Merge branch 'master' into pub.solar
This commit is contained in:
commit
12c7244203
|
@ -121,6 +121,8 @@ Using this playbook, you can get the following services configured on your serve
|
||||||
|
|
||||||
- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
|
- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
|
||||||
|
|
||||||
|
- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation
|
||||||
|
|
||||||
Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
|
Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
|
||||||
|
|
||||||
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
|
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
|
||||||
|
|
56
docs/configuring-playbook-backup-borg.md
Normal file
56
docs/configuring-playbook-backup-borg.md
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
# Setting up borg backup (optional)
|
||||||
|
|
||||||
|
The playbook can install and configure [borgbackup](https://www.borgbackup.org/) with [borgmatic](https://torsion.org/borgmatic/) for you.
|
||||||
|
BorgBackup is a deduplicating backup program with optional compression and encryption.
|
||||||
|
That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service.
|
||||||
|
|
||||||
|
The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
1. Create ssh key on any machine:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Add public part of that ssh key to your borg provider / server:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# example to append the new PUBKEY contents, where:
|
||||||
|
# PUBKEY is path to the public key,
|
||||||
|
# USER is a ssh user on a provider / server
|
||||||
|
# HOST is a ssh host of a provider / server
|
||||||
|
cat PUBKEY | ssh USER@HOST 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
|
||||||
|
```
|
||||||
|
|
||||||
|
## Adjusting the playbook configuration
|
||||||
|
|
||||||
|
Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable borg backup:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_backup_borg_enabled: true
|
||||||
|
matrix_backup_borg_location_repositories:
|
||||||
|
- USER@HOST:REPO
|
||||||
|
matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE"
|
||||||
|
matrix_backup_borg_ssh_key_private: |
|
||||||
|
PRIVATE KEY
|
||||||
|
```
|
||||||
|
|
||||||
|
where:
|
||||||
|
|
||||||
|
* USER - ssh user of a provider / server
|
||||||
|
* HOST - ssh host of a provider / server
|
||||||
|
* REPO - borg repository name, it will be initialized on backup start, eg: `matrix`
|
||||||
|
* PASSPHRASE - super-secret borg passphrase, you may generate it with `pwgen -s 64 1` or use any password manager
|
||||||
|
* PRIVATE KEY - the content of the public part of the ssh key you created before
|
||||||
|
|
||||||
|
Check the `roles/matrix-backup-borg/defaults/main.yml` for the full list of available options
|
||||||
|
|
||||||
|
## Installing
|
||||||
|
|
||||||
|
After configuring the playbook, run the [installation](installing.md) command again:
|
||||||
|
|
||||||
|
```
|
||||||
|
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||||
|
```
|
|
@ -25,6 +25,8 @@ matrix_grafana_default_admin_password: "some_strong_password_chosen_by_you"
|
||||||
|
|
||||||
By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.<your-domain>`.
|
By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.<your-domain>`.
|
||||||
|
|
||||||
|
The retention policy of Prometheus metrics is [15 days by default](https://prometheus.io/docs/prometheus/latest/storage/#operational-aspects). Older data gets deleted automatically.
|
||||||
|
|
||||||
|
|
||||||
## What does it do?
|
## What does it do?
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ List of roles where self-building the Docker image is currently possible:
|
||||||
- `matrix-dimension`
|
- `matrix-dimension`
|
||||||
- `matrix-ma1sd`
|
- `matrix-ma1sd`
|
||||||
- `matrix-mailer`
|
- `matrix-mailer`
|
||||||
|
- `matrix-bridge-hookshot`
|
||||||
- `matrix-bridge-appservice-irc`
|
- `matrix-bridge-appservice-irc`
|
||||||
- `matrix-bridge-appservice-slack`
|
- `matrix-bridge-appservice-slack`
|
||||||
- `matrix-bridge-appservice-webhooks`
|
- `matrix-bridge-appservice-webhooks`
|
||||||
|
@ -33,6 +34,7 @@ List of roles where self-building the Docker image is currently possible:
|
||||||
- `matrix-bridge-mautrix-signal`
|
- `matrix-bridge-mautrix-signal`
|
||||||
- `matrix-bridge-mautrix-whatsapp`
|
- `matrix-bridge-mautrix-whatsapp`
|
||||||
- `matrix-bridge-mx-puppet-skype`
|
- `matrix-bridge-mx-puppet-skype`
|
||||||
|
- `matrix-bridge-mx-puppet-steam`
|
||||||
- `matrix-bot-mjolnir`
|
- `matrix-bot-mjolnir`
|
||||||
- `matrix-bot-honoroit`
|
- `matrix-bot-honoroit`
|
||||||
- `matrix-bot-matrix-reminder-bot`
|
- `matrix-bot-matrix-reminder-bot`
|
||||||
|
|
|
@ -671,6 +671,8 @@ matrix_heisenbridge_systemd_wanted_services_list: |
|
||||||
# We don't enable bridges by default.
|
# We don't enable bridges by default.
|
||||||
matrix_hookshot_enabled: false
|
matrix_hookshot_enabled: false
|
||||||
|
|
||||||
|
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
|
||||||
|
|
||||||
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"
|
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"
|
||||||
|
|
||||||
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}"
|
matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}"
|
||||||
|
@ -908,7 +910,7 @@ matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_
|
||||||
# We don't enable bridges by default.
|
# We don't enable bridges by default.
|
||||||
matrix_mx_puppet_steam_enabled: false
|
matrix_mx_puppet_steam_enabled: false
|
||||||
|
|
||||||
matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
|
matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
|
||||||
|
|
||||||
matrix_mx_puppet_steam_systemd_required_services_list: |
|
matrix_mx_puppet_steam_systemd_required_services_list: |
|
||||||
{{
|
{{
|
||||||
|
@ -1093,6 +1095,27 @@ matrix_bot_mjolnir_systemd_required_services_list: |
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# matrix-backup-borg
|
||||||
|
#
|
||||||
|
######################################################################
|
||||||
|
|
||||||
|
matrix_backup_borg_enabled: false
|
||||||
|
matrix_backup_borg_location_source_directories:
|
||||||
|
- "{{ matrix_base_data_path }}"
|
||||||
|
matrix_backup_borg_location_exclude_patterns: |
|
||||||
|
{{
|
||||||
|
{
|
||||||
|
'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"],
|
||||||
|
}[matrix_homeserver_implementation]
|
||||||
|
}}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# /matrix-backup-borg
|
||||||
|
#
|
||||||
|
######################################################################
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
@ -1592,15 +1615,11 @@ matrix_postgres_additional_databases: |
|
||||||
}] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
|
}] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
|
||||||
+
|
+
|
||||||
([{
|
([{
|
||||||
'name': matrix_dendrite_naffka_database,
|
|
||||||
'username': matrix_dendrite_database_user,
|
|
||||||
'password': matrix_dendrite_database_password,
|
|
||||||
},{
|
|
||||||
'name': matrix_dendrite_appservice_database,
|
'name': matrix_dendrite_appservice_database,
|
||||||
'username': matrix_dendrite_database_user,
|
'username': matrix_dendrite_database_user,
|
||||||
'password': matrix_dendrite_database_password,
|
'password': matrix_dendrite_database_password,
|
||||||
},{
|
},{
|
||||||
'name': matrix_dendrite_federationsender_database,
|
'name': matrix_dendrite_federationapi_database,
|
||||||
'username': matrix_dendrite_database_user,
|
'username': matrix_dendrite_database_user,
|
||||||
'password': matrix_dendrite_database_password,
|
'password': matrix_dendrite_database_password,
|
||||||
},{
|
},{
|
||||||
|
@ -1615,20 +1634,16 @@ matrix_postgres_additional_databases: |
|
||||||
'name': matrix_dendrite_room_database,
|
'name': matrix_dendrite_room_database,
|
||||||
'username': matrix_dendrite_database_user,
|
'username': matrix_dendrite_database_user,
|
||||||
'password': matrix_dendrite_database_password,
|
'password': matrix_dendrite_database_password,
|
||||||
},{
|
|
||||||
'name': matrix_dendrite_singingkeyserver_database,
|
|
||||||
'username': matrix_dendrite_database_user,
|
|
||||||
'password': matrix_dendrite_database_password,
|
|
||||||
},{
|
},{
|
||||||
'name': matrix_dendrite_syncapi_database,
|
'name': matrix_dendrite_syncapi_database,
|
||||||
'username': matrix_dendrite_database_user,
|
'username': matrix_dendrite_database_user,
|
||||||
'password': matrix_dendrite_database_password,
|
'password': matrix_dendrite_database_password,
|
||||||
},{
|
},{
|
||||||
'name': matrix_dendrite_account_database,
|
'name': matrix_dendrite_userapi_database,
|
||||||
'username': matrix_dendrite_database_user,
|
'username': matrix_dendrite_database_user,
|
||||||
'password': matrix_dendrite_database_password,
|
'password': matrix_dendrite_database_password,
|
||||||
},{
|
},{
|
||||||
'name': matrix_dendrite_device_database,
|
'name': matrix_dendrite_pushserver_database,
|
||||||
'username': matrix_dendrite_database_user,
|
'username': matrix_dendrite_database_user,
|
||||||
'password': matrix_dendrite_database_password,
|
'password': matrix_dendrite_database_password,
|
||||||
},{
|
},{
|
||||||
|
|
63
roles/matrix-backup-borg/defaults/main.yml
Normal file
63
roles/matrix-backup-borg/defaults/main.yml
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
---
|
||||||
|
matrix_backup_borg_enabled: true
|
||||||
|
|
||||||
|
matrix_backup_borg_container_image_self_build: false
|
||||||
|
matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic"
|
||||||
|
matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src"
|
||||||
|
|
||||||
|
matrix_backup_borg_version: latest
|
||||||
|
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
|
||||||
|
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
|
||||||
|
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg"
|
||||||
|
matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config"
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_backup_borg_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-backup-borg.service depends on
|
||||||
|
matrix_backup_borg_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
# List of systemd services that matrix-backup-borg.service wants
|
||||||
|
matrix_backup_borg_systemd_wanted_services_list: []
|
||||||
|
|
||||||
|
# systemd calendar configuration for backup job
|
||||||
|
matrix_backup_borg_schedule: "*-*-* 04:00:00"
|
||||||
|
|
||||||
|
# what directories should be added to backup
|
||||||
|
matrix_backup_borg_location_source_directories: []
|
||||||
|
|
||||||
|
# target repositories
|
||||||
|
matrix_backup_borg_location_repositories: []
|
||||||
|
|
||||||
|
# exclude following paths:
|
||||||
|
matrix_backup_borg_location_exclude_patterns: []
|
||||||
|
|
||||||
|
# borg encryption mode, only repokey-* is supported
|
||||||
|
matrix_backup_borg_encryption: repokey-blake2
|
||||||
|
|
||||||
|
# private ssh key used to connect to the borg repo
|
||||||
|
matrix_backup_borg_ssh_key_private: ""
|
||||||
|
|
||||||
|
# borg ssh command with ssh key
|
||||||
|
matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
|
||||||
|
|
||||||
|
# compression algorithm
|
||||||
|
matrix_backup_borg_storage_compression: lz4
|
||||||
|
|
||||||
|
# archive name format
|
||||||
|
matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}"
|
||||||
|
|
||||||
|
# repository passphrase
|
||||||
|
matrix_backup_borg_storage_encryption_passphrase: ""
|
||||||
|
|
||||||
|
# retention configuration
|
||||||
|
matrix_backup_borg_retention_keep_hourly: 0
|
||||||
|
matrix_backup_borg_retention_keep_daily: 7
|
||||||
|
matrix_backup_borg_retention_keep_weekly: 4
|
||||||
|
matrix_backup_borg_retention_keep_monthly: 12
|
||||||
|
matrix_backup_borg_retention_keep_yearly: 2
|
||||||
|
|
||||||
|
# retention prefix
|
||||||
|
matrix_backup_borg_retention_prefix: "matrix-"
|
4
roles/matrix-backup-borg/tasks/init.yml
Normal file
4
roles/matrix-backup-borg/tasks/init.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
- set_fact:
|
||||||
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}"
|
||||||
|
when: matrix_backup_borg_enabled|bool
|
23
roles/matrix-backup-borg/tasks/main.yml
Normal file
23
roles/matrix-backup-borg/tasks/main.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
when: "run_setup|bool and matrix_backup_borg_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-backup-borg
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
|
when: "run_setup|bool and matrix_backup_borg_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-backup-borg
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
|
when: "run_setup|bool and not matrix_backup_borg_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-backup-borg
|
97
roles/matrix-backup-borg/tasks/setup_install.yml
Normal file
97
roles/matrix-backup-borg/tasks/setup_install.yml
Normal file
|
@ -0,0 +1,97 @@
|
||||||
|
---
|
||||||
|
- name: Ensure borg paths exist
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_backup_borg_config_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true}
|
||||||
|
when: "item.when|bool"
|
||||||
|
|
||||||
|
- name: Ensure borg config is created
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/config.yaml.j2"
|
||||||
|
dest: "{{ matrix_backup_borg_config_path }}/config.yaml"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Ensure borg passwd is created
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/passwd.j2"
|
||||||
|
dest: "{{ matrix_backup_borg_config_path }}/passwd"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Ensure borg ssh key is created
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/sshkey.j2"
|
||||||
|
dest: "{{ matrix_backup_borg_config_path }}/sshkey"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
|
- name: Ensure borg image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_backup_borg_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}"
|
||||||
|
when: "not matrix_backup_borg_container_image_self_build|bool"
|
||||||
|
register: result
|
||||||
|
retries: "{{ matrix_container_retries_count }}"
|
||||||
|
delay: "{{ matrix_container_retries_delay }}"
|
||||||
|
until: result is not failed
|
||||||
|
|
||||||
|
- name: Ensure borg repository is present on self-build
|
||||||
|
git:
|
||||||
|
repo: "{{ matrix_backup_borg_docker_repo }}"
|
||||||
|
dest: "{{ matrix_backup_borg_docker_src_files_path }}"
|
||||||
|
force: "yes"
|
||||||
|
register: matrix_backup_borg_git_pull_results
|
||||||
|
when: "matrix_backup_borg_container_image_self_build|bool"
|
||||||
|
|
||||||
|
- name: Ensure borg image is built
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_backup_borg_docker_image }}"
|
||||||
|
source: build
|
||||||
|
force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
|
||||||
|
build:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
path: "{{ matrix_backup_borg_docker_src_files_path }}"
|
||||||
|
pull: true
|
||||||
|
when: "matrix_backup_borg_container_image_self_build|bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2"
|
||||||
|
dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_backup_borg_systemd_service_result
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.timer installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
|
||||||
|
dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_backup_borg_systemd_timer_result
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-backup-borg.service installation
|
||||||
|
service:
|
||||||
|
daemon_reload: true
|
||||||
|
when: "matrix_backup_borg_systemd_service_result.changed|bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.service enabled
|
||||||
|
service:
|
||||||
|
enabled: true
|
||||||
|
name: matrix-backup-borg.service
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.timer enabled
|
||||||
|
service:
|
||||||
|
enabled: true
|
||||||
|
name: matrix-backup-borg.timer
|
41
roles/matrix-backup-borg/tasks/setup_uninstall.yml
Normal file
41
roles/matrix-backup-borg/tasks/setup_uninstall.yml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
- name: Check existence of matrix-backup-borg service
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
|
||||||
|
register: matrix_backup_borg_service_stat
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-backup-borg
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
daemon_reload: true
|
||||||
|
register: stopping_result
|
||||||
|
when: "matrix_backup_borg_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
|
||||||
|
state: absent
|
||||||
|
when: "matrix_backup_borg_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
|
- name: Ensure matrix-backup-borg.timer doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
|
||||||
|
state: absent
|
||||||
|
when: "matrix_backup_borg_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-backup-borg.service removal
|
||||||
|
service:
|
||||||
|
daemon_reload: true
|
||||||
|
when: "matrix_backup_borg_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
|
- name: Ensure Matrix borg paths don't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_backup_borg_base_path }}"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Ensure borg Docker image doesn't exist
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_backup_borg_docker_image }}"
|
||||||
|
state: absent
|
10
roles/matrix-backup-borg/tasks/validate_config.yml
Normal file
10
roles/matrix-backup-borg/tasks/validate_config.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Fail if required settings not defined
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
You need to define a required configuration setting (`{{ item }}`).
|
||||||
|
when: "vars[item] == ''"
|
||||||
|
with_items:
|
||||||
|
- "matrix_backup_borg_ssh_key_private"
|
||||||
|
- "matrix_backup_borg_location_repositories"
|
||||||
|
- "matrix_backup_borg_storage_encryption_passphrase"
|
32
roles/matrix-backup-borg/templates/config.yaml.j2
Normal file
32
roles/matrix-backup-borg/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
#jinja2: lstrip_blocks: "True", trim_blocks: "True"
|
||||||
|
|
||||||
|
location:
|
||||||
|
source_directories: {{ matrix_backup_borg_location_source_directories|to_json }}
|
||||||
|
repositories: {{ matrix_backup_borg_location_repositories|to_json }}
|
||||||
|
one_file_system: true
|
||||||
|
exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }}
|
||||||
|
|
||||||
|
storage:
|
||||||
|
compression: {{ matrix_backup_borg_storage_compression }}
|
||||||
|
ssh_command: {{ matrix_backup_borg_storage_ssh_command }}
|
||||||
|
archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}'
|
||||||
|
encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }}
|
||||||
|
|
||||||
|
retention:
|
||||||
|
keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }}
|
||||||
|
keep_daily: {{ matrix_backup_borg_retention_keep_daily }}
|
||||||
|
keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }}
|
||||||
|
keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }}
|
||||||
|
keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }}
|
||||||
|
prefix: '{{ matrix_backup_borg_retention_prefix }}'
|
||||||
|
|
||||||
|
consistency:
|
||||||
|
checks:
|
||||||
|
- repository
|
||||||
|
- archives
|
||||||
|
|
||||||
|
hooks:
|
||||||
|
after_backup:
|
||||||
|
- echo "Backup created."
|
||||||
|
on_error:
|
||||||
|
- echo "Error while creating a backup."
|
29
roles/matrix-backup-borg/templates/passwd.j2
Normal file
29
roles/matrix-backup-borg/templates/passwd.j2
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #}
|
||||||
|
root:x:0:0:root:/root:/bin/ash
|
||||||
|
bin:x:1:1:bin:/bin:/sbin/nologin
|
||||||
|
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
||||||
|
adm:x:3:4:adm:/var/adm:/sbin/nologin
|
||||||
|
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
|
||||||
|
sync:x:5:0:sync:/sbin:/bin/sync
|
||||||
|
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
||||||
|
halt:x:7:0:halt:/sbin:/sbin/halt
|
||||||
|
mail:x:8:12:mail:/var/mail:/sbin/nologin
|
||||||
|
news:x:9:13:news:/usr/lib/news:/sbin/nologin
|
||||||
|
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
|
||||||
|
operator:x:11:0:operator:/root:/sbin/nologin
|
||||||
|
man:x:13:15:man:/usr/man:/sbin/nologin
|
||||||
|
postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
|
||||||
|
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
|
||||||
|
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
|
||||||
|
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
|
||||||
|
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
|
||||||
|
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
|
||||||
|
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
|
||||||
|
games:x:35:35:games:/usr/games:/sbin/nologin
|
||||||
|
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
|
||||||
|
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
|
||||||
|
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
|
||||||
|
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
|
||||||
|
guest:x:405:100:guest:/dev/null:/sbin/nologin
|
||||||
|
{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash
|
||||||
|
nobody:x:65534:65534:nobody:/:/sbin/nologin
|
1
roles/matrix-backup-borg/templates/sshkey.j2
Normal file
1
roles/matrix-backup-borg/templates/sshkey.j2
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{{ matrix_backup_borg_ssh_key_private }}
|
|
@ -0,0 +1,58 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix Borg Backup
|
||||||
|
{% for service in matrix_backup_borg_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for service in matrix_backup_borg_systemd_wanted_services_list %}
|
||||||
|
Wants={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
DefaultDependencies=no
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||||
|
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null'
|
||||||
|
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null'
|
||||||
|
ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
|
||||||
|
--log-driver=none \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--read-only \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
|
||||||
|
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
|
||||||
|
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
|
||||||
|
{% for source in matrix_backup_borg_location_source_directories %}
|
||||||
|
--mount type=bind,src={{ source }},dst={{ source }},ro \
|
||||||
|
{% endfor %}
|
||||||
|
{% for arg in matrix_backup_borg_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_backup_borg_docker_image }} \
|
||||||
|
sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}"
|
||||||
|
|
||||||
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
|
||||||
|
--log-driver=none \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--read-only \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \
|
||||||
|
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
|
||||||
|
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \
|
||||||
|
{% for source in matrix_backup_borg_location_source_directories %}
|
||||||
|
--mount type=bind,src={{ source }},dst={{ source }},ro \
|
||||||
|
{% endfor %}
|
||||||
|
{% for arg in matrix_backup_borg_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_backup_borg_docker_image }}
|
||||||
|
|
||||||
|
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null'
|
||||||
|
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null'
|
||||||
|
SyslogIdentifier=matrix-backup-borg
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,10 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix Borg Backup timer
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
Unit=matrix-backup-borg.service
|
||||||
|
OnCalendar={{ matrix_backup_borg_schedule }}
|
||||||
|
RandomizedDelaySec=2h
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
|
@ -43,6 +43,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/env.j2"
|
src: "{{ role_path }}/templates/env.j2"
|
||||||
dest: "{{ matrix_bot_honoroit_config_path }}/env"
|
dest: "{{ matrix_bot_honoroit_config_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
|
|
||||||
- name: Ensure honoroit image is pulled
|
- name: Ensure honoroit image is pulled
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
matrix_bot_mjolnir_enabled: true
|
matrix_bot_mjolnir_enabled: true
|
||||||
|
|
||||||
matrix_bot_mjolnir_version: "v1.3.2"
|
matrix_bot_mjolnir_version: "v1.4.1"
|
||||||
|
|
||||||
matrix_bot_mjolnir_container_image_self_build: false
|
matrix_bot_mjolnir_container_image_self_build: false
|
||||||
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
|
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
|
||||||
|
|
|
@ -5,12 +5,21 @@
|
||||||
|
|
||||||
matrix_hookshot_enabled: true
|
matrix_hookshot_enabled: true
|
||||||
|
|
||||||
matrix_hookshot_version: 1.2.0
|
|
||||||
matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
|
matrix_hookshot_container_image_self_build: false
|
||||||
|
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
|
||||||
|
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
|
||||||
|
|
||||||
|
matrix_hookshot_version: 1.3.0
|
||||||
|
|
||||||
|
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
|
||||||
|
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}"
|
matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot"
|
matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot"
|
||||||
|
|
||||||
|
matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-src"
|
||||||
|
|
||||||
matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}"
|
matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}"
|
||||||
matrix_hookshot_container_url: 'matrix-hookshot'
|
matrix_hookshot_container_url: 'matrix-hookshot'
|
||||||
|
|
||||||
|
|
|
@ -2,26 +2,50 @@
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
|
- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
|
||||||
|
|
||||||
|
- name: Ensure hookshot paths exist
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- {path: "{{ matrix_hookshot_base_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"}
|
||||||
|
when: item.when|bool
|
||||||
|
|
||||||
- name: Ensure hookshot image is pulled
|
- name: Ensure hookshot image is pulled
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ matrix_hookshot_docker_image }}"
|
name: "{{ matrix_hookshot_docker_image }}"
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}"
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}"
|
||||||
|
when: not matrix_hookshot_container_image_self_build
|
||||||
register: result
|
register: result
|
||||||
retries: "{{ matrix_container_retries_count }}"
|
retries: "{{ matrix_container_retries_count }}"
|
||||||
delay: "{{ matrix_container_retries_delay }}"
|
delay: "{{ matrix_container_retries_delay }}"
|
||||||
until: result is not failed
|
until: result is not failed
|
||||||
|
|
||||||
- name: Ensure hookshot paths exist
|
- name: Ensure hookshot repository is present on self-build
|
||||||
file:
|
git:
|
||||||
path: "{{ item }}"
|
repo: "{{ matrix_hookshot_container_image_self_build_repo }}"
|
||||||
state: directory
|
dest: "{{ matrix_hookshot_docker_src_files_path }}"
|
||||||
mode: 0750
|
version: "{{ matrix_hookshot_container_image_self_build_branch }}"
|
||||||
owner: "{{ matrix_user_username }}"
|
force: "yes"
|
||||||
group: "{{ matrix_user_groupname }}"
|
register: matrix_hookshot_git_pull_results
|
||||||
with_items:
|
when: "matrix_hookshot_container_image_self_build|bool"
|
||||||
- "{{ matrix_hookshot_base_path }}"
|
|
||||||
|
- name: Ensure hookshot Docker image is built
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_hookshot_docker_image }}"
|
||||||
|
source: build
|
||||||
|
force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_git_pull_results.changed }}"
|
||||||
|
build:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
path: "{{ matrix_hookshot_docker_src_files_path }}"
|
||||||
|
pull: true
|
||||||
|
when: "matrix_hookshot_container_image_self_build|bool"
|
||||||
|
|
||||||
- name: Check if hookshot passkey exists
|
- name: Check if hookshot passkey exists
|
||||||
stat:
|
stat:
|
||||||
|
|
|
@ -106,7 +106,9 @@ bridge:
|
||||||
# If using this for other servers than the bridge's server,
|
# If using this for other servers than the bridge's server,
|
||||||
# you must also set the URL in the double_puppet_server_map.
|
# you must also set the URL in the double_puppet_server_map.
|
||||||
login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }}
|
login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }}
|
||||||
presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }}
|
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
|
||||||
|
# so it might be more suspicious to Facebook.
|
||||||
|
presence_from_facebook: {{ matrix_mautrix_facebook_bridge_presence|to_json }}
|
||||||
# Whether or not to update avatars when syncing all contacts at startup.
|
# Whether or not to update avatars when syncing all contacts at startup.
|
||||||
update_avatar_initial_sync: true
|
update_avatar_initial_sync: true
|
||||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||||
|
|
|
@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true
|
||||||
matrix_mautrix_googlechat_container_image_self_build: false
|
matrix_mautrix_googlechat_container_image_self_build: false
|
||||||
matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
|
matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git"
|
||||||
|
|
||||||
matrix_mautrix_googlechat_version: latest
|
matrix_mautrix_googlechat_version: v0.3.1
|
||||||
# See: https://mau.dev/mautrix/googlechat/container_registry
|
# See: https://mau.dev/mautrix/googlechat/container_registry
|
||||||
matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
|
matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
|
||||||
matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
|
matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
matrix_mx_puppet_steam_enabled: true
|
matrix_mx_puppet_steam_enabled: true
|
||||||
|
|
||||||
matrix_mx_puppet_steam_container_image_self_build: false
|
matrix_mx_puppet_steam_container_image_self_build: false
|
||||||
matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git"
|
matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git"
|
||||||
|
|
||||||
# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
|
# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
|
||||||
#
|
#
|
||||||
|
|
|
@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
|
||||||
# - https://github.com/vector-im/element-web/issues/19544
|
# - https://github.com/vector-im/element-web/issues/19544
|
||||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||||
|
|
||||||
matrix_client_element_version: v1.10.7
|
matrix_client_element_version: v1.10.8
|
||||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -6,13 +6,14 @@ matrix_dendrite_enabled: true
|
||||||
|
|
||||||
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
|
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
|
||||||
matrix_dendrite_docker_image_name_prefix: "docker.io/"
|
matrix_dendrite_docker_image_name_prefix: "docker.io/"
|
||||||
matrix_dendrite_docker_image_tag: "v0.5.1"
|
matrix_dendrite_docker_image_tag: "v0.7.0"
|
||||||
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
|
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
|
||||||
matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config"
|
matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config"
|
||||||
matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage"
|
matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage"
|
||||||
matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store"
|
matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store"
|
||||||
|
matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats"
|
||||||
matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"
|
matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext"
|
||||||
|
|
||||||
# By default, we make Dendrite only serve HTTP (not HTTPS).
|
# By default, we make Dendrite only serve HTTP (not HTTPS).
|
||||||
|
@ -114,16 +115,14 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:
|
||||||
matrix_dendrite_database_hostname: "matrix-postgres"
|
matrix_dendrite_database_hostname: "matrix-postgres"
|
||||||
matrix_dendrite_database_user: "dendrite"
|
matrix_dendrite_database_user: "dendrite"
|
||||||
matrix_dendrite_database_password: "itsasecret"
|
matrix_dendrite_database_password: "itsasecret"
|
||||||
matrix_dendrite_naffka_database: "dendrite_naffka"
|
|
||||||
matrix_dendrite_appservice_database: "dendrite_appservice"
|
matrix_dendrite_appservice_database: "dendrite_appservice"
|
||||||
matrix_dendrite_federationsender_database: "dendrite_federationsender"
|
matrix_dendrite_federationapi_database: "dendrite_federationapi"
|
||||||
matrix_dendrite_keyserver_database: "dendrite_keyserver"
|
matrix_dendrite_keyserver_database: "dendrite_keyserver"
|
||||||
matrix_dendrite_mediaapi_database: "dendrite_mediaapi"
|
matrix_dendrite_mediaapi_database: "dendrite_mediaapi"
|
||||||
matrix_dendrite_room_database: "dendrite_room"
|
matrix_dendrite_room_database: "dendrite_room"
|
||||||
matrix_dendrite_singingkeyserver_database: "dendrite_sigingkeyserver"
|
|
||||||
matrix_dendrite_syncapi_database: "dendrite_syncapi"
|
matrix_dendrite_syncapi_database: "dendrite_syncapi"
|
||||||
matrix_dendrite_account_database: "dendrite_account"
|
matrix_dendrite_userapi_database: "dendrite_userapi"
|
||||||
matrix_dendrite_device_database: "dendrite_device"
|
matrix_dendrite_pushserver_database: "dendrite_pushserver"
|
||||||
matrix_dendrite_mscs_database: "dendrite_mscs"
|
matrix_dendrite_mscs_database: "dendrite_mscs"
|
||||||
|
|
||||||
matrix_dendrite_turn_uris: []
|
matrix_dendrite_turn_uris: []
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- {path: "{{ matrix_dendrite_config_dir_path }}", when: true}
|
- {path: "{{ matrix_dendrite_config_dir_path }}", when: true}
|
||||||
- {path: "{{ matrix_dendrite_ext_path }}", when: true}
|
- {path: "{{ matrix_dendrite_ext_path }}", when: true}
|
||||||
|
- {path: "{{ matrix_dendrite_nats_storage_path }}", when: true}
|
||||||
when: "matrix_dendrite_enabled|bool and item.when"
|
when: "matrix_dendrite_enabled|bool and item.when"
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml"
|
- import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml"
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
# connection can be idle in seconds - a negative value is unlimited.
|
# connection can be idle in seconds - a negative value is unlimited.
|
||||||
|
|
||||||
# The version of the configuration file.
|
# The version of the configuration file.
|
||||||
version: 1
|
version: 2
|
||||||
|
|
||||||
# Global Matrix configuration. This configuration applies to all components.
|
# Global Matrix configuration. This configuration applies to all components.
|
||||||
global:
|
global:
|
||||||
|
@ -66,34 +66,40 @@ global:
|
||||||
# to other servers and the federation API will not be exposed.
|
# to other servers and the federation API will not be exposed.
|
||||||
disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }}
|
disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }}
|
||||||
|
|
||||||
# Configuration for Kafka/Naffka.
|
# Server notices allows server admins to send messages to all users.
|
||||||
kafka:
|
server_notices:
|
||||||
# List of Kafka broker addresses to connect to. This is not needed if using
|
enabled: false
|
||||||
# Naffka in monolith mode.
|
# The server localpart to be used when sending notices, ensure this is not yet taken
|
||||||
addresses: []
|
local_part: "_server"
|
||||||
|
# The displayname to be used when sending notices
|
||||||
|
display_name: "Server alerts"
|
||||||
|
# The mxid of the avatar to use
|
||||||
|
avatar_url: ""
|
||||||
|
# The roomname to be used when creating messages
|
||||||
|
room_name: "Server Alerts"
|
||||||
|
|
||||||
# The prefix to use for Kafka topic names for this homeserver. Change this only if
|
# Configuration for NATS JetStream
|
||||||
# you are running more than one Dendrite homeserver on the same Kafka deployment.
|
jetstream:
|
||||||
|
# A list of NATS Server addresses to connect to. If none are specified, an
|
||||||
|
# internal NATS server will be started automatically when running Dendrite
|
||||||
|
# in monolith mode. It is required to specify the address of at least one
|
||||||
|
# NATS Server node if running in polylith mode.
|
||||||
|
addresses:
|
||||||
|
# - jetstream:4222
|
||||||
|
|
||||||
|
# Keep all NATS streams in memory, rather than persisting it to the storage
|
||||||
|
# path below. This option is present primarily for integration testing and
|
||||||
|
# should not be used on a real world Dendrite deployment.
|
||||||
|
in_memory: false
|
||||||
|
|
||||||
|
# Persistent directory to store JetStream streams in. This directory
|
||||||
|
# should be preserved across Dendrite restarts.
|
||||||
|
storage_path: "/matrix-nats-store"
|
||||||
|
|
||||||
|
# The prefix to use for stream names for this homeserver - really only
|
||||||
|
# useful if running more than one Dendrite on the same NATS deployment.
|
||||||
topic_prefix: Dendrite
|
topic_prefix: Dendrite
|
||||||
|
|
||||||
# Whether to use Naffka instead of Kafka. This is only available in monolith
|
|
||||||
# mode, but means that you can run a single-process server without requiring
|
|
||||||
# Kafka.
|
|
||||||
use_naffka: true
|
|
||||||
|
|
||||||
# The max size a Kafka message is allowed to use.
|
|
||||||
# You only need to change this value, if you encounter issues with too large messages.
|
|
||||||
# Must be less than/equal to "max.message.bytes" configured in Kafka.
|
|
||||||
# Defaults to 8388608 bytes.
|
|
||||||
# max_message_bytes: 8388608
|
|
||||||
|
|
||||||
# Naffka database options. Not required when using Kafka.
|
|
||||||
naffka_database:
|
|
||||||
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_naffka_database }}?sslmode=disable
|
|
||||||
max_open_conns: 10
|
|
||||||
max_idle_conns: 2
|
|
||||||
conn_max_lifetime: -1
|
|
||||||
|
|
||||||
# Configuration for Prometheus metric collection.
|
# Configuration for Prometheus metric collection.
|
||||||
metrics:
|
metrics:
|
||||||
# Whether or not Prometheus metrics are enabled.
|
# Whether or not Prometheus metrics are enabled.
|
||||||
|
@ -126,11 +132,6 @@ app_service_api:
|
||||||
max_idle_conns: 2
|
max_idle_conns: 2
|
||||||
conn_max_lifetime: -1
|
conn_max_lifetime: -1
|
||||||
|
|
||||||
# Disable the validation of TLS certificates of appservices. This is
|
|
||||||
# not recommended in production since it may allow appservice traffic
|
|
||||||
# to be sent to an unverified endpoint.
|
|
||||||
disable_tls_validation: false
|
|
||||||
|
|
||||||
# Appservice configuration files to load into this homeserver.
|
# Appservice configuration files to load into this homeserver.
|
||||||
config_files: {{ matrix_dendrite_app_service_config_files|to_json }}
|
config_files: {{ matrix_dendrite_app_service_config_files|to_json }}
|
||||||
|
|
||||||
|
@ -146,6 +147,10 @@ client_api:
|
||||||
# using the registration shared secret below.
|
# using the registration shared secret below.
|
||||||
registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }}
|
registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }}
|
||||||
|
|
||||||
|
# Prevents new guest accounts from being created. Guest registration is also
|
||||||
|
# disabled implicitly by setting 'registration_disabled' above.
|
||||||
|
guests_disabled: true
|
||||||
|
|
||||||
# If set, allows registration by anyone who knows the shared secret, regardless of
|
# If set, allows registration by anyone who knows the shared secret, regardless of
|
||||||
# whether registration is otherwise disabled.
|
# whether registration is otherwise disabled.
|
||||||
registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }}
|
registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }}
|
||||||
|
@ -175,12 +180,6 @@ client_api:
|
||||||
threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }}
|
threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }}
|
||||||
cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }}
|
cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }}
|
||||||
|
|
||||||
# Configuration for the EDU server.
|
|
||||||
edu_server:
|
|
||||||
internal_api:
|
|
||||||
listen: http://0.0.0.0:7778
|
|
||||||
connect: http://edu_server:7778
|
|
||||||
|
|
||||||
# Configuration for the Federation API.
|
# Configuration for the Federation API.
|
||||||
federation_api:
|
federation_api:
|
||||||
internal_api:
|
internal_api:
|
||||||
|
@ -188,20 +187,8 @@ federation_api:
|
||||||
connect: http://federation_api:7772
|
connect: http://federation_api:7772
|
||||||
external_api:
|
external_api:
|
||||||
listen: http://0.0.0.0:8072
|
listen: http://0.0.0.0:8072
|
||||||
|
|
||||||
# List of paths to X.509 certificates to be used by the external federation listeners.
|
|
||||||
# These certificates will be used to calculate the TLS fingerprints and other servers
|
|
||||||
# will expect the certificate to match these fingerprints. Certificates must be in PEM
|
|
||||||
# format.
|
|
||||||
federation_certificates: []
|
|
||||||
|
|
||||||
# Configuration for the Federation Sender.
|
|
||||||
federation_sender:
|
|
||||||
internal_api:
|
|
||||||
listen: http://0.0.0.0:7775
|
|
||||||
connect: http://federation_sender:7775
|
|
||||||
database:
|
database:
|
||||||
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationsender_database }}?sslmode=disable
|
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationapi_database }}?sslmode=disable
|
||||||
max_open_conns: 10
|
max_open_conns: 10
|
||||||
max_idle_conns: 2
|
max_idle_conns: 2
|
||||||
conn_max_lifetime: -1
|
conn_max_lifetime: -1
|
||||||
|
@ -221,6 +208,22 @@ federation_sender:
|
||||||
host: localhost
|
host: localhost
|
||||||
port: 8080
|
port: 8080
|
||||||
|
|
||||||
|
# Perspective keyservers to use as a backup when direct key fetches fail. This may
|
||||||
|
# be required to satisfy key requests for servers that are no longer online when
|
||||||
|
# joining some rooms.
|
||||||
|
key_perspectives:
|
||||||
|
- server_name: matrix.org
|
||||||
|
keys:
|
||||||
|
- key_id: ed25519:auto
|
||||||
|
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
|
||||||
|
- key_id: ed25519:a_RXGa
|
||||||
|
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
|
||||||
|
|
||||||
|
# This option will control whether Dendrite will prefer to look up keys directly
|
||||||
|
# or whether it should try perspective servers first, using direct fetches as a
|
||||||
|
# last resort.
|
||||||
|
prefer_direct_fetch: false
|
||||||
|
|
||||||
# Configuration for the Key Server (for end-to-end encryption).
|
# Configuration for the Key Server (for end-to-end encryption).
|
||||||
key_server:
|
key_server:
|
||||||
internal_api:
|
internal_api:
|
||||||
|
@ -261,15 +264,15 @@ media_api:
|
||||||
|
|
||||||
# A list of thumbnail sizes to be generated for media content.
|
# A list of thumbnail sizes to be generated for media content.
|
||||||
thumbnail_sizes:
|
thumbnail_sizes:
|
||||||
- width: 32
|
- width: 32
|
||||||
height: 32
|
height: 32
|
||||||
method: crop
|
method: crop
|
||||||
- width: 96
|
- width: 96
|
||||||
height: 96
|
height: 96
|
||||||
method: crop
|
method: crop
|
||||||
- width: 640
|
- width: 640
|
||||||
height: 480
|
height: 480
|
||||||
method: scale
|
method: scale
|
||||||
|
|
||||||
# Configuration for experimental MSC's
|
# Configuration for experimental MSC's
|
||||||
mscs:
|
mscs:
|
||||||
|
@ -295,40 +298,13 @@ room_server:
|
||||||
max_idle_conns: 2
|
max_idle_conns: 2
|
||||||
conn_max_lifetime: -1
|
conn_max_lifetime: -1
|
||||||
|
|
||||||
# Configuration for the Signing Key Server (for server signing keys).
|
|
||||||
signing_key_server:
|
|
||||||
internal_api:
|
|
||||||
listen: http://0.0.0.0:7780
|
|
||||||
connect: http://signing_key_server:7780
|
|
||||||
database:
|
|
||||||
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_singingkeyserver_database }}?sslmode=disable
|
|
||||||
max_open_conns: 10
|
|
||||||
max_idle_conns: 2
|
|
||||||
conn_max_lifetime: -1
|
|
||||||
|
|
||||||
# Perspective keyservers to use as a backup when direct key fetches fail. This may
|
|
||||||
# be required to satisfy key requests for servers that are no longer online when
|
|
||||||
# joining some rooms.
|
|
||||||
key_perspectives:
|
|
||||||
- server_name: matrix.org
|
|
||||||
keys:
|
|
||||||
- key_id: ed25519:auto
|
|
||||||
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
|
|
||||||
- key_id: ed25519:a_RXGa
|
|
||||||
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
|
|
||||||
|
|
||||||
# This option will control whether Dendrite will prefer to look up keys directly
|
|
||||||
# or whether it should try perspective servers first, using direct fetches as a
|
|
||||||
# last resort.
|
|
||||||
prefer_direct_fetch: false
|
|
||||||
|
|
||||||
# Configuration for the Sync API.
|
# Configuration for the Sync API.
|
||||||
sync_api:
|
sync_api:
|
||||||
internal_api:
|
internal_api:
|
||||||
listen: http://0.0.0.0:7773
|
listen: http://0.0.0.0:7773
|
||||||
connect: http://sync_api:7773
|
connect: http://sync_api:7773
|
||||||
external_api:
|
external_api:
|
||||||
listen: http://0.0.0.0:8073
|
listen: http://0.0.0.0:8073
|
||||||
database:
|
database:
|
||||||
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_syncapi_database }}?sslmode=disable
|
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_syncapi_database }}?sslmode=disable
|
||||||
max_open_conns: 10
|
max_open_conns: 10
|
||||||
|
@ -343,31 +319,25 @@ sync_api:
|
||||||
|
|
||||||
# Configuration for the User API.
|
# Configuration for the User API.
|
||||||
user_api:
|
user_api:
|
||||||
# The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31
|
|
||||||
# See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information.
|
|
||||||
# Setting this lower makes registration/login consume less CPU resources at the cost of security
|
|
||||||
# should the database be compromised. Setting this higher makes registration/login consume more
|
|
||||||
# CPU resources but makes it harder to brute force password hashes.
|
|
||||||
# This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds)
|
|
||||||
# bcrypt_cost: 10
|
|
||||||
internal_api:
|
internal_api:
|
||||||
listen: http://0.0.0.0:7781
|
listen: http://0.0.0.0:7781
|
||||||
connect: http://user_api:7781
|
connect: http://user_api:7781
|
||||||
account_database:
|
account_database:
|
||||||
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_account_database }}?sslmode=disable
|
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_userapi_database }}?sslmode=disable
|
||||||
max_open_conns: 10
|
max_open_conns: 10
|
||||||
max_idle_conns: 2
|
max_idle_conns: 2
|
||||||
conn_max_lifetime: -1
|
conn_max_lifetime: -1
|
||||||
device_database:
|
|
||||||
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_device_database }}?sslmode=disable
|
# Configuration for the Push Server API.
|
||||||
|
push_server:
|
||||||
|
internal_api:
|
||||||
|
listen: http://localhost:7782
|
||||||
|
connect: http://localhost:7782
|
||||||
|
database:
|
||||||
|
connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable
|
||||||
max_open_conns: 10
|
max_open_conns: 10
|
||||||
max_idle_conns: 2
|
max_idle_conns: 2
|
||||||
conn_max_lifetime: -1
|
conn_max_lifetime: -1
|
||||||
# The length of time that a token issued for a relying party from
|
|
||||||
# /_matrix/client/r0/user/{userId}/openid/request_token endpoint
|
|
||||||
# is considered to be valid in milliseconds.
|
|
||||||
# The default lifetime is 3600000ms (60 minutes).
|
|
||||||
# openid_token_lifetime_ms: 3600000
|
|
||||||
|
|
||||||
# Configuration for Opentracing.
|
# Configuration for Opentracing.
|
||||||
# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on
|
# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on
|
||||||
|
|
|
@ -37,6 +37,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
--mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \
|
--mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \
|
||||||
--mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
|
--mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
|
||||||
|
--mount type=bind,src={{ matrix_dendrite_nats_storage_path }},dst=/matrix-nats-store,bind-propagation=slave \
|
||||||
{% for volume in matrix_dendrite_container_additional_volumes %}
|
{% for volume in matrix_dendrite_container_additional_volumes %}
|
||||||
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -32,6 +32,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/jicofo/env.j2"
|
src: "{{ role_path }}/templates/jicofo/env.j2"
|
||||||
dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
|
dest: "{{ matrix_jitsi_jicofo_base_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when: matrix_jitsi_enabled|bool
|
when: matrix_jitsi_enabled|bool
|
||||||
|
|
||||||
|
@ -39,6 +41,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
|
src: "{{ role_path }}/templates/jicofo/{{ item }}.j2"
|
||||||
dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
|
dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
with_items:
|
||||||
- sip-communicator.properties
|
- sip-communicator.properties
|
||||||
|
|
|
@ -32,6 +32,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
|
src: "{{ role_path }}/templates/jvb/{{ item }}.j2"
|
||||||
dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
|
dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
with_items:
|
||||||
- custom-sip-communicator.properties
|
- custom-sip-communicator.properties
|
||||||
|
@ -42,6 +44,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/jvb/env.j2"
|
src: "{{ role_path }}/templates/jvb/env.j2"
|
||||||
dest: "{{ matrix_jitsi_jvb_base_path }}/env"
|
dest: "{{ matrix_jitsi_jvb_base_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when: matrix_jitsi_enabled|bool
|
when: matrix_jitsi_enabled|bool
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/prosody/env.j2"
|
src: "{{ role_path }}/templates/prosody/env.j2"
|
||||||
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
|
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when: matrix_jitsi_enabled|bool
|
when: matrix_jitsi_enabled|bool
|
||||||
|
|
||||||
|
|
|
@ -34,6 +34,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/web/env.j2"
|
src: "{{ role_path }}/templates/web/env.j2"
|
||||||
dest: "{{ matrix_jitsi_web_base_path }}/env"
|
dest: "{{ matrix_jitsi_web_base_path }}/env"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when: matrix_jitsi_enabled|bool
|
when: matrix_jitsi_enabled|bool
|
||||||
|
|
||||||
|
@ -41,6 +43,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/web/{{ item }}.j2"
|
src: "{{ role_path }}/templates/web/{{ item }}.j2"
|
||||||
dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
|
dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
with_items:
|
||||||
- custom-config.js
|
- custom-config.js
|
||||||
|
|
|
@ -41,6 +41,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/{{ item }}.j2"
|
src: "{{ role_path }}/templates/{{ item }}.j2"
|
||||||
dest: "{{ matrix_postgres_backup_path }}/{{ item }}"
|
dest: "{{ matrix_postgres_backup_path }}/{{ item }}"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
with_items:
|
with_items:
|
||||||
- "env-postgres-backup"
|
- "env-postgres-backup"
|
||||||
|
|
|
@ -76,6 +76,8 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/{{ item }}.j2"
|
src: "{{ role_path }}/templates/{{ item }}.j2"
|
||||||
dest: "{{ matrix_postgres_base_path }}/{{ item }}"
|
dest: "{{ matrix_postgres_base_path }}/{{ item }}"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
with_items:
|
with_items:
|
||||||
- "env-postgres-psql"
|
- "env-postgres-psql"
|
||||||
|
|
|
@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
|
||||||
|
|
||||||
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
|
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
|
||||||
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_synapse_version: v1.55.0
|
matrix_synapse_version: v1.55.2
|
||||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
|
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -525,7 +525,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve
|
||||||
# See: https://github.com/matrix-org/mjolnir#synapse-module
|
# See: https://github.com/matrix-org/mjolnir#synapse-module
|
||||||
matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false
|
matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false
|
||||||
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir"
|
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir"
|
||||||
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "70f353fbbad0af469b1001080dea194d512b2815"
|
matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58"
|
||||||
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true
|
matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true
|
||||||
# Flag messages sent by servers/users in the ban lists as spam. Currently
|
# Flag messages sent by servers/users in the ban lists as spam. Currently
|
||||||
# this means that spammy messages will appear as empty to users. Default
|
# this means that spammy messages will appear as empty to users. Default
|
||||||
|
@ -620,10 +620,11 @@ matrix_synapse_redaction_retention_period: 7d
|
||||||
matrix_synapse_user_ips_max_age: 28d
|
matrix_synapse_user_ips_max_age: 28d
|
||||||
|
|
||||||
|
|
||||||
matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-compress-state:v0.1.0"
|
matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest"
|
||||||
matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"
|
matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state"
|
matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state"
|
||||||
|
matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state"
|
||||||
|
|
||||||
|
|
||||||
# Default Synapse configuration template which covers the generic use case.
|
# Default Synapse configuration template which covers the generic use case.
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
--mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work
|
--mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work
|
||||||
{{ matrix_synapse_rust_synapse_compress_state_docker_image }}
|
{{ matrix_synapse_rust_synapse_compress_state_docker_image }}
|
||||||
/synapse-compress-state -t -o /work/state-compressor.sql
|
{{ matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path }} -t -o /work/state-compressor.sql
|
||||||
-p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}"
|
-p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}"
|
||||||
-r '{{ room_details.room_id }}'
|
-r '{{ room_details.room_id }}'
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
- matrix-postgres
|
- matrix-postgres
|
||||||
- matrix-redis
|
- matrix-redis
|
||||||
- matrix-corporal
|
- matrix-corporal
|
||||||
|
- matrix-backup-borg
|
||||||
- matrix-bridge-appservice-discord
|
- matrix-bridge-appservice-discord
|
||||||
- matrix-bridge-appservice-slack
|
- matrix-bridge-appservice-slack
|
||||||
- matrix-bridge-appservice-webhooks
|
- matrix-bridge-appservice-webhooks
|
||||||
|
|
Loading…
Reference in a new issue