Merge branch 'master' into pub.solar

CHANGELOG.md

@@ -1,3 +1,22 @@
+# 2020-10-02
+
+## Minimum Ansible version raised to v2.7.0
+
+We were claiming to support [Ansible](https://www.ansible.com/) v2.5.2 and higher, but issues like [#662](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/662) demonstrate that we need at least v2.7.0.
+
+If you've been using the playbook without getting any errors until now, you're probably on a version higher than that already (or you're not using the `matrix-ma1sd` and `matrix-client-element` roles).
+
+Our [Ansible docs page](docs/ansible.md) contains information on how to run a more up-to-date version of Ansible.
+
+
+# 2020-10-01
+
+## Postgres 13 support
+
+The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default.
+
+If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql).
+
 # 2020-09-01
 
 ## matrix-registration support

docs/ansible.md

@@ -9,7 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv
 
 ## Supported Ansible versions
 
-Ansible 2.5.2 or newer is required.
+Ansible 2.7.0 or newer is required.
 
 
 ## Checking your Ansible version
@@ -49,7 +49,7 @@ docker run -it --rm \
 -v `pwd`:/work \
 -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
 --entrypoint=/bin/sh \
-devture/ansible:2.9.9-r0
+devture/ansible:2.9.13-r0
 ```
 
 The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

docs/maintenance-postgres.md

@@ -45,7 +45,7 @@ docker run \
 --log-driver=none \
 --network=matrix \
 --env-file=/matrix/postgres/env-postgres-psql \
-postgres:12.4-alpine \
+postgres:13.0-alpine \
 pg_dumpall -h matrix-postgres \
 | gzip -c \
 > /postgres.sql.gz

group_vars/matrix_servers

@@ -18,8 +18,6 @@
 
 matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
 
-matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
-
 ######################################################################
 #
 # /matrix-base
@@ -1024,6 +1022,8 @@ matrix_synapse_admin_enabled: false
 # Synapse Admin's HTTP port to the local host.
 matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
 
+matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}"
+
 ######################################################################
 #
 # /matrix-synapse-admin

roles/matrix-base/defaults/main.yml

@@ -59,13 +59,13 @@ matrix_integration_manager_ui_url: ~
 
 # The domain name where a Jitsi server is self-hosted.
 # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
-# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
-matrix_riot_jitsi_preferredDomain: ''
+# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
+matrix_client_element_jitsi_preferredDomain: ''
 
 # Controls whether Element should use End-to-End Encryption by default.
 # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
-# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
-matrix_riot_e2ee_default: true
+# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
+matrix_client_element_e2ee_default: true
 
 # The Docker network that all services would be put into
 matrix_docker_network: "matrix"

roles/matrix-base/tasks/sanity_check.yml

@@ -1,19 +1,10 @@
 ---
 
-- set_fact:
-    matrix_ansible_outdated_fail_msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-
-- name: Fail if running on Ansible < 2.5
+# We generally support Ansible 2.7.0 and above.
+- name: Fail if running on Ansible < 2.7
   fail:
-    msg: "{{ matrix_ansible_outdated_fail_msg }}"
-  when: "ansible_version.major <= 2 and ansible_version.minor < 5"
-
-# Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`.
-# The bug has been fixed in Ansible 2.5.2.
-- name: Fail if running on Ansible 2.5.x (lower than 2.5.2)
-  fail:
-    msg: "{{ matrix_ansible_outdated_fail_msg }}"
-  when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 7)"
 
 - name: (Deprecation) Catch and report renamed settings
   fail:

roles/matrix-base/tasks/setup_matrix_user.yml

@@ -17,6 +17,9 @@
     uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
     state: present
     group: "{{ matrix_user_groupname }}"
+    home: "{{ matrix_base_data_path }}"
+    create_home: no
+    system: yes
   register: matrix_user
 
 - name: Set Matrix Group UID Variable

roles/matrix-base/templates/static-files/well-known/matrix-client.j2

@@ -18,12 +18,18 @@
 		]
 	}
 	{% endif %}
-	{% if matrix_riot_jitsi_preferredDomain %},
+	{% if matrix_client_element_jitsi_preferredDomain %},
+	"io.element.jitsi": {
+		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
+	},
 	"im.vector.riot.jitsi": {
-		"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
+		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
 	}
 	{% endif %}
-	{% if not matrix_riot_e2ee_default %},
+	{% if not matrix_client_element_e2ee_default %},
+	"io.element.e2ee": {
+		"default": false
+	},
 	"im.vector.riot.e2ee": {
 		"default": false
 	}

roles/matrix-client-element/defaults/main.yml

@@ -2,7 +2,7 @@ matrix_client_element_enabled: true
 
 matrix_client_element_container_image_self_build: false
 
-matrix_client_element_docker_image: "vectorim/riot-web:v1.7.7"
+matrix_client_element_docker_image: "vectorim/riot-web:v1.7.8"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
 
 matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
@@ -30,9 +30,11 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
 matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
 matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
 matrix_client_element_permalinkPrefix: "https://matrix.to"
+matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit"
+matrix_client_element_showLabsSettings: true
 # Element public room directory server(s)
 matrix_client_element_roomdir_servers: ['matrix.org']
-matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
+matrix_client_element_welcome_user_id: ~
 # Branding of Element
 matrix_client_element_brand: "Element"
 

roles/matrix-client-element/templates/config.json.j2

@@ -20,8 +20,8 @@
 	"integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }},
 	"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
 	"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }},
-	"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
-	"enableLabs": true,
+	"bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }},
+	"showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }},
 	"roomDirectory": {
 		"servers": {{ matrix_client_element_roomdir_servers|to_json }}
 	},

roles/matrix-client-element/templates/welcome.html.j2

@@ -97,19 +97,10 @@ h1::after {
     color: #2e2f32 !important;
 }
 
-.mx_ButtonHeadline {
-    margin-bottom: 14px;
-}
-
 .mx_ButtonLabel {
     margin-left: 20px;
 }
 
-.mx_ButtonWrapperText {
-    font-size: 13px;
-    margin-bottom: 10px;
-}
-
 .mx_Header_title {
     font-size: 24px;
     font-weight: 600;
@@ -128,7 +119,7 @@ h1::after {
 }
 
 .mx_ButtonCreateAccount {
-    background-color: #03B381;
+    background-color: #0DBD8B;
     color: white !important;
 }
 
@@ -150,6 +141,32 @@ h1::after {
     background-image: url('welcome/images/icon-room-directory.svg');
 }
 
+/*
+.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component
+If it is set on the page, we should show the buttons. Otherwise, we have to assume
+we don't have an account and should hide them. No account == no guest account either.
+ */
+.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions {
+    display: none;
+}
+
+.mx_ButtonRow.mx_WelcomePage_guestFunctions {
+    margin-top: 20px;
+}
+.mx_ButtonRow.mx_WelcomePage_guestFunctions > div {
+    margin: 0 auto;
+}
+
+@media only screen and (max-width: 480px) {
+    .mx_ButtonRow {
+        flex-direction: column;
+    }
+
+    .mx_ButtonRow > * {
+        margin: 0 0 10px 0;
+    }
+}
+
 </style>
 
 <div class="mx_Parent">
@@ -175,17 +192,10 @@ h1::after {
              See https://github.com/vector-im/riot-web/issues/8622.
              TODO: Convert to config option if possible. -->
         <!-- BEGIN Ansible: Remove these lines when guest access is disabled -->
-        <div class="mx_ButtonRow">
+        <div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
             <div>
-                <div class="mx_ButtonWrapperText">_t("Need help?")</div>
-                <a href="#/user/@riot-bot:matrix.org?action=chat" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconHelp">
-                    <div class="mx_ButtonLabel">_t("Chat with Riot Bot")</div>
-                </a>
-            </div>
-            <div>
-                <div class="mx_ButtonWrapperText">_t("Explore rooms")</div>
                 <a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
-                    <div class="mx_ButtonLabel">_t("Room Directory")</div>
+                    <div class="mx_ButtonLabel">_t("Explore rooms")</div>
                 </a>
             </div>
         </div>

roles/matrix-corporal/defaults/main.yml

@@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
 
-matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0"
+matrix_corporal_docker_image: "devture/matrix-corporal:1.11.0"
 matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
 
 matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"

roles/matrix-postgres/defaults/main.yml

@@ -12,7 +12,8 @@ matrix_postgres_docker_image_v9: "postgres:9.6.19-alpine"
 matrix_postgres_docker_image_v10: "postgres:10.14-alpine"
 matrix_postgres_docker_image_v11: "postgres:11.9-alpine"
 matrix_postgres_docker_image_v12: "postgres:12.4-alpine"
-matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
+matrix_postgres_docker_image_v13: "postgres:13.0-alpine"
+matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
 
 # This variable is assigned at runtime. Overriding its value has no effect.
 matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'

roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml

@@ -49,3 +49,8 @@
   set_fact:
     matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}"
   when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')"
+
+- name: Determine corresponding Docker image to detected version (use 12.x, if detected)
+  set_fact:
+    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}"
+  when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')"

roles/matrix-synapse-admin/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_synapse_admin_container_self_build: false
 matrix_synapse_admin_docker_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
 matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
 
-matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.4.1"
+matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.5.0"
 matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
 
 # A list of extra arguments to pass to the container

roles/matrix-synapse/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_synapse_enabled: true
 
 matrix_synapse_container_image_self_build: false
 
-matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.3"
+matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.1"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -366,11 +366,10 @@ retention:
   #  min_lifetime: 1d
   #  max_lifetime: 1y
 
-  # Retention policy limits. If set, a user won't be able to send a
-  # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
-  # that's not within this range. This is especially useful in closed federations,
-  # in which server admins can make sure every federating server applies the same
-  # rules.
+  # Retention policy limits. If set, and the state of a room contains a
+  # 'm.room.retention' event in its state which contains a 'min_lifetime' or a
+  # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy
+  # to these limits when running purge jobs.
   #
   #allowed_lifetime_min: 1d
   #allowed_lifetime_max: 1y
@@ -390,18 +389,19 @@ retention:
   # 'longest_max_lifetime' of '3d' will handle every room with a retention policy
   # which 'max_lifetime' is lower than or equal to three days.
   #
-  # The rationale for this per-job configuration is that some rooms might have a
-  # retention policy with a low 'max_lifetime', where history needs to be purged
-  # of outdated messages on a more frequent basis than for the rest of the rooms
-  # (e.g. every 12h), but not want that purge to be performed by a job that's
-  # iterating over every room it knows, which could be heavy on the server.
+  # If any purge job is configured, it is strongly recommended to have at least
+  # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime'
+  # set, or one job without 'shortest_max_lifetime' and one job without
+  # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if
+  # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a
+  # room's policy to these values is done after the policies are retrieved from
+  # Synapse's database (which is done using the range specified in a purge job's
+  # configuration).
   #
   #purge_jobs:
-  #  - shortest_max_lifetime: 1d
-  #    longest_max_lifetime: 3d
+  #  - longest_max_lifetime: 3d
   #    interval: 12h
   #  - shortest_max_lifetime: 3d
-  #    longest_max_lifetime: 1y
   #    interval: 1d
 
 # Inhibits the /requestToken endpoints from returning an error that might leak
@@ -1923,9 +1923,7 @@ email:
   # Directory in which Synapse will try to find the template files below.
   # If not set, default templates from within the Synapse package will be used.
   #
-  # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
-  # If you *do* uncomment it, you will need to make sure that all the templates
-  # below are in the directory.
+  # Do not uncomment this setting unless you want to customise the templates.
   #
   # Synapse will look for the following templates in this directory:
   #