pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2022-04-05 18:08:43 +02:00
parent 80f94fd344 db4b6efb5d
commit 12c7244203
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
37 changed files with 613 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -121,6 +121,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation
Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.

56
docs/configuring-playbook-backup-borg.md Normal file
View file

@ -0,0 +1,56 @@
# Setting up borg backup (optional)
The playbook can install and configure [borgbackup](https://www.borgbackup.org/) with [borgmatic](https://torsion.org/borgmatic/) for you.
BorgBackup is a deduplicating backup program with optional compression and encryption.
That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service.
The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day
## Prerequisites
1. Create ssh key on any machine:
```bash
ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix
```
2. Add public part of that ssh key to your borg provider / server:
```bash
# example to append the new PUBKEY contents, where:
# PUBKEY is path to the public key,
# USER is a ssh user on a provider / server
# HOST is a ssh host of a provider / server
cat PUBKEY | ssh USER@HOST 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
```
## Adjusting the playbook configuration
Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable borg backup:
```yaml
matrix_backup_borg_enabled: true
matrix_backup_borg_location_repositories:
- USER@HOST:REPO
matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE"
matrix_backup_borg_ssh_key_private: |
PRIVATE KEY
```
where:
* USER - ssh user of a provider / server
* HOST - ssh host of a provider / server
* REPO - borg repository name, it will be initialized on backup start, eg: `matrix`
* PASSPHRASE - super-secret borg passphrase, you may generate it with `pwgen -s 64 1` or use any password manager
* PRIVATE KEY - the content of the public part of the ssh key you created before
Check the `roles/matrix-backup-borg/defaults/main.yml` for the full list of available options
## Installing
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```

2
docs/configuring-playbook-prometheus-grafana.md
View file

@ -25,6 +25,8 @@ matrix_grafana_default_admin_password: "some_strong_password_chosen_by_you"
By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.<your-domain>`.
The retention policy of Prometheus metrics is [15 days by default](https://prometheus.io/docs/prometheus/latest/storage/#operational-aspects). Older data gets deleted automatically.
## What does it do?

2
docs/self-building.md
View file

@ -22,6 +22,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-dimension`
- `matrix-ma1sd`
- `matrix-mailer`
- `matrix-bridge-hookshot`
- `matrix-bridge-appservice-irc`
- `matrix-bridge-appservice-slack`
- `matrix-bridge-appservice-webhooks`
@ -33,6 +34,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-bridge-mautrix-signal`
- `matrix-bridge-mautrix-whatsapp`
- `matrix-bridge-mx-puppet-skype`
- `matrix-bridge-mx-puppet-steam`
- `matrix-bot-mjolnir`
- `matrix-bot-honoroit`
- `matrix-bot-matrix-reminder-bot`

39
group_vars/matrix_servers
View file

@ -671,6 +671,8 @@ matrix_heisenbridge_systemd_wanted_services_list: |
# We don't enable bridges by default.
matrix_hookshot_enabled: false
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}"
@ -908,7 +910,7 @@ matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_
# We don't enable bridges by default.
matrix_mx_puppet_steam_enabled: false
matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mx_puppet_steam_systemd_required_services_list: |
{{
@ -1093,6 +1095,27 @@ matrix_bot_mjolnir_systemd_required_services_list: |
#
######################################################################
######################################################################
#
# matrix-backup-borg
#
######################################################################
matrix_backup_borg_enabled: false
matrix_backup_borg_location_source_directories:
- "{{ matrix_base_data_path }}"
matrix_backup_borg_location_exclude_patterns: |
{{
{
'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"],
}[matrix_homeserver_implementation]
}}
######################################################################
#
# /matrix-backup-borg
#
######################################################################
######################################################################
#
@ -1592,15 +1615,11 @@ matrix_postgres_additional_databases: |
}] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
+
([{
'name': matrix_dendrite_naffka_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_appservice_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_federationsender_database,
'name': matrix_dendrite_federationapi_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
@ -1615,20 +1634,16 @@ matrix_postgres_additional_databases: |
'name': matrix_dendrite_room_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_singingkeyserver_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_syncapi_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_account_database,
'name': matrix_dendrite_userapi_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{
'name': matrix_dendrite_device_database,
'name': matrix_dendrite_pushserver_database,
'username': matrix_dendrite_database_user,
'password': matrix_dendrite_database_password,
},{

63
roles/matrix-backup-borg/defaults/main.yml Normal file
View file

@ -0,0 +1,63 @@
---
matrix_backup_borg_enabled: true
matrix_backup_borg_container_image_self_build: false
matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic"
matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src"
matrix_backup_borg_version: latest
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}"
matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config"
# A list of extra arguments to pass to the container
matrix_backup_borg_container_extra_arguments: []
# List of systemd services that matrix-backup-borg.service depends on
matrix_backup_borg_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-backup-borg.service wants
matrix_backup_borg_systemd_wanted_services_list: []
# systemd calendar configuration for backup job
matrix_backup_borg_schedule: "*-*-* 04:00:00"
# what directories should be added to backup
matrix_backup_borg_location_source_directories: []
# target repositories
matrix_backup_borg_location_repositories: []
# exclude following paths:
matrix_backup_borg_location_exclude_patterns: []
# borg encryption mode, only repokey-* is supported
matrix_backup_borg_encryption: repokey-blake2
# private ssh key used to connect to the borg repo
matrix_backup_borg_ssh_key_private: ""
# borg ssh command with ssh key
matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
# compression algorithm
matrix_backup_borg_storage_compression: lz4
# archive name format
matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}"
# repository passphrase
matrix_backup_borg_storage_encryption_passphrase: ""
# retention configuration
matrix_backup_borg_retention_keep_hourly: 0
matrix_backup_borg_retention_keep_daily: 7
matrix_backup_borg_retention_keep_weekly: 4
matrix_backup_borg_retention_keep_monthly: 12
matrix_backup_borg_retention_keep_yearly: 2
# retention prefix
matrix_backup_borg_retention_prefix: "matrix-"

4
roles/matrix-backup-borg/tasks/init.yml Normal file
View file

@ -0,0 +1,4 @@
---
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}"
when: matrix_backup_borg_enabled|bool

23
roles/matrix-backup-borg/tasks/main.yml Normal file
View file

@ -0,0 +1,23 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_backup_borg_enabled|bool"
tags:
- setup-all
- setup-backup-borg
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_backup_borg_enabled|bool"
tags:
- setup-all
- setup-backup-borg
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_backup_borg_enabled|bool"
tags:
- setup-all
- setup-backup-borg

97
roles/matrix-backup-borg/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,97 @@
---
- name: Ensure borg paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_backup_borg_config_path }}", when: true}
- {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true}
when: "item.when|bool"
- name: Ensure borg config is created
template:
src: "{{ role_path }}/templates/config.yaml.j2"
dest: "{{ matrix_backup_borg_config_path }}/config.yaml"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure borg passwd is created
template:
src: "{{ role_path }}/templates/passwd.j2"
dest: "{{ matrix_backup_borg_config_path }}/passwd"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure borg ssh key is created
template:
src: "{{ role_path }}/templates/sshkey.j2"
dest: "{{ matrix_backup_borg_config_path }}/sshkey"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0600
- name: Ensure borg image is pulled
docker_image:
name: "{{ matrix_backup_borg_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}"
when: "not matrix_backup_borg_container_image_self_build|bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure borg repository is present on self-build
git:
repo: "{{ matrix_backup_borg_docker_repo }}"
dest: "{{ matrix_backup_borg_docker_src_files_path }}"
force: "yes"
register: matrix_backup_borg_git_pull_results
when: "matrix_backup_borg_container_image_self_build|bool"
- name: Ensure borg image is built
docker_image:
name: "{{ matrix_backup_borg_docker_image }}"
source: build
force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_backup_borg_docker_src_files_path }}"
pull: true
when: "matrix_backup_borg_container_image_self_build|bool"
- name: Ensure matrix-backup-borg.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
mode: 0644
register: matrix_backup_borg_systemd_service_result
- name: Ensure matrix-backup-borg.timer installed
template:
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
mode: 0644
register: matrix_backup_borg_systemd_timer_result
- name: Ensure systemd reloaded after matrix-backup-borg.service installation
service:
daemon_reload: true
when: "matrix_backup_borg_systemd_service_result.changed|bool"
- name: Ensure matrix-backup-borg.service enabled
service:
enabled: true
name: matrix-backup-borg.service
- name: Ensure matrix-backup-borg.timer enabled
service:
enabled: true
name: matrix-backup-borg.timer

41
roles/matrix-backup-borg/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,41 @@
---
- name: Check existence of matrix-backup-borg service
stat:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
register: matrix_backup_borg_service_stat
- name: Ensure matrix-backup-borg is stopped
service:
name: matrix-backup-borg
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_backup_borg_service_stat.stat.exists|bool"
- name: Ensure matrix-backup-borg.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
state: absent
when: "matrix_backup_borg_service_stat.stat.exists|bool"
- name: Ensure matrix-backup-borg.timer doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
state: absent
when: "matrix_backup_borg_service_stat.stat.exists|bool"
- name: Ensure systemd reloaded after matrix-backup-borg.service removal
service:
daemon_reload: true
when: "matrix_backup_borg_service_stat.stat.exists|bool"
- name: Ensure Matrix borg paths don't exist
file:
path: "{{ matrix_backup_borg_base_path }}"
state: absent
- name: Ensure borg Docker image doesn't exist
docker_image:
name: "{{ matrix_backup_borg_docker_image }}"
state: absent

10
roles/matrix-backup-borg/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_backup_borg_ssh_key_private"
- "matrix_backup_borg_location_repositories"
- "matrix_backup_borg_storage_encryption_passphrase"

32
roles/matrix-backup-borg/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,32 @@
#jinja2: lstrip_blocks: "True", trim_blocks: "True"
location:
source_directories: {{ matrix_backup_borg_location_source_directories|to_json }}
repositories: {{ matrix_backup_borg_location_repositories|to_json }}
one_file_system: true
exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }}
storage:
compression: {{ matrix_backup_borg_storage_compression }}
ssh_command: {{ matrix_backup_borg_storage_ssh_command }}
archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}'
encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }}
retention:
keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }}
keep_daily: {{ matrix_backup_borg_retention_keep_daily }}
keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }}
keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }}
keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }}
prefix: '{{ matrix_backup_borg_retention_prefix }}'
consistency:
checks:
- repository
- archives
hooks:
after_backup:
- echo "Backup created."
on_error:
- echo "Error while creating a backup."

29
roles/matrix-backup-borg/templates/passwd.j2 Normal file
View file

@ -0,0 +1,29 @@
{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #}
root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
man:x:13:15:man:/usr/man:/sbin/nologin
postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash
nobody:x:65534:65534:nobody:/:/sbin/nologin

1
roles/matrix-backup-borg/templates/sshkey.j2 Normal file
View file

@ -0,0 +1 @@
{{ matrix_backup_borg_ssh_key_private }}

58
roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 Normal file
View file

@ -0,0 +1,58 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Borg Backup
{% for service in matrix_backup_borg_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_backup_borg_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=oneshot
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
--log-driver=none \
--cap-drop=ALL \
--read-only \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--network={{ matrix_docker_network }} \
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
{% for source in matrix_backup_borg_location_source_directories %}
--mount type=bind,src={{ source }},dst={{ source }},ro \
{% endfor %}
{% for arg in matrix_backup_borg_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_backup_borg_docker_image }} \
sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}"
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
--log-driver=none \
--cap-drop=ALL \
--read-only \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--network={{ matrix_docker_network }} \
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
{% for source in matrix_backup_borg_location_source_directories %}
--mount type=bind,src={{ source }},dst={{ source }},ro \
{% endfor %}
{% for arg in matrix_backup_borg_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_backup_borg_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null'
SyslogIdentifier=matrix-backup-borg
[Install]
WantedBy=multi-user.target

10
roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=Matrix Borg Backup timer
[Timer]
Unit=matrix-backup-borg.service
OnCalendar={{ matrix_backup_borg_schedule }}
RandomizedDelaySec=2h
[Install]
WantedBy=timers.target

2
roles/matrix-bot-honoroit/tasks/setup_install.yml
View file

@ -43,6 +43,8 @@
template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_honoroit_config_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure honoroit image is pulled

2
roles/matrix-bot-mjolnir/defaults/main.yml
View file

@ -4,7 +4,7 @@
matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v1.3.2"
matrix_bot_mjolnir_version: "v1.4.1"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

13
roles/matrix-bridge-hookshot/defaults/main.yml
View file

@ -5,12 +5,21 @@
matrix_hookshot_enabled: true
matrix_hookshot_version: 1.2.0
matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 1.3.0
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}"
matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot"
matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-src"
matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_hookshot_container_url: 'matrix-hookshot'

42
roles/matrix-bridge-hookshot/tasks/setup_install.yml
View file

@ -2,26 +2,50 @@
- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
- name: Ensure hookshot paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_hookshot_base_path }}", when: true}
- {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"}
when: item.when|bool
- name: Ensure hookshot image is pulled
docker_image:
name: "{{ matrix_hookshot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}"
when: not matrix_hookshot_container_image_self_build
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure hookshot paths exist
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_hookshot_base_path }}"
- name: Ensure hookshot repository is present on self-build
git:
repo: "{{ matrix_hookshot_container_image_self_build_repo }}"
dest: "{{ matrix_hookshot_docker_src_files_path }}"
version: "{{ matrix_hookshot_container_image_self_build_branch }}"
force: "yes"
register: matrix_hookshot_git_pull_results
when: "matrix_hookshot_container_image_self_build|bool"
- name: Ensure hookshot Docker image is built
docker_image:
name: "{{ matrix_hookshot_docker_image }}"
source: build
force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_hookshot_docker_src_files_path }}"
pull: true
when: "matrix_hookshot_container_image_self_build|bool"
- name: Check if hookshot passkey exists
stat:

4
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
View file

@ -106,7 +106,9 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }}
presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }}
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
# so it might be more suspicious to Facebook.
presence_from_facebook: {{ matrix_mautrix_facebook_bridge_presence|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip

2
roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
View file

@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true
matrix_mautrix_googlechat_container_image_self_build: false
matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
matrix_mautrix_googlechat_version: latest
matrix_mautrix_googlechat_version: v0.3.1
# See: https://mau.dev/mautrix/googlechat/container_registry
matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"

2
roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
View file

@ -5,7 +5,7 @@
matrix_mx_puppet_steam_enabled: true
matrix_mx_puppet_steam_container_image_self_build: false
matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git"
matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git"
# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
#

2
roles/matrix-client-element/defaults/main.yml
View file

@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.10.7
matrix_client_element_version: v1.10.8
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

11
roles/matrix-dendrite/defaults/main.yml
View file

@ -6,13 +6,14 @@ matrix_dendrite_enabled: true
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
matrix_dendrite_docker_image_name_prefix: "docker.io/"
matrix_dendrite_docker_image_tag: "v0.5.1"
matrix_dendrite_docker_image_tag: "v0.7.0"
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config"
matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage"
matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store"
matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats"
matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"
# By default, we make Dendrite only serve HTTP (not HTTPS).
@ -114,16 +115,14 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:
matrix_dendrite_database_hostname: "matrix-postgres"
matrix_dendrite_database_user: "dendrite"
matrix_dendrite_database_password: "itsasecret"
matrix_dendrite_naffka_database: "dendrite_naffka"
matrix_dendrite_appservice_database: "dendrite_appservice"
matrix_dendrite_federationsender_database: "dendrite_federationsender"
matrix_dendrite_federationapi_database: "dendrite_federationapi"
matrix_dendrite_keyserver_database: "dendrite_keyserver"
matrix_dendrite_mediaapi_database: "dendrite_mediaapi"
matrix_dendrite_room_database: "dendrite_room"
matrix_dendrite_singingkeyserver_database: "dendrite_sigingkeyserver"
matrix_dendrite_syncapi_database: "dendrite_syncapi"
matrix_dendrite_account_database: "dendrite_account"
matrix_dendrite_device_database: "dendrite_device"
matrix_dendrite_userapi_database: "dendrite_userapi"
matrix_dendrite_pushserver_database: "dendrite_pushserver"
matrix_dendrite_mscs_database: "dendrite_mscs"
matrix_dendrite_turn_uris: []

1
roles/matrix-dendrite/tasks/setup_dendrite.yml
View file

@ -9,6 +9,7 @@
with_items:
- {path: "{{ matrix_dendrite_config_dir_path }}", when: true}
- {path: "{{ matrix_dendrite_ext_path }}", when: true}
- {path: "{{ matrix_dendrite_nats_storage_path }}", when: true}
when: "matrix_dendrite_enabled|bool and item.when"
- import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml"

174
roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
View file

@ -28,7 +28,7 @@
# connection can be idle in seconds - a negative value is unlimited.
# The version of the configuration file.
version: 1
version: 2
# Global Matrix configuration. This configuration applies to all components.
global:
@ -66,34 +66,40 @@ global:
# to other servers and the federation API will not be exposed.
disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }}
# Configuration for Kafka/Naffka.
kafka:
# List of Kafka broker addresses to connect to. This is not needed if using
# Naffka in monolith mode.
addresses: []
# Server notices allows server admins to send messages to all users.
server_notices:
enabled: false
# The server localpart to be used when sending notices, ensure this is not yet taken
local_part: "_server"
# The displayname to be used when sending notices
display_name: "Server alerts"
# The mxid of the avatar to use
avatar_url: ""
# The roomname to be used when creating messages
room_name: "Server Alerts"
# The prefix to use for Kafka topic names for this homeserver. Change this only if
# you are running more than one Dendrite homeserver on the same Kafka deployment.
# Configuration for NATS JetStream
jetstream:
# A list of NATS Server addresses to connect to. If none are specified, an
# internal NATS server will be started automatically when running Dendrite
# in monolith mode. It is required to specify the address of at least one
# NATS Server node if running in polylith mode.
addresses:
# - jetstream:4222
# Keep all NATS streams in memory, rather than persisting it to the storage
# path below. This option is present primarily for integration testing and
# should not be used on a real world Dendrite deployment.
in_memory: false
# Persistent directory to store JetStream streams in. This directory
# should be preserved across Dendrite restarts.
storage_path: "/matrix-nats-store"
# The prefix to use for stream names for this homeserver - really only
# useful if running more than one Dendrite on the same NATS deployment.
topic_prefix: Dendrite
# Whether to use Naffka instead of Kafka. This is only available in monolith
# mode, but means that you can run a single-process server without requiring
# Kafka.
use_naffka: true
# The max size a Kafka message is allowed to use.
# You only need to change this value, if you encounter issues with too large messages.
# Must be less than/equal to "max.message.bytes" configured in Kafka.
# Defaults to 8388608 bytes.
# max_message_bytes: 8388608
# Naffka database options. Not required when using Kafka.
naffka_database:
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_naffka_database }}?sslmode=disable
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
# Configuration for Prometheus metric collection.
metrics:
# Whether or not Prometheus metrics are enabled.
@ -126,11 +132,6 @@ app_service_api:
max_idle_conns: 2
conn_max_lifetime: -1
# Disable the validation of TLS certificates of appservices. This is
# not recommended in production since it may allow appservice traffic
# to be sent to an unverified endpoint.
disable_tls_validation: false
# Appservice configuration files to load into this homeserver.
config_files: {{ matrix_dendrite_app_service_config_files|to_json }}
@ -146,6 +147,10 @@ client_api:
# using the registration shared secret below.
registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }}
# Prevents new guest accounts from being created. Guest registration is also
# disabled implicitly by setting 'registration_disabled' above.
guests_disabled: true
# If set, allows registration by anyone who knows the shared secret, regardless of
# whether registration is otherwise disabled.
registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }}
@ -175,12 +180,6 @@ client_api:
threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }}
cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }}
# Configuration for the EDU server.
edu_server:
internal_api:
listen: http://0.0.0.0:7778
connect: http://edu_server:7778
# Configuration for the Federation API.
federation_api:
internal_api:
@ -188,20 +187,8 @@ federation_api:
connect: http://federation_api:7772
external_api:
listen: http://0.0.0.0:8072
# List of paths to X.509 certificates to be used by the external federation listeners.
# These certificates will be used to calculate the TLS fingerprints and other servers
# will expect the certificate to match these fingerprints. Certificates must be in PEM
# format.
federation_certificates: []
# Configuration for the Federation Sender.
federation_sender:
internal_api:
listen: http://0.0.0.0:7775
connect: http://federation_sender:7775
database:
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationsender_database }}?sslmode=disable
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationapi_database }}?sslmode=disable
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
@ -221,6 +208,22 @@ federation_sender:
host: localhost
port: 8080
# Perspective keyservers to use as a backup when direct key fetches fail. This may
# be required to satisfy key requests for servers that are no longer online when
# joining some rooms.
key_perspectives:
- server_name: matrix.org
keys:
- key_id: ed25519:auto
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
- key_id: ed25519:a_RXGa
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
# This option will control whether Dendrite will prefer to look up keys directly
# or whether it should try perspective servers first, using direct fetches as a
# last resort.
prefer_direct_fetch: false
# Configuration for the Key Server (for end-to-end encryption).
key_server:
internal_api:
@ -261,15 +264,15 @@ media_api:
# A list of thumbnail sizes to be generated for media content.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 640
height: 480
method: scale
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 640
height: 480
method: scale
# Configuration for experimental MSC's
mscs:
@ -295,40 +298,13 @@ room_server:
max_idle_conns: 2
conn_max_lifetime: -1
# Configuration for the Signing Key Server (for server signing keys).
signing_key_server:
internal_api:
listen: http://0.0.0.0:7780
connect: http://signing_key_server:7780
database:
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_singingkeyserver_database }}?sslmode=disable
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
# Perspective keyservers to use as a backup when direct key fetches fail. This may
# be required to satisfy key requests for servers that are no longer online when
# joining some rooms.
key_perspectives:
- server_name: matrix.org
keys:
- key_id: ed25519:auto
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
- key_id: ed25519:a_RXGa
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
# This option will control whether Dendrite will prefer to look up keys directly
# or whether it should try perspective servers first, using direct fetches as a
# last resort.
prefer_direct_fetch: false
# Configuration for the Sync API.
sync_api:
internal_api:
listen: http://0.0.0.0:7773
connect: http://sync_api:7773
external_api:
listen: http://0.0.0.0:8073
listen: http://0.0.0.0:8073
database:
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_syncapi_database }}?sslmode=disable
max_open_conns: 10
@ -343,31 +319,25 @@ sync_api:
# Configuration for the User API.
user_api:
# The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31
# See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information.
# Setting this lower makes registration/login consume less CPU resources at the cost of security
# should the database be compromised. Setting this higher makes registration/login consume more
# CPU resources but makes it harder to brute force password hashes.
# This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds)
# bcrypt_cost: 10
internal_api:
listen: http://0.0.0.0:7781
connect: http://user_api:7781
account_database:
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_account_database }}?sslmode=disable
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_userapi_database }}?sslmode=disable
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
device_database:
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_device_database }}?sslmode=disable
# Configuration for the Push Server API.
push_server:
internal_api:
listen: http://localhost:7782
connect: http://localhost:7782
database:
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
# The length of time that a token issued for a relying party from
# /_matrix/client/r0/user/{userId}/openid/request_token endpoint
# is considered to be valid in milliseconds.
# The default lifetime is 3600000ms (60 minutes).
# openid_token_lifetime_ms: 3600000
# Configuration for Opentracing.
# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on

1
roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
View file

@ -37,6 +37,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \
{% endif %}
--mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \
--mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
--mount type=bind,src={{ matrix_dendrite_nats_storage_path }},dst=/matrix-nats-store,bind-propagation=slave \
{% for volume in matrix_dendrite_container_additional_volumes %}
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endfor %}

4
roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml
View file

@ -32,6 +32,8 @@
template:
src: "{{ role_path }}/templates/jicofo/env.j2"
dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
when: matrix_jitsi_enabled|bool
@ -39,6 +41,8 @@
template:
src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
with_items:
- sip-communicator.properties

4
roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml
View file

@ -32,6 +32,8 @@
template:
src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
with_items:
- custom-sip-communicator.properties
@ -42,6 +44,8 @@
template:
src: "{{ role_path }}/templates/jvb/env.j2"
dest: "{{ matrix_jitsi_jvb_base_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
when: matrix_jitsi_enabled|bool

2
roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml
View file

@ -33,6 +33,8 @@
template:
src: "{{ role_path }}/templates/prosody/env.j2"
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
when: matrix_jitsi_enabled|bool

4
roles/matrix-jitsi/tasks/setup_jitsi_web.yml
View file

@ -34,6 +34,8 @@
template:
src: "{{ role_path }}/templates/web/env.j2"
dest: "{{ matrix_jitsi_web_base_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
when: matrix_jitsi_enabled|bool
@ -41,6 +43,8 @@
template:
src: "{{ role_path }}/templates/web/{{ item }}.j2"
dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
with_items:
- custom-config.js

2
roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml
View file

@ -41,6 +41,8 @@
template:
src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_postgres_backup_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
with_items:
- "env-postgres-backup"

2
roles/matrix-postgres/tasks/setup_postgres.yml
View file

@ -76,6 +76,8 @@
template:
src: "{{ role_path }}/templates/{{ item }}.j2"
dest: "{{ matrix_postgres_base_path }}/{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
with_items:
- "env-postgres-psql"

7
roles/matrix-synapse/defaults/main.yml
View file

@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_version: v1.55.0
matrix_synapse_version: v1.55.2
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
@ -525,7 +525,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve
# See: https://github.com/matrix-org/mjolnir#synapse-module
matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir"
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "70f353fbbad0af469b1001080dea194d512b2815"
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58"
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true
# Flag messages sent by servers/users in the ban lists as spam. Currently
# this means that spammy messages will appear as empty to users. Default
@ -620,10 +620,11 @@ matrix_synapse_redaction_retention_period: 7d
matrix_synapse_user_ips_max_age: 28d
matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-compress-state:v0.1.0"
matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest"
matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"
matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state"
matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state"
# Default Synapse configuration template which covers the generic use case.

2
roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
View file

@ -12,7 +12,7 @@
--network={{ matrix_docker_network }}
--mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work
{{ matrix_synapse_rust_synapse_compress_state_docker_image }}
/synapse-compress-state -t -o /work/state-compressor.sql
{{ matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path }} -t -o /work/state-compressor.sql
-p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}"
-r '{{ room_details.room_id }}'

1
setup.yml
View file

@ -14,6 +14,7 @@
- matrix-postgres
- matrix-redis
- matrix-corporal
- matrix-backup-borg
- matrix-bridge-appservice-discord
- matrix-bridge-appservice-slack
- matrix-bridge-appservice-webhooks