feat(matrix+synapse): Add new SaaS roles + multiple improvements#89
Merged
Conversation
- Add nomad-driver-exec2 package installation - Configure exec2.hcl plugin directory - Add plugin_dir to nomad.hcl template - Disable drain on shutdown (force and ignore_system_jobs) - Make ExecStop conditional in override.conf.j2
- Change from bitnami/postgresql to postgres official image - Update backup script to use /bin/pg_dumpall instead of bitnami path - Update restore script to use /bin/psql - Create /var/run/postgresql directory (owner 999:999, mode 3775) - Create /var/backup directory for backups - Mount /var/run/postgresql volume in nomad.hcl - Add host_network = "public" for network exposure - Update volumes path to use var/lib/postgresql structure
- Simplify download task: direct path to binary instead of find-binary loop - Remove include_role for upstream/find-binary (no longer needed) - Add minio-client (mc) package to Dockerfile - Add host_network = "public" to nomad.hcl - Fix traefik_tag template indentation
- Change GF_INSTALL_PLUGINS to GF_PLUGINS_PREINSTALL (correct env var) - Comment out llm.yaml plugin configuration (not needed)
Add coturn role: - TURN/STUN server for Matrix media relay - Auto-generated turn_shared_secret - Configurable relay port range (49152-49252) - README with firewall rules documentation Add synapse role: - Matrix homeserver deployment - Auto-generated secrets (registration, macaroon, form) - Integration with PostgreSQL, Redis, TURN - User management documentation Add synapse_admin role: - Synapse Admin UI for user management - Docker-based deployment Add element_web role: - Web client for Matrix - Configurable server connection Add matrix_migrate role: - Migration tools for Matrix data - Python-based migration script All roles include: - backup/restore/destroy tasks - Nomad job templates - Upstream variables
PaaS changes: - Add ufw_blocklist_enabled and ufw_blocklist_url - Remove ufw_packages array - Disable fail2ban_ratelimit_enabled - Update nomad_client_drain_on_shutdown_force/ignore_system_jobs to false - Update nomad_leave_on_terminate/interrupt to false SaaS changes: - Add coturn role (empty config) - Add element_web role (empty config) - Add matrix_migrate role (empty config) - Add synapse role (empty config) - Add synapse_admin role (empty config)
- Set fail2ban_ratelimit_enabled to false (was true) - Prevents false positives on high-traffic servers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.