From 701591e87ea4d59a3b7f2d14bbb04d497f9d8b71 Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 19:04:38 +0200 Subject: [PATCH 01/24] Added retries to the docker pulls --- roles/matrix-base/defaults/main.yml | 4 ++++ roles/matrix-bot-go-neb/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-honoroit/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-mjolnir/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-appservice-discord/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-appservice-irc/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-appservice-slack/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-appservice-webhooks/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-heisenbridge/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-hookshot/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-mautrix-googlechat/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-sms/tasks/setup_install.yml | 4 ++++ roles/matrix-client-cinny/tasks/setup_install.yml | 4 ++++ roles/matrix-client-element/tasks/setup_install.yml | 4 ++++ roles/matrix-client-hydrogen/tasks/setup_install.yml | 4 ++++ roles/matrix-corporal/tasks/setup_corporal.yml | 4 ++++ roles/matrix-coturn/tasks/setup_install.yml | 4 ++++ roles/matrix-dendrite/tasks/dendrite/setup_install.yml | 4 ++++ roles/matrix-dimension/tasks/setup_install.yml | 3 +++ roles/matrix-dynamic-dns/tasks/install.yml | 4 ++++ roles/matrix-email2matrix/tasks/setup_install.yml | 4 ++++ roles/matrix-etherpad/tasks/setup_install.yml | 4 ++++ roles/matrix-grafana/tasks/setup.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 4 ++++ roles/matrix-ma1sd/tasks/setup_install.yml | 4 ++++ roles/matrix-mailer/tasks/setup_mailer.yml | 4 ++++ roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 4 ++++ roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml | 4 ++++ roles/matrix-postgres/tasks/setup_postgres.yml | 4 ++++ roles/matrix-prometheus-node-exporter/tasks/setup.yml | 4 ++++ roles/matrix-prometheus-postgres-exporter/tasks/setup.yml | 4 ++++ roles/matrix-prometheus/tasks/setup_install.yml | 4 ++++ roles/matrix-redis/tasks/setup_redis.yml | 4 ++++ roles/matrix-registration/tasks/setup_install.yml | 4 ++++ roles/matrix-sygnal/tasks/setup_install.yml | 4 ++++ roles/matrix-synapse-admin/tasks/setup.yml | 4 ++++ roles/matrix-synapse/tasks/goofys/setup_install.yml | 4 ++++ .../matrix-synapse/tasks/rust-synapse-compress-state/main.yml | 4 ++++ roles/matrix-synapse/tasks/synapse/setup_install.yml | 4 ++++ 58 files changed, 231 insertions(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 983a29a0..f8e01ba3 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -67,6 +67,10 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" +# Each docker pull will retry on failed attemt 10 times with deplay of 10 seconds between each attempt. +matrix_container_retries_count: 10 +matrix_container_retries_delay: 10 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index 2291f51b..ef2dfbb0 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure go-neb config installed copy: diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 81f2eabc..303c5f8b 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}" when: "not matrix_bot_honoroit_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure honoroit repository is present on self-build git: diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index cf4f594c..ffb38ffc 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -47,6 +47,10 @@ force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-reminder-bot repository is present on self-build git: diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index cf158230..f3b031fa 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" when: "not matrix_bot_mjolnir_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mjolnir repository is present on self-build git: diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 665db276..a06d38ac 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -32,6 +32,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure AppService Discord paths exist file: diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 33af5954..1b317464 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -64,6 +64,10 @@ force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-irc repository is present when self-building git: diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 3eb83bb0..2dcc23c6 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -38,6 +38,10 @@ force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" when: "not matrix_appservice_slack_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-slack repository is present when self-building git: diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 84535bdd..6759bca8 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" when: "not matrix_appservice_webhooks_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Appservice webhooks repository is present on self-build diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c1057fe7..575b22c1 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -29,6 +29,10 @@ force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" when: "not matrix_beeper_linkedin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Beeper LinkedIn repository is present on self-build diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 41dd9ef7..f24bf926 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure heisenbridge paths exist file: diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 425deebc..b4e44c9c 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure hookshot paths exist file: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 95109e49..c37b9e10 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}" when: not matrix_mautrix_facebook_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Facebook paths exist file: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index f6c97389..daab10e3 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}" when: not matrix_mautrix_googlechat_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix googlechat paths exist file: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 3d3670b2..d2b7157e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" when: not matrix_mautrix_hangouts_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Hangouts paths exist file: diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 93dbcaad..4e531615 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -14,6 +14,10 @@ force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}" when: not matrix_mautrix_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix instagram paths exist file: diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index cf846d74..840cbd6e 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -15,6 +15,10 @@ force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" when: "not matrix_mautrix_signal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Signal repository is present on self-build diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 0de05a1d..1960288d 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -55,6 +55,10 @@ force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" when: "not matrix_mautrix_telegram_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure lottieconverter is present when self-building git: diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 144c6408..6e587900 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}" when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Twitter paths exist file: diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 79bc039a..8f27ac2a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -57,6 +57,10 @@ force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" when: not matrix_mautrix_whatsapp_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Whatsapp repository is present on self-build git: diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3ac916a1..26a7c0c3 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -72,6 +72,10 @@ force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Discord repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 1a04766b..0d43a0d0 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Groupme repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 045e17f7..cb613074 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -42,6 +42,10 @@ force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mx-puppet-instagram paths exist file: diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index a97986bd..c3776c70 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}" when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Skype repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index bb57c270..23301eab 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -69,6 +69,10 @@ force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Slack repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 1f0dd234..b8b3f737 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Steam repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 5436c189..485900a8 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Twitter repository is present on self build git: diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index c09bb5cc..412c26fe 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -4,6 +4,10 @@ docker_image: name: "{{ matrix_sms_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-sms-bridge paths exist file: diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 5571d8d0..48865008 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Cinny repository is present on self-build git: diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index 3b877e8e..e9c7096e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" when: "not matrix_client_element_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Element repository is present on self-build git: diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index d8372768..0e4868f6 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Hydrogen repository is present on self-build git: diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index b8edc596..6c520ee0 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -45,6 +45,10 @@ force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" when: "matrix_corporal_enabled|bool and not matrix_corporal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Matrix Corporal config installed copy: diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index f5726e32..621177e5 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}" when: "not matrix_coturn_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Coturn repository is present on self-build diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index b2f6834d..a18ad065 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -23,6 +23,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Dendrite signing key exists stat: diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 4225da3f..1ba4f2d4 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -92,6 +92,9 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" when: "not matrix_dimension_container_image_self_build|bool" register: matrix_dimension_pull_results + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: matrix_dimension_pull_results is not failed - name: Ensure dimension repository is present on self-build git: diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index e2e4f043..4dffe681 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -7,6 +7,10 @@ force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Dynamic DNS paths exist file: diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 44f2ef7d..74e7c676 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -28,6 +28,10 @@ force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" when: "not matrix_email2matrix_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Email2Matrix repository is present on self-build git: diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index 27832e14..6f276e05 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-etherpad.service installed template: diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 5f9d21c1..95a0ba53 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" when: "matrix_grafana_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure grafana paths exists file: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 2bb781c1..d85e0703 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jicofo environment variables file created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 3b3b8dbf..b007ede8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jvb configuration files created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 437e1e9c..301fa82f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-prosody environment variables file is created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 0a4d43b0..ea831490 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -25,6 +25,10 @@ force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-web environment variables file created template: diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 27e74d10..c56c81f9 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" when: "not matrix_ma1sd_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure gradle is installed for self-building (Debian) diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 1ac4f339..5ad02a57 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -51,6 +51,10 @@ force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-mailer.service installed template: diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 373bc55b..92454e96 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -184,6 +184,10 @@ force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}" when: matrix_nginx_proxy_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-nginx-proxy.service installed template: diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 72329db3..701d8dd3 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" when: matrix_postgres_backup_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres backup paths exist file: diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 46186a4d..43192475 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -43,6 +43,10 @@ force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" when: matrix_postgres_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres paths exist file: diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index 419f3592..21d0b55d 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" when: "matrix_prometheus_node_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-node-exporter.service installed template: diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index a6c49816..08ffe708 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" when: "matrix_prometheus_postgres_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-postgres-exporter.service installed template: diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index d3512f1b..e0fe8cf6 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Prometheus paths exists file: diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index a37174a3..df1d1736 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" when: matrix_redis_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure redis paths exist file: diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index ac9a4e67..2b5beafa 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" when: "not matrix_registration_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-registration repository is present when self-building git: diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index 0be6fbe0..1a6ce186 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Sygnal paths exists file: diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index ab1e6d46..2243706b 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" when: "matrix_synapse_admin_enabled|bool and not matrix_synapse_admin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-synapse-admin repository is present when self-building git: diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 9e3870e5..d3781520 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_s3_goofys_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # This will throw a Permission Denied error if already mounted - name: Check Matrix Goofys external storage mountpoint path diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index ad8497cc..1aaf3a81 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -48,6 +48,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_rust_synapse_compress_state_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Generate rust-synapse-compress-state room find command set_fact: diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 731be003..deedd7bd 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -54,6 +54,10 @@ force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}" when: "not matrix_synapse_container_image_self_build" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Synapse signing key exists stat: From 1c1b705b22465c3a3aa0c54b81a7142667f4041b Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 17:32:20 +0200 Subject: [PATCH 02/24] fix typo --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index f8e01ba3..ae39d00a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -67,7 +67,7 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" -# Each docker pull will retry on failed attemt 10 times with deplay of 10 seconds between each attempt. +# Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt. matrix_container_retries_count: 10 matrix_container_retries_delay: 10 From c741a7485334f6feeda8b08469359f6cacce531d Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 18:41:05 +0200 Subject: [PATCH 03/24] Switch mx-puppet-slack to the beeper fork --- docs/configuring-playbook-bridge-mx-puppet-slack.md | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 ++++++---- .../tasks/setup_install.yml | 3 ++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index 0630270f..8db159d7 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -4,8 +4,8 @@ [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook. -The playbook can install and configure -[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. +The playbook can install and configure [Beeper](https://www.beeper.com/)-maintained fork of +[mx-puppet-slack](https://gitlab.com/beeper/mx-puppet-monorepo) for you. See the project page to learn what it does and why it might be useful to you. diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bf5c6dfa..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) matrix_mx_puppet_slack_enabled: true @@ -8,7 +8,9 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # @@ -16,8 +18,8 @@ matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Soru matrix_mx_puppet_slack_container_http_host_bind_port: '' matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 23301eab..b064ee83 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -79,6 +79,7 @@ repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" force: "yes" + version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}" register: matrix_mx_puppet_slack_git_pull_results when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" @@ -89,7 +90,7 @@ force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: "{{ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" pull: true when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" From 07e68d48de5e1795913a77d6b72601581af6f01f Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Tue, 22 Mar 2022 20:37:40 +0100 Subject: [PATCH 04/24] Update Mjolnir from 1.3.2 to 1.4.1 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index cfb0d06d..0093576c 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.3.2" +matrix_bot_mjolnir_version: "v1.4.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 97865484bd8d33b6c399f7326b8651a27a049499 Mon Sep 17 00:00:00 2001 From: pulmonarycosignerkindness <70479260+pulmonarycosignerkindness@users.noreply.github.com> Date: Wed, 23 Mar 2022 19:17:54 +0000 Subject: [PATCH 05/24] Update mjolnir antispam commit hash Changed the commit hash in matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version to latest. Fixes a Synapse ImportError with mjolnir v1.4.1 leading to a Synapse crash-loop. --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 80f2781b..f028de98 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -525,7 +525,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve # See: https://github.com/matrix-org/mjolnir#synapse-module matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir" -matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "70f353fbbad0af469b1001080dea194d512b2815" +matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58" matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true # Flag messages sent by servers/users in the ban lists as spam. Currently # this means that spammy messages will appear as empty to users. Default From 38f2dc45534e36d7bc6fc9f890c156699c29a864 Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Thu, 24 Mar 2022 15:54:36 -0400 Subject: [PATCH 06/24] Synapse 1.55.0 -> Synapse 1.55.2 This is a minor hotfix, needs to be bumped though or new deploys will break (existing deploys not affected by bug). --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index f028de98..65ca3e10 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.55.0 +matrix_synapse_version: v1.55.2 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 85627b59adc9e057d7988aba1ae28edaad830f73 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Mar 2022 10:04:21 +0200 Subject: [PATCH 07/24] Make synapse-compress-state in-container binary path configurable This makes it easier to use another container image for rust-synapse-compress-state, which may be storing the binary at another path. --- roles/matrix-synapse/defaults/main.yml | 1 + .../tasks/rust-synapse-compress-state/compress_room.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 65ca3e10..0008de3d 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -624,6 +624,7 @@ matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-c matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" +matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/synapse-compress-state" # Default Synapse configuration template which covers the generic use case. diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 36ef0a3a..e1386c75 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -12,7 +12,7 @@ --network={{ matrix_docker_network }} --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work {{ matrix_synapse_rust_synapse_compress_state_docker_image }} - /synapse-compress-state -t -o /work/state-compressor.sql + {{ matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path }} -t -o /work/state-compressor.sql -p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}" -r '{{ room_details.room_id }}' From dac4df738497018ea0b7f48ab8d464ae600ba012 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Mar 2022 10:31:05 +0200 Subject: [PATCH 08/24] Add arm64 support for rust-synapse-compress-state by switching container image This switches the playbook from devture/rust-synapse-compress-state (a container image which wraps the upstream-prebuilt amd64 binary of rust-synapse-compress-state) to registry.gitlab.com/mb-saces/rust-synapse-compress-state (https://gitlab.com/mb-saces/rust-synapse-compress-state), which builds rust-synapse-compress-state from source and provides a multi-arch image that currently works on amd64 and arm64. Ideally, we'll stop using `:latest` and arm32 support will be made available upstream as well at some point. Discussed here: https://gitlab.com/mb-saces/rust-synapse-compress-state/-/issues/1 --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 0008de3d..4cba18fa 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -620,11 +620,11 @@ matrix_synapse_redaction_retention_period: 7d matrix_synapse_user_ips_max_age: 28d -matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-compress-state:v0.1.0" +matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest" matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" -matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/synapse-compress-state" +matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state" # Default Synapse configuration template which covers the generic use case. From fc1e15baffc9782d61587cc4382f37f437989eaa Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Sat, 26 Mar 2022 12:09:42 +0100 Subject: [PATCH 09/24] Updated: to v0.3.1 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 168d08f7..e334e8d6 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: latest +matrix_mautrix_googlechat_version: v0.3.1 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From f29f51a54c4e58199cfc4a9da76eaf9798e4fd6e Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Mon, 28 Mar 2022 13:52:44 -0400 Subject: [PATCH 10/24] Update Element 1.10.7 -> 1.10.8 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index edaa189c..c395efb7 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.7 +matrix_client_element_version: v1.10.8 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 9b0323432351c4ee793ad81bccf4f8347204c8ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Tue, 29 Mar 2022 22:14:44 +0200 Subject: [PATCH 11/24] Fix Facebook presence config key --- roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 1f71286e..49c49be8 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -106,7 +106,9 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }} - presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }} + # Should presence from Facebook be bridged? This doesn't use the same API as the Android app, + # so it might be more suspicious to Facebook. + presence_from_facebook: {{ matrix_mautrix_facebook_bridge_presence|to_json }} # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true # End-to-bridge encryption support options. These require matrix-nio to be installed with pip From 326b1090b75f9fab81b282db5becce35374cd084 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Tue, 29 Mar 2022 22:26:29 +0200 Subject: [PATCH 12/24] Add note about Prometheus retention policy --- docs/configuring-playbook-prometheus-grafana.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 892bffb2..f178def2 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -25,6 +25,8 @@ matrix_grafana_default_admin_password: "some_strong_password_chosen_by_you" By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.`. +The retention policy of Prometheus metrics is [15 days by default](https://prometheus.io/docs/prometheus/latest/storage/#operational-aspects). Older data gets deleted automatically. + ## What does it do? From 0103d92df4a28bef7182e161ce3ca9cc4ff596f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 30 Mar 2022 09:02:17 +0300 Subject: [PATCH 13/24] Temporarily switch to Myned-maintained fork of mx-puppet-discord/mx-puppet-slack Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1719 We're using a pinned commit of this fork, which patches up the npm/yarn lock files, so that self-building of the Discord and Slack bridges can work after GitHub's deprecation of the `git://` and `ssh://` protocols (https://github.blog/2021-09-01-improving-git-protocol-security-github/). When the issue gets fixed in the Beeper fork (via https://gitlab.com/beeper/mx-puppet-monorepo/-/merge_requests/35 or otherwise), we'll get back on it. --- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 52257689..03bac4e5 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -11,7 +11,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" @@ -20,7 +20,7 @@ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Doc # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: latest +matrix_mx_puppet_discord_version: 40f3142032bacec6333f4bbc051d5e30af88de9c matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8..63549bc4 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Docke # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest +matrix_mx_puppet_slack_version: 40f3142032bacec6333f4bbc051d5e30af88de9c matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From ea358e208c36ceabf2bd6441677c5fd026cdde3c Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Wed, 30 Mar 2022 14:18:21 +0200 Subject: [PATCH 14/24] Upgrade Hookshot (1.2.0 -> 1.3.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index e6be626e..01dd43b0 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_hookshot_enabled: true -matrix_hookshot_version: 1.2.0 +matrix_hookshot_version: 1.3.0 matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From 999c717cf452efc94ef72f125ec6c2aa1a7c43f4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 31 Mar 2022 08:37:24 +0300 Subject: [PATCH 15/24] Revert "Temporarily switch to Myned-maintained fork of mx-puppet-discord/mx-puppet-slack" This reverts commit 0103d92df4a28bef7182e161ce3ca9cc4ff596f0. The same fix has now been merged upstream (https://gitlab.com/beeper/mx-puppet-monorepo/-/merge_requests/35), so we don't need to use a fork anymore. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1719 --- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 03bac4e5..52257689 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -11,7 +11,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" @@ -20,7 +20,7 @@ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Doc # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: 40f3142032bacec6333f4bbc051d5e30af88de9c +matrix_mx_puppet_discord_version: latest matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 63549bc4..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Docke # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: 40f3142032bacec6333f4bbc051d5e30af88de9c +matrix_mx_puppet_slack_version: latest matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 5f0ece0c28b3c4ee510d51de63e2ba67c2009de5 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 3 Apr 2022 00:49:57 +0300 Subject: [PATCH 16/24] fix permissions --- roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 2 ++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 4 ++++ roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml | 2 ++ roles/matrix-postgres/tasks/setup_postgres.yml | 2 ++ 6 files changed, 18 insertions(+) diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index d85e0703..0cb7043f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -32,6 +32,8 @@ template: src: "{{ role_path }}/templates/jicofo/env.j2" dest: "{{ matrix_jitsi_jicofo_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool @@ -39,6 +41,8 @@ template: src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - sip-communicator.properties diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index b007ede8..90bf4a69 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -32,6 +32,8 @@ template: src: "{{ role_path }}/templates/jvb/{{ item }}.j2" dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - custom-sip-communicator.properties @@ -42,6 +44,8 @@ template: src: "{{ role_path }}/templates/jvb/env.j2" dest: "{{ matrix_jitsi_jvb_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 301fa82f..6db954b8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -33,6 +33,8 @@ template: src: "{{ role_path }}/templates/prosody/env.j2" dest: "{{ matrix_jitsi_prosody_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index ea831490..feda4ace 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -34,6 +34,8 @@ template: src: "{{ role_path }}/templates/web/env.j2" dest: "{{ matrix_jitsi_web_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool @@ -41,6 +43,8 @@ template: src: "{{ role_path }}/templates/web/{{ item }}.j2" dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - custom-config.js diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 701d8dd3..73341033 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -41,6 +41,8 @@ template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_backup_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 with_items: - "env-postgres-backup" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 43192475..04763a32 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -76,6 +76,8 @@ template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_base_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 with_items: - "env-postgres-psql" From b3176957c3cf1e0797a8d1f1796d14b91ed3d1ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 17:10:46 +0700 Subject: [PATCH 17/24] Add hookshot self build for arm64 and amd64 --- docs/self-building.md | 1 + group_vars/matrix_servers | 2 + .../matrix-bridge-hookshot/defaults/main.yml | 11 ++++- .../tasks/setup_install.yml | 42 +++++++++++++++---- 4 files changed, 46 insertions(+), 10 deletions(-) diff --git a/docs/self-building.md b/docs/self-building.md index ef851f22..4ec5bb86 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -22,6 +22,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-dimension` - `matrix-ma1sd` - `matrix-mailer` +- `matrix-bridge-hookshot` - `matrix-bridge-appservice-irc` - `matrix-bridge-appservice-slack` - `matrix-bridge-appservice-webhooks` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 32be903a..8673bb7b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,6 +671,8 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 01dd43b0..6dab5cd6 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,12 +5,21 @@ matrix_hookshot_enabled: true + +matrix_hookshot_container_image_self_build: false +matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" +matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" + matrix_hookshot_version: 1.3.0 -matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" + +matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" +matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" +matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-src" + matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_hookshot_container_url: 'matrix-hookshot' diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index b4e44c9c..cac9fdca 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -2,26 +2,50 @@ - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- name: Ensure hookshot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_hookshot_base_path }}", when: true } + - { path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}" } + when: item.when|bool + - name: Ensure hookshot image is pulled docker_image: name: "{{ matrix_hookshot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + when: not matrix_hookshot_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" until: result is not failed -- name: Ensure hookshot paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_hookshot_base_path }}" +- name: Ensure hookshot repository is present on self-build + git: + repo: "{{ matrix_hookshot_container_image_self_build_repo }}" + dest: "{{ matrix_hookshot_docker_src_files_path }}" + version: "{{ matrix_hookshot_container_image_self_build_branch }}" + force: "yes" + register: matrix_hookshot_git_pull_results + when: "matrix_hookshot_container_image_self_build|bool" + +- name: Ensure hookshot Docker image is built + docker_image: + name: "{{ matrix_hookshot_docker_image }}" + source: build + force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_hookshot_docker_src_files_path }}" + pull: yes + when: "matrix_hookshot_container_image_self_build|bool" - name: Check if hookshot passkey exists stat: From cfd8a9c0f8287065dde2d040e55608ac157373ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 17:19:35 +0700 Subject: [PATCH 18/24] [HOOKSHOT] Fix yamllint --- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index cac9fdca..38dc62a3 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -9,9 +9,9 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_hookshot_base_path }}", when: true } - - { path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}" } + with_items: + - {path: "{{ matrix_hookshot_base_path }}", when: true} + - {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"} when: item.when|bool - name: Ensure hookshot image is pulled @@ -44,7 +44,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_hookshot_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_hookshot_container_image_self_build|bool" - name: Check if hookshot passkey exists From b38c7371a912132a82ce52177311379de0518c15 Mon Sep 17 00:00:00 2001 From: RoiArthurB Date: Sun, 3 Apr 2022 17:34:27 +0700 Subject: [PATCH 19/24] [STEAM] Move docker source from icewind1991 to tilosp fixed repo --- docs/self-building.md | 1 + group_vars/matrix_servers | 12 ++++++------ .../matrix-bridge-mx-puppet-steam/defaults/main.yml | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/self-building.md b/docs/self-building.md index ef851f22..a86f03af 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -33,6 +33,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bridge-mautrix-signal` - `matrix-bridge-mautrix-whatsapp` - `matrix-bridge-mx-puppet-skype` +- `matrix-bridge-mx-puppet-steam` - `matrix-bot-mjolnir` - `matrix-bot-honoroit` - `matrix-bot-matrix-reminder-bot` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 32be903a..f01444f2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -908,7 +908,7 @@ matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mx_puppet_steam_enabled: false -matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_mx_puppet_steam_systemd_required_services_list: | {{ @@ -1552,11 +1552,11 @@ matrix_ssl_domains_to_obtain_certificates_for: | }} matrix_ssl_architecture: "{{ - { - 'amd64': 'amd64', - 'arm32': 'arm32v6', - 'arm64': 'arm64v8', - }[matrix_architecture] + { + 'amd64': 'amd64', + 'arm32': 'arm32v6', + 'arm64': 'arm64v8', + }[matrix_architecture] }}" matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 91675fce..4e3d6bc6 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_steam_enabled: true matrix_mx_puppet_steam_container_image_self_build: false -matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git" +matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git" # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). # From 1ce891fc70ce7711008675aa159bb6105f3a3383 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 23:42:29 +0700 Subject: [PATCH 20/24] Revert group_var wrong part reindent --- group_vars/matrix_servers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f01444f2..26485d68 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1552,11 +1552,11 @@ matrix_ssl_domains_to_obtain_certificates_for: | }} matrix_ssl_architecture: "{{ - { - 'amd64': 'amd64', - 'arm32': 'arm32v6', - 'arm64': 'arm64v8', - }[matrix_architecture] + { + 'amd64': 'amd64', + 'arm32': 'arm32v6', + 'arm64': 'arm64v8', + }[matrix_architecture] }}" matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}" From e7978dbdca91351e235d36ae25a74a0a7266f155 Mon Sep 17 00:00:00 2001 From: SaltireSoul Date: Tue, 5 Apr 2022 03:40:37 +0100 Subject: [PATCH 21/24] Dendrite 0.7.0 --- group_vars/matrix_servers | 14 +- roles/matrix-dendrite/defaults/main.yml | 11 +- .../matrix-dendrite/tasks/setup_dendrite.yml | 1 + .../templates/dendrite/dendrite.yaml.j2 | 174 ++++++++---------- .../systemd/matrix-dendrite.service.j2 | 1 + 5 files changed, 82 insertions(+), 119 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 26485d68..de81e2a6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1592,15 +1592,11 @@ matrix_postgres_additional_databases: | }] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + ([{ - 'name': matrix_dendrite_naffka_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, - },{ 'name': matrix_dendrite_appservice_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_federationsender_database, + 'name': matrix_dendrite_federationapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ @@ -1615,20 +1611,16 @@ matrix_postgres_additional_databases: | 'name': matrix_dendrite_room_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, - },{ - 'name': matrix_dendrite_singingkeyserver_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, },{ 'name': matrix_dendrite_syncapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_account_database, + 'name': matrix_dendrite_userapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_device_database, + 'name': matrix_dendrite_pushserver_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index ec3937c7..99ceb1a0 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,13 +6,14 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.5.1" +matrix_dendrite_docker_image_tag: "v0.7.0" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config" matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage" matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store" +matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats" matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" # By default, we make Dendrite only serve HTTP (not HTTPS). @@ -114,16 +115,14 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}: matrix_dendrite_database_hostname: "matrix-postgres" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" -matrix_dendrite_naffka_database: "dendrite_naffka" matrix_dendrite_appservice_database: "dendrite_appservice" -matrix_dendrite_federationsender_database: "dendrite_federationsender" +matrix_dendrite_federationapi_database: "dendrite_federationapi" matrix_dendrite_keyserver_database: "dendrite_keyserver" matrix_dendrite_mediaapi_database: "dendrite_mediaapi" matrix_dendrite_room_database: "dendrite_room" -matrix_dendrite_singingkeyserver_database: "dendrite_sigingkeyserver" matrix_dendrite_syncapi_database: "dendrite_syncapi" -matrix_dendrite_account_database: "dendrite_account" -matrix_dendrite_device_database: "dendrite_device" +matrix_dendrite_userapi_database: "dendrite_userapi" +matrix_dendrite_pushserver_database: "dendrite_pushserver" matrix_dendrite_mscs_database: "dendrite_mscs" matrix_dendrite_turn_uris: [] diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index cbe0cf84..fc306759 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -9,6 +9,7 @@ with_items: - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} - {path: "{{ matrix_dendrite_ext_path }}", when: true} + - {path: "{{ matrix_dendrite_nats_storage_path }}", when: true} when: "matrix_dendrite_enabled|bool and item.when" - import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 102dd2f5..01bb72f7 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -28,7 +28,7 @@ # connection can be idle in seconds - a negative value is unlimited. # The version of the configuration file. -version: 1 +version: 2 # Global Matrix configuration. This configuration applies to all components. global: @@ -66,34 +66,40 @@ global: # to other servers and the federation API will not be exposed. disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }} - # Configuration for Kafka/Naffka. - kafka: - # List of Kafka broker addresses to connect to. This is not needed if using - # Naffka in monolith mode. - addresses: [] + # Server notices allows server admins to send messages to all users. + server_notices: + enabled: false + # The server localpart to be used when sending notices, ensure this is not yet taken + local_part: "_server" + # The displayname to be used when sending notices + display_name: "Server alerts" + # The mxid of the avatar to use + avatar_url: "" + # The roomname to be used when creating messages + room_name: "Server Alerts" - # The prefix to use for Kafka topic names for this homeserver. Change this only if - # you are running more than one Dendrite homeserver on the same Kafka deployment. + # Configuration for NATS JetStream + jetstream: + # A list of NATS Server addresses to connect to. If none are specified, an + # internal NATS server will be started automatically when running Dendrite + # in monolith mode. It is required to specify the address of at least one + # NATS Server node if running in polylith mode. + addresses: + # - jetstream:4222 + + # Keep all NATS streams in memory, rather than persisting it to the storage + # path below. This option is present primarily for integration testing and + # should not be used on a real world Dendrite deployment. + in_memory: false + + # Persistent directory to store JetStream streams in. This directory + # should be preserved across Dendrite restarts. + storage_path: "/matrix-nats-store" + + # The prefix to use for stream names for this homeserver - really only + # useful if running more than one Dendrite on the same NATS deployment. topic_prefix: Dendrite - # Whether to use Naffka instead of Kafka. This is only available in monolith - # mode, but means that you can run a single-process server without requiring - # Kafka. - use_naffka: true - - # The max size a Kafka message is allowed to use. - # You only need to change this value, if you encounter issues with too large messages. - # Must be less than/equal to "max.message.bytes" configured in Kafka. - # Defaults to 8388608 bytes. - # max_message_bytes: 8388608 - - # Naffka database options. Not required when using Kafka. - naffka_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_naffka_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - # Configuration for Prometheus metric collection. metrics: # Whether or not Prometheus metrics are enabled. @@ -126,11 +132,6 @@ app_service_api: max_idle_conns: 2 conn_max_lifetime: -1 - # Disable the validation of TLS certificates of appservices. This is - # not recommended in production since it may allow appservice traffic - # to be sent to an unverified endpoint. - disable_tls_validation: false - # Appservice configuration files to load into this homeserver. config_files: {{ matrix_dendrite_app_service_config_files|to_json }} @@ -146,6 +147,10 @@ client_api: # using the registration shared secret below. registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }} + # Prevents new guest accounts from being created. Guest registration is also + # disabled implicitly by setting 'registration_disabled' above. + guests_disabled: true + # If set, allows registration by anyone who knows the shared secret, regardless of # whether registration is otherwise disabled. registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }} @@ -175,12 +180,6 @@ client_api: threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }} cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }} -# Configuration for the EDU server. -edu_server: - internal_api: - listen: http://0.0.0.0:7778 - connect: http://edu_server:7778 - # Configuration for the Federation API. federation_api: internal_api: @@ -188,20 +187,8 @@ federation_api: connect: http://federation_api:7772 external_api: listen: http://0.0.0.0:8072 - - # List of paths to X.509 certificates to be used by the external federation listeners. - # These certificates will be used to calculate the TLS fingerprints and other servers - # will expect the certificate to match these fingerprints. Certificates must be in PEM - # format. - federation_certificates: [] - -# Configuration for the Federation Sender. -federation_sender: - internal_api: - listen: http://0.0.0.0:7775 - connect: http://federation_sender:7775 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationsender_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationapi_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -221,6 +208,22 @@ federation_sender: host: localhost port: 8080 + # Perspective keyservers to use as a backup when direct key fetches fail. This may + # be required to satisfy key requests for servers that are no longer online when + # joining some rooms. + key_perspectives: + - server_name: matrix.org + keys: + - key_id: ed25519:auto + public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw + - key_id: ed25519:a_RXGa + public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ + + # This option will control whether Dendrite will prefer to look up keys directly + # or whether it should try perspective servers first, using direct fetches as a + # last resort. + prefer_direct_fetch: false + # Configuration for the Key Server (for end-to-end encryption). key_server: internal_api: @@ -261,15 +264,15 @@ media_api: # A list of thumbnail sizes to be generated for media content. thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 640 - height: 480 - method: scale + - width: 32 + height: 32 + method: crop + - width: 96 + height: 96 + method: crop + - width: 640 + height: 480 + method: scale # Configuration for experimental MSC's mscs: @@ -295,40 +298,13 @@ room_server: max_idle_conns: 2 conn_max_lifetime: -1 -# Configuration for the Signing Key Server (for server signing keys). -signing_key_server: - internal_api: - listen: http://0.0.0.0:7780 - connect: http://signing_key_server:7780 - database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_singingkeyserver_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Perspective keyservers to use as a backup when direct key fetches fail. This may - # be required to satisfy key requests for servers that are no longer online when - # joining some rooms. - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - - # This option will control whether Dendrite will prefer to look up keys directly - # or whether it should try perspective servers first, using direct fetches as a - # last resort. - prefer_direct_fetch: false - # Configuration for the Sync API. sync_api: internal_api: listen: http://0.0.0.0:7773 connect: http://sync_api:7773 external_api: - listen: http://0.0.0.0:8073 + listen: http://0.0.0.0:8073 database: connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_syncapi_database }}?sslmode=disable max_open_conns: 10 @@ -343,31 +319,25 @@ sync_api: # Configuration for the User API. user_api: - # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31 - # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information. - # Setting this lower makes registration/login consume less CPU resources at the cost of security - # should the database be compromised. Setting this higher makes registration/login consume more - # CPU resources but makes it harder to brute force password hashes. - # This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds) - # bcrypt_cost: 10 internal_api: listen: http://0.0.0.0:7781 connect: http://user_api:7781 account_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_account_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_userapi_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 - device_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_device_database }}?sslmode=disable + +# Configuration for the Push Server API. +push_server: + internal_api: + listen: http://localhost:7782 + connect: http://localhost:7782 + database: + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 - # The length of time that a token issued for a relying party from - # /_matrix/client/r0/user/{userId}/openid/request_token endpoint - # is considered to be valid in milliseconds. - # The default lifetime is 3600000ms (60 minutes). - # openid_token_lifetime_ms: 3600000 # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index e14734dd..e1c42cbc 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -37,6 +37,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} --mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \ --mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ + --mount type=bind,src={{ matrix_dendrite_nats_storage_path }},dst=/matrix-nats-store,bind-propagation=slave \ {% for volume in matrix_dendrite_container_additional_volumes %} -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \ {% endfor %} From a5a3769ca9ceff0a8d8616318fb687b35b82bc07 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Apr 2022 11:37:27 +0000 Subject: [PATCH 22/24] add borg backup (#1727) * add borg backup * lint fix * add exlclude patterns * missed in the #1726 fix for honoroit * feedback * Fix indentation * feedback * feedback * feedback Co-authored-by: Slavi Pantaleev --- README.md | 2 + docs/configuring-playbook-backup-borg.md | 56 +++++++++++ group_vars/matrix_servers | 21 ++++ roles/matrix-backup-borg/defaults/main.yml | 63 ++++++++++++ roles/matrix-backup-borg/tasks/init.yml | 4 + roles/matrix-backup-borg/tasks/main.yml | 23 +++++ .../tasks/setup_install.yml | 97 +++++++++++++++++++ .../tasks/setup_uninstall.yml | 41 ++++++++ .../tasks/validate_config.yml | 10 ++ .../templates/config.yaml.j2 | 32 ++++++ roles/matrix-backup-borg/templates/passwd.j2 | 29 ++++++ roles/matrix-backup-borg/templates/sshkey.j2 | 1 + .../systemd/matrix-backup-borg.service.j2 | 58 +++++++++++ .../systemd/matrix-backup-borg.timer.j2 | 10 ++ .../tasks/setup_install.yml | 2 + setup.yml | 1 + 16 files changed, 450 insertions(+) create mode 100644 docs/configuring-playbook-backup-borg.md create mode 100644 roles/matrix-backup-borg/defaults/main.yml create mode 100644 roles/matrix-backup-borg/tasks/init.yml create mode 100644 roles/matrix-backup-borg/tasks/main.yml create mode 100644 roles/matrix-backup-borg/tasks/setup_install.yml create mode 100644 roles/matrix-backup-borg/tasks/setup_uninstall.yml create mode 100644 roles/matrix-backup-borg/tasks/validate_config.yml create mode 100644 roles/matrix-backup-borg/templates/config.yaml.j2 create mode 100644 roles/matrix-backup-borg/templates/passwd.j2 create mode 100644 roles/matrix-backup-borg/templates/sshkey.j2 create mode 100644 roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 create mode 100644 roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 diff --git a/README.md b/README.md index 0e6bc51b..631dc297 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation +- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md new file mode 100644 index 00000000..7ca962c8 --- /dev/null +++ b/docs/configuring-playbook-backup-borg.md @@ -0,0 +1,56 @@ +# Setting up borg backup (optional) + +The playbook can install and configure [borgbackup](https://www.borgbackup.org/) with [borgmatic](https://torsion.org/borgmatic/) for you. +BorgBackup is a deduplicating backup program with optional compression and encryption. +That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service. + +The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day + +## Prerequisites + +1. Create ssh key on any machine: + +```bash +ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix +``` + +2. Add public part of that ssh key to your borg provider / server: + +```bash +# example to append the new PUBKEY contents, where: +# PUBKEY is path to the public key, +# USER is a ssh user on a provider / server +# HOST is a ssh host of a provider / server +cat PUBKEY | ssh USER@HOST 'dd of=.ssh/authorized_keys oflag=append conv=notrunc' +``` + +## Adjusting the playbook configuration + +Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable borg backup: + +```yaml +matrix_backup_borg_enabled: true +matrix_backup_borg_location_repositories: + - USER@HOST:REPO +matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" +matrix_backup_borg_ssh_key_private: | + PRIVATE KEY +``` + +where: + +* USER - ssh user of a provider / server +* HOST - ssh host of a provider / server +* REPO - borg repository name, it will be initialized on backup start, eg: `matrix` +* PASSPHRASE - super-secret borg passphrase, you may generate it with `pwgen -s 64 1` or use any password manager +* PRIVATE KEY - the content of the public part of the ssh key you created before + +Check the `roles/matrix-backup-borg/defaults/main.yml` for the full list of available options + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 54f0ad38..15032cab 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1095,6 +1095,27 @@ matrix_bot_mjolnir_systemd_required_services_list: | # ###################################################################### +###################################################################### +# +# matrix-backup-borg +# +###################################################################### + +matrix_backup_borg_enabled: false +matrix_backup_borg_location_source_directories: + - "{{ matrix_base_data_path }}" +matrix_backup_borg_location_exclude_patterns: | + {{ + { + 'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"], + }[matrix_homeserver_implementation] + }} + +###################################################################### +# +# /matrix-backup-borg +# +###################################################################### ###################################################################### # diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml new file mode 100644 index 00000000..c8a09f7f --- /dev/null +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -0,0 +1,63 @@ +--- +matrix_backup_borg_enabled: true + +matrix_backup_borg_container_image_self_build: false +matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic" +matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src" + +matrix_backup_borg_version: latest +matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" +matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" +matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}" + +matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" +matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_backup_borg_container_extra_arguments: [] + +# List of systemd services that matrix-backup-borg.service depends on +matrix_backup_borg_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-backup-borg.service wants +matrix_backup_borg_systemd_wanted_services_list: [] + +# systemd calendar configuration for backup job +matrix_backup_borg_schedule: "*-*-* 04:00:00" + +# what directories should be added to backup +matrix_backup_borg_location_source_directories: [] + +# target repositories +matrix_backup_borg_location_repositories: [] + +# exclude following paths: +matrix_backup_borg_location_exclude_patterns: [] + +# borg encryption mode, only repokey-* is supported +matrix_backup_borg_encryption: repokey-blake2 + +# private ssh key used to connect to the borg repo +matrix_backup_borg_ssh_key_private: "" + +# borg ssh command with ssh key +matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey + +# compression algorithm +matrix_backup_borg_storage_compression: lz4 + +# archive name format +matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}" + +# repository passphrase +matrix_backup_borg_storage_encryption_passphrase: "" + +# retention configuration +matrix_backup_borg_retention_keep_hourly: 0 +matrix_backup_borg_retention_keep_daily: 7 +matrix_backup_borg_retention_keep_weekly: 4 +matrix_backup_borg_retention_keep_monthly: 12 +matrix_backup_borg_retention_keep_yearly: 2 + +# retention prefix +matrix_backup_borg_retention_prefix: "matrix-" diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml new file mode 100644 index 00000000..0a90a2e8 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -0,0 +1,4 @@ +--- +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}" + when: matrix_backup_borg_enabled|bool diff --git a/roles/matrix-backup-borg/tasks/main.yml b/roles/matrix-backup-borg/tasks/main.yml new file mode 100644 index 00000000..0dbf54e1 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml new file mode 100644 index 00000000..f2c65a16 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -0,0 +1,97 @@ +--- +- name: Ensure borg paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_backup_borg_config_path }}", when: true} + - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure borg config is created + template: + src: "{{ role_path }}/templates/config.yaml.j2" + dest: "{{ matrix_backup_borg_config_path }}/config.yaml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure borg passwd is created + template: + src: "{{ role_path }}/templates/passwd.j2" + dest: "{{ matrix_backup_borg_config_path }}/passwd" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure borg ssh key is created + template: + src: "{{ role_path }}/templates/sshkey.j2" + dest: "{{ matrix_backup_borg_config_path }}/sshkey" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0600 + +- name: Ensure borg image is pulled + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}" + when: "not matrix_backup_borg_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure borg repository is present on self-build + git: + repo: "{{ matrix_backup_borg_docker_repo }}" + dest: "{{ matrix_backup_borg_docker_src_files_path }}" + force: "yes" + register: matrix_backup_borg_git_pull_results + when: "matrix_backup_borg_container_image_self_build|bool" + +- name: Ensure borg image is built + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + source: build + force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_backup_borg_docker_src_files_path }}" + pull: true + when: "matrix_backup_borg_container_image_self_build|bool" + +- name: Ensure matrix-backup-borg.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + mode: 0644 + register: matrix_backup_borg_systemd_service_result + +- name: Ensure matrix-backup-borg.timer installed + template: + src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" + dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + mode: 0644 + register: matrix_backup_borg_systemd_timer_result + +- name: Ensure systemd reloaded after matrix-backup-borg.service installation + service: + daemon_reload: true + when: "matrix_backup_borg_systemd_service_result.changed|bool" + +- name: Ensure matrix-backup-borg.service enabled + service: + enabled: true + name: matrix-backup-borg.service + +- name: Ensure matrix-backup-borg.timer enabled + service: + enabled: true + name: matrix-backup-borg.timer diff --git a/roles/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/matrix-backup-borg/tasks/setup_uninstall.yml new file mode 100644 index 00000000..faad44f7 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/setup_uninstall.yml @@ -0,0 +1,41 @@ +--- +- name: Check existence of matrix-backup-borg service + stat: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + register: matrix_backup_borg_service_stat + +- name: Ensure matrix-backup-borg is stopped + service: + name: matrix-backup-borg + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure matrix-backup-borg.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + state: absent + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure matrix-backup-borg.timer doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + state: absent + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-backup-borg.service removal + service: + daemon_reload: true + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure Matrix borg paths don't exist + file: + path: "{{ matrix_backup_borg_base_path }}" + state: absent + +- name: Ensure borg Docker image doesn't exist + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + state: absent diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml new file mode 100644 index 00000000..4d3fb1c8 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_backup_borg_ssh_key_private" + - "matrix_backup_borg_location_repositories" + - "matrix_backup_borg_storage_encryption_passphrase" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 new file mode 100644 index 00000000..89b6ab7d --- /dev/null +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -0,0 +1,32 @@ +#jinja2: lstrip_blocks: "True", trim_blocks: "True" + +location: + source_directories: {{ matrix_backup_borg_location_source_directories|to_json }} + repositories: {{ matrix_backup_borg_location_repositories|to_json }} + one_file_system: true + exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }} + +storage: + compression: {{ matrix_backup_borg_storage_compression }} + ssh_command: {{ matrix_backup_borg_storage_ssh_command }} + archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}' + encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }} + +retention: + keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }} + keep_daily: {{ matrix_backup_borg_retention_keep_daily }} + keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }} + keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }} + keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }} + prefix: '{{ matrix_backup_borg_retention_prefix }}' + +consistency: + checks: + - repository + - archives + +hooks: + after_backup: + - echo "Backup created." + on_error: + - echo "Error while creating a backup." diff --git a/roles/matrix-backup-borg/templates/passwd.j2 b/roles/matrix-backup-borg/templates/passwd.j2 new file mode 100644 index 00000000..d3665cf4 --- /dev/null +++ b/roles/matrix-backup-borg/templates/passwd.j2 @@ -0,0 +1,29 @@ +{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #} +root:x:0:0:root:/root:/bin/ash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/mail:/sbin/nologin +news:x:9:13:news:/usr/lib/news:/sbin/nologin +uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +man:x:13:15:man:/usr/man:/sbin/nologin +postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin +cron:x:16:16:cron:/var/spool/cron:/sbin/nologin +ftp:x:21:21::/var/lib/ftp:/sbin/nologin +sshd:x:22:22:sshd:/dev/null:/sbin/nologin +at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin +squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin +xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin +games:x:35:35:games:/usr/games:/sbin/nologin +cyrus:x:85:12::/usr/cyrus:/sbin/nologin +vpopmail:x:89:89::/var/vpopmail:/sbin/nologin +ntp:x:123:123:NTP:/var/empty:/sbin/nologin +smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin +guest:x:405:100:guest:/dev/null:/sbin/nologin +{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash +nobody:x:65534:65534:nobody:/:/sbin/nologin diff --git a/roles/matrix-backup-borg/templates/sshkey.j2 b/roles/matrix-backup-borg/templates/sshkey.j2 new file mode 100644 index 00000000..999cf38d --- /dev/null +++ b/roles/matrix-backup-borg/templates/sshkey.j2 @@ -0,0 +1 @@ +{{ matrix_backup_borg_ssh_key_private }} diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 new file mode 100644 index 00000000..977673ee --- /dev/null +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -0,0 +1,58 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Borg Backup +{% for service in matrix_backup_borg_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_backup_borg_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=oneshot +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ + --log-driver=none \ + --cap-drop=ALL \ + --read-only \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --network={{ matrix_docker_network }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ + --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ + --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_location_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} + {% for arg in matrix_backup_borg_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_backup_borg_docker_image }} \ + sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}" + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ + --log-driver=none \ + --cap-drop=ALL \ + --read-only \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --network={{ matrix_docker_network }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ + --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ + --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_location_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} + {% for arg in matrix_backup_borg_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_backup_borg_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +SyslogIdentifier=matrix-backup-borg + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 new file mode 100644 index 00000000..541d0020 --- /dev/null +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Matrix Borg Backup timer + +[Timer] +Unit=matrix-backup-borg.service +OnCalendar={{ matrix_backup_borg_schedule }} +RandomizedDelaySec=2h + +[Install] +WantedBy=timers.target diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 303c5f8b..f3ad9b63 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -43,6 +43,8 @@ template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_bot_honoroit_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 - name: Ensure honoroit image is pulled diff --git a/setup.yml b/setup.yml index 68740b4a..197d313e 100755 --- a/setup.yml +++ b/setup.yml @@ -14,6 +14,7 @@ - matrix-postgres - matrix-redis - matrix-corporal + - matrix-backup-borg - matrix-bridge-appservice-discord - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks From 627333d82bf1d9b902c44e209a7caadc20227553 Mon Sep 17 00:00:00 2001 From: Luke <19363185+mochman@users.noreply.github.com> Date: Tue, 5 Apr 2022 12:42:38 +0000 Subject: [PATCH 23/24] fix container image --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 6dab5cd6..78eacdb1 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -12,7 +12,7 @@ matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot matrix_hookshot_version: 1.3.0 -matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" +matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From db4b6efb5da80629987672a55a87c4ef370f8bcf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Apr 2022 16:08:11 +0300 Subject: [PATCH 24/24] Force self-building of matrix-hookshot on arm64 The `halfshot/matrix-hookshot` container images published to Docker Hub (as of 2022-04-05, at least) are only available for `amd64`, not for `arm64`. Self-building on arm64 is necessary. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1728 It should be noted that a `roiarthurb/matrix-hookshot` container image is available, which is available for the arm64 platform, but that's non-official and doesn't contain an amd64 build, so it's of limited use. --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 15032cab..17acd5e1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,7 +671,7 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false -matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"