diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e1002b9..247e4e14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +# 2020-10-02 + +## Minimum Ansible version raised to v2.7.0 + +We were claiming to support [Ansible](https://www.ansible.com/) v2.5.2 and higher, but issues like [#662](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/662) demonstrate that we need at least v2.7.0. + +If you've been using the playbook without getting any errors until now, you're probably on a version higher than that already (or you're not using the `matrix-ma1sd` and `matrix-client-element` roles). + +Our [Ansible docs page](docs/ansible.md) contains information on how to run a more up-to-date version of Ansible. + + +# 2020-10-01 + +## Postgres 13 support + +The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default. + +If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql). + # 2020-09-01 ## matrix-registration support diff --git a/docs/ansible.md b/docs/ansible.md index 1ba430f4..1ac08b5f 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -9,7 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv ## Supported Ansible versions -Ansible 2.5.2 or newer is required. +Ansible 2.7.0 or newer is required. ## Checking your Ansible version @@ -49,7 +49,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -devture/ansible:2.9.9-r0 +devture/ansible:2.9.13-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index d385bc9c..14d5cdb9 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -45,7 +45,7 @@ docker run \ --log-driver=none \ --network=matrix \ --env-file=/matrix/postgres/env-postgres-psql \ -postgres:12.4-alpine \ +postgres:13.0-alpine \ pg_dumpall -h matrix-postgres \ | gzip -c \ > /postgres.sql.gz diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b82dbf23..00cdbdfb 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -18,8 +18,6 @@ matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" -matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}" - ###################################################################### # # /matrix-base @@ -1024,6 +1022,8 @@ matrix_synapse_admin_enabled: false # Synapse Admin's HTTP port to the local host. matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}" +matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}" + ###################################################################### # # /matrix-synapse-admin diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index c70781b3..3fbbd76e 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -59,13 +59,13 @@ matrix_integration_manager_ui_url: ~ # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. -# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server -matrix_riot_jitsi_preferredDomain: '' +# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server +matrix_client_element_jitsi_preferredDomain: '' # Controls whether Element should use End-to-End Encryption by default. # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. -# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md -matrix_riot_e2ee_default: true +# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md +matrix_client_element_e2ee_default: true # The Docker network that all services would be put into matrix_docker_network: "matrix" diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 2afb68e1..e504bfe9 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -1,19 +1,10 @@ --- -- set_fact: - matrix_ansible_outdated_fail_msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" - -- name: Fail if running on Ansible < 2.5 +# We generally support Ansible 2.7.0 and above. +- name: Fail if running on Ansible < 2.7 fail: - msg: "{{ matrix_ansible_outdated_fail_msg }}" - when: "ansible_version.major <= 2 and ansible_version.minor < 5" - -# Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`. -# The bug has been fixed in Ansible 2.5.2. -- name: Fail if running on Ansible 2.5.x (lower than 2.5.2) - fail: - msg: "{{ matrix_ansible_outdated_fail_msg }}" - when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2" + msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" + when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 7)" - name: (Deprecation) Catch and report renamed settings fail: diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index 295643e9..ab5e8111 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -17,6 +17,9 @@ uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}" state: present group: "{{ matrix_user_groupname }}" + home: "{{ matrix_base_data_path }}" + create_home: no + system: yes register: matrix_user - name: Set Matrix Group UID Variable diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index a4c1c439..6dc5ff23 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -18,12 +18,18 @@ ] } {% endif %} - {% if matrix_riot_jitsi_preferredDomain %}, + {% if matrix_client_element_jitsi_preferredDomain %}, + "io.element.jitsi": { + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + }, "im.vector.riot.jitsi": { - "preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} - {% if not matrix_riot_e2ee_default %}, + {% if not matrix_client_element_e2ee_default %}, + "io.element.e2ee": { + "default": false + }, "im.vector.riot.e2ee": { "default": false } diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 0aaa8a52..5219bcc3 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -2,7 +2,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_docker_image: "vectorim/riot-web:v1.7.7" +matrix_client_element_docker_image: "vectorim/riot-web:v1.7.8" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element" @@ -30,9 +30,11 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" matrix_client_element_permalinkPrefix: "https://matrix.to" +matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" +matrix_client_element_showLabsSettings: true # Element public room directory server(s) matrix_client_element_roomdir_servers: ['matrix.org'] -matrix_client_element_welcome_user_id: "@riot-bot:matrix.org" +matrix_client_element_welcome_user_id: ~ # Branding of Element matrix_client_element_brand: "Element" diff --git a/roles/matrix-client-element/templates/config.json.j2 b/roles/matrix-client-element/templates/config.json.j2 index bb8d6571..e87907e4 100644 --- a/roles/matrix-client-element/templates/config.json.j2 +++ b/roles/matrix-client-element/templates/config.json.j2 @@ -20,8 +20,8 @@ "integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }}, "integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }}, "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }}, - "bug_report_endpoint_url": "https://riot.im/bugreports/submit", - "enableLabs": true, + "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }}, + "showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }}, "roomDirectory": { "servers": {{ matrix_client_element_roomdir_servers|to_json }} }, diff --git a/roles/matrix-client-element/templates/welcome.html.j2 b/roles/matrix-client-element/templates/welcome.html.j2 index b2918393..b45a9766 100644 --- a/roles/matrix-client-element/templates/welcome.html.j2 +++ b/roles/matrix-client-element/templates/welcome.html.j2 @@ -97,19 +97,10 @@ h1::after { color: #2e2f32 !important; } -.mx_ButtonHeadline { - margin-bottom: 14px; -} - .mx_ButtonLabel { margin-left: 20px; } -.mx_ButtonWrapperText { - font-size: 13px; - margin-bottom: 10px; -} - .mx_Header_title { font-size: 24px; font-weight: 600; @@ -128,7 +119,7 @@ h1::after { } .mx_ButtonCreateAccount { - background-color: #03B381; + background-color: #0DBD8B; color: white !important; } @@ -150,6 +141,32 @@ h1::after { background-image: url('welcome/images/icon-room-directory.svg'); } +/* +.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component +If it is set on the page, we should show the buttons. Otherwise, we have to assume +we don't have an account and should hide them. No account == no guest account either. + */ +.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions { + display: none; +} + +.mx_ButtonRow.mx_WelcomePage_guestFunctions { + margin-top: 20px; +} +.mx_ButtonRow.mx_WelcomePage_guestFunctions > div { + margin: 0 auto; +} + +@media only screen and (max-width: 480px) { + .mx_ButtonRow { + flex-direction: column; + } + + .mx_ButtonRow > * { + margin: 0 0 10px 0; + } +} +
@@ -175,17 +192,10 @@ h1::after { See https://github.com/vector-im/riot-web/issues/8622. TODO: Convert to config option if possible. --> -
+
-
_t("Need help?")
- -
_t("Chat with Riot Bot")
- -
-
-
_t("Explore rooms")
-
_t("Room Directory")
+
_t("Explore rooms")
diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index f077b465..52681a30 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0" +matrix_corporal_docker_image: "devture/matrix-corporal:1.11.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index b5c6f6a8..f4fc180e 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -12,7 +12,8 @@ matrix_postgres_docker_image_v9: "postgres:9.6.19-alpine" matrix_postgres_docker_image_v10: "postgres:10.14-alpine" matrix_postgres_docker_image_v11: "postgres:11.9-alpine" matrix_postgres_docker_image_v12: "postgres:12.4-alpine" -matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}" +matrix_postgres_docker_image_v13: "postgres:13.0-alpine" +matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}" # This variable is assigned at runtime. Overriding its value has no effect. matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}' diff --git a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml index 805d0cbd..9032c15e 100644 --- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml @@ -49,3 +49,8 @@ set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}" when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')" + +- name: Determine corresponding Docker image to detected version (use 12.x, if detected) + set_fact: + matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}" + when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')" diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index aec38703..17de0636 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -7,7 +7,7 @@ matrix_synapse_admin_container_self_build: false matrix_synapse_admin_docker_repo: "https://github.com/Awesome-Technologies/synapse-admin.git" matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.4.1" +matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.5.0" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" # A list of extra arguments to pass to the container diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 812d06e8..bd8d2be9 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.3" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.1" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d02d743e..e687a500 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -366,11 +366,10 @@ retention: # min_lifetime: 1d # max_lifetime: 1y - # Retention policy limits. If set, a user won't be able to send a - # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime' - # that's not within this range. This is especially useful in closed federations, - # in which server admins can make sure every federating server applies the same - # rules. + # Retention policy limits. If set, and the state of a room contains a + # 'm.room.retention' event in its state which contains a 'min_lifetime' or a + # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy + # to these limits when running purge jobs. # #allowed_lifetime_min: 1d #allowed_lifetime_max: 1y @@ -390,18 +389,19 @@ retention: # 'longest_max_lifetime' of '3d' will handle every room with a retention policy # which 'max_lifetime' is lower than or equal to three days. # - # The rationale for this per-job configuration is that some rooms might have a - # retention policy with a low 'max_lifetime', where history needs to be purged - # of outdated messages on a more frequent basis than for the rest of the rooms - # (e.g. every 12h), but not want that purge to be performed by a job that's - # iterating over every room it knows, which could be heavy on the server. + # If any purge job is configured, it is strongly recommended to have at least + # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime' + # set, or one job without 'shortest_max_lifetime' and one job without + # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if + # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a + # room's policy to these values is done after the policies are retrieved from + # Synapse's database (which is done using the range specified in a purge job's + # configuration). # #purge_jobs: - # - shortest_max_lifetime: 1d - # longest_max_lifetime: 3d + # - longest_max_lifetime: 3d # interval: 12h # - shortest_max_lifetime: 3d - # longest_max_lifetime: 1y # interval: 1d # Inhibits the /requestToken endpoints from returning an error that might leak @@ -1923,9 +1923,7 @@ email: # Directory in which Synapse will try to find the template files below. # If not set, default templates from within the Synapse package will be used. # - # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates. - # If you *do* uncomment it, you will need to make sure that all the templates - # below are in the directory. + # Do not uncomment this setting unless you want to customise the templates. # # Synapse will look for the following templates in this directory: #