From 7578a355c4930fa27c1b39056c00c837df75a89c Mon Sep 17 00:00:00 2001 From: Michael Sasser Date: Tue, 29 Jun 2021 12:15:03 +0200 Subject: [PATCH 01/15] heisenbridge fix service name --- roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index d5526f8a..853faf7a 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -7,7 +7,7 @@ - name: Ensure matrix-heisenbridge is stopped service: - name: heisenbridge + name: matrix-heisenbridge state: stopped daemon_reload: yes when: "matrix_heisenbridge_service_stat.stat.exists" From eb5619fd4b72a280566b502e6f1d33f42f9ba4ec Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Tue, 29 Jun 2021 12:45:21 +0200 Subject: [PATCH 02/15] Update IRC bridge --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index ca8797b4..c351bafa 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-0.26.1 +matrix_appservice_irc_version: release-0.27.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 3da4b684a5a6b1e421ca316db6caf909ba614a38 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Jun 2021 13:49:00 +0300 Subject: [PATCH 03/15] Upgrade Synapse (1.36.0 -> 1.37.0) --- roles/matrix-synapse/defaults/main.yml | 4 +- .../templates/synapse/homeserver.yaml.j2 | 119 ++++++------------ 2 files changed, 40 insertions(+), 83 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index cb5f9a3a..8251481f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.36.0 -matrix_synapse_version_arm64: v1.36.0 +matrix_synapse_version: v1.37.0 +matrix_synapse_version_arm64: v1.37.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d92efdba..f3d0734b 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -7,6 +7,22 @@ # # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html + +## Modules ## + +# Server admins can expand Synapse's functionality with external modules. +# +# See https://matrix-org.github.io/synapse/develop/modules.html for more +# documentation on how to configure or create custom modules for Synapse. +# +modules: + # - module: my_super_module.MySuperClass + # config: + # do_thing: true + # - module: my_other_super_module.SomeClass + # config: {} + + ## Server ## # The public-facing domain of the server @@ -574,13 +590,9 @@ retention: # This certificate, as of Synapse 1.0, will need to be a valid and verifiable # certificate, signed by a recognised Certificate Authority. # -# See 'ACME support' below to enable auto-provisioning this certificate via -# Let's Encrypt. -# -# If supplying your own, be sure to use a `.pem` file that includes the -# full certificate chain including any intermediate certificates (for -# instance, if using certbot, use `fullchain.pem` as your certificate, -# not `cert.pem`). +# Be sure to use a `.pem` file that includes the full certificate chain including +# any intermediate certificates (for instance, if using certbot, use +# `fullchain.pem` as your certificate, not `cert.pem`). # tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }} @@ -631,80 +643,6 @@ tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }} # - myCA2.pem # - myCA3.pem -# ACME support: This will configure Synapse to request a valid TLS certificate -# for your configured `server_name` via Let's Encrypt. -# -# Note that ACME v1 is now deprecated, and Synapse currently doesn't support -# ACME v2. This means that this feature currently won't work with installs set -# up after November 2019. For more info, and alternative solutions, see -# https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#deprecation-of-acme-v1 -# -# Note that provisioning a certificate in this way requires port 80 to be -# routed to Synapse so that it can complete the http-01 ACME challenge. -# By default, if you enable ACME support, Synapse will attempt to listen on -# port 80 for incoming http-01 challenges - however, this will likely fail -# with 'Permission denied' or a similar error. -# -# There are a couple of potential solutions to this: -# -# * If you already have an Apache, Nginx, or similar listening on port 80, -# you can configure Synapse to use an alternate port, and have your web -# server forward the requests. For example, assuming you set 'port: 8009' -# below, on Apache, you would write: -# -# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge -# -# * Alternatively, you can use something like `authbind` to give Synapse -# permission to listen on port 80. -# -acme: - # ACME support is disabled by default. Uncomment the following line - # (and tls_certificate_path and tls_private_key_path above) to enable it. - # - #enabled: true - - # Endpoint to use to request certificates. If you only want to test, - # use Let's Encrypt's staging url: - # https://acme-staging.api.letsencrypt.org/directory - # - #url: https://acme-v01.api.letsencrypt.org/directory - - # Port number to listen on for the HTTP-01 challenge. Change this if - # you are forwarding connections through Apache/Nginx/etc. - # - #port: 80 - - # Local addresses to listen on for incoming connections. - # Again, you may want to change this if you are forwarding connections - # through Apache/Nginx/etc. - # - #bind_addresses: ['::', '0.0.0.0'] - - # How many days remaining on a certificate before it is renewed. - # - #reprovision_threshold: 30 - - # The domain that the certificate should be for. Normally this - # should be the same as your Matrix domain (i.e., 'server_name'), but, - # by putting a file at 'https:///.well-known/matrix/server', - # you can delegate incoming traffic to another server. If you do that, - # you should give the target of the delegation here. - # - # For example: if your 'server_name' is 'example.com', but - # 'https://example.com/.well-known/matrix/server' delegates to - # 'matrix.example.com', you should put 'matrix.example.com' here. - # - # If not set, defaults to your 'server_name'. - # - #domain: matrix.example.com - - # file to use for the account key. This will be generated if it doesn't - # exist. - # - # If unspecified, we will use CONFDIR/client.key. - # - #account_key_file: /data/acme_account.key - ## Federation ## @@ -957,6 +895,10 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # The largest allowed upload size in bytes # +# If you are using a reverse proxy you may also need to set this value in +# your reverse proxy's config. Notably Nginx has a small max body size by default. +# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html. +# max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" # Maximum number of pixels that will be thumbnailed @@ -2045,6 +1987,17 @@ sso: # - https://riot.im/develop # - https://my.custom.client/ + # Uncomment to keep a user's profile fields in sync with information from + # the identity provider. Currently only syncing the displayname is + # supported. Fields are checked on every SSO login, and are updated + # if necessary. + # + # Note that enabling this option will override user profile information, + # regardless of whether users have opted-out of syncing that + # information when first signing in. Defaults to false. + # + #update_profile_information: true + # Directory in which Synapse will try to find the template files below. # If not set, or the files named below are not found within the template # directory, default templates from within the Synapse package will be used. @@ -2326,6 +2279,10 @@ ui_auth: # the user-interactive authentication process, by allowing for multiple # (and potentially different) operations to use the same validation session. # + # This is ignored for potentially "dangerous" operations (including + # deactivating an account, modifying an account password, and + # adding a 3PID). + # # Uncomment below to allow for credential validation to last for 15 # seconds. # From d338090f0036f027ebf28152456909e8fa2b6725 Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Wed, 30 Jun 2021 10:00:52 +0530 Subject: [PATCH 04/15] postgres minor updates --- roles/matrix-postgres/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 72e42021..9c1cac9a 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -17,11 +17,11 @@ matrix_postgres_architecture: amd64 # > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" -matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.21{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.16{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.11{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.6{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.2{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.22{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.17{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.12{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.7{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.3{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}" # This variable is assigned at runtime. Overriding its value has no effect. From c9d73c6606200db3c5892c5a99ea06d7872399fa Mon Sep 17 00:00:00 2001 From: Davy Landman Date: Wed, 30 Jun 2021 16:15:00 +0200 Subject: [PATCH 05/15] Updating to latest synapse release (performance regression) https://github.com/matrix-org/synapse/releases/tag/v1.37.1 --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 8251481f..d021bc5b 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.37.0 -matrix_synapse_version_arm64: v1.37.0 +matrix_synapse_version: v1.37.1 +matrix_synapse_version_arm64: v1.37.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 6294e583043cf5596c43edc408f321eb8099644f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 1 Jul 2021 12:41:05 +0300 Subject: [PATCH 06/15] Fix Content-Security-Policy for Element Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154 According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy, having both a header and the ``-tag provided by Element itself is not a problem. The 2 CSP policies get combined. --- .../templates/nginx/conf.d/matrix-client-element.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 index 17e8f131..2f4f4aa1 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 @@ -12,7 +12,7 @@ add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; add_header X-Frame-Options SAMEORIGIN; - add_header Content-Security-Policy "frame-ancestors 'none'"; + add_header Content-Security-Policy "frame-ancestors 'self'"; {% if matrix_nginx_proxy_floc_optout_enabled %} add_header Permissions-Policy interest-cohort=() always; From a7d51d493afb6c521451f33a8151716355eabacb Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Thu, 1 Jul 2021 22:16:01 +0200 Subject: [PATCH 07/15] Correct broken documentation link Recently, documentation on Synapse has been changed from .rst to .md. Therefore, the current links for the purge history API were resulting in a 404 error. --- docs/maintenance-synapse.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index 62bb8b16..9727f450 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -14,7 +14,7 @@ Table of contents: ## Purging old data with the Purge History API -You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**. +You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**. To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element). Alternatively, you can log in and obtain a new access token like this: @@ -27,7 +27,7 @@ https://matrix.DOMAIN/_matrix/client/r0/login Synapse's Admin API is not exposed to the internet by default. To expose it you will need to add `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` to your `vars.yml` file. -Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.rst) documentation page for the actual purging instructions. +Follow the [Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md) documentation page for the actual purging instructions. After deleting data, you may wish to run a [`FULL` Postgres `VACUUM`](./maintenance-postgres.md#vacuuming-postgresql). From 19ed8d1d1706a052406e863b96b949922e6377c8 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Jul 2021 00:10:59 -0500 Subject: [PATCH 08/15] Upgrade mjolnir (0.1.17 -> 0.1.18) and implement self building --- docs/self-building.md | 1 + group_vars/matrix_servers | 2 ++ roles/matrix-bot-mjolnir/defaults/main.yml | 11 +++++++-- roles/matrix-bot-mjolnir/tasks/init.yml | 7 ++++++ .../tasks/setup_install.yml | 24 ++++++++++++++++++- 5 files changed, 42 insertions(+), 3 deletions(-) diff --git a/docs/self-building.md b/docs/self-building.md index 303344ac..50fef2a3 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -26,6 +26,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bridge-mautrix-hangouts` - `matrix-bridge-mautrix-telegram` - `matrix-bridge-mx-puppet-skype` +- `matrix-bot-mjolnir` Adding self-building support to other roles is welcome. Feel free to contribute! diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 96b933f3..9883abf0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -851,6 +851,8 @@ matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en # We don't enable bots by default. matrix_bot_mjolnir_enabled: false +matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + matrix_bot_mjolnir_systemd_required_services_list: | {{ ['docker.service'] diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index f97e997c..6138e922 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -2,13 +2,20 @@ # See: https://github.com/matrix-org/mjolnir matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v0.1.17" -matrix_bot_mjolnir_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}" + +matrix_bot_mjolnir_version: "v0.1.18" + +matrix_bot_mjolnir_container_image_self_build: false +matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" + +matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}" +matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}" matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir" matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config" matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data" +matrix_bot_mjolnir_docker_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src" # A list of extra arguments to pass to the container matrix_bot_mjolnir_container_extra_arguments: [] diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/matrix-bot-mjolnir/tasks/init.yml index d54684d2..b8ab58f1 100644 --- a/roles/matrix-bot-mjolnir/tasks/init.yml +++ b/roles/matrix-bot-mjolnir/tasks/init.yml @@ -1,3 +1,10 @@ +# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 +# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 +- name: Fail if trying to self-build on Ansible < 2.8 + fail: + msg: "To self-build the Mjolnir image, you should use Ansible 2.8 or higher. See docs/ansible.md" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_bot_mjolnir_container_image_self_build and matrix_bot_mjolnir_enabled" + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}" when: matrix_bot_mjolnir_enabled|bool diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index 4c18bf6a..e770b6d5 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -14,14 +14,36 @@ - { path: "{{ matrix_bot_mjolnir_base_path }}", when: true } - { path: "{{ matrix_bot_mjolnir_config_path }}", when: true } - { path: "{{ matrix_bot_mjolnir_data_path }}", when: true } + - { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" } when: "item.when|bool" -- name: Ensure mjolnir image is pulled +- name: Ensure mjolnir Docker image is pulled docker_image: name: "{{ matrix_bot_mjolnir_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" + when: "not matrix_bot_mjolnir_container_image_self_build|bool" + +- name: Ensure mjolnir repository is present on self-build + git: + repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}" + dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}" + version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}" + force: "yes" + register: matrix_bot_mjolnir_git_pull_results + when: "matrix_bot_mjolnir_container_image_self_build|bool" + +- name: Ensure mjolnir Docker image is built + docker_image: + name: "{{ matrix_bot_mjolnir_docker_image }}" + source: build + force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_mjolnir_docker_src_files_path }}" + pull: yes + when: "matrix_bot_mjolnir_container_image_self_build|bool" - name: Ensure matrix-bot-mjolnir config installed copy: From fc16fbda5bbccf8d2ba64eaf05dbe86c85d3eee0 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Jul 2021 00:14:37 -0500 Subject: [PATCH 09/15] Remove a bunch of redundant Ansible <2.8 self building checks --- roles/matrix-bridge-mautrix-facebook/tasks/init.yml | 7 ------- roles/matrix-bridge-mautrix-hangouts/tasks/init.yml | 7 ------- roles/matrix-bridge-mautrix-instagram/tasks/init.yml | 7 ------- roles/matrix-bridge-mx-puppet-discord/tasks/init.yml | 7 ------- roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml | 7 ------- roles/matrix-bridge-mx-puppet-skype/tasks/init.yml | 7 ------- roles/matrix-bridge-mx-puppet-slack/tasks/init.yml | 7 ------- roles/matrix-bridge-mx-puppet-steam/tasks/init.yml | 7 ------- roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml | 7 ------- 9 files changed, 63 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index fdfdfdae..cf67f227 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -21,10 +21,3 @@ + {{ ["/matrix-mautrix-facebook-registration.yaml"] }} when: matrix_mautrix_facebook_enabled|bool - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Mautrix Facebook image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_facebook_container_image_self_build" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 63a04618..6cc194fe 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -67,10 +67,3 @@ URL endpoint to the matrix-mautrix-hangouts container. You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. when: "matrix_mautrix_hangouts_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)" - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Mautrix Hangouts image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_hangouts_container_image_self_build" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml index c0b7da32..c44855d8 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/init.yml @@ -21,10 +21,3 @@ + {{ ["/matrix-mautrix-instagram-registration.yaml"] }} when: matrix_mautrix_instagram_enabled|bool - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Mautrix instagram image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml index 33d35e60..6fa43037 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/init.yml @@ -21,10 +21,3 @@ + {{ ["/matrix-mx-puppet-discord-registration.yaml"] }} when: matrix_mx_puppet_discord_enabled|bool - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml index 4cd3c6b3..b4469ea1 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml @@ -21,10 +21,3 @@ + {{ ["/matrix-mx-puppet-groupme-registration.yaml"] }} when: matrix_mx_puppet_groupme_enabled|bool - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml index e8ed1a3a..5618821b 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/init.yml @@ -21,10 +21,3 @@ + {{ ["/matrix-mx-puppet-skype-registration.yaml"] }} when: matrix_mx_puppet_skype_enabled|bool - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Puppet Skype image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_skype_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 716cb351..f484c687 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -68,10 +68,3 @@ URL endpoint to the matrix-mx-puppet-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml index 38d0f9a2..c3218e89 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/init.yml @@ -21,10 +21,3 @@ + {{ ["/matrix-mx-puppet-steam-registration.yaml"] }} when: matrix_mx_puppet_steam_enabled|bool - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index f23a6a64..06cf83fa 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -68,10 +68,3 @@ URL endpoint to the matrix-mx-puppet-twitter container. You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined" - -# ansible lower than 2.8, does not support docker_image build parameters -# for self building it is explicitly needed, so we rather fail here -- name: Fail if running on Ansible lower than 2.8 and trying self building - fail: - msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." - when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build" From 55452c3068b7349bcb3af1899125cac7e9854af7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jul 2021 08:28:44 +0300 Subject: [PATCH 10/15] Update Mjolnir (v0.1.17 -> v0.1.18) --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index f97e997c..5c22cef8 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -2,7 +2,7 @@ # See: https://github.com/matrix-org/mjolnir matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v0.1.17" +matrix_bot_mjolnir_version: "v0.1.18" matrix_bot_mjolnir_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}" matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}" From 7acaef89dfcd3c93ba2bea30dd7051f22fcaa9eb Mon Sep 17 00:00:00 2001 From: Michael-GMH Date: Fri, 2 Jul 2021 14:11:09 +0800 Subject: [PATCH 11/15] GoMatrixHosting v0.5.1 --- roles/matrix-awx/tasks/set_variables_synapse.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index 6459f5a2..e2b2da13 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -1,13 +1,13 @@ -- name: Limit max upload size to 100MB part 1 +- name: Limit max upload size to 200MB part 1 set_fact: - matrix_synapse_max_upload_size_mb: "100" - when: matrix_synapse_max_upload_size_mb_raw|int >= 100 + matrix_synapse_max_upload_size_mb: "200" + when: matrix_synapse_max_upload_size_mb_raw|int >= 200 -- name: Limit max upload size to 100MB part 2 +- name: Limit max upload size to 200MB part 2 set_fact: matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}" - when: matrix_synapse_max_upload_size_mb_raw|int < 100 + when: matrix_synapse_max_upload_size_mb_raw|int < 200 - name: Record Synapse variables locally on AWX delegate_to: 127.0.0.1 From 8b146f083ef3bf78c0bf0cc27658631d96ea30dd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jul 2021 17:00:10 +0300 Subject: [PATCH 12/15] Disable turns when Let's Encrypt is used Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145 --- group_vars/matrix_servers | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 9883abf0..c9928607 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1474,7 +1474,7 @@ matrix_postgres_additional_databases: | 'username': matrix_prometheus_postgres_exporter_database_username, 'password': matrix_prometheus_postgres_exporter_database_password, }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == 'matrix-postgres') else []) - + }} matrix_postgres_import_roles_to_ignore: | @@ -1671,16 +1671,23 @@ matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>" # Even if TURN doesn't support TLS (it does by default), # it doesn't hurt to try a secure connection anyway. +# +# When Let's Encrypt certificates are used (the default case), +# we don't enable `turns` endpoints, because WebRTC in Element can't talk to them. +# Learn more here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145 matrix_synapse_turn_uris: | {{ + [] + + [ 'turns:' + matrix_server_fqn_matrix + '?transport=udp', 'turns:' + matrix_server_fqn_matrix + '?transport=tcp', + ] if matrix_coturn_enabled and matrix_ssl_retrieval_method != 'lets-encrypt' else [] + + + [ 'turn:' + matrix_server_fqn_matrix + '?transport=udp', 'turn:' + matrix_server_fqn_matrix + '?transport=tcp', - ] - if matrix_coturn_enabled - else [] + ] if matrix_coturn_enabled else [] }} matrix_synapse_turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret if matrix_coturn_enabled else '' }}" From 37773347782b0365c03899c248587bb98f93bd8f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jul 2021 17:05:08 +0300 Subject: [PATCH 13/15] Do not try to use TURNS when TLS disabled for Coturn Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145 --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c9928607..2fc2b825 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1682,7 +1682,7 @@ matrix_synapse_turn_uris: | [ 'turns:' + matrix_server_fqn_matrix + '?transport=udp', 'turns:' + matrix_server_fqn_matrix + '?transport=tcp', - ] if matrix_coturn_enabled and matrix_ssl_retrieval_method != 'lets-encrypt' else [] + ] if matrix_coturn_enabled and matrix_coturn_tls_enabled and matrix_ssl_retrieval_method != 'lets-encrypt' else [] + [ 'turn:' + matrix_server_fqn_matrix + '?transport=udp', From 1ad9bba88fcd8b45616dc67493f54bba8e62b242 Mon Sep 17 00:00:00 2001 From: Neutron Date: Fri, 2 Jul 2021 20:58:57 +0300 Subject: [PATCH 14/15] Skip importing validate_config task when Synapse is disabled --- roles/matrix-synapse/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index e366a13f..8bf1c563 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -3,7 +3,7 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup|bool + when: run_setup|bool and matrix_synapse_enabled|bool tags: - setup-all - setup-synapse From b6d71b9da1f4adb21386f62d6029e79cfdf9826b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 3 Jul 2021 10:06:09 +0300 Subject: [PATCH 15/15] Fix self-building for Coturn Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1158 --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index e785877f..45565686 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -2,7 +2,7 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn" -matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r2" +matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" matrix_coturn_version: 4.5.2-r2