Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ The deployment provisions the following services:
- **Element Web** – web interface for chat.
- **Element Call** – WebRTC calling client.
- **Keycloak** – optional SSO provider.
- **Nginx** – reverse proxy providing friendly URLs for the services.

Server-side services (Synapse, PostgreSQL, Coturn) run inside a single container. Client-facing services (Element Web and Element Call) run in a separate container. Both containers are managed by Podman in rootless mode.

Expand Down Expand Up @@ -43,6 +44,28 @@ Most variables have sensible defaults. Wherever possible, credentials (such as P

The playbook supports running on the local machine or targeting a remote server via SSH. Because containers are rootless, the same playbook can be executed under a normal user account or a dedicated service account.

## Usage and Administration

After deployment, an Nginx reverse proxy listens on port `80` and routes
requests to each service:

- `http://<host>/` → Element Web
- `http://<host>/call/` → Element Call
- `http://<host>/synapse/` → Synapse
- `http://<host>/keycloak/` → Keycloak

Open these firewall ports on the host:

- `80/tcp` for the Nginx proxy
- `3478/udp` for Coturn
- Optionally `8008/tcp`, `8080/tcp`, `8081/tcp` and `5082/tcp` for direct access
to individual containers.

Administrative endpoints include the Synapse admin API at
`/synapse/_synapse/admin` and the Keycloak console at `/keycloak/` using the
default `admin` credentials. Element Web and Element Call require no additional
administration.

## Linting and Tests

This project uses `ansible-lint` and `ansible-playbook --syntax-check` to validate playbooks. Continuous integration will run these checks automatically. When making documentation‑only changes, testing is optional.
Expand Down
35 changes: 35 additions & 0 deletions deploymatrix.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
element_web_image: docker.io/vectorim/element-web:latest
element_call_image: docker.io/elementcall/element-call:latest
keycloak_image: docker.io/bitnami/keycloak:latest
nginx_image: docker.io/library/nginx:latest
tasks:
- name: Ensure Podman is installed
ansible.builtin.package:
Expand All @@ -28,6 +29,7 @@
- postgres_data:/var/lib/postgresql/data
when: not ansible_check_mode


- name: Run Synapse container
containers.podman.podman_container:
name: synapse
Expand Down Expand Up @@ -80,3 +82,36 @@
ports:
- "8081:8080"
when: not ansible_check_mode

- name: Create Nginx configuration
ansible.builtin.copy:
dest: "{{ ansible_env.HOME }}/nginx.conf"
mode: '0644'
content: |
server {
listen 80;
location / {
proxy_pass http://localhost:8080;
}
location /call/ {
proxy_pass http://localhost:5082/;
}
location /synapse/ {
proxy_pass http://localhost:8008/;
}
location /keycloak/ {
proxy_pass http://localhost:8081/;
}
}
when: not ansible_check_mode

- name: Run Nginx container
containers.podman.podman_container:
name: nginx
image: "{{ nginx_image }}"
state: started
ports:
- "80:80"
volumes:
- "{{ ansible_env.HOME }}/nginx.conf:/etc/nginx/conf.d/default.conf:ro"
when: not ansible_check_mode