installed
@@ -27,6 +30,18 @@
 - include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
   when: ansible_distribution == 'Archlinux'
 
+- name: Ensure Docker.service is available
+  template:
+    src: "{{ role_path }}/templates/systemd/docker.service"
+    dest: "{{ matrix_systemd_path }}/docker.service"
+    mode: 0644
+  register: matrix_docker_systemd_service_result
+
+- name: Ensure systemd reloaded after docker.service installation
+  service:
+    daemon_reload: yes
+  when: "matrix_docker_systemd_service_result.changed|bool"
+
 - name: Ensure Docker is started and autoruns
   service:
     name: docker
@@ -38,3 +53,9 @@
     name: "{{ matrix_ntpd_service }}"
     state: started
     enabled: yes
+
+- name: Ensure matrix.target is installed
+  template:
+    src: "{{ role_path }}/templates/systemd/matrix.target"
+    dest: "{{ matrix_systemd_path }}/matrix.target"
+    mode: 0644

roles/matrix-base/tasks/server_base/setup_archlinux.yml

@@ -8,6 +8,7 @@
       # TODO This needs to be verified. Which version do we need?
       - fuse3
       - python-dnspython
+      - git
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/server_base/setup_centos.yml

@@ -22,6 +22,7 @@
     name:
       - "{{ matrix_ntpd_package }}"
       - fuse
+      - git
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/server_base/setup_debian.yml

@@ -37,6 +37,7 @@
     name:
       - "{{ matrix_ntpd_package }}"
       - fuse
+      - git
     state: latest
     update_cache: yes
 

roles/matrix-base/tasks/server_base/setup_fedora.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Ensure dnf packages are installed
+  yum:
+    name:
+      - "{{ matrix_ntpd_package }}"
+      - fuse
+      - git
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  yum:
+    name:
+      - "{{ matrix_docker_package_name }}"
+    state: latest
+  when: matrix_docker_installation_enabled|bool
+
+- name: Ensure Docker python library is installed
+  pip:
+    name: docker

roles/matrix-base/tasks/server_base/setup_raspbian.yml

@@ -30,6 +30,7 @@
     name:
       - "{{ matrix_ntpd_package }}"
       - fuse
+      - git
     state: latest
     update_cache: yes
 

roles/matrix-base/templates/systemd/docker.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Start Podman Docker link
+
+[Service]
+Restart=on-failure
+TimeoutStopSec=70
+ExecStart={{ matrix_host_command_docker }} system service --time 0
+Type=simple
+

roles/matrix-base/templates/systemd/matrix.target

@@ -0,0 +1,5 @@
+[Unit]
+Description=Start all Matrix-related services
+
+[Install]
+WantedBy=multi-user.target

roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2

@@ -9,11 +9,12 @@ After={{ service }}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
+PartOf=matrix.target
 
 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
-ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-bot-go-neb 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
 
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
@@ -39,11 +40,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
 			{{ matrix_bot_go_neb_docker_image }} \
 			-c "go-neb /config/config.yaml"
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-bot-go-neb 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-go-neb
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=matrix.target
+

roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2

@@ -9,11 +9,12 @@ After={{ service }}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
+PartOf=matrix.target
 
 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
-ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-bot-matrix-reminder-bot 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
 
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \
@@ -32,11 +33,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem
 			{{ matrix_bot_matrix_reminder_bot_docker_image }} \
 			-c "matrix-reminder-bot /config/config.yaml"
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-bot-matrix-reminder-bot 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-matrix-reminder-bot
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=matrix.target
+

roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2

@@ -9,11 +9,12 @@ After={{ service }}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
+PartOf=matrix.target
 
 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
-ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-bot-mjolnir 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
 
 # Intentional delay, so that the homeserver (we likely depend on) can manage to start.
@@ -32,11 +33,11 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \
 			{% endfor %}
 			{{ matrix_bot_mjolnir_docker_image }}
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-bot-mjolnir 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-bot-mjolnir
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=matrix.target

roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2

@@ -9,16 +9,14 @@ After={{ service }}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
+PartOf=matrix.target
 
 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
-ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-appservice-discord 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
 
-# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
-ExecStartPre={{ matrix_host_command_sleep }} 5
-
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -35,11 +33,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis
 			{{ matrix_appservice_discord_docker_image }} \
 			node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-appservice-discord 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-discord
 
- [Install]
-WantedBy=multi-user.target
+[Install]
+WantedBy=matrix.target
+

roles/matrix-bridge-appservice-irc/defaults/main.yml

@@ -3,7 +3,6 @@
 
 matrix_appservice_irc_enabled: true
 
-matrix_appservice_irc_container_self_build: false
 matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
 matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
 

roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2

@@ -9,16 +9,14 @@ After={{ service }}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
+PartOf=matrix.target
 
 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
-ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-appservice-irc 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
 
-# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
-ExecStartPre={{ matrix_host_command_sleep }} 5
-
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -36,11 +34,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc
 			{{ matrix_appservice_irc_docker_image }} \
 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-appservice-irc 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-irc
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=matrix.target
+

roles/matrix-bridge-appservice-slack/defaults/main.yml

@@ -3,7 +3,6 @@
 
 matrix_appservice_slack_enabled: true
 
-matrix_appservice_slack_container_self_build: false
 matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
 matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
 

roles/matrix-bridge-appservice-slack/tasks/init.yml

@@ -54,7 +54,7 @@
         location {{ matrix_appservice_slack_public_endpoint }} {
         {% if matrix_nginx_proxy_enabled|default(False) %}
         	{# Use the embedded DNS resolver in Docker containers to discover the service #}
-        	resolver 127.0.0.11 valid=5s;
+        	resolver {{ matrix_docker_dns_resolver_ip }} valid=5s;
         	set $backend "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_slack_port }}";
         	proxy_pass $backend;
         {% else %}

roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2

@@ -9,16 +9,14 @@ After={{ service }}
 Wants={{ service }}
 {% endfor %}
 DefaultDependencies=no
+PartOf=matrix.target
 
 [Service]
 Type=simple
 Environment="HOME={{ matrix_systemd_unit_home_path }}"
-ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
+ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-appservice-slack 2>/dev/null'
 ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
 
-# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
-ExecStartPre={{ matrix_host_command_sleep }} 5
-
 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -35,11 +33,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla
 			{{ matrix_appservice_slack_docker_image }} \
 			node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
 
-ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
+ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-appservice-slack 2>/dev/null'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
 Restart=always
 RestartSec=30
 SyslogIdentifier=matrix-appservice-slack
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=matrix.target
+

roles/matrix-bridge-appservice-webhooks/tasks/init.yml

@@ -47,7 +47,7 @@
         {% if matrix_nginx_proxy_enabled|default(False) %}
         {# Use the embedded DNS resolver in Docker containers to discover the service #}
         location ~ ^{{ matrix_appservice_webhooks_public_endpoint }}/(.*)$ {
-          resolver 127.0.0.11 valid=5s;
+          resolver {{ matrix_docker_dns_resolver_ip }} valid=5s;
           set $backend "matrix-appservice-webhooks:{{ matrix_appservice_webhooks_matrix_port }}";
           proxy_pass http://$backend/$1;
         }