Merge branch 'master' into pub.solar

docs/configuring-dns.md

@@ -31,12 +31,12 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
 | Type  | Host                         | Priority | Weight | Port | Target                 |
 | ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
 | SRV   | `_matrix-identity._tcp`      | 10       | 0      | 443  | `matrix.<your-domain>` |
-| CNAME | `dimension` (*)              | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `jitsi` (*)                  | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `stats` (*)                  | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `goneb` (*)                  | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `sygnal` (*)                 | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `hydrogen` (*)               | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `dimension`                  | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `jitsi`                      | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `stats`                      | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `goneb`                      | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `sygnal`                     | -        | -      | -    | `matrix.<your-domain>` |
+| CNAME | `hydrogen`                   | -        | -      | -    | `matrix.<your-domain>` |
 
 ## Subdomains setup
 

docs/configuring-playbook-bridge-mx-puppet-discord.md

@@ -13,8 +13,6 @@ playbook configuration:
 
 ```yaml
 matrix_mx_puppet_discord_enabled: true
-matrix_mx_puppet_discord_client_id: ""
-matrix_mx_puppet_discord_client_secret: ""
 ```
 
 

docs/configuring-playbook-bridge-mx-puppet-groupme.md

@@ -11,8 +11,6 @@ playbook configuration:
 
 ```yaml
 matrix_mx_puppet_groupme_enabled: true
-matrix_mx_puppet_groupme_client_id: ""
-matrix_mx_puppet_groupme_client_secret: ""
 ```
 
 

docs/configuring-playbook-bridge-mx-puppet-slack.md

@@ -13,8 +13,6 @@ playbook configuration:
 
 ```yaml
 matrix_mx_puppet_slack_enabled: true
-matrix_mx_puppet_slack_client_id: ""
-matrix_mx_puppet_slack_client_secret: ""
 ```
 
 

docs/configuring-playbook-bridge-mx-puppet-steam.md

@@ -11,8 +11,6 @@ playbook configuration:
 
 ```yaml
 matrix_mx_puppet_steam_enabled: true
-matrix_mx_puppet_steam_client_id: ""
-matrix_mx_puppet_steam_client_secret: ""
 ```
 
 

roles/matrix-base/defaults/main.yml

@@ -80,8 +80,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
 matrix_host_command_systemctl: "/usr/bin/env systemctl"
 matrix_host_command_sh: "/usr/bin/env sh"
 
-matrix_ntpd_package: "ntp"
-matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
+matrix_ntpd_package: "{{ 'systemd-timesyncd' if ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' else 'ntp' }}"
+matrix_ntpd_service: "{{ 'systemd-timesyncd' if ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' else ('ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp') }}"
 
 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
 

roles/matrix-base/tasks/server_base/setup.yml

@@ -1,7 +1,10 @@
 ---
 
 - include_tasks: "{{ role_path }}/tasks/server_base/setup_centos.yml"
-  when: ansible_distribution == 'CentOS'
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version < '8'
+
+- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos8.yml"
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7'
 
 - block:
   # ansible_lsb is only available if lsb-release is installed.

roles/matrix-base/tasks/server_base/setup_centos8.yml

@@ -0,0 +1,47 @@
+---
+
+- name: Ensure Docker repository is enabled
+  template:
+    src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
+    dest: "/etc/yum.repos.d/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  with_items:
+    - docker-ce.repo
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker's RPM key is trusted
+  rpm_key:
+    state: present
+    key: https://download.docker.com/linux/centos/gpg
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure EPEL is installed
+  yum:
+    name:
+      - epel-release
+    state: latest
+    update_cache: yes
+
+- name: Ensure yum packages are installed
+  yum:
+    name:
+      - "{{ matrix_ntpd_package }}"
+      - fuse
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  yum:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - python3-pip
+    state: latest
+  when: matrix_docker_installation_enabled|bool
+
+- name: Ensure Docker-Py is installed
+  pip:
+    name: docker-py
+    state: latest
+  when: matrix_docker_installation_enabled|bool

roles/matrix-bridge-mx-puppet-discord/defaults/main.yml

@@ -27,9 +27,6 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url
 matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
 
-matrix_mx_puppet_discord_client_id: ''
-matrix_mx_puppet_discord_client_secret: ''
-
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone

roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml

@@ -27,9 +27,6 @@ matrix_mx_puppet_groupme_homeserver_address: "{{ matrix_homeserver_container_url
 matrix_mx_puppet_groupme_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_groupme_appservice_address: 'http://matrix-mx-puppet-groupme:{{ matrix_mx_puppet_groupme_appservice_port }}'
 
-matrix_mx_puppet_groupme_client_id: ''
-matrix_mx_puppet_groupme_client_secret: ''
-
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone

roles/matrix-bridge-mx-puppet-slack/defaults/main.yml

@@ -27,8 +27,6 @@ matrix_mx_puppet_slack_homeserver_address: "{{ matrix_homeserver_container_url }
 matrix_mx_puppet_slack_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_slack_appservice_address: 'http://matrix-mx-puppet-slack:{{ matrix_mx_puppet_slack_appservice_port }}'
 
-matrix_mx_puppet_slack_client_id: ''
-matrix_mx_puppet_slack_client_secret: ''
 matrix_mx_puppet_slack_redirect_path: '/slack/oauth'
 matrix_mx_puppet_slack_redirect_uri: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_slack_redirect_path }}'
 

roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2

@@ -18,10 +18,6 @@ bridge:
 # Slack OAuth settings. Create a slack app at https://api.slack.com/apps
 oauth:
   enabled: true
-  # Slack app credentials.
-  # N.B. This must be quoted so YAML wouldn't parse it as a float.
-  clientId: "{{ matrix_mx_puppet_slack_client_id }}"
-  clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
   # Path where to listen for OAuth redirect callbacks.
   redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
   # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,

roles/matrix-bridge-mx-puppet-steam/defaults/main.yml

@@ -27,9 +27,6 @@ matrix_mx_puppet_steam_homeserver_address: "{{ matrix_homeserver_container_url }
 matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}'
 
-matrix_mx_puppet_steam_client_id: ''
-matrix_mx_puppet_steam_client_secret: ''
-
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone

roles/matrix-client-element/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
 
-matrix_client_element_version: v1.7.30
+matrix_client_element_version: v1.7.31
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

roles/matrix-client-hydrogen/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.1.57
+matrix_client_hydrogen_version: v0.2.0
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/matrix-coturn/defaults/main.yml

@@ -2,10 +2,10 @@ matrix_coturn_enabled: true
 
 matrix_coturn_container_image_self_build: false
 matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
-matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r1"
+matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r2"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
 
-matrix_coturn_version: 4.5.2
+matrix_coturn_version: 4.5.2-r2
 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
 matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

roles/matrix-grafana/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.0.2
+matrix_grafana_version: 8.0.3
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

roles/matrix-mailer/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
 
-matrix_mailer_version: 4.94.2-r0-1
+matrix_mailer_version: 4.94.2-r0-2
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2

@@ -12,6 +12,7 @@
 	add_header X-Content-Type-Options nosniff;
 	add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
 	add_header X-Frame-Options SAMEORIGIN;
+	add_header Content-Security-Policy "frame-ancestors 'none'";
 
 	{% if matrix_nginx_proxy_floc_optout_enabled %}
 		add_header Permissions-Policy interest-cohort=() always;

roles/matrix-prometheus/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.27.1
+matrix_prometheus_version: v2.28.0
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 

roles/matrix-redis/templates/systemd/matrix-redis.service.j2

@@ -19,7 +19,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-redis \
 			{% if matrix_redis_container_redis_bind_port %}
 			-p {{ matrix_redis_container_redis_bind_port }}:6379 \
 			{% endif %}
-			-v {{ matrix_redis_base_path }}/redis.conf:/usr/local/etc/redis/redis.conf \
+			--mount type=bind,src={{ matrix_redis_base_path }}/redis.conf,dst=/usr/local/etc/redis/redis.conf,ro \
+			--mount type=bind,src={{ matrix_redis_data_path }},dst=/data \
 			{% for arg in matrix_redis_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}