Merge branch 'master' into pub.solar

2020-10-03 16:54:57 +02:00 · 2020-10-03 16:54:57 +02:00 · 6e4601e2cc
parent 721d982929 00f224b0d9
commit 6e4601e2cc
17 changed files with 103 additions and 68 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,22 @@
 # 2020-10-02
 ## Minimum Ansible version raised to v2.7.0
 We were claiming to support [Ansible](https://www.ansible.com/) v2.5.2 and higher, but issues like [#662](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/662) demonstrate that we need at least v2.7.0.
 If you've been using the playbook without getting any errors until now, you're probably on a version higher than that already (or you're not using the `matrix-ma1sd` and `matrix-client-element` roles).
 Our [Ansible docs page](docs/ansible.md) contains information on how to run a more up-to-date version of Ansible.
 # 2020-10-01
 ## Postgres 13 support
 The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default.
 If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql).
 # 2020-09-01
 ## matrix-registration support
--- a/docs/ansible.md
+++ b/docs/ansible.md
@ -9,7 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv
 ## Supported Ansible versions
-Ansible 2.5.2 or newer is required.
+Ansible 2.7.0 or newer is required.
 ## Checking your Ansible version
@ -49,7 +49,7 @@ docker run -it --rm \
 -v `pwd`:/work \
 -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
 --entrypoint=/bin/sh \
-devture/ansible:2.9.9-r0
+devture/ansible:2.9.13-r0
 ```
 The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
--- a/docs/maintenance-postgres.md
+++ b/docs/maintenance-postgres.md
@ -45,7 +45,7 @@ docker run \
 --log-driver=none \
 --network=matrix \
 --env-file=/matrix/postgres/env-postgres-psql \
-postgres:12.4-alpine \
+postgres:13.0-alpine \
 pg_dumpall -h matrix-postgres \
 | gzip -c \
 > /postgres.sql.gz
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -18,8 +18,6 @@
 matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
 matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
 ######################################################################
 #
 # /matrix-base
@ -1024,6 +1022,8 @@ matrix_synapse_admin_enabled: false
 # Synapse Admin's HTTP port to the local host.
 matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
 matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}"
 ######################################################################
 #
 # /matrix-synapse-admin
--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@ -59,13 +59,13 @@ matrix_integration_manager_ui_url: ~
 # The domain name where a Jitsi server is self-hosted.
 # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
-# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
+# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
-matrix_riot_jitsi_preferredDomain: ''
+matrix_client_element_jitsi_preferredDomain: ''
 # Controls whether Element should use End-to-End Encryption by default.
 # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
-# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
+# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
-matrix_riot_e2ee_default: true
+matrix_client_element_e2ee_default: true
 # The Docker network that all services would be put into
 matrix_docker_network: "matrix"
--- a/roles/matrix-base/tasks/sanity_check.yml
+++ b/roles/matrix-base/tasks/sanity_check.yml
@ -1,19 +1,10 @@
 ---
- set_fact:
+# We generally support Ansible 2.7.0 and above.
-    matrix_ansible_outdated_fail_msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+- name: Fail if running on Ansible < 2.7
 - name: Fail if running on Ansible < 2.5
  fail:
-    msg: "{{ matrix_ansible_outdated_fail_msg }}"
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
-  when: "ansible_version.major <= 2 and ansible_version.minor < 5"
+  when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 7)"
 # Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`.
 # The bug has been fixed in Ansible 2.5.2.
 - name: Fail if running on Ansible 2.5.x (lower than 2.5.2)
  fail:
    msg: "{{ matrix_ansible_outdated_fail_msg }}"
  when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
 - name: (Deprecation) Catch and report renamed settings
  fail:
--- a/roles/matrix-base/tasks/setup_matrix_user.yml
+++ b/roles/matrix-base/tasks/setup_matrix_user.yml
@ -17,6 +17,9 @@
    uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
    state: present
    group: "{{ matrix_user_groupname }}"
    home: "{{ matrix_base_data_path }}"
    create_home: no
    system: yes
  register: matrix_user
 - name: Set Matrix Group UID Variable
--- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2
+++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2
@ -18,12 +18,18 @@
 		]
 	}
 	{% endif %}
-	{% if matrix_riot_jitsi_preferredDomain %},
+	{% if matrix_client_element_jitsi_preferredDomain %},
 	"io.element.jitsi": {
 		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
 	},
 	"im.vector.riot.jitsi": {
-		"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
+		"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
 	}
 	{% endif %}
-	{% if not matrix_riot_e2ee_default %},
+	{% if not matrix_client_element_e2ee_default %},
 	"io.element.e2ee": {
 		"default": false
 	},
 	"im.vector.riot.e2ee": {
 		"default": false
 	}
--- a/roles/matrix-client-element/defaults/main.yml
+++ b/roles/matrix-client-element/defaults/main.yml
@ -2,7 +2,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
-matrix_client_element_docker_image: "vectorim/riot-web:v1.7.7"
+matrix_client_element_docker_image: "vectorim/riot-web:v1.7.8"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
 matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
@ -30,9 +30,11 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
 matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
 matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
 matrix_client_element_permalinkPrefix: "https://matrix.to"
 matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit"
 matrix_client_element_showLabsSettings: true
 # Element public room directory server(s)
 matrix_client_element_roomdir_servers: ['matrix.org']
-matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
+matrix_client_element_welcome_user_id: ~
 # Branding of Element
 matrix_client_element_brand: "Element"
--- a/roles/matrix-client-element/templates/config.json.j2
+++ b/roles/matrix-client-element/templates/config.json.j2
@ -20,8 +20,8 @@
 	"integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }},
 	"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
 	"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }},
-	"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
+	"bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }},
-	"enableLabs": true,
+	"showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }},
 	"roomDirectory": {
 		"servers": {{ matrix_client_element_roomdir_servers|to_json }}
 	},
--- a/roles/matrix-client-element/templates/welcome.html.j2
+++ b/roles/matrix-client-element/templates/welcome.html.j2
@ -97,19 +97,10 @@ h1::after {
    color: #2e2f32 !important;
 }
 .mx_ButtonHeadline {
    margin-bottom: 14px;
 }
 .mx_ButtonLabel {
    margin-left: 20px;
 }
 .mx_ButtonWrapperText {
    font-size: 13px;
    margin-bottom: 10px;
 }
 .mx_Header_title {
    font-size: 24px;
    font-weight: 600;
@ -128,7 +119,7 @@ h1::after {
 }
 .mx_ButtonCreateAccount {
-    background-color: #03B381;
+    background-color: #0DBD8B;
    color: white !important;
 }
@ -150,6 +141,32 @@ h1::after {
    background-image: url('welcome/images/icon-room-directory.svg');
 }
 /*
 .mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component
 If it is set on the page, we should show the buttons. Otherwise, we have to assume
 we don't have an account and should hide them. No account == no guest account either.
 */
 .mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions {
    display: none;
 }
 .mx_ButtonRow.mx_WelcomePage_guestFunctions {
    margin-top: 20px;
 }
 .mx_ButtonRow.mx_WelcomePage_guestFunctions > div {
    margin: 0 auto;
 }
@media only screen and (max-width: 480px) {
    .mx_ButtonRow {
        flex-direction: column;
    }
    .mx_ButtonRow > * {
        margin: 0 0 10px 0;
    }
 }
 </style>
 <div class="mx_Parent">
@ -175,17 +192,10 @@ h1::after {
             See https://github.com/vector-im/riot-web/issues/8622.
             TODO: Convert to config option if possible. -->
        <!-- BEGIN Ansible: Remove these lines when guest access is disabled -->
-        <div class="mx_ButtonRow">
+        <div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
            <div>
                <div class="mx_ButtonWrapperText">_t("Need help?")</div>
                <a href="#/user/@riot-bot:matrix.org?action=chat" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconHelp">
                    <div class="mx_ButtonLabel">_t("Chat with Riot Bot")</div>
                </a>
            </div>
            <div>
                <div class="mx_ButtonWrapperText">_t("Explore rooms")</div>
                <a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
-                    <div class="mx_ButtonLabel">_t("Room Directory")</div>
+                    <div class="mx_ButtonLabel">_t("Explore rooms")</div>
                </a>
            </div>
        </div>
--- a/roles/matrix-corporal/defaults/main.yml
+++ b/roles/matrix-corporal/defaults/main.yml
@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
 # List of systemd services that matrix-corporal.service depends on
 matrix_corporal_systemd_required_services_list: ['docker.service']
-matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0"
+matrix_corporal_docker_image: "devture/matrix-corporal:1.11.0"
 matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
 matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
--- a/roles/matrix-postgres/defaults/main.yml
+++ b/roles/matrix-postgres/defaults/main.yml
@ -12,7 +12,8 @@ matrix_postgres_docker_image_v9: "postgres:9.6.19-alpine"
 matrix_postgres_docker_image_v10: "postgres:10.14-alpine"
 matrix_postgres_docker_image_v11: "postgres:11.9-alpine"
 matrix_postgres_docker_image_v12: "postgres:12.4-alpine"
-matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
+matrix_postgres_docker_image_v13: "postgres:13.0-alpine"
 matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
 # This variable is assigned at runtime. Overriding its value has no effect.
 matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'
--- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml
+++ b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml
@ -49,3 +49,8 @@
  set_fact:
    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}"
  when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')"
 - name: Determine corresponding Docker image to detected version (use 12.x, if detected)
  set_fact:
    matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}"
  when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')"
--- a/roles/matrix-synapse-admin/defaults/main.yml
+++ b/roles/matrix-synapse-admin/defaults/main.yml
@ -7,7 +7,7 @@ matrix_synapse_admin_container_self_build: false
 matrix_synapse_admin_docker_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
 matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
-matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.4.1"
+matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.5.0"
 matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
 # A list of extra arguments to pass to the container
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@ -5,7 +5,7 @@ matrix_synapse_enabled: true
 matrix_synapse_container_image_self_build: false
-matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.3"
+matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.1"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@ -366,11 +366,10 @@ retention:
  #  min_lifetime: 1d
  #  max_lifetime: 1y
-  # Retention policy limits. If set, a user won't be able to send a
+  # Retention policy limits. If set, and the state of a room contains a
-  # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
+  # 'm.room.retention' event in its state which contains a 'min_lifetime' or a
-  # that's not within this range. This is especially useful in closed federations,
+  # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy
-  # in which server admins can make sure every federating server applies the same
+  # to these limits when running purge jobs.
  # rules.
  #
  #allowed_lifetime_min: 1d
  #allowed_lifetime_max: 1y
@ -390,18 +389,19 @@ retention:
  # 'longest_max_lifetime' of '3d' will handle every room with a retention policy
  # which 'max_lifetime' is lower than or equal to three days.
  #
-  # The rationale for this per-job configuration is that some rooms might have a
+  # If any purge job is configured, it is strongly recommended to have at least
-  # retention policy with a low 'max_lifetime', where history needs to be purged
+  # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime'
-  # of outdated messages on a more frequent basis than for the rest of the rooms
+  # set, or one job without 'shortest_max_lifetime' and one job without
-  # (e.g. every 12h), but not want that purge to be performed by a job that's
+  # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if
-  # iterating over every room it knows, which could be heavy on the server.
+  # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a
  # room's policy to these values is done after the policies are retrieved from
  # Synapse's database (which is done using the range specified in a purge job's
  # configuration).
  #
  #purge_jobs:
-  #  - shortest_max_lifetime: 1d
+  #  - longest_max_lifetime: 3d
  #    longest_max_lifetime: 3d
  #    interval: 12h
  #  - shortest_max_lifetime: 3d
  #    longest_max_lifetime: 1y
  #    interval: 1d
 # Inhibits the /requestToken endpoints from returning an error that might leak
@ -1923,9 +1923,7 @@ email:
  # Directory in which Synapse will try to find the template files below.
  # If not set, default templates from within the Synapse package will be used.
  #
-  # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
+  # Do not uncomment this setting unless you want to customise the templates.
  # If you *do* uncomment it, you will need to make sure that all the templates
  # below are in the directory.
  #
  # Synapse will look for the following templates in this directory:
  #