diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md index 1ab6950a..87ea228a 100644 --- a/docs/configuring-awx-system.md +++ b/docs/configuring-awx-system.md @@ -31,9 +31,9 @@ Updates to this section are trailed here: ## Does I need an AWX setup to use this? How do I configure it? -Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation.md). +Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation_AWX.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_AWX.md). -For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal.md). +For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal_AWX.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal_AWX.md). ## Does I need a front-end WordPress site? And a DigitalOcean account? diff --git a/roles/matrix-awx/surveys/configure_email_relay.json.j2 b/roles/matrix-awx/surveys/configure_email_relay.json.j2 new file mode 100644 index 00000000..65c21a94 --- /dev/null +++ b/roles/matrix-awx/surveys/configure_email_relay.json.j2 @@ -0,0 +1,19 @@ +{ + "name": "Configure Email Relay", + "description": "Enable MailGun relay to increase verification email reliability.", + "spec": [ + { + "question_name": "Enable Email Relay", + "question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.", + "required": false, + "min": null, + "max": null, + "default": "{{ matrix_mailer_relay_use | string | lower }}", + "choices": "true\nfalse", + "new_question": true, + "variable": "matrix_mailer_relay_use", + "type": "multiplechoice" + } + ] +} + diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 654cdf62..beee918e 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -98,6 +98,15 @@ tags: - setup-client-element +# Additional playbook to set the variable file during Mailer configuration +- include_tasks: + file: "set_variables_mailer.yml" + apply: + tags: setup-mailer + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - setup-mailer + # Additional playbook to set the variable file during Element configuration - include_tasks: file: "set_variables_element_subdomain.yml" diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml new file mode 100644 index 00000000..924454d6 --- /dev/null +++ b/roles/matrix-awx/tasks/set_variables_mailer.yml @@ -0,0 +1,50 @@ + +- name: Record Mailer variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Email Settings Start' + with_dict: + 'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}' + +- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2' + dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' + +- name: Copy new 'Configure Email Relay' survey.json to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' + dest: '/matrix/awx/configure_email_relay.json' + mode: '0660' + +- name: Collect AWX admin token the hard way! + delegate_to: 127.0.0.1 + shell: | + curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' + register: tower_token + no_log: True + +- name: Recreate 'Configure Email Relay' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Email Relay" + description: "Enable MailGun relay to increase verification email reliability." + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" + job_type: run + job_tags: "start,setup-mailer" + inventory: "{{ member_id }}" + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + credential: "{{ member_id }} - AWX SSH Key" + survey_enabled: true + survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" + become_enabled: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index f7a3059e..12e62b8c 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.1.53 +matrix_client_hydrogen_version: v0.1.56 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 89d01bd0..bf2fcac6 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.34.0 -matrix_synapse_version_arm64: v1.34.0 +matrix_synapse_version: v1.35.1 +matrix_synapse_version_arm64: v1.35.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index aa07ae5b..734a7e90 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -705,33 +705,6 @@ acme: # #account_key_file: /data/acme_account.key -# List of allowed TLS fingerprints for this server to publish along -# with the signing keys for this server. Other matrix servers that -# make HTTPS requests to this server will check that the TLS -# certificates returned by this server match one of the fingerprints. -# -# Synapse automatically adds the fingerprint of its own certificate -# to the list. So if federation traffic is handled directly by synapse -# then no modification to the list is required. -# -# If synapse is run behind a load balancer that handles the TLS then it -# will be necessary to add the fingerprints of the certificates used by -# the loadbalancers to this list if they are different to the one -# synapse is using. -# -# Homeservers are permitted to cache the list of TLS fingerprints -# returned in the key responses up to the "valid_until_ts" returned in -# key. It may be necessary to publish the fingerprints of a new -# certificate and wait until the "valid_until_ts" of the previous key -# responses have passed before deploying it. -# -# You can calculate a fingerprint from a given TLS listener via: -# openssl s_client -connect $host:$port < /dev/null 2> /dev/null | -# openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '=' -# or by checking matrix.org/federationtester/api/report?server_name=$host -# -#tls_fingerprints: [{"sha256": ""}] - ## Federation ## @@ -2904,7 +2877,8 @@ opentracing: #enabled: true # The list of homeservers we wish to send and receive span contexts and span baggage. - # See docs/opentracing.rst + # See docs/opentracing.rst. + # # This is a list of regexes which are matched against the server_name of the # homeserver. # @@ -2913,19 +2887,26 @@ opentracing: #homeserver_whitelist: # - ".*" + # A list of the matrix IDs of users whose requests will always be traced, + # even if the tracing system would otherwise drop the traces due to + # probabilistic sampling. + # + # By default, the list is empty. + # + #force_tracing_for_users: + # - "@user1:server_name" + # - "@user2:server_name" + # Jaeger can be configured to sample traces at different rates. # All configuration options provided by Jaeger can be set here. - # Jaeger's configuration mostly related to trace sampling which + # Jaeger's configuration is mostly related to trace sampling which # is documented here: - # https://www.jaegertracing.io/docs/1.13/sampling/. + # https://www.jaegertracing.io/docs/latest/sampling/. # #jaeger_config: # sampler: # type: const # param: 1 - - # Logging whether spans were started and reported - # # logging: # false @@ -2995,4 +2976,20 @@ redis: # password: {{ matrix_synapse_redis_password }} + +# Enable experimental features in Synapse. +# +# Experimental features might break or be removed without a deprecation +# period. +# +experimental_features: + # Support for Spaces (MSC1772), it enables the following: + # + # * The Spaces Summary API (MSC2946). + # * Restricting room membership based on space membership (MSC3083). + # + # Uncomment to disable support for Spaces. + #spaces_enabled: false + + # vim:ft=yaml