From e6b77284f2dd4d9b5549601947d9b9d09f5375e5 Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Fri, 13 Aug 2021 17:46:37 +0200 Subject: [PATCH 01/90] Relay bot configurable + permissions Enable / disable relay bot functionality as configuratoin paramter; set bridge permissions for base domain users to user level --- .../matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index d4f64c79..ef66ee91 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -188,14 +188,13 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_signal_homeserver_domain }}': relay - '{{ matrix_mautrix_signal_homeserver_domain }}': user + permissions: + {{ matrix_mautrix_signal_homeserver_domain }}: user relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any # authenticated user into a relaybot for that chat. - enabled: true + enabled: {{ matrix_mautrix_signal_relaybot_enabled }} # The formats to use when sending messages to Signal via a relay user. # # Available variables: From 5ca28ba87249951e24cd226e4ccfdf81aadd98d3 Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Fri, 13 Aug 2021 17:48:05 +0200 Subject: [PATCH 02/90] Default relay bot functionality setting Per default relay bot functionality is disabled; the bridge user permissions depends on the relay bot, if enabled the base domain users are on level relay, else remain on user; --- .../defaults/main.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 8ff2fbb6..157922c6 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -78,6 +78,9 @@ matrix_mautrix_signal_appservice_database: "{{ # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). matrix_mautrix_signal_login_shared_secret: '' +# Enable bridge relay bot functionality +matrix_mautrix_signal_relaybot_enabled: false + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -93,6 +96,21 @@ matrix_mautrix_signal_configuration_extension_yaml: | # # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_signal_configuration_yaml`. + # + # Permissions for using the bridge. + # Permitted values: + # relay - Allowed to be relayed through the bridge, no access to commands. + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + # + bridge: + permissions: + {{ matrix_mautrix_signal_homeserver_domain }}: "{{ "relay" if matrix_mautrix_signal_relaybot_enabled else "user" }}" + matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configuration_extension_yaml|from_yaml if matrix_mautrix_signal_configuration_extension_yaml|from_yaml is mapping else {} }}" From c3b4a1a66d7796d84b8c0b2eaf4970405a6d28fc Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Fri, 13 Aug 2021 17:48:28 +0200 Subject: [PATCH 03/90] Augment documentation for relay bot --- ...figuring-playbook-bridge-mautrix-signal.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index 6d3c4dfb..e91487fa 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -12,6 +12,27 @@ Use the following playbook configuration: matrix_mautrix_signal_enabled: true ``` +There are some additional things you may wish to configure about the bridge before you continue. + +The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_signal_relaybot_enabled: true +``` + +Additionally the permissions for the bridge grant user rights to all base domain users in case the relay bot is disabled, or relay rights in case the relay bot is enabled. + +If you would like to have a more specific setting of the permissions you can set the permissions as follows (example). For more details see also [mautrix-bridge documentation](https://docs.mau.fi/bridges/python/signal/relay-mode.html) +```yaml +matrix_mautrix_signal_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:YOUR_DOMAIN': admin + '*': user + YOUR_DOMAIN: relay +``` + +You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure. + ## Set up Double Puppeting If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-signal/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it. From bb931493eeb26a55f8dd60e26d2cbea04885b99b Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Fri, 13 Aug 2021 20:15:19 +0200 Subject: [PATCH 04/90] Update as per suggestion --- docs/configuring-playbook-bridge-mautrix-signal.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index e91487fa..30b7bba8 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -27,8 +27,8 @@ matrix_mautrix_signal_configuration_extension_yaml: | bridge: permissions: '@YOUR_USERNAME:YOUR_DOMAIN': admin - '*': user - YOUR_DOMAIN: relay + YOUR_DOMAIN: user + '*': relay ``` You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure. From a34241e4ccbbdeb982ceb662d320da7a0b995480 Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Fri, 13 Aug 2021 21:11:41 +0200 Subject: [PATCH 05/90] Remove intial permissions seting Permissions, when set in the template, will be augmented rahter than replaced when using matrix_mautrix_signal_configuration_extension_yaml. Therefore, permissions shall only be set in the defaults/vars.yml or in the HS specific vars.yml file --- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index ef66ee91..f0b9af86 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -188,8 +188,10 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - {{ matrix_mautrix_signal_homeserver_domain }}: user + #permissions: + # + # Remark: permissions will be set in the defaults/main.yml file of this role + # (see matrix_mautrix_signal_configuration_extension_yaml) relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From d9e8be7c7997042963382dea0b8da1c38b5b8b5c Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Sat, 14 Aug 2021 17:32:54 +0200 Subject: [PATCH 06/90] Update docs/configuring-playbook-bridge-mautrix-signal.md Document how to enable relay functionality in a room Co-authored-by: Jan <31133207+Jaffex@users.noreply.github.com> --- docs/configuring-playbook-bridge-mautrix-signal.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index 30b7bba8..06881b60 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -18,7 +18,8 @@ The relay bot functionality is off by default. If you would like to enable the r ```yaml matrix_mautrix_signal_relaybot_enabled: true ``` - +If you want to activate the relay bot in a room, use `!signal set-relay`. +Use `!signal unset-relay` to deactivate. Additionally the permissions for the bridge grant user rights to all base domain users in case the relay bot is disabled, or relay rights in case the relay bot is enabled. If you would like to have a more specific setting of the permissions you can set the permissions as follows (example). For more details see also [mautrix-bridge documentation](https://docs.mau.fi/bridges/python/signal/relay-mode.html) From ae9639585ccedc1e303fb28e03b844432d4c380e Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Sat, 14 Aug 2021 17:35:49 +0200 Subject: [PATCH 07/90] Update roles/matrix-bridge-mautrix-signal/defaults/main.yml Improved setup through template file Co-authored-by: Jan <31133207+Jaffex@users.noreply.github.com> --- .../defaults/main.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 157922c6..48aa2566 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -96,21 +96,6 @@ matrix_mautrix_signal_configuration_extension_yaml: | # # If you need something more special, you can take full control by # completely redefining `matrix_mautrix_signal_configuration_yaml`. - # - # Permissions for using the bridge. - # Permitted values: - # relay - Allowed to be relayed through the bridge, no access to commands. - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - # - bridge: - permissions: - {{ matrix_mautrix_signal_homeserver_domain }}: "{{ "relay" if matrix_mautrix_signal_relaybot_enabled else "user" }}" - matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configuration_extension_yaml|from_yaml if matrix_mautrix_signal_configuration_extension_yaml|from_yaml is mapping else {} }}" From d249fe874ede76f244c2701e42ab8c2199a5f5af Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Sat, 14 Aug 2021 17:36:43 +0200 Subject: [PATCH 08/90] Update roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 Updated settings in template file: * relay for any user * user permissions only for HS domain users Co-authored-by: Jan <31133207+Jaffex@users.noreply.github.com> --- .../matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index f0b9af86..5628b942 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -188,10 +188,9 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - #permissions: - # - # Remark: permissions will be set in the defaults/main.yml file of this role - # (see matrix_mautrix_signal_configuration_extension_yaml) + permissions: + *: relay + '{{ matrix_mautrix_signal_homeserver_domain }}': user relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From 30aa8c2c3f88ae0c2725b8c069f1ecef5639bce9 Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Sat, 14 Aug 2021 17:38:58 +0200 Subject: [PATCH 09/90] Update docs/configuring-playbook-bridge-mautrix-signal.md Improvement of documentation Co-authored-by: Jan <31133207+Jaffex@users.noreply.github.com> --- docs/configuring-playbook-bridge-mautrix-signal.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index 06881b60..efd4d96f 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -20,7 +20,8 @@ matrix_mautrix_signal_relaybot_enabled: true ``` If you want to activate the relay bot in a room, use `!signal set-relay`. Use `!signal unset-relay` to deactivate. -Additionally the permissions for the bridge grant user rights to all base domain users in case the relay bot is disabled, or relay rights in case the relay bot is enabled. +By default, any user on your homeserver will be able to use the bridge. +If you enable the relay bot functionality, it will relay every user's messages in a portal room - no matter which homeserver they're from. If you would like to have a more specific setting of the permissions you can set the permissions as follows (example). For more details see also [mautrix-bridge documentation](https://docs.mau.fi/bridges/python/signal/relay-mode.html) ```yaml From f988fd33391f923ec997fc6f71ba663dc6dc03e9 Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Sat, 14 Aug 2021 17:47:31 +0200 Subject: [PATCH 10/90] Change sequence of permissions As per earlier comment (see from tulir) the sequence has been changed. --- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 5628b942..2adfd520 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -189,8 +189,8 @@ bridge: # domain - All users on that homeserver # mxid - Specific user permissions: - *: relay '{{ matrix_mautrix_signal_homeserver_domain }}': user + *: relay relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From 7486db0d1a88d40bd9d02bfd96be7386f99e1fae Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Sat, 14 Aug 2021 17:58:08 +0200 Subject: [PATCH 11/90] Missing ticks --- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 2adfd520..ecd5902b 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -190,7 +190,7 @@ bridge: # mxid - Specific user permissions: '{{ matrix_mautrix_signal_homeserver_domain }}': user - *: relay + '*': relay relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From d0b557eb6f0c56ad86c20bab642e29dcfb0e430c Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Sun, 15 Aug 2021 08:42:21 +0200 Subject: [PATCH 12/90] Replace tabs to spaces to prevent problems in YAML --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 48aa2566..93472d51 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -70,9 +70,9 @@ matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' matrix_mautrix_signal_database_connection_string: 'postgres://{{ matrix_mautrix_signal_database_username }}:{{ matrix_mautrix_signal_database_password }}@{{ matrix_mautrix_signal_database_hostname }}:{{ matrix_mautrix_signal_database_port }}/{{ matrix_mautrix_signal_database_name }}' matrix_mautrix_signal_appservice_database: "{{ - { - 'postgres': matrix_mautrix_signal_database_connection_string, - }[matrix_mautrix_signal_database_engine] + { + 'postgres': matrix_mautrix_signal_database_connection_string, + }[matrix_mautrix_signal_database_engine] }}" # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). From b1c94efcd8bfba5047765c53f19a1af585153a34 Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Mon, 16 Aug 2021 18:23:40 +0200 Subject: [PATCH 13/90] Make template generic for the pemission settings --- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index ecd5902b..1c7a637f 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -189,8 +189,7 @@ bridge: # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ matrix_mautrix_signal_homeserver_domain }}': user - '*': relay + {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From 4b7506ca1a0c13a31adf4e4eaea1e6f79c02b9b3 Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Mon, 16 Aug 2021 18:24:12 +0200 Subject: [PATCH 14/90] Preset the permissions inline with other bridges --- .../matrix-bridge-mautrix-signal/defaults/main.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 93472d51..93993fa1 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -81,6 +81,19 @@ matrix_mautrix_signal_login_shared_secret: '' # Enable bridge relay bot functionality matrix_mautrix_signal_relaybot_enabled: false +# Permissions for using the bridge. +# Permitted values: +# relay - Allowed to be relayed through the bridge, no access to commands. +# user - Use the bridge with puppeting. +# admin - Use and administrate the bridge. +# Permitted keys: +# * - All Matrix users +# domain - All users on that homeserver +# mxid - Specific user +matrix_mautrix_signal_bridge_permissions: | + '*': relay + '{{ matrix_mautrix_signal_homeserver_domain }}': user + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # From 5a828f36a6226c4a44449b355a1e3fa2d3f5957a Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Mon, 16 Aug 2021 18:24:55 +0200 Subject: [PATCH 15/90] Document the permissions settings. Distinguish between augmenting and overwriting. --- ...figuring-playbook-bridge-mautrix-signal.md | 28 +++++++++++++++++-- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index efd4d96f..131d3aba 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -23,14 +23,36 @@ Use `!signal unset-relay` to deactivate. By default, any user on your homeserver will be able to use the bridge. If you enable the relay bot functionality, it will relay every user's messages in a portal room - no matter which homeserver they're from. -If you would like to have a more specific setting of the permissions you can set the permissions as follows (example). For more details see also [mautrix-bridge documentation](https://docs.mau.fi/bridges/python/signal/relay-mode.html) +Different levels of permission can be granted to users: + +* relay - Allowed to be relayed through the bridge, no access to commands; +* user - Use the bridge with puppeting; +* admin - Use and administer the bridge. + +The permissions are following the sequence: nothing < relay < user < admin. + +The default permissions are set as follows: +```yaml +permissions: + '*': relay + YOUR_DOMAIN: user +``` + +If you want to augment the preset permissions, you might want to set the additional permissions with the following settings in your `vars.yml` file: ```yaml matrix_mautrix_signal_configuration_extension_yaml: | bridge: permissions: '@YOUR_USERNAME:YOUR_DOMAIN': admin - YOUR_DOMAIN: user - '*': relay +``` + +This will add the admin permission to the specific user, while keepting the default permissions. + +In case you want to replace the default permissions settings **completely**, populate the following item within your `vars.yml` file: +```yaml +matrix_mautrix_signal_bridge_permissions: | + '@ADMIN:YOUR_DOMAIN': admin + '@USER:YOUR_DOMAIN' : user ``` You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure. From 854ea911950369fdc36f6fd4b56641dbea1aad0f Mon Sep 17 00:00:00 2001 From: pushytoxin Date: Tue, 17 Aug 2021 10:21:53 +0200 Subject: [PATCH 16/90] Mautrix-Facebook repo location update, pin v0.3.1 The Github link is just a redirect to Tulir's own GitLab, so I replaced the self-build link The docker container repository was rearranged hierarchically (dock.mau.dev/tulir/mautrix-facebook -> dock.mau.dev/mautrix/facebook) Tagged versions have been made available, thus :latest -> :v0.3.1 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 71a225f7..4f024bdf 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -4,11 +4,10 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false -matrix_mautrix_facebook_container_image_self_build_repo: "https://github.com/tulir/mautrix-facebook.git" +matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: latest -# See: https://mau.dev/tulir/mautrix-facebook/container_registry -matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:{{ matrix_mautrix_facebook_version }}" +matrix_mautrix_facebook_version: v0.3.1 +matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" From 12dbb29675d0cb589218a26208390efd8ed61683 Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Tue, 17 Aug 2021 12:47:52 +0200 Subject: [PATCH 17/90] Upgrade Element (1.8.0 -> 1.8.1) Element web/desktop has just been updated to fix some regressions in regard to VoIP. --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index fc1f40bc..0c0480f1 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" -matrix_client_element_version: v1.8.0 +matrix_client_element_version: v1.8.1 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From d93b2109f4f6a4f043bb5a6e1377a843dbd80eca Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Wed, 18 Aug 2021 06:25:49 +0800 Subject: [PATCH 18/90] ehh? --- setup.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/setup.yml b/setup.yml index 076a5f7a..2c0e197a 100755 --- a/setup.yml +++ b/setup.yml @@ -55,8 +55,4 @@ - matrix-aux - matrix-postgres-backup - matrix-prometheus-postgres-exporter -<<<<<<< HEAD - matrix-common-after -======= - - matrix-common-after ->>>>>>> upstream/master From dc8000760bcd997177c4558ca77b22e7e6c5a7c5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 18 Aug 2021 09:50:10 +0300 Subject: [PATCH 19/90] Bump Coturn version tag (4.5.2-r2 -> 4.5.2-r3) Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1236 --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 45565686..eb55e500 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r2 +matrix_coturn_version: 4.5.2-r3 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From 517ecbf0d15c855f29165a8b01a64623e8e3d6fb Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Wed, 18 Aug 2021 21:07:44 +0800 Subject: [PATCH 20/90] move delete-subscription to deploy --- .../matrix-awx/tasks/delete_awx_templates.yml | 308 ++++++++++++++++++ roles/matrix-awx/tasks/delete_mailgun.yml | 14 + roles/matrix-awx/tasks/delete_server.yml | 42 +++ .../tasks/delete_server_directory.yml | 5 + roles/matrix-awx/tasks/main.yml | 38 ++- 5 files changed, 406 insertions(+), 1 deletion(-) create mode 100755 roles/matrix-awx/tasks/delete_awx_templates.yml create mode 100644 roles/matrix-awx/tasks/delete_mailgun.yml create mode 100755 roles/matrix-awx/tasks/delete_server.yml create mode 100755 roles/matrix-awx/tasks/delete_server_directory.yml diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml new file mode 100755 index 00000000..11784dac --- /dev/null +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -0,0 +1,308 @@ + +- name: Install jq in AWX + delegate_to: 127.0.0.1 + yum: + name: jq + state: latest + +- name: Collect AWX admin token the hard way! + delegate_to: 127.0.0.1 + shell: | + curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' + register: tower_token + no_log: True + +- name: Remove original 'Provision Server' job template + awx.awx.tower_job_template: + name: "0 - {{ subscription_id }} - Provision a New Server" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + +- name: Remove 'Provision Wireguard Server' job template + awx.awx.tower_job_template: + name: "0 - {{ subscription_id }} - Provision Wireguard Server" + job_type: run + project: "Ansible Create Delete Subscription Membership" + playbook: setup_wireguard_server.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + +- name: Remove schedule for 'Deploy a New Server' job template + awx.awx.tower_schedule: + name: "{{ matrix_domain }} - 0 - Update Server Schedule" + enabled: yes + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Backup Server' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 0 - Backup Server" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Export Server' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 0 - Export Server" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Deploy/Update a Server' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Self-Check' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 0 - Self-Check" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Start/Restart all Services' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 0 - Start/Restart all Services" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Stop all Services' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 0 - Stop all Services" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Corporal (Advanced)' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Dimension' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Dimension" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Element' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Element" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Element Subdomain' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Element Subdomain" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Email Relay' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Email Relay" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Jitsi' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Jitsi" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure ma1sd (Advanced)' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Synapse' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Synapse" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Synapse Admin' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Synapse Admin" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Access Export' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Access Export" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Configure Website + Access Export' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Create User' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 2 - Create User" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Purge Media (Advanced)' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 2 - Purge Media (Advanced)" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove 'Purge Database (Advanced)' job template + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 2 - Purge Database (Advanced)" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove Matrix server from organisations inventory + awx.awx.tower_host: + name: "matrix.{{ matrix_domain }}" + description: "{{ matrix_domain }} Matrix Server" + inventory: "{{ member_id }}" + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + +- name: Remove Wireguard Server from organisations inventory + awx.awx.tower_host: + name: "wireguard.{{ matrix_domain }}" + description: "{{ matrix_domain }} Wireguard Proxy" + inventory: "{{ member_id }}" + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined + diff --git a/roles/matrix-awx/tasks/delete_mailgun.yml b/roles/matrix-awx/tasks/delete_mailgun.yml new file mode 100644 index 00000000..465bbede --- /dev/null +++ b/roles/matrix-awx/tasks/delete_mailgun.yml @@ -0,0 +1,14 @@ + +- name: Include matrix server variables from matrix_vars.yml + include_vars: "{{ item }}" + with_first_found: + - files: + - /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml + skip: true + no_log: True + +- name: Delete MailGun SMTP login + shell: | + curl -s --user 'api:{{ mg_private_api_key }}' -X DELETE https://{{ mg_api_url }}/v3/domains/{{ mg_sender_domain }}/credentials/{{ matrix_domain }} + when: matrix_domain is defined + no_log: True diff --git a/roles/matrix-awx/tasks/delete_server.yml b/roles/matrix-awx/tasks/delete_server.yml new file mode 100755 index 00000000..63e21541 --- /dev/null +++ b/roles/matrix-awx/tasks/delete_server.yml @@ -0,0 +1,42 @@ + + +- name: Include hosting vars of digital_ocean.yml + include_vars: + file: /var/lib/awx/projects/hosting/hosting_vars.yml + no_log: True + +- name: Load vars from organisation.yml + include_vars: + file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' + +- name: Load vars from server_vars.yml + include_vars: + file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/server_vars.yml' + ignore_errors: yes + +- name: Remove existing Digital Ocean Droplet + community.digitalocean.digital_ocean_droplet: + # needs ansible 2.8+ (AWX uses 2.9.10 at ) + state: absent + id: '{{ do_droplet_id }}' + name: '{{ matrix_domain }}' + oauth_token: '{{ do_api_token }}' + size: '{{ slug_size }}' + region: '{{ do_droplet_region }}' + image: '{{ do_image }}' + wait: yes + unique_name: yes + register: deleted_server_info + when: do_droplet_id is defined + +- debug: + msg: "{{ deleted_server_info }}" + when: do_droplet_id is defined + +#- name: Delete fake DNS record for faster testing +# delegate_to: 127.0.0.1 +# shell: | +# sed -i -c '/{{ matrix_domain }}/d' /etc/hosts + +# Doesn't allow letsencrypt to generate certs :S + diff --git a/roles/matrix-awx/tasks/delete_server_directory.yml b/roles/matrix-awx/tasks/delete_server_directory.yml new file mode 100755 index 00000000..f7145b50 --- /dev/null +++ b/roles/matrix-awx/tasks/delete_server_directory.yml @@ -0,0 +1,5 @@ + +- name: Delete the servers directory on AWX + file: + path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/' + state: absent diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 6e192ce0..8f34fab5 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -25,7 +25,43 @@ when: run_setup|bool and matrix_awx_enabled|bool tags: - backup-server - + +# Delete DigitalOcean Droplet/Space +- include_tasks: + file: "delete_server.yml" + apply: + tags: delete-subscription + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - delete-subscription + +# Delete MailGun SMTP Account +- include_tasks: + file: "delete_mailgun.yml" + apply: + tags: delete-subscription + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - delete-subscription + +# Delete AWX Job Templates for Server +- include_tasks: + file: "delete_awx_templates.yml" + apply: + tags: delete-subscription + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - delete-subscription + +# Delete Organisation Directories +- include_tasks: + file: "delete_server_directory.yml" + apply: + tags: delete-subscription + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - delete-subscription + # Perform a export of the server - include_tasks: file: "export_server.yml" From 6299bc0300d7c38070a319a6b2b2522bbc86a27d Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 16:49:35 +0200 Subject: [PATCH 21/90] Update readme mautrix bridges --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 096c04e3..47119d14 100644 --- a/README.md +++ b/README.md @@ -45,17 +45,17 @@ Using this playbook, you can get the following services configured on your serve - (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server -- (optional) the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/) +- (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/) -- (optional) the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) +- (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) -- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/) +- (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/) -- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) +- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) -- (optional) the [mautrix-instagram](https://github.com/tulir/mautrix-instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/) +- (optional) the [mautrix-instagram](https://github.com/mautrix/instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/) -- (optional) the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/) +- (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/) - (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) From ef0ed0af3d9d56b0667d1ec3c5f0821885407090 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 16:54:45 +0200 Subject: [PATCH 22/90] Update container-images.md --- docs/container-images.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/container-images.md b/docs/container-images.md index f2914488..21f055b8 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -40,17 +40,17 @@ These services are not part of our default installation, but can be enabled by [ - [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) - [matrix-registration](https://github.com/ZerataX/matrix-registration): a simple python application to have a token based matrix registration (optional) -- [tulir/mautrix-telegram](https://mau.dev/tulir/mautrix-telegram/container_registry) - the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge to [Telegram](https://telegram.org/) (optional) +- [mautrix/telegram](https://mau.dev/mautrix/telegram/container_registry) - the [mautrix-telegram](https://github.com/mautrix/telegram) bridge to [Telegram](https://telegram.org/) (optional) -- [tulir/mautrix-whatsapp](https://mau.dev/tulir/mautrix-whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional) +- [mautrix/whatsapp](https://mau.dev/mautrix/whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional) -- [tulir/mautrix-facebook](https://mau.dev/tulir/mautrix-facebook/container_registry) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional) +- [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional) -- [tulir/mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts/container_registry) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional) +- [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional) -- [tulir/mautrix-instagram](https://mau.dev/tulir/mautrix-instagram/container_registry) - the [mautrix-instagram](https://github.com/tulir/mautrix-instagram) bridge to [Instagram](https://instagram.com/) (optional) +- [mautrix/instagram](https://mau.dev/mautrix/instagram/container_registry) - the [mautrix-instagram](https://github.com/mautrix/instagram) bridge to [Instagram](https://instagram.com/) (optional) -- [tulir/mautrix-signal](https://mau.dev/tulir/mautrix-signal/container_registry) - the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge to [Signal](https://www.signal.org/) (optional) +- [mautrix/signal](https://mau.dev/mautrix/signal/container_registry) - the [mautrix-signal](https://github.com/mautrix/signal) bridge to [Signal](https://www.signal.org/) (optional) - [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional) From 868ac12cf4f62cac4bd463102fda3287acc210b4 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 16:57:57 +0200 Subject: [PATCH 23/90] update mautrix docs --- docs/configuring-playbook-bridge-mautrix-facebook.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index d07873ae..282865e7 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -1,8 +1,8 @@ # Setting up Mautrix Facebook (optional) -The playbook can install and configure [mautrix-facebook](https://github.com/tulir/mautrix-facebook) for you. +The playbook can install and configure [mautrix-facebook](https://github.com/mautrix/facebook) for you. -See the project's [documentation](https://github.com/tulir/mautrix-facebook/blob/master/ROADMAP.md) to learn what it does and why it might be useful to you. +See the project's [documentation](https://github.com/mautrix/facebook/blob/master/ROADMAP.md) to learn what it does and why it might be useful to you. ```yaml matrix_mautrix_facebook_enabled: true From 9d571e3c8e7e9edbf4f353b6ac355471a3be7403 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 16:59:41 +0200 Subject: [PATCH 24/90] Update configuring-playbook-bridge-mautrix-hangouts.md --- docs/configuring-playbook-bridge-mautrix-hangouts.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md index a74b1f11..fa1a69a0 100644 --- a/docs/configuring-playbook-bridge-mautrix-hangouts.md +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -1,8 +1,8 @@ # Setting up Mautrix Hangouts (optional) -The playbook can install and configure [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) for you. +The playbook can install and configure [mautrix-hangouts](https://github.com/mautrix/hangouts) for you. -See the project's [documentation](https://github.com/tulir/mautrix-hangouts/wiki#usage) to learn what it does and why it might be useful to you. +See the project's [documentation](https://github.com/mautrix/hangouts/wiki#usage) to learn what it does and why it might be useful to you. To enable the [Google Hangouts](https://hangouts.google.com/) bridge just use the following playbook configuration: @@ -14,7 +14,7 @@ matrix_mautrix_hangouts_enabled: true ## Set up Double Puppeting -If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-hangouts/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it. +If you'd like to use [Double Puppeting](https://github.com/mautrix/hangouts/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it. ### Method 1: automatically, by enabling Shared Secret Auth @@ -52,7 +52,7 @@ Automatic login may not work. If it does not, reload the page and select the "Ma Once logged in, recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages. -You can learn more about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-hangouts/wiki/Authentication). +You can learn more about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/hangouts/authentication.html). After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. From 91c9aec973f329f8217caac3a9337650c897636d Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:00:47 +0200 Subject: [PATCH 25/90] Update configuring-playbook-bridge-mautrix-instagram.md --- docs/configuring-playbook-bridge-mautrix-instagram.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 7cdbc7a8..38d107d0 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -1,6 +1,6 @@ # Setting up Mautrix Instagram (optional) -The playbook can install and configure [mautrix-instagram](https://github.com/tulir/mautrix-instagram) for you. +The playbook can install and configure [mautrix-instagram](https://github.com/mautrix/instagram) for you. See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/index.html) to learn what it does and why it might be useful to you. From 9b1ff158f89c9144cf7c1226f7276ea3b2f05f5b Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:03:20 +0200 Subject: [PATCH 26/90] Update configuring-playbook-bridge-mautrix-signal.md --- docs/configuring-playbook-bridge-mautrix-signal.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md index 131d3aba..f47640b9 100644 --- a/docs/configuring-playbook-bridge-mautrix-signal.md +++ b/docs/configuring-playbook-bridge-mautrix-signal.md @@ -1,8 +1,8 @@ # Setting up Mautrix Signal (optional) -The playbook can install and configure [mautrix-signal](https://github.com/tulir/mautrix-signal) for you. +The playbook can install and configure [mautrix-signal](https://github.com/mautrix/signal) for you. -See the project's [documentation](https://github.com/tulir/mautrix-signal/wiki) to learn what it does and why it might be useful to you. +See the project's [documentation](https://docs.mau.fi/bridges/python/signal/index.html) to learn what it does and why it might be useful to you. **Note/Prerequisite**: If you're running with the Postgres database server integrated by the playbook (which is the default), you don't need to do anything special and can easily proceed with installing. However, if you're [using an external Postgres server](configuring-playbook-external-postgres.md), you'd need to manually prepare a Postgres database for this bridge and adjust the variables related to that (`matrix_mautrix_signal_database_*`). @@ -59,7 +59,7 @@ You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yam ## Set up Double Puppeting -If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-signal/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it. +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. ### Method 1: automatically, by enabling Shared Secret Auth From 4292dbe238af4578352ac4a73f06776bd5976e92 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:06:53 +0200 Subject: [PATCH 27/90] Update configuring-playbook-bridge-mautrix-hangouts.md --- docs/configuring-playbook-bridge-mautrix-hangouts.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md index fa1a69a0..1b31e75a 100644 --- a/docs/configuring-playbook-bridge-mautrix-hangouts.md +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -2,7 +2,7 @@ The playbook can install and configure [mautrix-hangouts](https://github.com/mautrix/hangouts) for you. -See the project's [documentation](https://github.com/mautrix/hangouts/wiki#usage) to learn what it does and why it might be useful to you. +See the project's [documentation](https://docs.mau.fi/bridges/python/hangouts/index.html) to learn what it does and why it might be useful to you. To enable the [Google Hangouts](https://hangouts.google.com/) bridge just use the following playbook configuration: @@ -14,7 +14,7 @@ matrix_mautrix_hangouts_enabled: true ## Set up Double Puppeting -If you'd like to use [Double Puppeting](https://github.com/mautrix/hangouts/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it. +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. ### Method 1: automatically, by enabling Shared Secret Auth From 57fb6e7f719635ed1e014e063f190edcbf18c948 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:09:19 +0200 Subject: [PATCH 28/90] Update configuring-playbook-bridge-mautrix-telegram.md --- docs/configuring-playbook-bridge-mautrix-telegram.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index bfdc6fc5..0ac6c103 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -1,8 +1,8 @@ # Setting up Mautrix Telegram (optional) -The playbook can install and configure [mautrix-telegram](https://github.com/tulir/mautrix-telegram) for you. +The playbook can install and configure [mautrix-telegram](https://github.com/mautrix/telegram) for you. -See the project's [documentation](https://github.com/tulir/mautrix-telegram/wiki#usage) to learn what it does and why it might be useful to you. +See the project's [documentation](https://docs.mau.fi/bridges/python/telegram/index.html) to learn what it does and why it might be useful to you. You'll need to obtain API keys from [https://my.telegram.org/apps](https://my.telegram.org/apps) and then use the following playbook configuration: @@ -14,7 +14,7 @@ matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH ## Set up Double Puppeting -If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-telegram/wiki/Authentication#replacing-telegram-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it. +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. ### Method 1: automatically, by enabling Shared Secret Auth @@ -45,7 +45,7 @@ https://matrix.DOMAIN/_matrix/client/r0/login You then need to start a chat with `@telegrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). -If you want to use the relay-bot feature ([relay bot documentation](https://github.com/tulir/mautrix-telegram/wiki/Relay-bot)), which allows anonymous user to chat with telegram users, use the following additional playbook configuration: +If you want to use the relay-bot feature ([relay bot documentation](https://docs.mau.fi/bridges/python/telegram/relay-bot.html)), which allows anonymous user to chat with telegram users, use the following additional playbook configuration: ```yaml matrix_mautrix_telegram_bot_token: YOUR_TELEGRAM_BOT_TOKEN From 301626d91d65ac7bdb13d866a1e751baf8cc2990 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:11:09 +0200 Subject: [PATCH 29/90] Update configuring-playbook-bridge-mautrix-whatsapp.md --- docs/configuring-playbook-bridge-mautrix-whatsapp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index 78ae2863..1e5f7038 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -1,8 +1,8 @@ # Setting up Mautrix Whatsapp (optional) -The playbook can install and configure [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) for you. +The playbook can install and configure [mautrix-whatsapp](https://github.com/mautrix/whatsapp) for you. -See the project's [documentation](https://github.com/tulir/mautrix-whatsapp/wiki) to learn what it does and why it might be useful to you. +See the project's [documentation](https://docs.mau.fi/bridges/go/whatsapp/index.html) to learn what it does and why it might be useful to you. Use the following playbook configuration: @@ -13,7 +13,7 @@ matrix_mautrix_whatsapp_enabled: true ## Set up Double Puppeting -If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-whatsapp/wiki/Authentication#replacing-whatsapp-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it. +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. ### Method 1: automatically, by enabling Shared Secret Auth From 69f333ea251091637fad96ff57f8fd90d95eb0ca Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:14:18 +0200 Subject: [PATCH 30/90] Update main.yml --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 4f024bdf..6c1d6b69 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -1,5 +1,5 @@ # mautrix-facebook is a Matrix <-> Facebook bridge -# See: https://github.com/tulir/mautrix-facebook +# See: https://github.com/mautrix/facebook matrix_mautrix_facebook_enabled: true @@ -106,7 +106,7 @@ matrix_mautrix_facebook_registration_yaml: | - exclusive: true regex: '^@{{ matrix_mautrix_facebook_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$' url: {{ matrix_mautrix_facebook_appservice_address }} - # See https://github.com/tulir/mautrix-signal/issues/43 + # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_facebook_appservice_bot_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true From b9124c0080f7a1beac58871b0d3a0329c7115ba9 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:16:58 +0200 Subject: [PATCH 31/90] update new repo name mautrix-hangouts --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 48b66b8d..fa46d33c 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -1,14 +1,14 @@ # mautrix-hangouts is a Matrix <-> Hangouts bridge -# See: https://github.com/tulir/mautrix-hangouts +# See: https://github.com/mautrix/hangouts matrix_mautrix_hangouts_enabled: true matrix_mautrix_hangouts_container_image_self_build: false -matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/tulir/mautrix-hangouts.git" +matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/mautrix/hangouts.git" matrix_mautrix_hangouts_version: latest -# See: https://mau.dev/tulir/mautrix-hangouts/container_registry -matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}tulir/mautrix-hangouts:{{ matrix_mautrix_hangouts_version }}" +# See: https://mau.dev/mautrix/hangouts/container_registry +matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}mautrix/hangouts:{{ matrix_mautrix_hangouts_version }}" matrix_mautrix_hangouts_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_hangouts_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}" @@ -107,7 +107,7 @@ matrix_mautrix_hangouts_registration_yaml: | - exclusive: true regex: '^@{{ matrix_mautrix_hangouts_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$' url: {{ matrix_mautrix_hangouts_appservice_address }} - # See https://github.com/tulir/mautrix-signal/issues/43 + # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_hangouts_appservice_bot_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true From 1ae4032cb707b673344941408d3909315bc07cb4 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:17:44 +0200 Subject: [PATCH 32/90] update new repo name mautrix --- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 5204386d..a648018e 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -1,14 +1,14 @@ # mautrix-instagram is a Matrix <-> Instagram bridge -# See: https://github.com/tulir/mautrix-instagram +# See: https://github.com/mautrix/instagram matrix_mautrix_instagram_enabled: true matrix_mautrix_instagram_container_image_self_build: false -matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/tulir/mautrix-instagram.git" +matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" matrix_mautrix_instagram_version: latest # See: https://mau.dev/tulir/mautrix-instagram/container_registry -matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}tulir/mautrix-instagram:{{ matrix_mautrix_instagram_version }}" +matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_instagram_docker_image_force_pull: "{{ matrix_mautrix_instagram_docker_image.endswith(':latest') }}" @@ -97,7 +97,7 @@ matrix_mautrix_instagram_registration_yaml: | - exclusive: true regex: '^@{{ matrix_mautrix_instagram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_instagram_homeserver_domain|regex_escape }}$' url: {{ matrix_mautrix_instagram_appservice_address }} - # See https://github.com/tulir/mautrix-signal/issues/43 + # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_instagram_appservice_bot_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true From 43c9eab6b90664eca6f8b6595c4eddf93f7dfbf0 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:20:18 +0200 Subject: [PATCH 33/90] update mautrix new repo name --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index e49de8e3..f8faff15 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -1,5 +1,5 @@ # mautrix-telegram is a Matrix <-> Telegram bridge -# See: https://github.com/tulir/mautrix-telegram +# See: https://github.com/mautrix/telegram matrix_mautrix_telegram_enabled: true @@ -10,12 +10,12 @@ matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram matrix_mautrix_telegram_container_self_build: false -matrix_mautrix_telegram_docker_repo: "https://mau.dev/tulir/mautrix-telegram.git" +matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" matrix_mautrix_telegram_version: v0.9.0 -# See: https://mau.dev/tulir/mautrix-telegram/container_registry -matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:{{ matrix_mautrix_telegram_version }}" +# See: https://mau.dev/mautrix/telegram/container_registry +matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" @@ -123,7 +123,7 @@ matrix_mautrix_telegram_registration_yaml: | aliases: - exclusive: true regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' - # See https://github.com/tulir/mautrix-signal/issues/43 + # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }} url: {{ matrix_mautrix_telegram_appservice_address }} rate_limited: false From 7eec01e359d1f518602270e3c4133480374cf0cf Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:21:20 +0200 Subject: [PATCH 34/90] update mautrix new repo name --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 41bfb8be..87a24bf6 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -1,10 +1,10 @@ # mautrix-whatsapp is a Matrix <-> Whatsapp bridge -# See: https://github.com/tulir/mautrix-whatsapp +# See: https://github.com/mautrix/whatsapp matrix_mautrix_whatsapp_enabled: true matrix_mautrix_whatsapp_version: latest -# See: https://mau.dev/tulir/mautrix-whatsapp/container_registry +# See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}" @@ -96,7 +96,7 @@ matrix_mautrix_whatsapp_registration_yaml: | url: {{ matrix_mautrix_whatsapp_appservice_address }} as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" - # See https://github.com/tulir/mautrix-signal/issues/43 + # See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_whatsapp_appservice_bot_username }} rate_limited: false namespaces: From 7d0ce01792ccbb631ea36a49f167fc9ce4587ece Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:24:54 +0200 Subject: [PATCH 35/90] update links --- roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 1c7a637f..19c3ba05 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -140,7 +140,7 @@ bridge: # If false, created portal rooms will never be federated. federate_rooms: true # End-to-bridge encryption support options. You must install the e2be optional dependency for - # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption + # this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html encryption: # Allow encryption, work in group chat rooms with e2ee enabled allow: false From 4240df64010a59cece54e7aabda26da026d47d57 Mon Sep 17 00:00:00 2001 From: AtomHare Date: Wed, 18 Aug 2021 17:25:45 +0200 Subject: [PATCH 36/90] update link --- .../matrix-bridge-mautrix-signal/templates/registration.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 index 54df82da..32e913a1 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2 @@ -12,7 +12,7 @@ namespaces: - exclusive: true regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$' url: {{ matrix_mautrix_signal_appservice_address }} -# See https://github.com/tulir/mautrix-signal/issues/43 +# See https://github.com/mautrix/signal/issues/43 sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }} rate_limited: false de.sorunome.msc2409.push_ephemeral: true From 7b9929e17b623f1dd5e52d70a2aa6e970a67b256 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Thu, 19 Aug 2021 16:55:58 +0800 Subject: [PATCH 37/90] add << SUBSCRIPTION DELETION IN PROGRESS >> job template --- roles/matrix-awx/tasks/delete_awx_templates.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index 11784dac..649db5a3 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -272,9 +272,9 @@ validate_certs: yes when: matrix_domain is defined -- name: Remove 'Purge Database (Advanced)' job template +- name: Remove '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 2 - Purge Database (Advanced)" + name: "0 - {{ subscription_id }} - << SUBSCRIPTION DELETION IN PROGRESS >>" job_type: run project: "{{ member_id }} - Matrix Docker Ansible Deploy" playbook: setup.yml @@ -282,8 +282,7 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes - when: matrix_domain is defined - + - name: Remove Matrix server from organisations inventory awx.awx.tower_host: name: "matrix.{{ matrix_domain }}" From fa43d04ad7ff45a6957a68600bfc05148fe21e14 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Thu, 19 Aug 2021 17:02:28 +0800 Subject: [PATCH 38/90] syntax error --- roles/matrix-awx/tasks/delete_awx_templates.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index 649db5a3..6a3d6cf6 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -304,4 +304,3 @@ tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes when: matrix_domain is defined - From b2f96df1a9b523f2b65cc5e81fa7617b3e2b74fd Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Thu, 19 Aug 2021 17:13:34 +0800 Subject: [PATCH 39/90] end play after deleting subscription in AWX --- roles/matrix-awx/tasks/delete_awx_templates.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index 6a3d6cf6..81986ef7 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -304,3 +304,11 @@ tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes when: matrix_domain is defined + +- name: Set boolean value to exit playbook + set_fact: + end_playbook: true + +- name: End playbook if this task list is called. + meta: end_play + when: end_playbook is defined and end_playbook|bool From 7203d4ec215c85f91d08c57b6cb954a234bc5e05 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Thu, 19 Aug 2021 18:01:26 +0800 Subject: [PATCH 40/90] replace module only if file exists --- roles/matrix-awx/tasks/rename_variables.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-awx/tasks/rename_variables.yml b/roles/matrix-awx/tasks/rename_variables.yml index e8992bd8..73a7a6bc 100644 --- a/roles/matrix-awx/tasks/rename_variables.yml +++ b/roles/matrix-awx/tasks/rename_variables.yml @@ -5,4 +5,5 @@ path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" regexp: 'matrix_synapse_use_presence' replace: 'matrix_synapse_presence_enabled' - + args: + creates: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" From 92b26ec84628d25a21acf51ff447d027791b15e3 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Thu, 19 Aug 2021 18:05:47 +0800 Subject: [PATCH 41/90] check if matrix_vars.yml file exists --- roles/matrix-awx/tasks/rename_variables.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/matrix-awx/tasks/rename_variables.yml b/roles/matrix-awx/tasks/rename_variables.yml index 73a7a6bc..6d82a0be 100644 --- a/roles/matrix-awx/tasks/rename_variables.yml +++ b/roles/matrix-awx/tasks/rename_variables.yml @@ -1,9 +1,13 @@ +- name: Check if matrix_vars.yml file exists + stat: + path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" + register: matrix_vars_file + - name: Rename synapse presence variable delegate_to: 127.0.0.1 replace: path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" regexp: 'matrix_synapse_use_presence' replace: 'matrix_synapse_presence_enabled' - args: - creates: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" + when: matrix_vars_file.stat.exists From d9d9554a7449da23248ab371aea8bfbcd878974e Mon Sep 17 00:00:00 2001 From: nono Date: Thu, 19 Aug 2021 14:08:53 +0200 Subject: [PATCH 42/90] Update the docker image version for mautrix-telegram --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index f8faff15..a105621a 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -13,7 +13,7 @@ matrix_mautrix_telegram_container_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.9.0 +matrix_mautrix_telegram_version: v0.10.1 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" From 312bcc444b6421223080eeb0edc11fe5abb4a86d Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Fri, 20 Aug 2021 09:28:54 +0800 Subject: [PATCH 43/90] no log --- roles/matrix-awx/tasks/delete_mailgun.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-awx/tasks/delete_mailgun.yml b/roles/matrix-awx/tasks/delete_mailgun.yml index 465bbede..68b985f9 100644 --- a/roles/matrix-awx/tasks/delete_mailgun.yml +++ b/roles/matrix-awx/tasks/delete_mailgun.yml @@ -11,4 +11,4 @@ shell: | curl -s --user 'api:{{ mg_private_api_key }}' -X DELETE https://{{ mg_api_url }}/v3/domains/{{ mg_sender_domain }}/credentials/{{ matrix_domain }} when: matrix_domain is defined - no_log: True +# no_log: True From 14effd5e2bc41aa8c15e355f1b19427dd131dea7 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Fri, 20 Aug 2021 09:35:12 +0800 Subject: [PATCH 44/90] delegate delete tasks locally --- .../matrix-awx/tasks/delete_awx_templates.yml | 25 +++++++++++++++++++ roles/matrix-awx/tasks/delete_mailgun.yml | 12 +++++++-- roles/matrix-awx/tasks/delete_server.yml | 4 +++ .../tasks/delete_server_directory.yml | 1 + 4 files changed, 40 insertions(+), 2 deletions(-) diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index 81986ef7..faa28921 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -13,6 +13,7 @@ no_log: True - name: Remove original 'Provision Server' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "0 - {{ subscription_id }} - Provision a New Server" job_type: run @@ -24,6 +25,7 @@ validate_certs: yes - name: Remove 'Provision Wireguard Server' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "0 - {{ subscription_id }} - Provision Wireguard Server" job_type: run @@ -35,6 +37,7 @@ validate_certs: yes - name: Remove schedule for 'Deploy a New Server' job template + delegate_to: 127.0.0.1 awx.awx.tower_schedule: name: "{{ matrix_domain }} - 0 - Update Server Schedule" enabled: yes @@ -45,6 +48,7 @@ when: matrix_domain is defined - name: Remove 'Backup Server' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 0 - Backup Server" job_type: run @@ -57,6 +61,7 @@ when: matrix_domain is defined - name: Remove 'Export Server' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 0 - Export Server" job_type: run @@ -69,6 +74,7 @@ when: matrix_domain is defined - name: Remove 'Deploy/Update a Server' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" job_type: run @@ -81,6 +87,7 @@ when: matrix_domain is defined - name: Remove 'Self-Check' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 0 - Self-Check" job_type: run @@ -93,6 +100,7 @@ when: matrix_domain is defined - name: Remove 'Start/Restart all Services' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 0 - Start/Restart all Services" job_type: run @@ -105,6 +113,7 @@ when: matrix_domain is defined - name: Remove 'Stop all Services' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 0 - Stop all Services" job_type: run @@ -117,6 +126,7 @@ when: matrix_domain is defined - name: Remove 'Configure Corporal (Advanced)' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" job_type: run @@ -129,6 +139,7 @@ when: matrix_domain is defined - name: Remove 'Configure Dimension' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Dimension" job_type: run @@ -141,6 +152,7 @@ when: matrix_domain is defined - name: Remove 'Configure Element' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Element" job_type: run @@ -153,6 +165,7 @@ when: matrix_domain is defined - name: Remove 'Configure Element Subdomain' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Element Subdomain" job_type: run @@ -165,6 +178,7 @@ when: matrix_domain is defined - name: Remove 'Configure Email Relay' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Email Relay" job_type: run @@ -177,6 +191,7 @@ when: matrix_domain is defined - name: Remove 'Configure Jitsi' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Jitsi" job_type: run @@ -189,6 +204,7 @@ when: matrix_domain is defined - name: Remove 'Configure ma1sd (Advanced)' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" job_type: run @@ -201,6 +217,7 @@ when: matrix_domain is defined - name: Remove 'Configure Synapse' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Synapse" job_type: run @@ -213,6 +230,7 @@ when: matrix_domain is defined - name: Remove 'Configure Synapse Admin' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Synapse Admin" job_type: run @@ -225,6 +243,7 @@ when: matrix_domain is defined - name: Remove 'Access Export' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Access Export" job_type: run @@ -237,6 +256,7 @@ when: matrix_domain is defined - name: Remove 'Configure Website + Access Export' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" job_type: run @@ -249,6 +269,7 @@ when: matrix_domain is defined - name: Remove 'Create User' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 2 - Create User" job_type: run @@ -261,6 +282,7 @@ when: matrix_domain is defined - name: Remove 'Purge Media (Advanced)' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 2 - Purge Media (Advanced)" job_type: run @@ -273,6 +295,7 @@ when: matrix_domain is defined - name: Remove '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "0 - {{ subscription_id }} - << SUBSCRIPTION DELETION IN PROGRESS >>" job_type: run @@ -284,6 +307,7 @@ validate_certs: yes - name: Remove Matrix server from organisations inventory + delegate_to: 127.0.0.1 awx.awx.tower_host: name: "matrix.{{ matrix_domain }}" description: "{{ matrix_domain }} Matrix Server" @@ -295,6 +319,7 @@ when: matrix_domain is defined - name: Remove Wireguard Server from organisations inventory + delegate_to: 127.0.0.1 awx.awx.tower_host: name: "wireguard.{{ matrix_domain }}" description: "{{ matrix_domain }} Wireguard Proxy" diff --git a/roles/matrix-awx/tasks/delete_mailgun.yml b/roles/matrix-awx/tasks/delete_mailgun.yml index 68b985f9..69d41ffd 100644 --- a/roles/matrix-awx/tasks/delete_mailgun.yml +++ b/roles/matrix-awx/tasks/delete_mailgun.yml @@ -1,14 +1,22 @@ - name: Include matrix server variables from matrix_vars.yml + delegate_to: 127.0.0.1 include_vars: "{{ item }}" with_first_found: - files: - /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml skip: true no_log: True - + +- name: Install curl in AWX + delegate_to: 127.0.0.1 + yum: + name: curl + state: latest + - name: Delete MailGun SMTP login + delegate_to: 127.0.0.1 shell: | curl -s --user 'api:{{ mg_private_api_key }}' -X DELETE https://{{ mg_api_url }}/v3/domains/{{ mg_sender_domain }}/credentials/{{ matrix_domain }} when: matrix_domain is defined -# no_log: True + no_log: True diff --git a/roles/matrix-awx/tasks/delete_server.yml b/roles/matrix-awx/tasks/delete_server.yml index 63e21541..6924a8eb 100755 --- a/roles/matrix-awx/tasks/delete_server.yml +++ b/roles/matrix-awx/tasks/delete_server.yml @@ -1,20 +1,24 @@ - name: Include hosting vars of digital_ocean.yml + delegate_to: 127.0.0.1 include_vars: file: /var/lib/awx/projects/hosting/hosting_vars.yml no_log: True - name: Load vars from organisation.yml + delegate_to: 127.0.0.1 include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - name: Load vars from server_vars.yml + delegate_to: 127.0.0.1 include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/server_vars.yml' ignore_errors: yes - name: Remove existing Digital Ocean Droplet + delegate_to: 127.0.0.1 community.digitalocean.digital_ocean_droplet: # needs ansible 2.8+ (AWX uses 2.9.10 at ) state: absent diff --git a/roles/matrix-awx/tasks/delete_server_directory.yml b/roles/matrix-awx/tasks/delete_server_directory.yml index f7145b50..b0e45abc 100755 --- a/roles/matrix-awx/tasks/delete_server_directory.yml +++ b/roles/matrix-awx/tasks/delete_server_directory.yml @@ -1,5 +1,6 @@ - name: Delete the servers directory on AWX + delegate_to: 127.0.0.1 file: path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/' state: absent From a37e5b6d60e6ff9387ea9d73020eb16e7ef66ead Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Fri, 20 Aug 2021 09:58:55 +0800 Subject: [PATCH 45/90] job templates cant delete themselves --- .../matrix-awx/tasks/delete_awx_templates.yml | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index faa28921..79a19628 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -294,18 +294,6 @@ validate_certs: yes when: matrix_domain is defined -- name: Remove '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "0 - {{ subscription_id }} - << SUBSCRIPTION DELETION IN PROGRESS >>" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - - name: Remove Matrix server from organisations inventory delegate_to: 127.0.0.1 awx.awx.tower_host: @@ -330,6 +318,22 @@ validate_certs: yes when: matrix_domain is defined +#- name: Remove '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template +# delegate_to: 127.0.0.1 +# awx.awx.tower_job_template: +# name: "0 - {{ subscription_id }} - << SUBSCRIPTION DELETION IN PROGRESS >>" +# job_type: run +# project: "{{ member_id }} - Matrix Docker Ansible Deploy" +# playbook: setup.yml +# state: absent +# tower_host: "https://{{ tower_host }}" +# tower_oauthtoken: "{{ tower_token.stdout }}" +# validate_certs: yes + +# make new extra vars file +# remake 'delete delete playbook' +# launch it + - name: Set boolean value to exit playbook set_fact: end_playbook: true From e75ecd858d6c6adcb4a607b9f18bca737bb09f16 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Fri, 20 Aug 2021 11:14:15 +0800 Subject: [PATCH 46/90] launch cleanup job after deleting subscription --- .../matrix-awx/tasks/delete_awx_templates.yml | 41 ++++++++++++------- .../templates/delete_job_template.json.j2 | 4 ++ 2 files changed, 31 insertions(+), 14 deletions(-) create mode 100644 roles/matrix-awx/templates/delete_job_template.json.j2 diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index 79a19628..cd180043 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -318,21 +318,34 @@ validate_certs: yes when: matrix_domain is defined -#- name: Remove '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template -# delegate_to: 127.0.0.1 -# awx.awx.tower_job_template: -# name: "0 - {{ subscription_id }} - << SUBSCRIPTION DELETION IN PROGRESS >>" -# job_type: run -# project: "{{ member_id }} - Matrix Docker Ansible Deploy" -# playbook: setup.yml -# state: absent -# tower_host: "https://{{ tower_host }}" -# tower_oauthtoken: "{{ tower_token.stdout }}" -# validate_certs: yes +- name: Save new 'Delete Job Template' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: '{{ role_path }}/templates/delete_job_template.json.j2' + dest: '/var/lib/awx/projects/hosting/delete_job_template.json' -# make new extra vars file -# remake 'delete delete playbook' -# launch it +- name: Re-create '00 - Cleanup Deletion Template' job template + awx.awx.tower_job_template: + name: "00 - Cleanup Deletion Template" + description: "Deletes the remaining '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template." + job_type: run + inventory: "{{ org_name }} [Admin]" + project: "Ansible Create Delete Subscription Membership" + playbook: cleanup_deletion_job_template.yml + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/hosting/delete_job_template.json') }}" + ask_extra_vars: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + +- name: Launch '00 - Cleanup Deletion Template' job template before ending + awx.awx.tower_job_launch: + job_template: "00 - Cleanup Deletion Template" + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes - name: Set boolean value to exit playbook set_fact: diff --git a/roles/matrix-awx/templates/delete_job_template.json.j2 b/roles/matrix-awx/templates/delete_job_template.json.j2 new file mode 100644 index 00000000..694337ce --- /dev/null +++ b/roles/matrix-awx/templates/delete_job_template.json.j2 @@ -0,0 +1,4 @@ +{ + "subscription_id": "{{ subscription_id }}", + "member_id": "{{ member_id }}" +} From 3125ee56e2b76457e2b3a163d692636fb590b7f0 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Fri, 20 Aug 2021 13:27:10 +0800 Subject: [PATCH 47/90] add abort_deletion.yml task list --- roles/matrix-awx/tasks/abort_deletion.yml | 283 ++++++++++++++++++ .../matrix-awx/tasks/delete_awx_templates.yml | 37 --- roles/matrix-awx/tasks/delete_server.yml | 9 - .../tasks/delete_server_directory.yml | 6 - .../tasks/delete_subscription_directory.yml | 43 +++ roles/matrix-awx/tasks/main.yml | 11 +- 6 files changed, 336 insertions(+), 53 deletions(-) create mode 100644 roles/matrix-awx/tasks/abort_deletion.yml delete mode 100755 roles/matrix-awx/tasks/delete_server_directory.yml create mode 100755 roles/matrix-awx/tasks/delete_subscription_directory.yml diff --git a/roles/matrix-awx/tasks/abort_deletion.yml b/roles/matrix-awx/tasks/abort_deletion.yml new file mode 100644 index 00000000..f3220b6a --- /dev/null +++ b/roles/matrix-awx/tasks/abort_deletion.yml @@ -0,0 +1,283 @@ + +# abort deletion + +- name: Include hosting vars + include_vars: + file: /var/lib/awx/projects/hosting/hosting_vars.yml + when: cancel_deletion|bool + no_log: True + +- name: Install jq in AWX + delegate_to: 127.0.0.1 + yum: + name: jq + state: latest + when: cancel_deletion|bool + +- name: Collect AWX admin token the hard way! + delegate_to: 127.0.0.1 + shell: | + curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' + when: cancel_deletion|bool + register: tower_token + no_log: True + +- name: Remove schedule for '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template + delegate_to: 127.0.0.1 + awx.awx.tower_schedule: + name: "{{ subscription_id }} - << SUBSCRIPTION DELETION IN PROGRESS >>" + enabled: yes + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: cancel_deletion|bool + +# restore use of templates + +- name: Grant execute permission on 'Deploy/Update a Server' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Backup Server' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 0 - Backup Server" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Self-Check' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 0 - Self-Check" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Start/Restart all Services' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 0 - Start/Restart all Services" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Stop all Services' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 0 - Stop all Services" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure Corporal (Advanced)' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure Dimension' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure Dimension" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure Element' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure Element" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure Element Subdomain' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure Element Subdomain" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure Email Relay' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure Email Relay" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure Jitsi' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure Jitsi" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure ma1sd (Advanced)' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure Synapse' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure Synapse" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Configure Synapse Admin' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 1 - Configure Synapse Admin" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Create User' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 2 - Create User" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Purge Media (Advanced)' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 2 - Purge Media (Advanced)" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +- name: Grant execute permission on 'Purge Database (Advanced)' job template + delegate_to: 127.0.0.1 + awx.awx.tower_role: + team: "{{ member_id }}" + job_template: "{{ matrix_domain }} - 2 - Purge Database (Advanced)" + role: execute + state: present + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: (matrix_domain is defined) and (cancel_deletion|bool) + +# trigger cleanup + +- name: Save new 'Delete Job Template' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: '{{ role_path }}/templates/delete_job_template.json.j2' + dest: '/var/lib/awx/projects/hosting/delete_job_template.json' + when: cancel_deletion|bool + +- name: Re-create '00 - Cleanup Deletion Template' job template + awx.awx.tower_job_template: + name: "00 - Cleanup Deletion Template" + description: "Deletes the remaining '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template." + job_type: run + inventory: "{{ org_name }} [Admin]" + project: "Ansible Create Delete Subscription Membership" + playbook: cleanup_deletion_job_template.yml + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/hosting/delete_job_template.json') }}" + ask_extra_vars: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: cancel_deletion|bool + +- name: Launch '00 - Cleanup Deletion Template' job template before ending + awx.awx.tower_job_launch: + job_template: "00 - Cleanup Deletion Template" + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: cancel_deletion|bool + +- name: Set boolean value to exit playbook + set_fact: + end_playbook: true + when: cancel_deletion|bool + +- name: End playbook if this task list is called. + meta: end_play + when: (end_playbook is defined) and end_playbook|bool and cancel_deletion|bool diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index cd180043..17e09791 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -317,40 +317,3 @@ tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes when: matrix_domain is defined - -- name: Save new 'Delete Job Template' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: '{{ role_path }}/templates/delete_job_template.json.j2' - dest: '/var/lib/awx/projects/hosting/delete_job_template.json' - -- name: Re-create '00 - Cleanup Deletion Template' job template - awx.awx.tower_job_template: - name: "00 - Cleanup Deletion Template" - description: "Deletes the remaining '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template." - job_type: run - inventory: "{{ org_name }} [Admin]" - project: "Ansible Create Delete Subscription Membership" - playbook: cleanup_deletion_job_template.yml - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/hosting/delete_job_template.json') }}" - ask_extra_vars: yes - state: present - verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - -- name: Launch '00 - Cleanup Deletion Template' job template before ending - awx.awx.tower_job_launch: - job_template: "00 - Cleanup Deletion Template" - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - -- name: Set boolean value to exit playbook - set_fact: - end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: end_playbook is defined and end_playbook|bool diff --git a/roles/matrix-awx/tasks/delete_server.yml b/roles/matrix-awx/tasks/delete_server.yml index 6924a8eb..ebb1361a 100755 --- a/roles/matrix-awx/tasks/delete_server.yml +++ b/roles/matrix-awx/tasks/delete_server.yml @@ -1,5 +1,4 @@ - - name: Include hosting vars of digital_ocean.yml delegate_to: 127.0.0.1 include_vars: @@ -36,11 +35,3 @@ - debug: msg: "{{ deleted_server_info }}" when: do_droplet_id is defined - -#- name: Delete fake DNS record for faster testing -# delegate_to: 127.0.0.1 -# shell: | -# sed -i -c '/{{ matrix_domain }}/d' /etc/hosts - -# Doesn't allow letsencrypt to generate certs :S - diff --git a/roles/matrix-awx/tasks/delete_server_directory.yml b/roles/matrix-awx/tasks/delete_server_directory.yml deleted file mode 100755 index b0e45abc..00000000 --- a/roles/matrix-awx/tasks/delete_server_directory.yml +++ /dev/null @@ -1,6 +0,0 @@ - -- name: Delete the servers directory on AWX - delegate_to: 127.0.0.1 - file: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/' - state: absent diff --git a/roles/matrix-awx/tasks/delete_subscription_directory.yml b/roles/matrix-awx/tasks/delete_subscription_directory.yml new file mode 100755 index 00000000..2f893a95 --- /dev/null +++ b/roles/matrix-awx/tasks/delete_subscription_directory.yml @@ -0,0 +1,43 @@ + +- name: Delete the servers directory on AWX + delegate_to: 127.0.0.1 + file: + path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/' + state: absent + +- name: Save new 'Delete Job Template' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: '{{ role_path }}/templates/delete_job_template.json.j2' + dest: '/var/lib/awx/projects/hosting/delete_job_template.json' + +- name: Re-create '00 - Cleanup Deletion Template' job template + awx.awx.tower_job_template: + name: "00 - Cleanup Deletion Template" + description: "Deletes the remaining '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template." + job_type: run + inventory: "{{ org_name }} [Admin]" + project: "Ansible Create Delete Subscription Membership" + playbook: cleanup_deletion_job_template.yml + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/hosting/delete_job_template.json') }}" + ask_extra_vars: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + +- name: Launch '00 - Cleanup Deletion Template' job template before ending + awx.awx.tower_job_launch: + job_template: "00 - Cleanup Deletion Template" + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + +- name: Set boolean value to exit playbook + set_fact: + end_playbook: true + +- name: End playbook if this task list is called. + meta: end_play + when: end_playbook is defined and end_playbook|bools diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 8f34fab5..20754245 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -26,6 +26,15 @@ tags: - backup-server +# Abort Subscription Deletion +- include_tasks: + file: "abort_deletion.yml" + apply: + tags: delete-subscription + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - delete-subscription + # Delete DigitalOcean Droplet/Space - include_tasks: file: "delete_server.yml" @@ -55,7 +64,7 @@ # Delete Organisation Directories - include_tasks: - file: "delete_server_directory.yml" + file: "delete_subscription_directory.yml" apply: tags: delete-subscription when: run_setup|bool and matrix_awx_enabled|bool From f5a7e6d78b015f3e4ef6197123f314a6e1bb341f Mon Sep 17 00:00:00 2001 From: sakkiii Date: Fri, 20 Aug 2021 19:47:11 +0530 Subject: [PATCH 48/90] Certbot update v1.18.0 --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 87cbcde1..75b84d7c 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -409,7 +409,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.17.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.18.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From 9860fb46757f46a13dbec2725734259a65271779 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 20 Aug 2021 17:48:18 +0300 Subject: [PATCH 49/90] Upgrade Sygnal (v0.9.0 -> v0.10.1) --- CHANGELOG.md | 14 +++++ group_vars/matrix_servers | 10 ---- roles/matrix-sygnal/defaults/main.yml | 22 +------- roles/matrix-sygnal/tasks/setup_install.yml | 33 ------------ roles/matrix-sygnal/tasks/validate_config.yml | 8 --- roles/matrix-sygnal/templates/sygnal.yaml.j2 | 51 ------------------- 6 files changed, 15 insertions(+), 123 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fd1c8d2..88e26339 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +# 2021-08-20 + +# Sygnal upgraded - ARM support and no longer requires a database + +The [Sygnal](docs/configuring-playbook-sygnal.md) push gateway has been upgraded from `v0.9.0` to `v0.10.1`. + +This is an optional component for the playbook, so most of our users wouldn't care about this announcement. + +Since this feels like a relatively big (and untested, as of yet) Sygnal change, we're putting up this changelog entry. + +The new version is also available for the ARM architecture. It also no longer requires a database anymore. +If you need to downgrade to the previous version, changing `matrix_sygnal_version` or `matrix_sygnal_docker_image` will not be enough, as we've removed the `database` configuration completely. You'd need to switch to an earlier playbook commit. + + # 2021-05-21 ## Hydrogen support diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a8e39282..1952b338 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1462,12 +1462,6 @@ matrix_postgres_additional_databases: | 'password': matrix_etherpad_database_password, }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else []) + - ([{ - 'name': matrix_sygnal_database_name, - 'username': matrix_sygnal_database_username, - 'password': matrix_sygnal_database_password, - }] if (matrix_sygnal_enabled and matrix_sygnal_database_engine == 'postgres' and matrix_sygnal_database_hostname == 'matrix-postgres') else []) - + ([{ 'name': matrix_prometheus_postgres_exporter_database_name, 'username': matrix_prometheus_postgres_exporter_database_username, @@ -1512,10 +1506,6 @@ matrix_sygnal_metrics_prometheus_enabled: "{{ matrix_prometheus_enabled }}" matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:6000' }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_sygnal_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" -matrix_sygnal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sygnal') | to_uuid }}" - ###################################################################### # # /matrix-sygnal diff --git a/roles/matrix-sygnal/defaults/main.yml b/roles/matrix-sygnal/defaults/main.yml index 476ac2ad..70d530f8 100644 --- a/roles/matrix-sygnal/defaults/main.yml +++ b/roles/matrix-sygnal/defaults/main.yml @@ -7,7 +7,7 @@ matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data" -matrix_sygnal_version: v0.9.0 +matrix_sygnal_version: v0.10.1 matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}" matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}" @@ -25,26 +25,6 @@ matrix_sygnal_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_sygnal_container_extra_arguments: [] -# Database-related configuration fields. -# -# To use SQLite, stick to these defaults. -# -# To use Postgres: -# - change the engine (`matrix_sygnal_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_sygnal_postgres_*` variables -matrix_sygnal_database_engine: 'sqlite' - -matrix_sygnal_sqlite_database_path_local: "{{ matrix_sygnal_data_path }}/sygnal.db" -matrix_sygnal_sqlite_database_path_in_container: "/data/sygnal.db" - -matrix_sygnal_database_username: 'matrix_sygnal' -matrix_sygnal_database_password: 'some-password' -matrix_sygnal_database_hostname: 'matrix-postgres' -matrix_sygnal_database_port: 5432 -matrix_sygnal_database_name: 'matrix_sygnal' - -matrix_sygnal_database_connection_string: 'postgres://{{ matrix_sygnal_database_username }}:{{ matrix_sygnal_database_password }}@{{ matrix_sygnal_database_hostname }}:{{ matrix_sygnal_database_port }}/{{ matrix_sygnal_database_name }}' - # A map (dictionary) of apps instances that this server works with. # # Example configuration: diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index afac61c4..b85b6bff 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -1,32 +1,5 @@ --- -- set_fact: - matrix_sygnal_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_sygnal_sqlite_database_path_local }}" - register: matrix_sygnal_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_sygnal_sqlite_database_path_local }}" - dst: "{{ matrix_sygnal_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_sygnal_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-sygnal.service'] - pgloader_options: ['--with "quote identifiers"'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_sygnal_requires_restart: true - when: "matrix_sygnal_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_sygnal_database_engine == 'postgres'" - - name: Ensure Sygnal image is pulled docker_image: name: "{{ matrix_sygnal_docker_image }}" @@ -65,9 +38,3 @@ service: daemon_reload: yes when: "matrix_sygnal_systemd_service_result.changed|bool" - -- name: Ensure matrix-sygnal.service restarted, if necessary - service: - name: "matrix-sygnal.service" - state: restarted - when: "matrix_sygnal_requires_restart|bool" diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/matrix-sygnal/tasks/validate_config.yml index efd64104..1cf8357e 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/matrix-sygnal/tasks/validate_config.yml @@ -3,11 +3,3 @@ msg: >- Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps` when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0" - -- name: Fail if running on a non-supported architecture - fail: - msg: >- - Sygnal can only be used on the amd64 architecture for now. - Only amd64 container images are pushed for the `docker.io/matrixdotorg/sygnal` container image. - Either use a different image (by redefining `matrix_sygnal_docker_image`) or consider contributing self-building support to this role. - when: "matrix_sygnal_enabled and matrix_architecture != 'amd64' and matrix_sygnal_docker_image.startswith('docker.io/matrixdotorg/sygnal')" diff --git a/roles/matrix-sygnal/templates/sygnal.yaml.j2 b/roles/matrix-sygnal/templates/sygnal.yaml.j2 index bb8c521d..bb81ea9a 100644 --- a/roles/matrix-sygnal/templates/sygnal.yaml.j2 +++ b/roles/matrix-sygnal/templates/sygnal.yaml.j2 @@ -3,57 +3,6 @@ # See: matrix.org ## -# The 'database' setting defines the database that sygnal uses to store all of -# its data. -# -# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or -# 'psycopg2' (for PostgreSQL). -# -# 'args' gives options which are passed through to the database engine, -# except for options starting 'cp_', which are used to configure the Twisted -# connection pool. For a reference to valid arguments, see: -# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect -# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS -# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ -# -# -# Example SQLite configuration: -# -#database: -# name: sqlite3 -# args: -# dbfile: /path/to/database.db -# -# -# Example Postgres configuration: -# -#database: -# name: psycopg2 -# args: -# host: localhost -# database: sygnal -# user: sygnal -# password: pass -# cp_min: 1 -# cp_max: 5 -# -{% if matrix_sygnal_database_engine == 'sqlite' %} -database: - name: sqlite3 - args: - dbfile: {{ matrix_sygnal_sqlite_database_path_in_container|to_json }} -{% else %} -database: - name: psycopg2 - args: - host: {{ matrix_sygnal_database_hostname|to_json }} - database: {{ matrix_sygnal_database_name|to_json }} - user: {{ matrix_sygnal_database_username|to_json }} - password: {{ matrix_sygnal_database_password|to_json }} - cp_min: 1 - cp_max: 5 -{% endif %} - ## Logging # # log: From b13cf1871fde73a6043e3075a3bd8bbcebf0fc26 Mon Sep 17 00:00:00 2001 From: Alexandar Mechev Date: Sat, 21 Aug 2021 17:32:45 +0200 Subject: [PATCH 50/90] add code for LinkedIn Bridge --- group_vars/matrix_servers | 40 +++ .../defaults/main.yml | 107 +++++++ .../tasks/init.yml | 16 ++ .../tasks/main.yml | 21 ++ .../tasks/setup_install.yml | 115 ++++++++ .../tasks/setup_uninstall.yml | 24 ++ .../tasks/validate_config.yml | 11 + .../templates/config.yaml.j2 | 267 ++++++++++++++++++ .../systemd/matrix-beeper-linkedin.service.j2 | 42 +++ setup.yml | 1 + 10 files changed, 644 insertions(+) create mode 100644 roles/matrix-bridge-beeper-linkedin/defaults/main.yml create mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/init.yml create mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/main.yml create mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a8e39282..a3ef6e10 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -216,6 +216,40 @@ matrix_appservice_irc_database_password: "{{ matrix_synapse_macaroon_secret_key ###################################################################### +###################################################################### +# +# /matrix-bridge-beeper-linkedin +# +###################################################################### + +# We don't enable bridges by default. +matrix_beeper_linkedin_enabled: false + +matrix_beeper_linkedin_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_beeper_linkedin_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.as.token') | to_uuid }}" + +matrix_beeper_linkedin_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.hs.token') | to_uuid }}" + +matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_beeper_linkedin_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" + + + ###################################################################### # # matrix-bridge-mautrix-facebook @@ -1372,6 +1406,12 @@ matrix_postgres_additional_databases: | 'password': matrix_appservice_irc_database_password, }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_beeper_linkedin_database_name, + 'username': matrix_beeper_linkedin_database_username, + 'password': matrix_beeper_linkedin_database_password, + }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mautrix_facebook_database_name, 'username': matrix_mautrix_facebook_database_username, diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml new file mode 100644 index 00000000..851b8817 --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -0,0 +1,107 @@ +# beeper-linkedin is a Matrix <-> LinkedIn bridge +# See: https://gitlab.com/beeper/linkedin + +matrix_beeper_linkedin_enabled: true + +matrix_beeper_linkedin_version: v0.5.0 +# See: https://gitlab.com/beeper/linkedin/container_registry +matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64" +matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}" + +matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin" +matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config" +matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data" + +matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" +matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" + +# A list of extra arguments to pass to the container +matrix_beeper_linkedin_container_extra_arguments: [] + +# List of systemd services that matrix-beeper-linkedin.service depends on. +matrix_beeper_linkedin_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-beeper-linkedin.service wants +matrix_beeper_linkedin_systemd_wanted_services_list: [] + +matrix_beeper_linkedin_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.as.token') | to_uuid }}" +matrix_beeper_linkedin_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.hs.token') | to_uuid }}" + +matrix_beeper_linkedin_appservice_bot_username: linkedinbot + + +# Database-related configuration fields. (only works with postgres for now!) +# To use Postgres: +# - change the engine (`matrix_beeper_linkedin_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_beeper_linkedin_postgres_*` variables +matrix_beeper_linkedin_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" + +matrix_beeper_linkedin_sqlite_database_path_local: "{{ matrix_beeper_linkedin_data_path }}/beeper-linkedin.db" +matrix_beeper_linkedin_sqlite_database_path_in_container: "/data/beeper-linkedin.db" + +matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin' +matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" +matrix_beeper_linkedin_database_hostname: 'matrix-postgres' +matrix_beeper_linkedin_database_port: 5432 +matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' + +matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode=disable' + +matrix_beeper_linkedin_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_beeper_linkedin_database_engine] +}}" + +matrix_beeper_linkedin_appservice_database_uri: "{{ + { + 'sqlite': matrix_beeper_linkedin_sqlite_database_path_in_container, + 'postgres': matrix_beeper_linkedin_database_connection_string, + }[matrix_beeper_linkedin_database_engine] +}}" + + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_beeper_linkedin_login_shared_secret: '' + +# Default beeper-linkedin configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_beeper_linkedin_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_beeper_linkedin_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_beeper_linkedin_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_beeper_linkedin_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_beeper_linkedin_configuration_yaml`. + +matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_configuration_extension_yaml|from_yaml if matrix_beeper_linkedin_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_beeper_linkedin_configuration_yaml`. +matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml|from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}" + +matrix_beeper_linkedin_registration_yaml: | + id: linkedin + url: {{ matrix_beeper_linkedin_appservice_address }} + as_token: "{{ matrix_beeper_linkedin_appservice_token }}" + hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}" + + sender_localpart: _bot_{{ matrix_beeper_linkedin_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@linkedin_.+:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username|regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/init.yml b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml new file mode 100644 index 00000000..755ac2f5 --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/init.yml @@ -0,0 +1,16 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" + when: matrix_beeper_linkedin_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-beeper-linkedin-registration.yaml"] }} + when: matrix_beeper_linkedin_enabled|bool diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/main.yml b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml new file mode 100644 index 00000000..79c54f1a --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_beeper_linkedin_enabled|bool" + tags: + - setup-all + - setup-beeper-linkedin + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup and matrix_beeper_linkedin_enabled" + tags: + - setup-all + - setup-beeper-linkedin + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup and not matrix_beeper_linkedin_enabled" + tags: + - setup-all + - setup-beeper-linkedin diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml new file mode 100644 index 00000000..c2ccf8dc --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -0,0 +1,115 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- set_fact: + matrix_beeper_linkedin_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + stat: + path: "{{ matrix_beeper_linkedin_sqlite_database_path_local }}" + register: matrix_beeper_linkedin_sqlite_database_path_local_stat_result + + - block: + - set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_beeper_linkedin_sqlite_database_path_local }}" + dst: "{{ matrix_beeper_linkedin_database_connection_string }}" + caller: "{{ role_path|basename }}" + engine_variable_name: 'matrix_beeper_linkedin_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-beeper-linkedin.service'] + pgloader_options: ['--with "quote identifiers"'] + + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + + - set_fact: + matrix_beeper_linkedin_requires_restart: true + when: "matrix_beeper_linkedin_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_beeper_linkedin_database_engine == 'postgres'" + +- name: Ensure Beeper LinkedIn image is pulled + docker_image: + name: "{{ matrix_beeper_linkedin_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" + +- name: Ensure Beeper LinkedIn paths exists + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_beeper_linkedin_base_path }}" + - "{{ matrix_beeper_linkedin_config_path }}" + - "{{ matrix_beeper_linkedin_data_path }}" + +- name: Check if an old database file exists + stat: + path: "{{ matrix_beeper_linkedin_base_path }}/beeper-linkedin.db" + register: matrix_beeper_linkedin_stat_database + +- name: Check if an old matrix state file exists + stat: + path: "{{ matrix_beeper_linkedin_base_path }}/mx-state.json" + register: matrix_beeper_linkedin_stat_mx_state + +- name: (Data relocation) Ensure matrix-beeper-linkedin.service is stopped + service: + name: matrix-beeper-linkedin + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_beeper_linkedin_stat_database.stat.exists" + +- name: (Data relocation) Move beeper-linkedin database file to ./data directory + command: "mv {{ matrix_beeper_linkedin_base_path }}/beeper-linkedin.db {{ matrix_beeper_linkedin_data_path }}/beeper-linkedin.db" + when: "matrix_beeper_linkedin_stat_database.stat.exists" + +- name: (Data relocation) Move beeper-linkedin mx-state file to ./data directory + command: "mv {{ matrix_beeper_linkedin_base_path }}/mx-state.json {{ matrix_beeper_linkedin_data_path }}/mx-state.json" + when: "matrix_beeper_linkedin_stat_mx_state.stat.exists" + +- name: Ensure beeper-linkedin config.yaml installed + copy: + content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}" + dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure beeper-linkedin registration.yaml installed + copy: + content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml }}" + dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-beeper-linkedin.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + mode: 0644 + register: matrix_beeper_linkedin_systemd_service_result + +- name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation + service: + daemon_reload: yes + when: "matrix_beeper_linkedin_systemd_service_result.changed" + +- name: Ensure matrix-beeper-linkedin.service restarted, if necessary + service: + name: "matrix-beeper-linkedin.service" + state: restarted + when: "matrix_beeper_linkedin_requires_restart|bool" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml new file mode 100644 index 00000000..004b788e --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-beeper-linkedin service + stat: + path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + register: matrix_beeper_linkedin_service_stat + +- name: Ensure matrix-beeper-linkedin is stopped + service: + name: matrix-beeper-linkedin + state: stopped + daemon_reload: yes + when: "matrix_beeper_linkedin_service_stat.stat.exists" + +- name: Ensure matrix-beeper-linkedin.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" + state: absent + when: "matrix_beeper_linkedin_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal + service: + daemon_reload: yes + when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml new file mode 100644 index 00000000..fe33defa --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/tasks/validate_config.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_beeper_linkedin_appservice_token" + - "matrix_beeper_linkedin_homeserver_token" + diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 new file mode 100644 index 00000000..4fb6b055 --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -0,0 +1,267 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_beeper_linkedin_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_beeper_linkedin_homeserver_domain }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + # Whether or not the homeserver supports asmux-specific endpoints, + # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically + # updating m.direct. + asmux: false + # Number of retries for all HTTP requests if the homeserver isn't reachable. + http_retry_count: 4 + + +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_beeper_linkedin_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 29319 + + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. Only Postgres is currently supported. + database: {{ matrix_beeper_linkedin_appservice_database_uri|to_json }} + # Additional arguments for asyncpg.create_pool() + # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool + database_opts: + min_size: 5 + max_size: 10 + + # Provisioning API part of the web server for automated portal creation and fetching information. + # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). + provisioning: + # Whether or not the provisioning API should be enabled. + enabled: true + # The prefix to use in the provisioning API endpoints. + prefix: /_matrix/provision/v1 + # The shared secret to authorize users of the API. + # Set to "generate" to generate and save a new token. + shared_secret: generate + + # The unique ID of this appservice. + id: beeper_linkedin + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_beeper_linkedin_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: LinkedIn bridge bot + avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_beeper_linkedin_appservice_token }}" + hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}" + + +# Prometheus telemetry config. Requires prometheus-client to be installed. +metrics: + enabled: false + listen_port: 8000 + +# Manhole config. +manhole: + # Whether or not opening the manhole is allowed. + enabled: false + # The path for the unix socket. + path: /var/tmp/linkedin-matrix.manhole + # The list of UIDs who can be added to the whitelist. + # If empty, any UIDs can be specified in the open-manhole command. + whitelist: + - 0 + + +# Bridge config +bridge: + # Localpart template of MXIDs for LinkedIn users. + username_template: "linkedin_{userid}" + # Displayname template for LinkedIn users. + # Localpart template for per-user room grouping community IDs. + # The bridge will create these communities and add all of the specific user's portals to the community. + # {localpart} is the MXID localpart and {server} is the MXID server part of the user. + # (Note that, by default, non-admins might not have your homeserver's permission to create + # communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.) + # `linkedin_{localpart}={server}` is a good value. + community_template: null + + # Displayname template for LinkedIn users. + # {displayname} is replaced with the display name of the LinkedIn user + # as defined below in displayname_preference. + # Keys available for displayname_preference are also available here. + displayname_template: "{displayname} (LinkedIn)" + + # Number of chats to sync (and create portals for) on startup/login. + # Set 0 to disable automatic syncing. + initial_chat_sync: 10 + + # Whether or not the LinkedIn users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications + # when double puppeting is enabled + sync_with_custom_puppets: true + # Whether or not to update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Servers to always allow double puppeting from + double_puppet_server_map: {} + # example.com: https://example.com + # Allow using double puppeting from any server with a valid client .well-known file. + + # Maximum number of seconds since last message in chat to skip + # syncing the chat in any case. This setting will take priority + # over both recovery_chat_sync_limit and initial_chat_sync_count. + # Default is 3 days = 259200 seconds + sync_max_chat_age: 259200 + + # Whether or not to sync with custom puppets to receive EDUs that + # are not normally sent to appservices. + sync_with_custom_puppets: true + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret: {{ matrix_beeper_linkedin_login_shared_secret|to_json }} + + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + + # Whether or not to bridge presence in both directions. LinkedIn allows users not to broadcast + # presence, but then it won't send other users' presence to the client. + presence: {{ matrix_beeper_linkedin_bridge_presence|to_json }} + # Whether or not to update avatars when syncing all contacts at startup. + update_avatar_initial_sync: true + + + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # Options for automatic key sharing. + key_sharing: + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow: false + # Require the requesting device to have a valid cross-signing signature? + # This doesn't require that the bridge has verified the device, only that the user has verified it. + # Not yet implemented. + require_cross_signing: false + # Require devices to be verified by the bridge? + # Verification by the bridge is not yet implemented. + require_verification: true + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to LinkedIn. + delivery_receipts: false + # Whether to allow inviting arbitrary mxids to portal rooms + allow_invites: false + + # Settings for backfilling messages from LinkedIn. + backfill: + # Whether or not the LinkedIn users of logged in Matrix users should be + # invited to private chats when backfilling history from LinkedIn. This is + # usually needed to prevent rate limits and to allow timestamp massaging. + invite_own_puppet: true + # Maximum number of messages to backfill initially. + # Set to 0 to disable backfilling when creating portal. + initial_limit: 0 + # Maximum number of messages to backfill if messages were missed while + # the bridge was disconnected. + # Set to 0 to disable backfilling missed messages. + missed_limit: 1000 + # If using double puppeting, should notifications be disabled + # while the initial backfill is in progress? + disable_notifications: false + periodic_reconnect: + # TODO needed? + # Interval in seconds in which to automatically reconnect all users. + # This can be used to automatically mitigate the bug where Linkedin stops sending messages. + # Set to -1 to disable periodic reconnections entirely. + interval: -1 + # What to do in periodic reconnects. Either "refresh" or "reconnect" + mode: refresh + # Should even disconnected users be reconnected? + always: false + # The number of seconds that a disconnection can last without triggering an automatic re-sync + # and missed message backfilling when reconnecting. + # Set to 0 to always re-sync, or -1 to never re-sync automatically. + resync_max_disconnected_time: 5 + # Whether or not temporary disconnections should send notices to the notice room. + # If this is false, disconnections will never send messages and connections will only send + # messages if it was disconnected for more than resync_max_disconnected_time seconds. + temporary_disconnect_notices: true + # Whether or not the bridge should try to "refresh" the connection if a normal reconnection + # attempt fails. + refresh_on_reconnection_fail: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, + # except if the config file is not writable. + resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: false + # Whether or not mute status and tags should only be bridged when the portal room is created. + tag_only_on_create: true + + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!li" + + # Permissions for using the bridge. + # Permitted values: + # user - Access to use the bridge to chat with a Linkedin account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ matrix_beeper_linkedin_homeserver_domain }}": user + + + +# Logging config. +logging: + version: 1 + formatters: + colored: + (): mautrix.util.logging.color.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: DEBUG + paho: + level: INFO + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [ console] + diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 new file mode 100644 index 00000000..4498b4f0 --- /dev/null +++ b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Beeper Linkedin bridge +{% for service in matrix_beeper_linkedin_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_beeper_linkedin_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedin \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_beeper_linkedin_config_path }}:/data:z \ + --workdir=/opt/linkedin-matrix \ + {% for arg in matrix_beeper_linkedin_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_beeper_linkedin_docker_image }} \ + python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-beeper-linkedin + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 142364c4..21d67f1a 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks - matrix-bridge-appservice-irc + - matrix-bridge-beeper-linkedin - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-hangouts - matrix-bridge-mautrix-instagram From 340e0fabc4b52a9a0d5cb01b11e23a19d709fa92 Mon Sep 17 00:00:00 2001 From: Alexandar Mechev Date: Sat, 21 Aug 2021 18:24:30 +0200 Subject: [PATCH 51/90] Adds Documentation for LinkedIn Bridge --- README.md | 2 + ...iguring-playbook-bridge-beeper-linkedin.md | 59 +++++++++++++++++++ docs/configuring-playbook.md | 2 + 3 files changed, 63 insertions(+) create mode 100644 docs/configuring-playbook-bridge-beeper-linkedin.md diff --git a/README.md b/README.md index 47119d14..edda6f99 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/) +- (optional) the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) + - (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) - (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/) diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md new file mode 100644 index 00000000..39079429 --- /dev/null +++ b/docs/configuring-playbook-bridge-beeper-linkedin.md @@ -0,0 +1,59 @@ +# Setting up Beeper Linkedin (optional) + +The playbook can install and configure [beeper-linkedin](https://gitlab.com/beeper/linkedin) for you. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges + +See the project's [documentation](https://gitlab.com/beeper/linkedin/-/blob/master/README.md) to learn what it does and why it might be useful to you. + +```yaml +matrix_beeper_linkedin_enabled: true +``` + +There are some additional things you may wish to configure about the bridge before you continue. + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_beeper_linkedin_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + +If you would like to be able to administrate the bridge from your account it can be configured like this: +```yaml +matrix_beeper_linkedin_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:YOUR_DOMAIN': admin +``` + +You may wish to look at `roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure. + + +## Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + + +## Usage + +You then need to start a chat with `@linkedinbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login YOUR_LINKEDIN_EMAIL_ADDRESS` to the bridge bot to enable bridging for your LinkedIn account. + +If you run into trouble, check the [Troubleshooting](#troubleshooting) section below. + +After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. + + +## Troubleshooting + +### Bridge asking for 2FA even if you don't have 2FA enabled + +If you don't have 2FA enabled and are logging in from a strange IP for the first time, LinkedIn will send an email with a one-time code. You can use this code to authorize the bridge session. In my experience, once the IP is authorized, you will not be asked again. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index fae66dca..60c7a4bf 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -104,6 +104,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) +- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) + - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional) From 48548eb561e1d0c05de590744c88eff98fcbe9e2 Mon Sep 17 00:00:00 2001 From: sakkiii Date: Sun, 22 Aug 2021 18:45:25 +0530 Subject: [PATCH 52/90] Postgres Minor Updates --- roles/matrix-postgres/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 9c1cac9a..8439241a 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -17,11 +17,11 @@ matrix_postgres_architecture: amd64 # > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" -matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.22{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.17{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.12{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.7{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.3{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.18{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}" # This variable is assigned at runtime. Overriding its value has no effect. From 78b62664cdd4b65846a1698b3efbb414d8cf13fb Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Mon, 23 Aug 2021 10:29:05 +0200 Subject: [PATCH 53/90] Update to version v0.30.0 https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.30.0 --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index b0f27e65..1843e4af 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-v0.29.0 +matrix_appservice_irc_version: release-v0.30.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 13e660bffd6c1314da2019c31a92d2fa0ad73d89 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Aug 2021 15:02:28 +0300 Subject: [PATCH 54/90] Add missing section separator --- group_vars/matrix_servers | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a3ef6e10..e2c758f5 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -218,7 +218,7 @@ matrix_appservice_irc_database_password: "{{ matrix_synapse_macaroon_secret_key ###################################################################### # -# /matrix-bridge-beeper-linkedin +# matrix-bridge-beeper-linkedin # ###################################################################### @@ -248,7 +248,11 @@ matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if m matrix_beeper_linkedin_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" - +###################################################################### +# +# /matrix-bridge-beeper-linkedin +# +###################################################################### ###################################################################### # From 78c22138a5b5feed8cc921806cc85df888057600 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Aug 2021 15:06:00 +0300 Subject: [PATCH 55/90] Do not reference variables from other roles This configuration is supposed to be kept clean and not reference variables defined in other roles. `group_vars/matrix_servers` redefines these to hook our various roles together. --- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 851b8817..dfe9709d 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -25,8 +25,8 @@ matrix_beeper_linkedin_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-beeper-linkedin.service wants matrix_beeper_linkedin_systemd_wanted_services_list: [] -matrix_beeper_linkedin_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.as.token') | to_uuid }}" -matrix_beeper_linkedin_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.hs.token') | to_uuid }}" +matrix_beeper_linkedin_appservice_token: "" +matrix_beeper_linkedin_homeserver_token: "" matrix_beeper_linkedin_appservice_bot_username: linkedinbot @@ -35,13 +35,13 @@ matrix_beeper_linkedin_appservice_bot_username: linkedinbot # To use Postgres: # - change the engine (`matrix_beeper_linkedin_database_engine: 'postgres'`) # - adjust your database credentials via the `matrix_beeper_linkedin_postgres_*` variables -matrix_beeper_linkedin_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_beeper_linkedin_database_engine: "sqlite" matrix_beeper_linkedin_sqlite_database_path_local: "{{ matrix_beeper_linkedin_data_path }}/beeper-linkedin.db" matrix_beeper_linkedin_sqlite_database_path_in_container: "/data/beeper-linkedin.db" matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin' -matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" +matrix_beeper_linkedin_database_password: "" matrix_beeper_linkedin_database_hostname: 'matrix-postgres' matrix_beeper_linkedin_database_port: 5432 matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' From 603ad7c52bba98959dcb77dc20fca09e0b550575 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Aug 2021 15:12:19 +0300 Subject: [PATCH 56/90] Remove (non-working) SQLite support from beeper-linkedin bridge This bridge doesn't support SQLite anyway, so it's not necessary to carry around configuration fields and code for migration from SQLite to Postgres. There's nothing to migrate. --- group_vars/matrix_servers | 2 - .../defaults/main.yml | 13 +--- .../tasks/setup_install.yml | 59 ------------------- 3 files changed, 3 insertions(+), 71 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e2c758f5..4575ff63 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -244,8 +244,6 @@ matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_prov matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" -# Postgres is the default, except if not using `matrix_postgres` (internal postgres) -matrix_beeper_linkedin_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" ###################################################################### diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index dfe9709d..ff3243cd 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -31,14 +31,9 @@ matrix_beeper_linkedin_homeserver_token: "" matrix_beeper_linkedin_appservice_bot_username: linkedinbot -# Database-related configuration fields. (only works with postgres for now!) -# To use Postgres: -# - change the engine (`matrix_beeper_linkedin_database_engine: 'postgres'`) -# - adjust your database credentials via the `matrix_beeper_linkedin_postgres_*` variables -matrix_beeper_linkedin_database_engine: "sqlite" - -matrix_beeper_linkedin_sqlite_database_path_local: "{{ matrix_beeper_linkedin_data_path }}/beeper-linkedin.db" -matrix_beeper_linkedin_sqlite_database_path_in_container: "/data/beeper-linkedin.db" +# Database-related configuration fields. +# Only Postgres is supported. +matrix_beeper_linkedin_database_engine: "postgres" matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin' matrix_beeper_linkedin_database_password: "" @@ -50,14 +45,12 @@ matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beepe matrix_beeper_linkedin_appservice_database_type: "{{ { - 'sqlite': 'sqlite3', 'postgres':'postgres', }[matrix_beeper_linkedin_database_engine] }}" matrix_beeper_linkedin_appservice_database_uri: "{{ { - 'sqlite': matrix_beeper_linkedin_sqlite_database_path_in_container, 'postgres': matrix_beeper_linkedin_database_connection_string, }[matrix_beeper_linkedin_database_engine] }}" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c2ccf8dc..97d05a45 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -8,33 +8,6 @@ The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role. when: "matrix_synapse_role_executed|default(False)" -- set_fact: - matrix_beeper_linkedin_requires_restart: false - -- block: - - name: Check if an SQLite database already exists - stat: - path: "{{ matrix_beeper_linkedin_sqlite_database_path_local }}" - register: matrix_beeper_linkedin_sqlite_database_path_local_stat_result - - - block: - - set_fact: - matrix_postgres_db_migration_request: - src: "{{ matrix_beeper_linkedin_sqlite_database_path_local }}" - dst: "{{ matrix_beeper_linkedin_database_connection_string }}" - caller: "{{ role_path|basename }}" - engine_variable_name: 'matrix_beeper_linkedin_database_engine' - engine_old: 'sqlite' - systemd_services_to_stop: ['matrix-beeper-linkedin.service'] - pgloader_options: ['--with "quote identifiers"'] - - - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" - - - set_fact: - matrix_beeper_linkedin_requires_restart: true - when: "matrix_beeper_linkedin_sqlite_database_path_local_stat_result.stat.exists|bool" - when: "matrix_beeper_linkedin_database_engine == 'postgres'" - - name: Ensure Beeper LinkedIn image is pulled docker_image: name: "{{ matrix_beeper_linkedin_docker_image }}" @@ -54,32 +27,6 @@ - "{{ matrix_beeper_linkedin_config_path }}" - "{{ matrix_beeper_linkedin_data_path }}" -- name: Check if an old database file exists - stat: - path: "{{ matrix_beeper_linkedin_base_path }}/beeper-linkedin.db" - register: matrix_beeper_linkedin_stat_database - -- name: Check if an old matrix state file exists - stat: - path: "{{ matrix_beeper_linkedin_base_path }}/mx-state.json" - register: matrix_beeper_linkedin_stat_mx_state - -- name: (Data relocation) Ensure matrix-beeper-linkedin.service is stopped - service: - name: matrix-beeper-linkedin - state: stopped - daemon_reload: yes - failed_when: false - when: "matrix_beeper_linkedin_stat_database.stat.exists" - -- name: (Data relocation) Move beeper-linkedin database file to ./data directory - command: "mv {{ matrix_beeper_linkedin_base_path }}/beeper-linkedin.db {{ matrix_beeper_linkedin_data_path }}/beeper-linkedin.db" - when: "matrix_beeper_linkedin_stat_database.stat.exists" - -- name: (Data relocation) Move beeper-linkedin mx-state file to ./data directory - command: "mv {{ matrix_beeper_linkedin_base_path }}/mx-state.json {{ matrix_beeper_linkedin_data_path }}/mx-state.json" - when: "matrix_beeper_linkedin_stat_mx_state.stat.exists" - - name: Ensure beeper-linkedin config.yaml installed copy: content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}" @@ -107,9 +54,3 @@ service: daemon_reload: yes when: "matrix_beeper_linkedin_systemd_service_result.changed" - -- name: Ensure matrix-beeper-linkedin.service restarted, if necessary - service: - name: "matrix-beeper-linkedin.service" - state: restarted - when: "matrix_beeper_linkedin_requires_restart|bool" From ee663e819e58bea0cd5255dd785196fee6cbc773 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Aug 2021 15:27:03 +0300 Subject: [PATCH 57/90] Announce LinkedIn Messaging bridging support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1242 --- CHANGELOG.md | 11 +++++++++++ docs/configuring-playbook-bridge-beeper-linkedin.md | 6 +++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88e26339..9c48f483 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2021-08-23 + +## LinkedIn bridging support via beeper-linkedin + +Thanks to [Alexandar Mechev](https://github.com/apmechev), the playbook can now install the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. + +This brings the total number of bridges supported by the playbook up to 20. See all supported bridges [here](docs/configuring-playbook.md#bridging-other-networks). + +To get started with bridging to LinkedIn, see [Setting up Beeper LinkedIn bridging](docs/configuring-playbook-bridge-beeper-linkedin.md). + + # 2021-08-20 # Sygnal upgraded - ARM support and no longer requires a database diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md index 39079429..bcc9d0f5 100644 --- a/docs/configuring-playbook-bridge-beeper-linkedin.md +++ b/docs/configuring-playbook-bridge-beeper-linkedin.md @@ -1,6 +1,6 @@ # Setting up Beeper Linkedin (optional) -The playbook can install and configure [beeper-linkedin](https://gitlab.com/beeper/linkedin) for you. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges +The playbook can install and configure [beeper-linkedin](https://gitlab.com/beeper/linkedin) for you, for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges See the project's [documentation](https://gitlab.com/beeper/linkedin/-/blob/master/README.md) to learn what it does and why it might be useful to you. @@ -45,7 +45,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac You then need to start a chat with `@linkedinbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). -Send `login YOUR_LINKEDIN_EMAIL_ADDRESS` to the bridge bot to enable bridging for your LinkedIn account. +Send `login YOUR_LINKEDIN_EMAIL_ADDRESS` to the bridge bot to enable bridging for your LinkedIn account. If you run into trouble, check the [Troubleshooting](#troubleshooting) section below. @@ -56,4 +56,4 @@ After successfully enabling bridging, you may wish to [set up Double Puppeting]( ### Bridge asking for 2FA even if you don't have 2FA enabled -If you don't have 2FA enabled and are logging in from a strange IP for the first time, LinkedIn will send an email with a one-time code. You can use this code to authorize the bridge session. In my experience, once the IP is authorized, you will not be asked again. +If you don't have 2FA enabled and are logging in from a strange IP for the first time, LinkedIn will send an email with a one-time code. You can use this code to authorize the bridge session. In my experience, once the IP is authorized, you will not be asked again. From 4b643db31b948a93262d55109f0c8e4d0ed54d38 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Aug 2021 15:31:33 +0300 Subject: [PATCH 58/90] Upgrade devture/exim-relay (4.94.2-r0-2 -> 4.94.2-r0-3) Related to https://github.com/devture/exim-relay/pull/11 --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 8ca1a8a3..19bc1656 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.94.2-r0-2 +matrix_mailer_version: 4.94.2-r0-3 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From 57414ec2becaa11c55c3277f5623b9b61bf0f378 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Aug 2021 15:39:54 +0300 Subject: [PATCH 59/90] Upgrade matrix-corporal (2.1.1 -> 2.1.2) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 881bee67..313f79a8 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.1.1 +matrix_corporal_version: 2.1.2 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From 00d1804dd9dfef869f9a6bf88c3e5aec93c9d4a0 Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Tue, 24 Aug 2021 10:24:54 +0530 Subject: [PATCH 60/90] prometheus & its exporter updates --- roles/matrix-prometheus-node-exporter/defaults/main.yml | 2 +- roles/matrix-prometheus-postgres-exporter/defaults/main.yml | 2 +- roles/matrix-prometheus/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 5c3a6386..481864d3 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -3,7 +3,7 @@ matrix_prometheus_node_exporter_enabled: false -matrix_prometheus_node_exporter_version: v1.2.0 +matrix_prometheus_node_exporter_version: v1.2.2 matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 8aca4576..0857d3e7 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -3,7 +3,7 @@ matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_version: v0.9.0 +matrix_prometheus_postgres_exporter_version: v0.10.0 matrix_prometheus_postgres_exporter_port: 9187 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 3725993c..b2fbf0b2 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -3,7 +3,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.28.1 +matrix_prometheus_version: v2.29.1 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From b120b8aebaeebe575d7a6b21d8ffd1b8ec6cbaac Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Tue, 24 Aug 2021 14:27:50 +0800 Subject: [PATCH 61/90] delay these till the next playbook --- roles/matrix-awx/tasks/abort_deletion.yml | 12 ---------- .../matrix-awx/tasks/delete_awx_templates.yml | 24 ------------------- 2 files changed, 36 deletions(-) diff --git a/roles/matrix-awx/tasks/abort_deletion.yml b/roles/matrix-awx/tasks/abort_deletion.yml index f3220b6a..30ced6d1 100644 --- a/roles/matrix-awx/tasks/abort_deletion.yml +++ b/roles/matrix-awx/tasks/abort_deletion.yml @@ -1,12 +1,4 @@ -# abort deletion - -- name: Include hosting vars - include_vars: - file: /var/lib/awx/projects/hosting/hosting_vars.yml - when: cancel_deletion|bool - no_log: True - - name: Install jq in AWX delegate_to: 127.0.0.1 yum: @@ -33,8 +25,6 @@ validate_certs: yes when: cancel_deletion|bool -# restore use of templates - - name: Grant execute permission on 'Deploy/Update a Server' job template delegate_to: 127.0.0.1 awx.awx.tower_role: @@ -239,8 +229,6 @@ validate_certs: yes when: (matrix_domain is defined) and (cancel_deletion|bool) -# trigger cleanup - - name: Save new 'Delete Job Template' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index 17e09791..3aa839cd 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -293,27 +293,3 @@ tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes when: matrix_domain is defined - -- name: Remove Matrix server from organisations inventory - delegate_to: 127.0.0.1 - awx.awx.tower_host: - name: "matrix.{{ matrix_domain }}" - description: "{{ matrix_domain }} Matrix Server" - inventory: "{{ member_id }}" - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove Wireguard Server from organisations inventory - delegate_to: 127.0.0.1 - awx.awx.tower_host: - name: "wireguard.{{ matrix_domain }}" - description: "{{ matrix_domain }} Wireguard Proxy" - inventory: "{{ member_id }}" - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined From ef4b5a187d023a2081dcca4d6a569f54b0dcdddc Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Tue, 24 Aug 2021 14:33:50 +0800 Subject: [PATCH 62/90] alter delete_job_template template --- roles/matrix-awx/templates/delete_job_template.json.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-awx/templates/delete_job_template.json.j2 b/roles/matrix-awx/templates/delete_job_template.json.j2 index 694337ce..d3f8ea3b 100644 --- a/roles/matrix-awx/templates/delete_job_template.json.j2 +++ b/roles/matrix-awx/templates/delete_job_template.json.j2 @@ -1,4 +1,5 @@ { + "matrix_domain": "{{ matrix_domain }}", "subscription_id": "{{ subscription_id }}", "member_id": "{{ member_id }}" } From a49da05cf98f32f474f1ec6fc9d1001e0797ce55 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Tue, 24 Aug 2021 18:20:26 +0800 Subject: [PATCH 63/90] delegate locally --- roles/matrix-awx/tasks/delete_subscription_directory.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-awx/tasks/delete_subscription_directory.yml b/roles/matrix-awx/tasks/delete_subscription_directory.yml index 2f893a95..1e0bb095 100755 --- a/roles/matrix-awx/tasks/delete_subscription_directory.yml +++ b/roles/matrix-awx/tasks/delete_subscription_directory.yml @@ -12,6 +12,7 @@ dest: '/var/lib/awx/projects/hosting/delete_job_template.json' - name: Re-create '00 - Cleanup Deletion Template' job template + delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "00 - Cleanup Deletion Template" description: "Deletes the remaining '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template." @@ -28,6 +29,7 @@ validate_certs: yes - name: Launch '00 - Cleanup Deletion Template' job template before ending + delegate_to: 127.0.0.1 awx.awx.tower_job_launch: job_template: "00 - Cleanup Deletion Template" tower_host: "https://{{ tower_host }}" From c6f8bc5d83ebe740aef0dea10e09101a926a2433 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Tue, 24 Aug 2021 18:35:00 +0800 Subject: [PATCH 64/90] missing one template from deletion section --- roles/matrix-awx/tasks/delete_awx_templates.yml | 13 +++++++++++++ .../tasks/delete_subscription_directory.yml | 6 +++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml index 3aa839cd..ae6cc888 100755 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ b/roles/matrix-awx/tasks/delete_awx_templates.yml @@ -293,3 +293,16 @@ tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes when: matrix_domain is defined + +- name: Remove 'Purge Database (Advanced)' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 2 - Purge Database (Advanced)" + job_type: run + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + state: absent + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: matrix_domain is defined diff --git a/roles/matrix-awx/tasks/delete_subscription_directory.yml b/roles/matrix-awx/tasks/delete_subscription_directory.yml index 1e0bb095..373b7424 100755 --- a/roles/matrix-awx/tasks/delete_subscription_directory.yml +++ b/roles/matrix-awx/tasks/delete_subscription_directory.yml @@ -8,8 +8,8 @@ - name: Save new 'Delete Job Template' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: - src: '{{ role_path }}/templates/delete_job_template.json.j2' - dest: '/var/lib/awx/projects/hosting/delete_job_template.json' + src: '{{ role_path }}/templates/cleanup_deletion_template.json.j2' + dest: '/var/lib/awx/projects/hosting/cleanup_deletion_template.json' - name: Re-create '00 - Cleanup Deletion Template' job template delegate_to: 127.0.0.1 @@ -20,7 +20,7 @@ inventory: "{{ org_name }} [Admin]" project: "Ansible Create Delete Subscription Membership" playbook: cleanup_deletion_job_template.yml - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/hosting/delete_job_template.json') }}" + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/hosting/cleanup_deletion_template.json') }}" ask_extra_vars: yes state: present verbosity: 1 From f19856e1257870821e802868f952758ae647394e Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Tue, 24 Aug 2021 18:35:49 +0800 Subject: [PATCH 65/90] change template name --- ...ete_job_template.json.j2 => cleanup_deletion_template.json.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/matrix-awx/templates/{delete_job_template.json.j2 => cleanup_deletion_template.json.j2} (100%) diff --git a/roles/matrix-awx/templates/delete_job_template.json.j2 b/roles/matrix-awx/templates/cleanup_deletion_template.json.j2 similarity index 100% rename from roles/matrix-awx/templates/delete_job_template.json.j2 rename to roles/matrix-awx/templates/cleanup_deletion_template.json.j2 From 463e9a619642b56907cac7ad4d65a8b10fae0a90 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Tue, 24 Aug 2021 18:48:43 +0800 Subject: [PATCH 66/90] woops bool not bools --- roles/matrix-awx/tasks/delete_subscription_directory.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-awx/tasks/delete_subscription_directory.yml b/roles/matrix-awx/tasks/delete_subscription_directory.yml index 373b7424..cd0038c4 100755 --- a/roles/matrix-awx/tasks/delete_subscription_directory.yml +++ b/roles/matrix-awx/tasks/delete_subscription_directory.yml @@ -42,4 +42,4 @@ - name: End playbook if this task list is called. meta: end_play - when: end_playbook is defined and end_playbook|bools + when: end_playbook is defined and end_playbook|bool From 6ecd947c72fd40f1d733e23bc9230907647d5223 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Tue, 24 Aug 2021 19:05:58 +0800 Subject: [PATCH 67/90] remove delete subscription section --- roles/matrix-awx/tasks/abort_deletion.yml | 271 --------------- .../matrix-awx/tasks/delete_awx_templates.yml | 308 ------------------ roles/matrix-awx/tasks/delete_mailgun.yml | 22 -- roles/matrix-awx/tasks/delete_server.yml | 37 --- .../tasks/delete_subscription_directory.yml | 45 --- roles/matrix-awx/tasks/main.yml | 45 --- .../cleanup_deletion_template.json.j2 | 5 - 7 files changed, 733 deletions(-) delete mode 100644 roles/matrix-awx/tasks/abort_deletion.yml delete mode 100755 roles/matrix-awx/tasks/delete_awx_templates.yml delete mode 100644 roles/matrix-awx/tasks/delete_mailgun.yml delete mode 100755 roles/matrix-awx/tasks/delete_server.yml delete mode 100755 roles/matrix-awx/tasks/delete_subscription_directory.yml delete mode 100644 roles/matrix-awx/templates/cleanup_deletion_template.json.j2 diff --git a/roles/matrix-awx/tasks/abort_deletion.yml b/roles/matrix-awx/tasks/abort_deletion.yml deleted file mode 100644 index 30ced6d1..00000000 --- a/roles/matrix-awx/tasks/abort_deletion.yml +++ /dev/null @@ -1,271 +0,0 @@ - -- name: Install jq in AWX - delegate_to: 127.0.0.1 - yum: - name: jq - state: latest - when: cancel_deletion|bool - -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - when: cancel_deletion|bool - register: tower_token - no_log: True - -- name: Remove schedule for '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template - delegate_to: 127.0.0.1 - awx.awx.tower_schedule: - name: "{{ subscription_id }} - << SUBSCRIPTION DELETION IN PROGRESS >>" - enabled: yes - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: cancel_deletion|bool - -- name: Grant execute permission on 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Backup Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 0 - Backup Server" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Self-Check' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 0 - Self-Check" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Start/Restart all Services' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 0 - Start/Restart all Services" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Stop all Services' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 0 - Stop all Services" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure Corporal (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure Dimension' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure Dimension" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure Element' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure Element" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure Element Subdomain' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure Element Subdomain" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure Email Relay' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure Email Relay" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure Jitsi' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure Jitsi" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure ma1sd (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure Synapse' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure Synapse" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Configure Synapse Admin' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 1 - Configure Synapse Admin" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Create User' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 2 - Create User" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Purge Media (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 2 - Purge Media (Advanced)" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Grant execute permission on 'Purge Database (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_role: - team: "{{ member_id }}" - job_template: "{{ matrix_domain }} - 2 - Purge Database (Advanced)" - role: execute - state: present - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: (matrix_domain is defined) and (cancel_deletion|bool) - -- name: Save new 'Delete Job Template' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: '{{ role_path }}/templates/delete_job_template.json.j2' - dest: '/var/lib/awx/projects/hosting/delete_job_template.json' - when: cancel_deletion|bool - -- name: Re-create '00 - Cleanup Deletion Template' job template - awx.awx.tower_job_template: - name: "00 - Cleanup Deletion Template" - description: "Deletes the remaining '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template." - job_type: run - inventory: "{{ org_name }} [Admin]" - project: "Ansible Create Delete Subscription Membership" - playbook: cleanup_deletion_job_template.yml - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/hosting/delete_job_template.json') }}" - ask_extra_vars: yes - state: present - verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: cancel_deletion|bool - -- name: Launch '00 - Cleanup Deletion Template' job template before ending - awx.awx.tower_job_launch: - job_template: "00 - Cleanup Deletion Template" - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: cancel_deletion|bool - -- name: Set boolean value to exit playbook - set_fact: - end_playbook: true - when: cancel_deletion|bool - -- name: End playbook if this task list is called. - meta: end_play - when: (end_playbook is defined) and end_playbook|bool and cancel_deletion|bool diff --git a/roles/matrix-awx/tasks/delete_awx_templates.yml b/roles/matrix-awx/tasks/delete_awx_templates.yml deleted file mode 100755 index ae6cc888..00000000 --- a/roles/matrix-awx/tasks/delete_awx_templates.yml +++ /dev/null @@ -1,308 +0,0 @@ - -- name: Install jq in AWX - delegate_to: 127.0.0.1 - yum: - name: jq - state: latest - -- name: Collect AWX admin token the hard way! - delegate_to: 127.0.0.1 - shell: | - curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' - register: tower_token - no_log: True - -- name: Remove original 'Provision Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "0 - {{ subscription_id }} - Provision a New Server" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - -- name: Remove 'Provision Wireguard Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "0 - {{ subscription_id }} - Provision Wireguard Server" - job_type: run - project: "Ansible Create Delete Subscription Membership" - playbook: setup_wireguard_server.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - -- name: Remove schedule for 'Deploy a New Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_schedule: - name: "{{ matrix_domain }} - 0 - Update Server Schedule" - enabled: yes - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Backup Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Backup Server" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Export Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Export Server" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Self-Check' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Self-Check" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Start/Restart all Services' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Start/Restart all Services" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Stop all Services' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Stop all Services" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Corporal (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Dimension' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Dimension" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Element' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Element Subdomain' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element Subdomain" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Email Relay' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Email Relay" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Jitsi' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Jitsi" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure ma1sd (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Synapse' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Synapse Admin' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse Admin" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Access Export" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Configure Website + Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Create User' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 2 - Create User" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Purge Media (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 2 - Purge Media (Advanced)" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined - -- name: Remove 'Purge Database (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 2 - Purge Database (Advanced)" - job_type: run - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - state: absent - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - when: matrix_domain is defined diff --git a/roles/matrix-awx/tasks/delete_mailgun.yml b/roles/matrix-awx/tasks/delete_mailgun.yml deleted file mode 100644 index 69d41ffd..00000000 --- a/roles/matrix-awx/tasks/delete_mailgun.yml +++ /dev/null @@ -1,22 +0,0 @@ - -- name: Include matrix server variables from matrix_vars.yml - delegate_to: 127.0.0.1 - include_vars: "{{ item }}" - with_first_found: - - files: - - /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml - skip: true - no_log: True - -- name: Install curl in AWX - delegate_to: 127.0.0.1 - yum: - name: curl - state: latest - -- name: Delete MailGun SMTP login - delegate_to: 127.0.0.1 - shell: | - curl -s --user 'api:{{ mg_private_api_key }}' -X DELETE https://{{ mg_api_url }}/v3/domains/{{ mg_sender_domain }}/credentials/{{ matrix_domain }} - when: matrix_domain is defined - no_log: True diff --git a/roles/matrix-awx/tasks/delete_server.yml b/roles/matrix-awx/tasks/delete_server.yml deleted file mode 100755 index ebb1361a..00000000 --- a/roles/matrix-awx/tasks/delete_server.yml +++ /dev/null @@ -1,37 +0,0 @@ - -- name: Include hosting vars of digital_ocean.yml - delegate_to: 127.0.0.1 - include_vars: - file: /var/lib/awx/projects/hosting/hosting_vars.yml - no_log: True - -- name: Load vars from organisation.yml - delegate_to: 127.0.0.1 - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - -- name: Load vars from server_vars.yml - delegate_to: 127.0.0.1 - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/server_vars.yml' - ignore_errors: yes - -- name: Remove existing Digital Ocean Droplet - delegate_to: 127.0.0.1 - community.digitalocean.digital_ocean_droplet: - # needs ansible 2.8+ (AWX uses 2.9.10 at ) - state: absent - id: '{{ do_droplet_id }}' - name: '{{ matrix_domain }}' - oauth_token: '{{ do_api_token }}' - size: '{{ slug_size }}' - region: '{{ do_droplet_region }}' - image: '{{ do_image }}' - wait: yes - unique_name: yes - register: deleted_server_info - when: do_droplet_id is defined - -- debug: - msg: "{{ deleted_server_info }}" - when: do_droplet_id is defined diff --git a/roles/matrix-awx/tasks/delete_subscription_directory.yml b/roles/matrix-awx/tasks/delete_subscription_directory.yml deleted file mode 100755 index cd0038c4..00000000 --- a/roles/matrix-awx/tasks/delete_subscription_directory.yml +++ /dev/null @@ -1,45 +0,0 @@ - -- name: Delete the servers directory on AWX - delegate_to: 127.0.0.1 - file: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/' - state: absent - -- name: Save new 'Delete Job Template' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: '{{ role_path }}/templates/cleanup_deletion_template.json.j2' - dest: '/var/lib/awx/projects/hosting/cleanup_deletion_template.json' - -- name: Re-create '00 - Cleanup Deletion Template' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "00 - Cleanup Deletion Template" - description: "Deletes the remaining '<< SUBSCRIPTION DELETION IN PROGRESS >>' job template." - job_type: run - inventory: "{{ org_name }} [Admin]" - project: "Ansible Create Delete Subscription Membership" - playbook: cleanup_deletion_job_template.yml - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/hosting/cleanup_deletion_template.json') }}" - ask_extra_vars: yes - state: present - verbosity: 1 - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - -- name: Launch '00 - Cleanup Deletion Template' job template before ending - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "00 - Cleanup Deletion Template" - tower_host: "https://{{ tower_host }}" - tower_oauthtoken: "{{ tower_token.stdout }}" - validate_certs: yes - -- name: Set boolean value to exit playbook - set_fact: - end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: end_playbook is defined and end_playbook|bool diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 20754245..04356beb 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -26,51 +26,6 @@ tags: - backup-server -# Abort Subscription Deletion -- include_tasks: - file: "abort_deletion.yml" - apply: - tags: delete-subscription - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - delete-subscription - -# Delete DigitalOcean Droplet/Space -- include_tasks: - file: "delete_server.yml" - apply: - tags: delete-subscription - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - delete-subscription - -# Delete MailGun SMTP Account -- include_tasks: - file: "delete_mailgun.yml" - apply: - tags: delete-subscription - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - delete-subscription - -# Delete AWX Job Templates for Server -- include_tasks: - file: "delete_awx_templates.yml" - apply: - tags: delete-subscription - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - delete-subscription - -# Delete Organisation Directories -- include_tasks: - file: "delete_subscription_directory.yml" - apply: - tags: delete-subscription - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - delete-subscription - # Perform a export of the server - include_tasks: file: "export_server.yml" diff --git a/roles/matrix-awx/templates/cleanup_deletion_template.json.j2 b/roles/matrix-awx/templates/cleanup_deletion_template.json.j2 deleted file mode 100644 index d3f8ea3b..00000000 --- a/roles/matrix-awx/templates/cleanup_deletion_template.json.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "matrix_domain": "{{ matrix_domain }}", - "subscription_id": "{{ subscription_id }}", - "member_id": "{{ member_id }}" -} From 1e070f1e568188515dc7ad1228d8a5378d638f6e Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Tue, 24 Aug 2021 19:09:28 +0200 Subject: [PATCH 68/90] Update Synapse from 1.40.0 to 1.41.0 --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 83d2e51d..b6c14b82 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.40.0 -matrix_synapse_version_arm64: v1.40.0 +matrix_synapse_version: v1.41.0 +matrix_synapse_version_arm64: v1.41.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From a787f406f94bf1549b309940b76e19cc8322f93b Mon Sep 17 00:00:00 2001 From: Joseph Walton-Rivers Date: Tue, 24 Aug 2021 18:41:39 +0100 Subject: [PATCH 69/90] Update main.yml Fix incorrect docker version tag for matrix-appservice-irc --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 1843e4af..0cfe56a4 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-v0.30.0 +matrix_appservice_irc_version: release-0.30.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From ee75d35193b8b1870e224eb09c5d730846397d0a Mon Sep 17 00:00:00 2001 From: Wolfgang Winter Date: Tue, 24 Aug 2021 21:46:38 +0200 Subject: [PATCH 70/90] Endpoint changes for Client and media API due to migration to 1.41.0 --- roles/matrix-synapse/vars/workers.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 1f817c8e..5244d26f 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -37,6 +37,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/send/ # Client API requests + - ^/_matrix/client/(api/v1|r0|unstable)/createRoom$ - ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$ - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$ - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$ @@ -253,10 +254,12 @@ matrix_synapse_workers_media_repository_endpoints: - ^/_synapse/admin/v1/user/.*/media.*$ - ^/_synapse/admin/v1/media/.*$ - ^/_synapse/admin/v1/quarantine_media/.*$ + - ^/_synapse/admin/v1/users/.*/media$ # You should also set `enable_media_repo: False` in the shared configuration # file to stop the main synapse running background jobs related to managing the - # media repository. + # media repository. Note that doing so will prevent the main process from being + # able to handle the above endpoints. # In the `media_repository` worker configuration file, configure the http listener to # expose the `media` resource. For example: From a4db9557db5883acdcd25f68a8d94909fdee068d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 25 Aug 2021 09:51:42 +0300 Subject: [PATCH 71/90] Update homeserver.yaml to match the one in Synapse v1.41.0 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1247 --- roles/matrix-synapse/defaults/main.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 97 ++++++++++--------- 2 files changed, 54 insertions(+), 44 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index b6c14b82..611a677b 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -470,6 +470,7 @@ matrix_synapse_email_smtp_port: 587 matrix_synapse_email_smtp_require_transport_security: false matrix_synapse_email_notif_from: "Matrix " matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}" +matrix_synapse_email_invite_client_location: "https://app.element.io" # Enable this to activate the REST auth password provider module. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 4fd258f1..8c7d0449 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -185,6 +185,8 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # # This option replaces federation_ip_range_blacklist in Synapse v1.25.0. # +# Note: The value is ignored when an HTTP proxy is in use +# #ip_range_blacklist: # - '127.0.0.0/8' # - '10.0.0.0/8' @@ -583,6 +585,19 @@ retention: # #next_link_domain_whitelist: ["matrix.org"] +# Templates to use when generating email or HTML page contents. +# +templates: + # Directory in which Synapse will try to find template files to use to generate + # email or HTML page contents. + # If not set, or a file is not found within the template directory, a default + # template from within the Synapse package will be used. + # + # See https://matrix-org.github.io/synapse/latest/templates.html for more + # information about using custom templates. + # + #custom_template_directory: /path/to/custom/templates/ + ## TLS ## @@ -729,6 +744,21 @@ caches: per_cache_factors: #get_users_who_share_room_with_user: 2.0 + # Controls how long an entry can be in a cache without having been + # accessed before being evicted. Defaults to None, which means + # entries are never evicted based on time. + # + #expiry_time: 30m + + # Controls how long the results of a /sync request are cached for after + # a successful response is returned. A higher duration can help clients with + # intermittent connections, at the cost of higher memory usage. + # + # By default, this is zero, which means that sync responses are not cached + # at all. + # + #sync_response_cache_duration: 2m + ## Database ## @@ -996,6 +1026,8 @@ url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }} # This must be specified if url_preview_enabled is set. It is recommended that # you uncomment the following list as a starting point. # +# Note: The value is ignored when an HTTP proxy is in use +# url_preview_ip_range_blacklist: - '127.0.0.0/8' - '10.0.0.0/8' @@ -1924,6 +1956,9 @@ cas_config: # Additional settings to use with single-sign on systems such as OpenID Connect, # SAML2 and CAS. # +# Server admins can configure custom templates for pages related to SSO. See +# https://matrix-org.github.io/synapse/latest/templates.html for more information. +# sso: # A list of client URLs which are whitelisted so that the user does not # have to confirm giving access to their account to the URL. Any client @@ -2250,6 +2285,9 @@ ui_auth: {% if matrix_synapse_email_enabled %} # Configuration for sending emails from Synapse. # +# Server admins can configure custom templates for email content. See +# https://matrix-org.github.io/synapse/latest/templates.html for more information. +# email: # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. # @@ -2275,10 +2313,13 @@ email: #require_transport_security: true require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }} - # Enable sending emails for messages that the user has missed + # Uncomment the following to disable TLS for SMTP. # - #enable_notifs: false - enable_notifs: true + # By default, if the server supports TLS, it will be used, and the server + # must present a certificate that is valid for 'smtp_host'. If this option + # is set to false, TLS will not be used. + # + #enable_tls: false # notif_from defines the "From" address to use when sending emails. # It must be set if email sending is enabled. @@ -2299,6 +2340,11 @@ email: #app_name: my_branded_matrix_server app_name: Matrix + # Enable sending emails for messages that the user has missed + # + #enable_notifs: false + enable_notifs: true + # Uncomment the following to disable automatic subscription to email # notifications for new users. Enabled by default. # @@ -2319,48 +2365,11 @@ email: # #validation_token_lifetime: 15m - # Directory in which Synapse will try to find the template files below. - # If not set, or the files named below are not found within the template - # directory, default templates from within the Synapse package will be used. + # The web client location to direct users to during an invite. This is passed + # to the identity server as the org.matrix.web_client_location key. Defaults + # to unset, giving no guidance to the identity server. # - # Synapse will look for the following templates in this directory: - # - # * The contents of email notifications of missed events: 'notif_mail.html' and - # 'notif_mail.txt'. - # - # * The contents of account expiry notice emails: 'notice_expiry.html' and - # 'notice_expiry.txt'. - # - # * The contents of password reset emails sent by the homeserver: - # 'password_reset.html' and 'password_reset.txt' - # - # * An HTML page that a user will see when they follow the link in the password - # reset email. The user will be asked to confirm the action before their - # password is reset: 'password_reset_confirmation.html' - # - # * HTML pages for success and failure that a user will see when they confirm - # the password reset flow using the page above: 'password_reset_success.html' - # and 'password_reset_failure.html' - # - # * The contents of address verification emails sent during registration: - # 'registration.html' and 'registration.txt' - # - # * HTML pages for success and failure that a user will see when they follow - # the link in an address verification email sent during registration: - # 'registration_success.html' and 'registration_failure.html' - # - # * The contents of address verification emails sent when an address is added - # to a Matrix account: 'add_threepid.html' and 'add_threepid.txt' - # - # * HTML pages for success and failure that a user will see when they follow - # the link in an address verification email sent when an address is added - # to a Matrix account: 'add_threepid_success.html' and - # 'add_threepid_failure.html' - # - # You can see the default templates at: - # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates - # - #template_dir: "res/templates" + invite_client_location: {{ matrix_synapse_email_invite_client_location|string|to_json }} # Subjects to use when sending emails from Synapse. # From 86f5ba8348793bc2ddcd6520909cd50d8cc937ba Mon Sep 17 00:00:00 2001 From: sakkiii Date: Wed, 25 Aug 2021 22:43:07 +0530 Subject: [PATCH 72/90] Grafana Grafana v8.1 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 45bd2d91..55259c52 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -3,7 +3,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.0.6 +matrix_grafana_version: 8.1.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 44709465c92e63c0cfa448a3a0f28501a8b3550d Mon Sep 17 00:00:00 2001 From: sakkiii Date: Wed, 25 Aug 2021 22:45:21 +0530 Subject: [PATCH 73/90] mjolnir releases v0.1.19 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 481e0d68..1d1038af 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -3,7 +3,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v0.1.18" +matrix_bot_mjolnir_version: "v0.1.19" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From e4ea32b89fff48a35199c2eabc4e712ed9aef583 Mon Sep 17 00:00:00 2001 From: sakkiii Date: Wed, 25 Aug 2021 22:49:12 +0530 Subject: [PATCH 74/90] Hydrogen v0.2.7 --- roles/matrix-client-hydrogen/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 3cc1df2a..e84d56cf 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.5 +matrix_client_hydrogen_version: v0.2.7 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" From 972077aa333a6f476b43471a12562360d8e0f5fa Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Fri, 27 Aug 2021 16:51:38 +0200 Subject: [PATCH 75/90] Update prometheus (2.29.1 -> 2.29.2) Update prometheus (2.29.1 -> 2.29.2) --- roles/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index b2fbf0b2..dc43eb48 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -3,7 +3,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.29.1 +matrix_prometheus_version: v2.29.2 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 6feb99076a7073f73d38b361affdd45d36c5a89e Mon Sep 17 00:00:00 2001 From: sakkiii Date: Sun, 29 Aug 2021 15:40:00 +0530 Subject: [PATCH 76/90] Update Coturn (4.5.2-r3 -> 4.5.2-r4) --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index eb55e500..b845e9ee 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r3 +matrix_coturn_version: 4.5.2-r4 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From a43b1096535f9cef3b4816243b90a7508722513f Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Sun, 29 Aug 2021 19:34:30 +0530 Subject: [PATCH 77/90] Jitsi Update stable-5963 --- roles/matrix-jitsi/defaults/main.yml | 11 ++++++++++- roles/matrix-jitsi/templates/prosody/env.j2 | 6 ++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 8c8d9156..8462be7c 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -7,6 +7,7 @@ matrix_jitsi_enable_guests: false matrix_jitsi_enable_recording: false matrix_jitsi_enable_transcriptions: false matrix_jitsi_enable_p2p: true +matrix_jitsi_enable_av_moderation: true # Authentication type, must be one of internal, jwt or ldap. Currently only # internal and ldap are supported by this playbook. @@ -53,7 +54,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-5963 +matrix_jitsi_version: stable-6173 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" @@ -69,6 +70,14 @@ matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" # Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`. matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443'] +# Setting up TURN +# Default set with Coturn container +matrix_jitsi_turn_credentials: {{ matrix_coturn_turn_static_auth_secret }} +matrix_jitsi_turn_host: turn.{{ matrix_server_fqn_matrix }} +matrix_jitsi_turns_host: turn.{{ matrix_server_fqn_matrix }} +matrix_jitsi_turn_port: {{ matrix_coturn_container_stun_plain_host_bind_port }} +matrix_jitsi_turns_port: {{ matrix_coturn_container_stun_tls_host_bind_port }} + # Controls whether Etherpad will be available within Jitsi matrix_jitsi_etherpad_enabled: false diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2 index 3a91463e..70feda6e 100644 --- a/roles/matrix-jitsi/templates/prosody/env.j2 +++ b/roles/matrix-jitsi/templates/prosody/env.j2 @@ -2,6 +2,7 @@ AUTH_TYPE={{ matrix_jitsi_auth_type }} ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }} +ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}} ENABLE_XMPP_WEBSOCKET GLOBAL_MODULES GLOBAL_CONFIG @@ -48,4 +49,9 @@ JWT_AUTH_TYPE JWT_TOKEN_AUTH_MODULE LOG_LEVEL PUBLIC_URL={{ matrix_jitsi_web_public_url }} +TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }} +TURN_HOST={{ matrix_jitsi_turn_host }} +TURNS_HOST={{ matrix_jitsi_turns_host }} +TURN_PORT={{ matrix_jitsi_turn_port }} +TURNS_PORT={{ matrix_jitsi_turns_port }} TZ={{ matrix_jitsi_timezone }} From 510f299c0461c003a029be107d47df892eff76f6 Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Sun, 29 Aug 2021 21:43:39 +0530 Subject: [PATCH 78/90] Syntex fixed --- roles/matrix-jitsi/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 8462be7c..bef993e0 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -72,11 +72,11 @@ matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443'] # Setting up TURN # Default set with Coturn container -matrix_jitsi_turn_credentials: {{ matrix_coturn_turn_static_auth_secret }} -matrix_jitsi_turn_host: turn.{{ matrix_server_fqn_matrix }} -matrix_jitsi_turns_host: turn.{{ matrix_server_fqn_matrix }} -matrix_jitsi_turn_port: {{ matrix_coturn_container_stun_plain_host_bind_port }} -matrix_jitsi_turns_port: {{ matrix_coturn_container_stun_tls_host_bind_port }} +matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}" +matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}" +matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}" +matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}" +matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}" # Controls whether Etherpad will be available within Jitsi matrix_jitsi_etherpad_enabled: false From d3e2574d40831e2c07b9333f71bfe8a75471e162 Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Sun, 29 Aug 2021 21:48:33 +0530 Subject: [PATCH 79/90] Update configuring-playbook-jitsi.md matrix_jitsi_jicofo_component_secret var removed #1139 --- docs/configuring-playbook-jitsi.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index ec3ab416..f4e4c9f3 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -26,7 +26,6 @@ matrix_jitsi_enabled: true # Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords, # or define your own strong passwords manually. -matrix_jitsi_jicofo_component_secret: "" matrix_jitsi_jicofo_auth_password: "" matrix_jitsi_jvb_auth_password: "" matrix_jitsi_jibri_recorder_password: "" From a62eb05d5b6d2c4357c19186f04eed83e59dacc0 Mon Sep 17 00:00:00 2001 From: Hagen Date: Sun, 29 Aug 2021 19:21:14 +0200 Subject: [PATCH 80/90] Add link to Dimension admin page This avoids having to create a new room and to click the "Add widgets, bridges & bots" link (Formerly the four-squares-icon) --- docs/configuring-playbook-dimension.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index d5f0a9e6..0cd15bbf 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -24,7 +24,7 @@ matrix_dimension_enabled: true ## Define admin users -These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Element and clicking the settings icon. +These users can modify the integrations this Dimension supports. Admin interface is accessible at `https://dimension./riot-app/admin` after logging in to element. Add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml From 9d06dd61a663d7f4c4899dba0de5f796b5c0aad0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 30 Aug 2021 10:09:44 +0300 Subject: [PATCH 81/90] Upgrade exim-relay (4.94.2-r0-3 -> 4.94.2-r0-4) --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 19bc1656..71a33752 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.94.2-r0-3 +matrix_mailer_version: 4.94.2-r0-4 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From 02f4e8cf0d014fd3fc69e9117ac523174a1394ab Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 Aug 2021 10:07:50 +0300 Subject: [PATCH 82/90] Remove no-longer accurate sentences --- docs/importing-postgres.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/importing-postgres.md b/docs/importing-postgres.md index 84347b57..d27375bb 100644 --- a/docs/importing-postgres.md +++ b/docs/importing-postgres.md @@ -27,8 +27,6 @@ ansible-playbook -i inventory/hosts setup.yml \ --tags=import-postgres ``` -We specify the `synapse` database as the default import database. If your dump is a single-database dump (`pg_dump`), then we need to tell it where to go to. If you're redefining `matrix_synapse_database_database` to something other than `synapse`, please adjust it here too. For database dumps spanning multiple databases (`pg_dumpall`), you can remove the `postgres_default_import_database` definition (but it doesn't hurt to keep it too). - **Note**: `` must be a file path to a Postgres dump file on the server (not on your local machine!). From 777ba6bc5ab2495e5f2caf32bd632b0133f73fc5 Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Tue, 31 Aug 2021 14:54:23 +0200 Subject: [PATCH 83/90] Upgrade to Synaspe v 1.41.1 (Security Update) Synapse 1.41.1 Patches 2 exploits that can reveal information about rooms an user is not supposed to have access to information about. --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 611a677b..e63c4696 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.41.0 -matrix_synapse_version_arm64: v1.41.0 +matrix_synapse_version: v1.41.1 +matrix_synapse_version_arm64: v1.41.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 3ab01a5f9e51d4f7b5e2f3175bf74cff7caa227e Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 31 Aug 2021 08:43:52 -0500 Subject: [PATCH 84/90] Pull correct version when self building Mautrix Facebook and Synapse Admin --- roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 2 +- roles/matrix-synapse-admin/tasks/setup.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 4f98635d..fb9dcca4 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -60,7 +60,7 @@ git: repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}" dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}" -# version: "{{ matrix_coturn_docker_image.split(':')[1] }}" + version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}" force: "yes" register: matrix_mautrix_facebook_git_pull_results when: "matrix_mautrix_facebook_container_image_self_build|bool" diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 002ff68d..6fb47fb3 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -16,6 +16,7 @@ git: repo: "{{ matrix_synapse_admin_container_self_build_repo }}" dest: "{{ matrix_synapse_admin_docker_src_files_path }}" + version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}" force: "yes" register: matrix_synapse_admin_git_pull_results when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool" From d384d0d7a003a38b77abd4053061399a02cbb6fc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 1 Sep 2021 11:13:55 +0300 Subject: [PATCH 85/90] Upgrade Element (1.8.1 -> 1.8.2) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 0c0480f1..962e8d88 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" -matrix_client_element_version: v1.8.1 +matrix_client_element_version: v1.8.2 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From e913347fe15d4d1c6db0d5de8cc1026f335a02c2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 1 Sep 2021 16:47:43 +0300 Subject: [PATCH 86/90] Move some related tasks closer together in matrix-client-hydrogen --- roles/matrix-client-hydrogen/tasks/setup.yml | 22 ++++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/matrix-client-hydrogen/tasks/setup.yml b/roles/matrix-client-hydrogen/tasks/setup.yml index 205fa3ce..a5a5a48b 100644 --- a/roles/matrix-client-hydrogen/tasks/setup.yml +++ b/roles/matrix-client-hydrogen/tasks/setup.yml @@ -33,6 +33,17 @@ register: matrix_client_hydrogen_git_pull_results when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" +- name: Ensure Hydrogen Docker image is built + docker_image: + name: "{{ matrix_client_hydrogen_docker_image }}" + source: build + force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_client_hydrogen_docker_src_files_path }}" + pull: yes + when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" + - name: Ensure Hydrogen configuration installed copy: content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}" @@ -53,17 +64,6 @@ - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} when: "matrix_client_hydrogen_enabled|bool and item.src is not none" -- name: Ensure Hydrogen Docker image is built - docker_image: - name: "{{ matrix_client_hydrogen_docker_image }}" - source: build - force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" - build: - dockerfile: Dockerfile - path: "{{ matrix_client_hydrogen_docker_src_files_path }}" - pull: yes - when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" - - name: Ensure matrix-client-hydrogen.service installed template: src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" From c22834333993352f6ad4b9e8c2b5976f3da57307 Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Fri, 3 Sep 2021 07:58:48 +0300 Subject: [PATCH 87/90] Bump Heisenbridge to v1.0.1 --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index f7db9f7d..c686b62b 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -3,7 +3,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.0.0 +matrix_heisenbridge_version: 1.0.1 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 732051b8fc66408697eebc82a1da9382cae01cc2 Mon Sep 17 00:00:00 2001 From: sakkiii Date: Fri, 3 Sep 2021 10:46:21 +0530 Subject: [PATCH 88/90] nginx update v1.21.2 http://nginx.org/en/CHANGES --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 75b84d7c..7fcb0cee 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,5 +1,5 @@ matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.21.1-alpine +matrix_nginx_proxy_version: 1.21.2-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but From a9112078548b011a93066ea18c34c3144fc8f72b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 3 Sep 2021 09:07:58 +0300 Subject: [PATCH 89/90] Revert "nginx update v1.21.2" This reverts commit 732051b8fc66408697eebc82a1da9382cae01cc2. There's no such container image published yet. --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 7fcb0cee..75b84d7c 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,5 +1,5 @@ matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.21.2-alpine +matrix_nginx_proxy_version: 1.21.1-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but From ae6caf158a9c5e902923c755a9b1bc5a8b3f4cb5 Mon Sep 17 00:00:00 2001 From: sakkiii Date: Fri, 3 Sep 2021 12:30:45 +0530 Subject: [PATCH 90/90] Added variable matrix_nginx_proxy_request_timeout (#1265) * add timeout param for nginx proxy default value matrix_nginx_proxy_request_timeout is 60s * default matrix_nginx_proxy_request_timeout - 60s * few more variables for request timeout * Update nginx.conf.j2 * Update nginx.conf.j2 --- roles/matrix-nginx-proxy/defaults/main.yml | 17 +++++++++++++++++ .../templates/nginx/nginx.conf.j2 | 5 +++++ 2 files changed, 22 insertions(+) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 75b84d7c..f64b161f 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -282,6 +282,23 @@ matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf). matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] +# To increase request timeout in NGINX using proxy_read_timeout, proxy_connect_timeout, proxy_send_timeout, send_timeout directives +# Nginx Default: proxy_connect_timeout 60s; #Defines a timeout for establishing a connection with a proxied server +# Nginx Default: proxy_send_timeout 60s; #Sets a timeout for transmitting a request to the proxied server. +# Nginx Default: proxy_read_timeout 60s; #Defines a timeout for reading a response from the proxied server. +# Nginx Default: send_timeout 60s; #Sets a timeout for transmitting a response to the client. +# +# For more information visit: +# http://nginx.org/en/docs/http/ngx_http_proxy_module.html +# http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout +# https://www.nginx.com/resources/wiki/start/topics/examples/fullexample2/ +# +# Here we are sticking with nginx default values change this value carefully. +matrix_nginx_proxy_connect_timeout: 60 +matrix_nginx_proxy_send_timeout: 60 +matrix_nginx_proxy_read_timeout: 60 +matrix_nginx_send_timeout: 60 + # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses for all vhosts meant to be accessed by users. # # Learn more about what it is here: diff --git a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 index 9ec7fa56..1084d8ca 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 @@ -42,6 +42,11 @@ http { {% else %} access_log off; {% endif %} + + proxy_connect_timeout {{ matrix_nginx_proxy_connect_timeout }}; + proxy_send_timeout {{ matrix_nginx_proxy_send_timeout }}; + proxy_read_timeout {{ matrix_nginx_proxy_read_timeout }}; + send_timeout {{ matrix_nginx_send_timeout }}; sendfile on; #tcp_nopush on;