diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 6445dc03..f58fe75f 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -11,6 +11,6 @@ jobs: runs-on: ubuntu-latest steps: - name: ⤵️ Check out configuration from GitHub - uses: actions/checkout@v2.4.0 + uses: actions/checkout@v3 - name: 🚀 Run yamllint uses: frenck/action-yamllint@v1.1.2 diff --git a/CHANGELOG.md b/CHANGELOG.md index c1ac92e5..0196a1b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +# 2022-03-17 + +## (Compatibility Break) ma1sd identity server no longer installed by default + +The playbook no longer installs the [ma1sd](https://github.com/ma1uta/ma1sd) identity server by default. The next time you run the playbook, ma1sd will be uninstalled from your server, unless you explicitly enable the ma1sd service (see how below). + +The main reason we used to install ma1sd by default in the past was to prevent Element from talking to the `matrix.org` / `vector.im` identity servers, by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead, thus preventing contact list leaks. + +Since Element no longer defaults to using a public identity server if another one is not provided, we can stop installing ma1sd. + +If you need to install the ma1sd identity server for some reason, you can explicitly enable it by adding this to your `vars.yml` file: + +```yaml +matrix_ma1sd_enabled: true +``` + + # 2022-02-12 ## matrix_encryption_disabler support diff --git a/README.md b/README.md index e1e901d0..0e6bc51b 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Using this playbook, you can get the following services configured on your serve - (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default -- (optional, default) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server +- (optional) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server - (optional, default) an [Exim](https://www.exim.org/) mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 4416c3bc..c16ab2fc 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -62,11 +62,11 @@ The `cinny.` subdomain may be necessary, because this playbook coul ## `_matrix-identity._tcp` SRV record setup -To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) enable its federation features, set up an SRV record that looks like this: +To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this: - Name: `_matrix-identity._tcp` (use this text as-is) - Content: `10 0 443 matrix.` (replace `` with your own) -This is an optional feature. See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. +This is an optional feature for the optionally-installed [ma1sd service](configuring-playbook-ma1sd.md). See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index 82a2edc2..e25686bf 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -23,18 +23,51 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" ``` 5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. -6. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). -7. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. -8. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client. Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. +## Self-Service Bridging (Manual) -## Getting Administrator access in a room +Self-service bridging allows you to bridge specific and existing Matrix rooms to specific Discord rooms. This is disabled by default, so it must be enabled by adding this to your `vars.yml`: + +```yaml +matrix_appservice_discord_bridge_enableSelfServiceBridging: true +``` + +_Note: If self-service bridging is not enabled, `!discord help` commands will return no results._ + +Once self-service is enabled: + +1. Start a chat with `@_discord_bot:` and say `!discord help bridge`. +2. Follow the instructions in the help output message. If the bot is not already in the Discord server, follow the provided invite link. This may require you to be a administrator of the Discord server. + +_Note: Encrypted Matrix rooms are not supported as of writing._ + +On the Discord side, you can say `!matrix help` to get a list of available commands to manage the bridge and Matrix users. + +## Portal Bridging (Automatic) + +Through portal bridging, Matrix rooms will automatically be created by the bot and bridged to the relevant Discord room. This is done by simply joining a room with a specific name pattern (`#_discord__`). + +All Matrix rooms created this way are **listed publicly** by default, and you will not have admin permissions to change this. To get more control, [make yourself a room Administrator](#getting-administrator-access-in-a-portal-bridged-room). You can then unlist the room from the directory and change the join rules. + +If you want to disable portal bridging, set the following in `vars.yml`: + +```yaml +matrix_appservice_discord_bridge_disablePortalBridging: true +``` + +To get started with Portal Bridging: + +1. To invite the bot to Discord, retrieve the invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). +2. Room addresses follow this syntax: `#_discord__`. You can easily find the guild and channel IDs by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discord.com/channels//`. +3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. + +## Getting Administrator access in a portal bridged room By default, you won't have Administrator access in rooms created by the bridge. -To [adjust room access privileges](#adjusting-room-access-privileges) or do various other things (change the room name subsequently, etc.), you'd wish to become an Administrator. +To adjust room access privileges or do various other things (change the room name subsequently, etc.), you'd wish to become an Administrator. There's the Discord bridge's guide for [setting privileges on bridge managed rooms](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#set-privileges-on-bridge-managed-rooms). To do the same with our container setup, run the following command on the server: @@ -42,12 +75,3 @@ There's the Discord bridge's guide for [setting privileges on bridge managed roo docker exec -it matrix-appservice-discord \ /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100' ``` - - -## Adjusting room access privileges - -All rooms created by the bridge are **listed publicly** in your server's directory and **joinable by everyone** by default. - -To get more control of them, [make yourself a room Administrator](#getting-administrator-access-in-a-room) first. - -You can then unlist the room from the directory and change the join rules. diff --git a/docs/configuring-playbook-bridge-appservice-slack.md b/docs/configuring-playbook-bridge-appservice-slack.md index 7d45d34d..fc2bf166 100644 --- a/docs/configuring-playbook-bridge-appservice-slack.md +++ b/docs/configuring-playbook-bridge-appservice-slack.md @@ -11,7 +11,7 @@ See the project's [documentation](https://github.com/matrix-org/matrix-appservic loosely based on [this](https://github.com/matrix-org/matrix-appservice-slack#Setup) 1. Create a new Matrix room to act as the administration control room. Note its internal room ID. This can -be done in Riot by making a message, opening the options for that message and choosing "view source". The +be done in Element by making a message, opening the options for that message and choosing "view source". The room ID will be displayed near the top. 2. Enable the bridge with the following configuration in your `vars.yml` file: diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 9a7f3f53..5639f159 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -1,25 +1,44 @@ # Setting up Hookshot (optional) -The playbook can install and configure [matrix-hookshot](https://github.com/Half-Shot/matrix-hookshot) for you. +The playbook can install and configure [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) for you. Hookshot can bridge [Webhooks](https://en.wikipedia.org/wiki/Webhook) from software project management services such as GitHub, GitLab, JIRA, and Figma, as well as generic webhooks. -See the project's [documentation](https://half-shot.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. +See the project's [documentation](https://matrix-org.github.io/matrix-hookshot/hookshot.html) to learn what it does in detail and why it might be useful to you. Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), which however is soon to be archived by its author and to be replaced by hookshot. ## Setup Instructions -Refer to the [official instructions](https://half-shot.github.io/matrix-hookshot/setup.html) to learn what the individual options do. +Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/setup.html) to learn what the individual options do. 1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required. 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://half-shot.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. +### URLs for bridges setup + +All of the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). + +| Listener | default path | variable | used as | +|---|---|---|---| +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | GitHub "Webhook URL" | +| github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | +| jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | +| figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | +| provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | +| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | +| metrics | `/hookshot/metrics/` | `matrix_hookshot_metrics_endpoint` | Prometheus | +| widgets | | | not supported | + +See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). + +The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. + ### Manage GitHub Private Key with matrix-aux role The GitHub bridge requires you to install a private key file. This can be done in multiple ways: @@ -45,3 +64,7 @@ The provisioning API will be enabled automatically if you set `matrix_dimension_ ### Metrics If metrics are enabled, they will be automatically available in the builtin Prometheus and Grafana, but you need to set up your own Dashboard for now. If additionally metrics proxying for use with external Prometheus is enabled (`matrix_nginx_proxy_proxy_synapse_metrics`), hookshot metrics will also be available (at `matrix_hookshot_metrics_endpoint`, default `/hookshot/metrics`, on the stats subdomain) and with the same password. See also [the Prometheus and Grafana docs](../configuring-playbook-prometheus-grafana.md). + +### Collision with matrix-appservice-webhooks + +If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_user_id_prefix: '_webhooks_'`). diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 282865e7..1845682f 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -70,31 +70,6 @@ If you run into trouble, check the [Troubleshooting](#troubleshooting) section b After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. -## Set up community-grouping - -This is an **optional feature** that you may wish to enable. - -The Facebook bridge can create a Matrix community for you, which would contain all your chats and contacts. - -For this to work, the bridge's bot needs to have permissions to create communities (also referred to as groups). -Since the bot is a non-admin user, you need to enable such group-creation for non-privileged users in [Synapse's settings](configuring-playbook-synapse.md). - -Here's an example configuration: - -```yaml -matrix_synapse_configuration_extension_yaml: | - enable_group_creation: true - group_creation_prefix: "unofficial/" - -matrix_mautrix_facebook_configuration_extension_yaml: | - bridge: - community_template: "unofficial/facebook_{localpart}={server}" -``` - -Once the bridge is restarted, it would create a community and invite you to it. You need to accept the community invitation manually. -If you don't see all your contacts, you may wish to send a `sync` message to the bot. - - ## Troubleshooting ### Facebook rejecting login attempts and forcing you to change password diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 1a48f05b..2be7f206 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -7,6 +7,8 @@ The playbook can install and configure See the project page to learn what it does and why it might be useful to you. +**Note**: we actually use the [Beeper](https://www.beeper.com/)-maintained [fork of mx-puppet-discord](https://gitlab.com/beeper/mx-puppet-monorepo), because `matrix-discord/mx-puppet-discord` is a low-quality and poorly maintained project. + To enable the [Discord](https://discordapp.com/) bridge just use the following playbook configuration: diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index 0630270f..8db159d7 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -4,8 +4,8 @@ [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook. -The playbook can install and configure -[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. +The playbook can install and configure [Beeper](https://www.beeper.com/)-maintained fork of +[mx-puppet-slack](https://gitlab.com/beeper/mx-puppet-monorepo) for you. See the project page to learn what it does and why it might be useful to you. diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index b938a6a3..73a7fc0e 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -22,7 +22,7 @@ matrix_dimension_enabled: true ## Define admin users -These users can modify the integrations this Dimension supports. Admin interface is accessible at `https://dimension./riot-app/admin` after logging in to element. +These users can modify the integrations this Dimension supports. Add this to your configuration file (`inventory/host_vars/matrix./vars.yml`): ```yaml @@ -31,6 +31,7 @@ matrix_dimension_admins: - "@user2:{{ matrix_domain }}" ``` +The admin interface is accessible within Element by accessing it in any room and clicking the cog wheel/settings icon in the top right. Currently, Dimension can be opened in Element by the "Add widgets, bridges, & bots" link in the room information. ## Access token diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md index 0becc8ff..eef3cbac 100644 --- a/docs/configuring-playbook-external-postgres.md +++ b/docs/configuring-playbook-external-postgres.md @@ -5,7 +5,9 @@ If that's alright, you can skip this. If you'd like to use an external PostgreSQL server that you manage, you can edit your configuration file (`inventory/host_vars/matrix./vars.yml`). -It should be something like this: +**NOTE**: using **an external Postgres server is currently [not very seamless](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682#issuecomment-1061461683) when it comes to enabling various other playbook services** - you will need to create a new database/credentials for each service and to point each service to its corresponding database using custom `vars.yml` configuration. **For the best experience with the playbook, stick to using the integrated Postgres server**. + +If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this: ```yaml matrix_postgres_enabled: false @@ -15,6 +17,10 @@ matrix_synapse_database_host: "your-postgres-server-hostname" matrix_synapse_database_user: "your-postgres-server-username" matrix_synapse_database_password: "your-postgres-server-password" matrix_synapse_database_database: "your-postgres-server-database-name" + +# Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server. +# Each service expects to have its own dedicated database on the Postgres server +# and uses its own variable names (see `roles/matrix-*/defaults/main.yml) for configuring Postgres connectivity. ``` The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials. diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index 70c507cb..e18a51c5 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -1,24 +1,22 @@ # Adjusting ma1sd Identity Server configuration (optional) -By default, this playbook configures an [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. +The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. + +ma1sd, being an Identity Server, is not strictly needed. It is only used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). This server is private by default, potentially at the expense of user discoverability. *ma1sd is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21.* -**Note**: enabling ma1sd (which is also the default), means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). +**Note**: enabling ma1sd, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). - -## Disabling ma1sd - -ma1sd, being an Identity Server, is not strictly needed. It is only used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). - -If you'd like for the playbook to not install ma1sd (or to uninstall it if it was previously installed), you can disable it in your configuration file (`inventory/host_vars/matrix./vars.yml`): +To enable ma1sd, use the following additional configuration in your `vars.yml` file: ```yaml -matrix_ma1sd_enabled: false +matrix_ma1sd_enabled: true ``` + ## Matrix.org lookup forwarding To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information). diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 07e49c5a..eae584e7 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -100,3 +100,12 @@ For automated certificate renewal to work, each port `80` vhost for each domain See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-synapse.conf` Don't be alarmed if the above configuration file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers. + + +## Specify the SSL private key algorithm + +If you'd like to [specify the private key type](https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys) used with Let's Encrypt, define your own custom configuration like this: + +```yaml +matrix_ssl_lets_encrypt_key_type: ecdsa +``` diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 9b153883..3d5e6c2c 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -47,8 +47,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Using an external PostgreSQL server](configuring-playbook-external-postgres.md) (optional) -- [Adjusting ma1sd Identity Server configuration](configuring-playbook-ma1sd.md) (optional) - - [Adjusting SSL certificate retrieval](configuring-playbook-ssl-certificates.md) (optional, advanced) - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) @@ -69,11 +67,14 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Adjusting email-sending settings](configuring-playbook-email.md) (optional) - [Setting up Hydrogen](configuring-playbook-client-hydrogen.md) - a new lightweight matrix client with legacy and mobile browser support (optional) + - [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional) ### Authentication and user-related +- [Setting up an ma1sd Identity Server](configuring-playbook-ma1sd.md) (optional) + - [Setting up Synapse Admin](configuring-playbook-synapse-admin.md) (optional) - [Setting up matrix-registration](configuring-playbook-matrix-registration.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index cf680d21..bf5885e0 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -15,8 +15,6 @@ These services are enabled and used by default, but you can turn them off, if yo - [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional) -- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) - - [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional) - [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional) @@ -30,6 +28,8 @@ These services are enabled and used by default, but you can turn them off, if yo These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later): +- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) + - [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional) - [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 596fba13..32be903a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -9,8 +9,6 @@ # You can also override ANY variable (seen here or in any given role), # by re-defining it in your own configuration file (`inventory/host_vars/matrix.`). -matrix_container_global_registry_prefix: "docker.io/" - ###################################################################### # # matrix-base @@ -301,6 +299,10 @@ matrix_mautrix_facebook_appservice_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_facebook_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'fb.hs.token') | to_uuid }}" +matrix_mautrix_facebook_public_endpoint: "/{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'facebook') | to_uuid }}" + +matrix_mautrix_facebook_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9008' }}" + matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" @@ -558,10 +560,8 @@ matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_ke matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain -# and point them to a migration path. -matrix_mautrix_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid }}" +matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" ###################################################################### # @@ -695,6 +695,10 @@ matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret an matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" +matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" +matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" +matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" + ###################################################################### # # /matrix-bridge-hookshot @@ -710,7 +714,7 @@ matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_s # We don't enable bridges by default. matrix_mx_puppet_skype_enabled: false -matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_skype_systemd_required_services_list: | {{ @@ -749,7 +753,7 @@ matrix_mx_puppet_skype_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_mx_puppet_slack_enabled: false -matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_slack_systemd_required_services_list: | {{ @@ -787,7 +791,7 @@ matrix_mx_puppet_slack_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_mx_puppet_twitter_enabled: false -matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_twitter_systemd_required_services_list: | {{ @@ -828,7 +832,7 @@ matrix_mx_puppet_twitter_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mx_puppet_instagram_enabled: false -matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_instagram_systemd_required_services_list: | {{ @@ -866,7 +870,7 @@ matrix_mx_puppet_instagram_database_password: "{{ '%s' | format(matrix_homeserve # We don't enable bridges by default. matrix_mx_puppet_discord_enabled: false -matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_discord_systemd_required_services_list: | {{ @@ -904,7 +908,7 @@ matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mx_puppet_steam_enabled: false -matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_steam_systemd_required_services_list: | {{ @@ -942,7 +946,7 @@ matrix_mx_puppet_steam_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_mx_puppet_groupme_enabled: false -matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_mx_puppet_groupme_systemd_required_services_list: | {{ @@ -1070,7 +1074,7 @@ matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en # We don't enable bots by default. matrix_bot_mjolnir_enabled: false -matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_bot_mjolnir_systemd_required_services_list: | {{ @@ -1136,7 +1140,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati matrix_coturn_enabled: true -matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" @@ -1324,9 +1328,16 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64 # ###################################################################### -# By default, this playbook installs the ma1sd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`). -# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. -matrix_ma1sd_enabled: true +# We no longer install the ma1sd identity server by default. +# +# The main reason we used to install ma1sd by default in the past was to +# prevent Element from talking to the `matrix.org` / `vector.im` identity servers, +# by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead, +# thus preventing contact list leaks. +# +# Since Element no longer defaults to using a public identity server if another one is not provided, +# we can stop installing ma1sd. +matrix_ma1sd_enabled: false matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" @@ -2102,7 +2113,7 @@ matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:91 matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port|string] if matrix_prometheus_scraper_postgres_enabled else [] }}" -matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled }}" +matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|default(false) }}" matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|string +':'+ matrix_hookshot_metrics_port|string] if matrix_hookshot_metrics_enabled else [] }}" ###################################################################### diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index e83b6c95..ae39d00a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -65,6 +65,12 @@ matrix_architecture: amd64 # We just remap from our `matrix_architecture` values to what Debian and possibly other distros call things. matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_architecture }}" +matrix_container_global_registry_prefix: "docker.io/" + +# Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt. +matrix_container_retries_count: 10 +matrix_container_retries_delay: 10 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index a390eb5e..ef2dfbb0 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -22,10 +22,14 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure go-neb config installed copy: - content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml }}" + content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 81f2eabc..303c5f8b 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}" when: "not matrix_bot_honoroit_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure honoroit repository is present on self-build git: diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index e237bc21..ffb38ffc 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -47,6 +47,10 @@ force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-reminder-bot repository is present on self-build git: @@ -70,7 +74,7 @@ - name: Ensure matrix-reminder-bot config installed copy: - content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml }}" + content: "{{ matrix_bot_matrix_reminder_bot_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index 9f45432c..cfb0d06d 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.3.1" +matrix_bot_mjolnir_version: "v1.3.2" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index 3f4d5d8f..f3b031fa 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" when: "not matrix_bot_mjolnir_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mjolnir repository is present on self-build git: @@ -47,7 +51,7 @@ - name: Ensure matrix-bot-mjolnir config installed copy: - content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml }}" + content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index daa83dea..b2ef2cdf 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -42,6 +42,7 @@ matrix_appservice_discord_bridge_domain: "{{ matrix_domain }}" matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" matrix_appservice_discord_bridge_disablePresence: false matrix_appservice_discord_bridge_enableSelfServiceBridging: false +matrix_appservice_discord_bridge_disablePortalBridging: false # Database-related configuration fields. # diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 924531ad..a06d38ac 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -32,6 +32,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure AppService Discord paths exist file: @@ -69,7 +73,7 @@ - name: Ensure AppService Discord config.yaml installed copy: - content: "{{ matrix_appservice_discord_configuration|to_nice_yaml }}" + content: "{{ matrix_appservice_discord_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -77,7 +81,7 @@ - name: Ensure AppService Discord registration.yaml installed copy: - content: "{{ matrix_appservice_discord_registration|to_nice_yaml }}" + content: "{{ matrix_appservice_discord_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_discord_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 index 6286a5d4..569a3030 100644 --- a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 @@ -28,6 +28,8 @@ bridge: disableJoinLeaveNotifications: false # Disable Invite echos from matrix disableInviteNotifications: false + # Disable portal briding (automatic room creation) + disablePortalBridging: {{ matrix_appservice_discord_bridge_disablePortalBridging|to_json }} # Auto-determine the language of code blocks (this can be CPU-intensive) determineCodeLanguage: false # Authentication configuration for the discord bot. diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index fa861308..5dfe3623 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -8,7 +8,7 @@ matrix_appservice_irc_container_image_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_version: release-0.32.1 +matrix_appservice_irc_version: release-0.33.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 23c175c4..1b317464 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -64,6 +64,10 @@ force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-irc repository is present when self-building git: @@ -87,7 +91,7 @@ - name: Ensure Matrix Appservice IRC config installed copy: - content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}" + content: "{{ matrix_appservice_irc_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -171,7 +175,7 @@ - name: Ensure Appservice IRC registration.yaml installed copy: - content: "{{ matrix_appservice_irc_registration|to_nice_yaml }}" + content: "{{ matrix_appservice_irc_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-slack/tasks/init.yml b/roles/matrix-bridge-appservice-slack/tasks/init.yml index 2ff7c942..8cbc7182 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/init.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/init.yml @@ -84,4 +84,4 @@ Please make sure that you're proxying the `{{ something }}` URL endpoint to the matrix-appservice-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_appservice_slack_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index af2003fc..2dcc23c6 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -38,6 +38,10 @@ force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" when: "not matrix_appservice_slack_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-slack repository is present when self-building git: @@ -61,7 +65,7 @@ - name: Ensure Matrix Appservice Slack config installed copy: - content: "{{ matrix_appservice_slack_configuration|to_nice_yaml }}" + content: "{{ matrix_appservice_slack_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -69,7 +73,7 @@ - name: Ensure appservice-slack registration.yaml installed copy: - content: "{{ matrix_appservice_slack_registration|to_nice_yaml }}" + content: "{{ matrix_appservice_slack_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_slack_config_path }}/slack-registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 7a6db2d0..223b9c0b 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -24,7 +24,7 @@ matrix_appservice_webhooks_public_endpoint: /appservice-webhooks matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}" matrix_appservice_webhooks_bot_name: 'webhookbot' -matrix_appservice_webhooks_user_prefix: '_webhook' +matrix_appservice_webhooks_user_prefix: '_webhook_' # Controls the webhooks_PORT and MATRIX_PORT of the installation matrix_appservice_webhooks_matrix_port: 6789 diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml index 35d62ded..b888c51f 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/init.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/init.yml @@ -79,4 +79,4 @@ Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}` URL endpoint to the matrix-appservice-webhooks container. You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable. - when: "matrix_appservice_webhooks_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_appservice_webhooks_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 1f40d731..6759bca8 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" when: "not matrix_appservice_webhooks_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Appservice webhooks repository is present on self-build @@ -45,7 +49,7 @@ - name: Ensure Matrix Appservice webhooks config is installed copy: - content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml }}" + content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -69,7 +73,7 @@ - name: Ensure appservice-webhooks registration.yaml installed copy: - content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml }}" + content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 3cec1c1f..575b22c1 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -29,6 +29,10 @@ force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" when: "not matrix_beeper_linkedin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Beeper LinkedIn repository is present on self-build @@ -67,7 +71,7 @@ - name: Ensure beeper-linkedin config.yaml installed copy: - content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}" + content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -75,7 +79,7 @@ - name: Ensure beeper-linkedin registration.yaml installed copy: - content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml }}" + content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 29b5842b..f24bf926 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure heisenbridge paths exist file: @@ -19,7 +23,7 @@ - name: Ensure heisenbridge registration.yaml installed if provided copy: - content: "{{ matrix_heisenbridge_registration|to_nice_yaml }}" + content: "{{ matrix_heisenbridge_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_heisenbridge_base_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 2db8ba77..e6be626e 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -1,11 +1,11 @@ --- # A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA. -# https://github.com/Half-Shot/matrix-hookshot +# https://github.com/matrix-org/matrix-hookshot matrix_hookshot_enabled: true -matrix_hookshot_version: 1.1.0 +matrix_hookshot_version: 1.2.0 matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" @@ -34,7 +34,7 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook # You need to create a GitHub app to enable this and fill in the empty variables below -# https://half-shot.github.io/matrix-hookshot/setup/github.html +# https://matrix-org.github.io/matrix-hookshot/setup/github.html matrix_hookshot_github_enabled: false matrix_hookshot_github_appid: '' # Set this variable to the contents of the generated and downloaded GitHub private key: @@ -53,7 +53,7 @@ matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App pag # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" -# These are the default settings mentioned here and don't need to be modified: https://half-shot.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration +# These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' matrix_hookshot_github_show_issue_room_link: false @@ -78,7 +78,7 @@ matrix_hookshot_gitlab_secret: '' matrix_hookshot_jira_enabled: false -# Get the these values from https://half-shot.github.io/matrix-hookshot/setup/jira.html#jira-oauth +# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth matrix_hookshot_jira_secret: '' matrix_hookshot_jira_oauth_enabled: false matrix_hookshot_jira_oauth_id: '' @@ -92,6 +92,7 @@ matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hooksho matrix_hookshot_generic_enabled: true # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" +# urlprefix gets updated with protocol & port in group_vars/matrix_servers matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_allow_js_transformation_functions: false # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap @@ -117,7 +118,7 @@ matrix_hookshot_provisioning_secret: '' matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" -# You can configure access to the bridge as documented here https://half-shot.github.io/matrix-hookshot/setup.html#permissions +# You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. # Example: # matrix_hookshot_permissions: diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index a2229c36..a0f9df97 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -55,10 +55,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/$1; + proxy_pass http://$backend/v1/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1$is_args$args; {% endif %} proxy_set_header Host $host; } @@ -68,10 +68,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}"; - proxy_pass http://$backend/$1; + proxy_pass http://$backend/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args; {% endif %} proxy_set_header Host $host; } @@ -127,4 +127,4 @@ Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}` URL endpoint to the matrix-hookshot container. You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable. - when: "matrix_hookshot_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_hookshot_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 66a452f0..b4e44c9c 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure hookshot paths exist file: @@ -32,7 +36,7 @@ - name: Ensure hookshot config.yml installed if provided copy: - content: "{{ matrix_hookshot_configuration|to_nice_yaml }}" + content: "{{ matrix_hookshot_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/config.yml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -56,7 +60,7 @@ - name: Ensure hookshot registration.yml installed if provided copy: - content: "{{ matrix_hookshot_registration|to_nice_yaml }}" + content: "{{ matrix_hookshot_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_hookshot_base_path }}/registration.yml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 index ced3bd77..d076ea10 100644 --- a/roles/matrix-bridge-hookshot/templates/registration.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/registration.yml.j2 @@ -5,8 +5,22 @@ hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this namespaces: rooms: [] users: +{% if matrix_hookshot_github_enabled %} - regex: "@_github_.*:{{ matrix_domain }}" exclusive: true +{% endif %} +{% if matrix_hookshot_gitlab_enabled %} + - regex: "@_gitlab_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain + exclusive: true +{% endif %} +{% if matrix_hookshot_jira_enabled %} + - regex: "@_jira_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain + exclusive: true +{% endif %} +{% if matrix_hookshot_generic_enabled %} + - regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf + exclusive: true +{% endif %} aliases: - regex: "#github_.+:{{ matrix_domain }}" exclusive: true diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index f781ba91..c9eaa148 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -17,9 +17,16 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data" matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src" +# Whether or not the public-facing endpoints should be enabled (web-based login) +matrix_mautrix_facebook_appservice_public_enabled: true + +# Mautrix Facebook public endpoint to log in to Facebook +matrix_mautrix_facebook_public_endpoint: '' + matrix_mautrix_facebook_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:29319' +matrix_mautrix_facebook_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_facebook_public_endpoint }}' # A list of extra arguments to pass to the container matrix_mautrix_facebook_container_extra_arguments: [] @@ -33,6 +40,14 @@ matrix_mautrix_facebook_systemd_wanted_services_list: [] matrix_mautrix_facebook_appservice_token: '' matrix_mautrix_facebook_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_facebook_federate_rooms: true + +# Controls whether the matrix-mautrix-facebook container exposes its HTTP port. +# +# Takes an ":" or "" value (e.g. "127.0.0.1:9008"), or empty string to not expose. +matrix_mautrix_facebook_container_http_host_bind_port: '' # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index d97a3230..200e9846 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -22,3 +22,51 @@ + {{ ["/matrix-mautrix-facebook-registration.yaml"] }} when: matrix_mautrix_facebook_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Facebook's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-facebook role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Mautrix Facebook proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_facebook_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_facebook_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-facebook:29319"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9008; + {% endif %} + } + + - name: Register Mautrix Facebook proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_facebook_matrix_nginx_proxy_configuration] + }} + + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Mautrix Facebook bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_facebook_public_endpoint }}` + URL endpoint to the matrix-mautrix-facebook container. + You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled|default(False)|bool" + + tags: + - always + when: matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_appservice_public_enabled|bool diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 3fa42970..c37b9e10 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}" when: not matrix_mautrix_facebook_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Facebook paths exist file: @@ -97,7 +101,7 @@ - name: Ensure mautrix-facebook config.yaml installed copy: - content: "{{ matrix_mautrix_facebook_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_facebook_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -105,7 +109,7 @@ - name: Ensure mautrix-facebook registration.yaml installed copy: - content: "{{ matrix_mautrix_facebook_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_facebook_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_facebook_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index 1e482efb..7fcd6bea 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -6,6 +6,7 @@ You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: + - "matrix_mautrix_facebook_public_endpoint" - "matrix_mautrix_facebook_appservice_token" - "matrix_mautrix_facebook_homeserver_token" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 628db713..1f71286e 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -32,16 +32,12 @@ appservice: # Public part of web server for out-of-Matrix interaction with the bridge. public: # Whether or not the public-facing endpoints should be enabled. - enabled: false + enabled: {{ matrix_mautrix_facebook_appservice_public_enabled|to_json }} # The prefix to use in the public-facing endpoints. - prefix: /public + prefix: {{ matrix_mautrix_facebook_public_endpoint|to_json }} # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. - external: https://example.com/public - # Shared secret for integration managers such as mautrix-manager. - # If set to "generate", a random string will be generated on the next startup. - # If null, integration manager access to the API will not be possible. - shared_secret: generate + external: {{ matrix_mautrix_facebook_appservice_public_external|to_json }} # The unique ID of this appservice. id: facebook @@ -66,12 +62,6 @@ bridge: # Localpart template of MXIDs for Facebook users. # {userid} is replaced with the user ID of the Facebook user. username_template: "facebook_{userid}" - # Localpart template for per-user room grouping community IDs. - # The bridge will create these communities and add all of the specific user's portals to the community. - # {localpart} is the MXID localpart and {server} is the MXID server part of the user. - # - # `facebook_{localpart}={server}` is a good value. - community_template: null # Displayname template for Facebook users. # {displayname} is replaced with the display name of the Facebook user # as defined below in displayname_preference. @@ -147,6 +137,9 @@ bridge: delivery_receipts: false # Whether to allow inviting arbitrary mxids to portal rooms allow_invites: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_facebook_federate_rooms|to_json }} # Settings for backfilling messages from Facebook. backfill: # Whether or not the Facebook users of logged in Matrix users should be @@ -179,7 +172,7 @@ bridge: # Whether or not temporary disconnections should send notices to the notice room. # If this is false, disconnections will never send messages and connections will only send # messages if it was disconnected for more than resync_max_disconnected_time seconds. - temporary_disconnect_notices: true + temporary_disconnect_notices: false # Whether or not the bridge should try to "refresh" the connection if a normal reconnection # attempt fails. refresh_on_reconnection_fail: false diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index f3af4b9f..2899dd0d 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -24,6 +24,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ + {% if matrix_mautrix_facebook_appservice_public_enabled and matrix_mautrix_facebook_container_http_host_bind_port %} + -p {{ matrix_mautrix_facebook_container_http_host_bind_port }}:29319 \ + {% endif %} -v {{ matrix_mautrix_facebook_config_path }}:/config:z \ -v {{ matrix_mautrix_facebook_data_path }}:/data:z \ {% for arg in matrix_mautrix_facebook_container_extra_arguments %} diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 1b89bea6..168d08f7 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -41,6 +41,9 @@ matrix_mautrix_googlechat_systemd_wanted_services_list: [] matrix_mautrix_googlechat_appservice_token: '' matrix_mautrix_googlechat_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_googlechat_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml index e64cb44c..f458df1b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/init.yml @@ -67,4 +67,4 @@ Please make sure that you're proxying the `{{ matrix_mautrix_googlechat_public_endpoint }}` URL endpoint to the matrix-mautrix-googlechat container. You can expose the container's port using the `matrix_mautrix_googlechat_container_http_host_bind_port` variable. - when: "matrix_mautrix_googlechat_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)" + when: "matrix_mautrix_googlechat_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index 9faf344f..daab10e3 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}" when: not matrix_mautrix_googlechat_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix googlechat paths exist file: @@ -96,7 +100,7 @@ - name: Ensure mautrix-googlechat config.yaml installed copy: - content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_googlechat_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +108,7 @@ - name: Ensure mautrix-googlechat registration.yaml installed copy: - content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_googlechat_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_googlechat_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index c54ffac2..e2af8830 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -93,6 +93,9 @@ bridge: # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_googlechat_federate_rooms|to_json }} # Public website and API configs web: # Auth server config diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 65d4776e..680dcd88 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -67,4 +67,4 @@ Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` URL endpoint to the matrix-mautrix-hangouts container. You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. - when: "matrix_mautrix_hangouts_enabled|bool and (matrix_nginx_proxy_enabled is not defined or matrix_nginx_proxy_enabled|bool == false)" + when: "matrix_mautrix_hangouts_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 368ee5f8..d2b7157e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" when: not matrix_mautrix_hangouts_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Hangouts paths exist file: @@ -96,7 +100,7 @@ - name: Ensure mautrix-hangouts config.yaml installed copy: - content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_hangouts_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +108,7 @@ - name: Ensure mautrix-hangouts registration.yaml installed copy: - content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_hangouts_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 9fc42cea..c4d90e6b 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -34,6 +34,9 @@ matrix_mautrix_instagram_systemd_wanted_services_list: [] matrix_mautrix_instagram_appservice_token: '' matrix_mautrix_instagram_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_instagram_federate_rooms: true # Database-related configuration fields. # diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index dc95af3a..4e531615 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -14,6 +14,10 @@ force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}" when: not matrix_mautrix_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix instagram paths exist file: @@ -51,7 +55,7 @@ - name: Ensure mautrix-instagram config.yaml installed copy: - content: "{{ matrix_mautrix_instagram_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_instagram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -59,7 +63,7 @@ - name: Ensure mautrix-instagram registration.yaml installed copy: - content: "{{ matrix_mautrix_instagram_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_instagram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_instagram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index ac14754c..cb74d5c1 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -46,12 +46,6 @@ appservice: bot_displayname: Instagram bridge bot bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+instagram:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. @@ -116,7 +110,7 @@ bridge: update_avatar_initial_sync: true # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_instagram_federate_rooms|to_json }} # Settings for backfilling messages from Instagram. backfill: # Whether or not the Instagram users of logged in Matrix users should be diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 0f91d6cc..4e95f1f9 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -56,6 +56,10 @@ matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_appservice_bot_username: signalbot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_signal_federate_rooms: true + # Database-related configuration fields # # This bridge only supports postgres. diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 6fd0f813..840cbd6e 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -15,6 +15,10 @@ force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" when: "not matrix_mautrix_signal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Signal repository is present on self-build @@ -84,7 +88,7 @@ - name: Ensure mautrix-signal config.yaml installed copy: - content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_signal_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -92,7 +96,7 @@ - name: Ensure mautrix-signal registration.yaml installed copy: - content: "{{ matrix_mautrix_signal_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_signal_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_signal_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 0498d6ea..2f427b90 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -56,12 +56,6 @@ appservice: bot_displayname: Signal bridge bot bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+signal:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. @@ -153,7 +147,7 @@ bridge: {{ matrix_mautrix_signal_homeserver_domain }}: {{ matrix_mautrix_signal_login_shared_secret|to_json }} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_signal_federate_rooms|to_json }} # End-to-bridge encryption support options. You must install the e2be optional dependency for # this to work. See https://github.com/tulir/mautrix-telegram/wiki/End‐to‐bridge-encryption encryption: diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index d1397b21..eb70d3fa 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -28,6 +28,9 @@ matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' matrix_mautrix_telegram_bot_token: disabled +# Whether or not the public-facing endpoints should be enabled (web-based login) +matrix_mautrix_telegram_appservice_public_enabled: true + # Mautrix telegram public endpoint to log in to telegram # Use an uuid so it's not easily discoverable. # Example: /741a0483-ba17-4682-9900-30bd7269f1cc @@ -40,6 +43,10 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq matrix_mautrix_telegram_appservice_bot_username: telegrambot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_telegram_federate_rooms: true + # Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index 267658ef..a97dcd8e 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -56,16 +56,16 @@ + [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] }} + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` + URL endpoint to the matrix-mautrix-telegram container. + You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. + when: "not matrix_nginx_proxy_enabled|default(False)|bool" + tags: - always - when: matrix_mautrix_telegram_enabled|bool - -- name: Warn about reverse-proxying if matrix-nginx-proxy not used - debug: - msg: >- - NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy - reverse proxy. - Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` - URL endpoint to the matrix-mautrix-telegram container. - You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable. - when: "matrix_mautrix_telegram_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: matrix_mautrix_telegram_enabled|bool and matrix_mautrix_telegram_appservice_public_enabled|bool diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index ceda10a5..1960288d 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -55,6 +55,10 @@ force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" when: "not matrix_mautrix_telegram_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure lottieconverter is present when self-building git: @@ -118,7 +122,7 @@ - name: Ensure mautrix-telegram config.yaml installed copy: - content: "{{ matrix_mautrix_telegram_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_telegram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -126,7 +130,7 @@ - name: Ensure mautrix-telegram registration.yaml installed copy: - content: "{{ matrix_mautrix_telegram_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_telegram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_telegram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 94694351..6569ce87 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -34,7 +34,7 @@ appservice: # the HS database. public: # Whether or not the public-facing endpoints should be enabled. - enabled: true + enabled: {{ matrix_mautrix_telegram_appservice_public_enabled|to_json }} # The prefix to use in the public-facing endpoints. prefix: {{ matrix_mautrix_telegram_public_endpoint|to_json }} # The base URL where the public-facing endpoints are available. The prefix is not added @@ -160,7 +160,7 @@ bridge: parallel_file_transfer: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_telegram_federate_rooms|to_json }} # Settings for converting animated stickers. animated_sticker: # Format to which animated stickers should be converted. diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index d24e960e..459a0fec 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -24,7 +24,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ - {% if matrix_mautrix_telegram_container_http_host_bind_port %} + {% if matrix_mautrix_telegram_appservice_public_enabled and matrix_mautrix_telegram_container_http_host_bind_port %} -p {{ matrix_mautrix_telegram_container_http_host_bind_port }}:8080 \ {% endif %} -v {{ matrix_mautrix_telegram_config_path }}:/config:z \ diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index f8fd29c8..3dd4667c 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -34,6 +34,9 @@ matrix_mautrix_twitter_systemd_wanted_services_list: [] matrix_mautrix_twitter_appservice_token: '' matrix_mautrix_twitter_homeserver_token: '' +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_twitter_federate_rooms: true # Database-related configuration fields. # @@ -42,8 +45,8 @@ matrix_mautrix_twitter_homeserver_token: '' matrix_mautrix_twitter_database_engine: 'postgres' matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter' -matrix_mautrix_twitter_database_password: 'some-password' -matrix_mautrix_twitter_database_hostname: 'matrix-postgres' +matrix_mautrix_twitter_database_password: '' +matrix_mautrix_twitter_database_hostname: '' matrix_mautrix_twitter_database_port: 5432 matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter' diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 86134d2b..6e587900 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}" when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Twitter paths exist file: @@ -55,7 +59,7 @@ - name: Ensure mautrix-twitter config.yaml installed copy: - content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -63,7 +67,7 @@ - name: Ensure mautrix-twitter registration.yaml installed copy: - content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_twitter_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml index 114fd2cf..5b6e3d02 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/validate_config.yml @@ -8,11 +8,5 @@ with_items: - "matrix_mautrix_twitter_appservice_token" - "matrix_mautrix_twitter_homeserver_token" - -- name: Fail if database is not defined - fail: - msg: >- - You need to define a need to set `matrix_mautrix_twitter_database_engine: postgres` and redefine the other `matrix_mautrix_twitter_database_*` variables - when: "vars[item] == ''" - with_items: - - "matrix_mautrix_twitter_database_engine" + - "matrix_mautrix_twitter_database_hostname" + - "matrix_mautrix_twitter_database_password" diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 9bfa3123..f0ae69b2 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -54,12 +54,6 @@ appservice: bot_displayname: Twitter bridge bot bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+twitter:example.com". Set to false to disable. - community_id: false - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. @@ -111,7 +105,7 @@ bridge: login_shared_secret_map: {{ matrix_mautrix_twitter_bridge_login_shared_secret_map|to_json }} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_twitter_federate_rooms|to_json }} # Settings for backfilling messages from Twitter. # # Missed message backfilling is currently based on receiving them from the Twitter polling API, diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 54097ad8..6aae2015 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.2.4 +matrix_mautrix_whatsapp_version: v0.3.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" @@ -37,6 +37,10 @@ matrix_mautrix_whatsapp_homeserver_token: '' matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_whatsapp_federate_rooms: true + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index d33524f3..8f27ac2a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -57,6 +57,10 @@ force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" when: not matrix_mautrix_whatsapp_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Whatsapp repository is present on self-build git: @@ -108,7 +112,7 @@ - name: Ensure mautrix-whatsapp config.yaml installed copy: - content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml }}" + content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -116,7 +120,7 @@ - name: Ensure mautrix-whatsapp registration.yaml installed copy: - content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml }}" + content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 394f16a6..0e3b855c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -136,7 +136,7 @@ bridge: allow_user_invite: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. - federate_rooms: true + federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} # The prefix for commands. Only required in non-management rooms. command_prefix: "!wa" diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 80734c25..52257689 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -1,11 +1,19 @@ --- # Mx Puppet Discord is a Matrix <-> Discord bridge -# See: https://github.com/matrix-discord/mx-puppet-discord +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/matrix-discord/mx-puppet-discord) +# +# We use the Beeper-maintained fork, because https://github.com/matrix-discord/mx-puppet-discord is horribly broken often. See: +# - https://github.com/matrix-discord/mx-puppet-discord/issues/201 +# - https://github.com/matrix-discord/mx-puppet-discord/issues/202 +# - https://github.com/matrix-discord/mx-puppet-discord/issues/203 +# - (other similar issues in the past) matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://github.com/matrix-discord/mx-puppet-discord.git" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" +matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" # Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container). # @@ -13,8 +21,8 @@ matrix_mx_puppet_discord_container_image_self_build_repo: "https://github.com/ma matrix_mx_puppet_discord_container_http_host_bind_port: '' matrix_mx_puppet_discord_version: latest -matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}sorunome/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}" -matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" +matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3ef57cb7..26a7c0c3 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -72,12 +72,17 @@ force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Discord repository is present on self build git: repo: "{{ matrix_mx_puppet_discord_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" force: "yes" + version: "{{ matrix_mx_puppet_discord_container_image_self_build_version }}" register: matrix_mx_puppet_discord_git_pull_results when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build" @@ -88,14 +93,14 @@ force_source: "{{ matrix_mx_puppet_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: "{{ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}" pull: true when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool" - name: Ensure mx-puppet-discord config.yaml installed copy: - content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -103,7 +108,7 @@ - name: Ensure mx-puppet-discord discord-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 84802c4f..0d43a0d0 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Groupme repository is present on self build git: @@ -96,7 +100,7 @@ - name: Ensure mx-puppet-groupme config.yaml installed copy: - content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +108,7 @@ - name: Ensure mx-puppet-groupme groupme-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_groupme_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 63f1878b..cb613074 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -42,6 +42,10 @@ force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mx-puppet-instagram paths exist file: @@ -79,7 +83,7 @@ - name: Ensure mx-puppet-instagram config.yaml installed copy: - content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -87,7 +91,7 @@ - name: Ensure mx-puppet-instagram-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index 28573533..c3776c70 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}" when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Skype repository is present on self build git: @@ -96,7 +100,7 @@ - name: Ensure mx-puppet-skype config.yaml installed copy: - content: "{{ matrix_mx_puppet_skype_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_skype_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_skype_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +108,7 @@ - name: Ensure mx-puppet-skype skype-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_skype_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_skype_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_skype_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bf5c6dfa..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) matrix_mx_puppet_slack_enabled: true @@ -8,7 +8,9 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # @@ -16,8 +18,8 @@ matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Soru matrix_mx_puppet_slack_container_http_host_bind_port: '' matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 897f3f8f..66d51784 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -68,4 +68,4 @@ Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` URL endpoint to the matrix-mx-puppet-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_mx_puppet_slack_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index eca29e9b..b064ee83 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -69,12 +69,17 @@ force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Slack repository is present on self build git: repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" force: "yes" + version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}" register: matrix_mx_puppet_slack_git_pull_results when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" @@ -85,7 +90,7 @@ force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: "{{ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" pull: true when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" @@ -96,7 +101,7 @@ - name: Ensure mx-puppet-slack config.yaml installed copy: - content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +109,7 @@ - name: Ensure mx-puppet-slack slack-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index a1786ba9..b8b3f737 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Steam repository is present on self build git: @@ -96,7 +100,7 @@ - name: Ensure mx-puppet-steam config.yaml installed copy: - content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +108,7 @@ - name: Ensure mx-puppet-steam steam-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml index 9d868bfe..757f1f41 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml @@ -68,4 +68,4 @@ Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}` URL endpoint to the matrix-mx-puppet-twitter container. You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable. - when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_mx_puppet_twitter_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 8ca4f3f1..485900a8 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Twitter repository is present on self build git: @@ -96,7 +100,7 @@ - name: Ensure mx-puppet-twitter config.yaml installed copy: - content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -104,7 +108,7 @@ - name: Ensure mx-puppet-twitter twitter-registration.yaml installed copy: - content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}" + content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index 1f296043..412c26fe 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -4,6 +4,10 @@ docker_image: name: "{{ matrix_sms_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-sms-bridge paths exist file: @@ -19,7 +23,7 @@ - name: Ensure matrix-sms-bridge application.yml installed copy: - content: "{{ matrix_sms_bridge_configuration|to_nice_yaml }}" + content: "{{ matrix_sms_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/application.yml" mode: 0644 owner: "{{ matrix_user_username }}" @@ -27,7 +31,7 @@ - name: Ensure matrix-sms-bridge registration.yaml installed copy: - content: "{{ matrix_sms_bridge_registration|to_nice_yaml }}" + content: "{{ matrix_sms_bridge_registration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sms_bridge_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index 1cb9b26f..2ded4048 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v1.7.0 +matrix_client_cinny_version: v1.8.2 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 5571d8d0..48865008 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Cinny repository is present on self-build git: diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 94b28d9e..edaa189c 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.6 +matrix_client_element_version: v1.10.7 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index 3b877e8e..e9c7096e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" when: "not matrix_client_element_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Element repository is present on self-build git: diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index d8372768..0e4868f6 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Hydrogen repository is present on self-build git: diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index b8edc596..6c520ee0 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -45,6 +45,10 @@ force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" when: "matrix_corporal_enabled|bool and not matrix_corporal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Matrix Corporal config installed copy: diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index f5726e32..621177e5 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}" when: "not matrix_coturn_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Coturn repository is present on self-build diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index 7b3c12d5..a18ad065 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -23,6 +23,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Dendrite signing key exists stat: @@ -52,7 +56,7 @@ - name: Ensure Dendrite configuration installed copy: - content: "{{ matrix_dendrite_configuration|to_nice_yaml }}" + content: "{{ matrix_dendrite_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_dendrite_config_dir_path }}/dendrite.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 92c21c9e..1ba4f2d4 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -78,7 +78,7 @@ - name: Ensure Dimension config installed copy: - content: "{{ matrix_dimension_configuration|to_nice_yaml }}" + content: "{{ matrix_dimension_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_dimension_base_path }}/config.yaml" mode: 0640 owner: "{{ matrix_user_username }}" @@ -92,6 +92,9 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" when: "not matrix_dimension_container_image_self_build|bool" register: matrix_dimension_pull_results + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: matrix_dimension_pull_results is not failed - name: Ensure dimension repository is present on self-build git: diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index e2e4f043..4dffe681 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -7,6 +7,10 @@ force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Dynamic DNS paths exist file: diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 44f2ef7d..74e7c676 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -28,6 +28,10 @@ force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" when: "not matrix_email2matrix_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Email2Matrix repository is present on self-build git: diff --git a/roles/matrix-etherpad/tasks/init.yml b/roles/matrix-etherpad/tasks/init.yml index b155064c..392addd0 100644 --- a/roles/matrix-etherpad/tasks/init.yml +++ b/roles/matrix-etherpad/tasks/init.yml @@ -61,4 +61,4 @@ Please make sure that you're proxying the `{{ matrix_etherpad_public_endpoint }}` URL endpoint to the matrix-etherpad container. You can expose the container's port using the `matrix_etherpad_container_http_host_bind_port` variable. - when: "matrix_etherpad_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_etherpad_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index 27832e14..6f276e05 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-etherpad.service installed template: diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 5f9d21c1..95a0ba53 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" when: "matrix_grafana_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure grafana paths exists file: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 2bb781c1..d85e0703 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jicofo environment variables file created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 3b3b8dbf..b007ede8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jvb configuration files created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 437e1e9c..301fa82f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-prosody environment variables file is created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 0a4d43b0..ea831490 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -25,6 +25,10 @@ force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-web environment variables file created template: diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 6fc6902a..c56c81f9 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" when: "not matrix_ma1sd_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure gradle is installed for self-building (Debian) @@ -87,6 +91,7 @@ shell: "DOCKER_BUILDKIT=1 ./gradlew dockerBuild" args: chdir: "{{ matrix_ma1sd_docker_src_files_path }}" + when: matrix_ma1sd_git_pull_results.changed - name: Ensure ma1sd Docker image is tagged correctly docker_image: @@ -104,7 +109,7 @@ - name: Ensure ma1sd config installed copy: - content: "{{ matrix_ma1sd_configuration|to_nice_yaml }}" + content: "{{ matrix_ma1sd_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_ma1sd_config_path }}/ma1sd.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 1ac4f339..5ad02a57 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -51,6 +51,10 @@ force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-mailer.service installed template: diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 32702ec9..4b1810ea 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -489,6 +489,10 @@ matrix_ssl_lets_encrypt_support_email: ~ # If you'd like to not bind on all IP addresses, specify one explicitly (e.g. `a.b.c.d:80`) matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80' +# Specify key type of the private key algorithm. +# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#using-ecdsa-keys +matrix_ssl_lets_encrypt_key_type: rsa + matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 373bc55b..92454e96 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -184,6 +184,10 @@ force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}" when: matrix_nginx_proxy_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-nginx-proxy.service installed template: diff --git a/roles/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/matrix-nginx-proxy/tasks/ssl/main.yml index 6c060818..6b843c7b 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/main.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml @@ -5,6 +5,11 @@ msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value" when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']" +- name: Fail if using unsupported private key type + fail: + msg: "The `matrix_ssl_lets_encrypt_key_type` variable contains an unsupported value" + when: "matrix_ssl_lets_encrypt_key_type not in ['rsa', 'ecdsa']" + # Common tasks, required by almost any method below. diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index e4dd53c2..12a21257 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -45,6 +45,7 @@ --http-01-port 8080 {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} --standalone --preferred-challenges http --agree-tos @@ -74,6 +75,7 @@ --http-01-port 8080 {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} --standalone --preferred-challenges http --agree-tos diff --git a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 b/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 index 01a39ffa..cbb2e6f3 100644 --- a/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 +++ b/roles/matrix-nginx-proxy/templates/prometheus/external_prometheus.yml.example.j2 @@ -22,7 +22,7 @@ scrape_configs: - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] labels: job: "master" - index: 1 + index: "0" {% for worker in matrix_nginx_proxy_proxy_synapse_workers_enabled_list %} - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' metrics_path: /_synapse-worker-{{ worker.type }}-{{ worker.instanceId }}/metrics @@ -36,5 +36,5 @@ scrape_configs: - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}'] labels: job: "{{ worker.type }}" - index: {{ worker.instanceId }} + index: "{{ worker.instanceId }}" {% endfor %} diff --git a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 index bc45e85e..89113629 100644 --- a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 +++ b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 @@ -22,8 +22,9 @@ docker run \ --work-dir=/tmp \ --http-01-port 8080 \ {% if matrix_ssl_lets_encrypt_staging %} - --staging \ + --staging \ {% endif %} + --key-type {{ matrix_ssl_lets_encrypt_key_type }} \ --standalone \ --preferred-challenges http \ --agree-tos \ diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 72329db3..701d8dd3 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" when: matrix_postgres_backup_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres backup paths exist file: diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 76529a82..8593bb83 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -1,5 +1,8 @@ --- +# Controls if the Postgres server managed by the playbook is enabled. +# You can turn it off and use an external Postgres server by setting this to `false`. +# Doing this has various downsides. See `docs/configuring-playbook-external-postgres.md` to learn more. matrix_postgres_enabled: true matrix_postgres_connection_hostname: "matrix-postgres" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 46186a4d..43192475 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -43,6 +43,10 @@ force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" when: matrix_postgres_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres paths exist file: diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index 419f3592..21d0b55d 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" when: "matrix_prometheus_node_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-node-exporter.service installed template: diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index a6c49816..08ffe708 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" when: "matrix_prometheus_postgres_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-postgres-exporter.service installed template: diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index 80f3e5d7..e0fe8cf6 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Prometheus paths exists file: @@ -31,7 +35,7 @@ - name: Ensure prometheus.yml installed copy: - content: "{{ matrix_prometheus_configuration|to_nice_yaml }}" + content: "{{ matrix_prometheus_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_prometheus_config_path }}/prometheus.yml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index a37174a3..df1d1736 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" when: matrix_redis_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure redis paths exist file: diff --git a/roles/matrix-registration/tasks/init.yml b/roles/matrix-registration/tasks/init.yml index cae18258..44a887d1 100644 --- a/roles/matrix-registration/tasks/init.yml +++ b/roles/matrix-registration/tasks/init.yml @@ -66,4 +66,4 @@ Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}` URL endpoint to the matrix-registration container. You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable. - when: "matrix_registration_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_registration_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index 31e9c35d..2b5beafa 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" when: "not matrix_registration_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-registration repository is present when self-building git: @@ -76,7 +80,7 @@ - name: Ensure matrix-registration config installed copy: - content: "{{ matrix_registration_configuration|to_nice_yaml }}" + content: "{{ matrix_registration_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_registration_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index cd54a51d..1a6ce186 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Sygnal paths exists file: @@ -21,7 +25,7 @@ - name: Ensure Sygnal config installed copy: - content: "{{ matrix_sygnal_configuration|to_nice_yaml }}" + content: "{{ matrix_sygnal_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_sygnal_config_path }}/sygnal.yaml" mode: 0640 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-synapse-admin/tasks/init.yml b/roles/matrix-synapse-admin/tasks/init.yml index ccaa03f6..de8c0046 100644 --- a/roles/matrix-synapse-admin/tasks/init.yml +++ b/roles/matrix-synapse-admin/tasks/init.yml @@ -57,4 +57,4 @@ Please make sure that you're proxying the `{{ matrix_synapse_admin_public_endpoint }}` URL endpoint to the matrix-synapse-admin container. You can expose the container's port using the `matrix_synapse_admin_container_http_host_bind_port` variable. - when: "matrix_synapse_admin_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_synapse_admin_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool" diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index ab1e6d46..2243706b 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" when: "matrix_synapse_admin_enabled|bool and not matrix_synapse_admin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-synapse-admin repository is present when self-building git: diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 3e3ee121..80f2781b 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.53.0 +matrix_synapse_version: v1.55.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -69,7 +69,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-synapse.service wants matrix_synapse_systemd_wanted_services_list: [] -matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.8/site-packages" +matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site-packages" # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 9e3870e5..d3781520 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_s3_goofys_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # This will throw a Permission Denied error if already mounted - name: Check Matrix Goofys external storage mountpoint path diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index ad8497cc..1aaf3a81 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -48,6 +48,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_rust_synapse_compress_state_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Generate rust-synapse-compress-state room find command set_fact: diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index bd7da90d..deedd7bd 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -54,6 +54,10 @@ force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}" when: "not matrix_synapse_container_image_self_build" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Synapse signing key exists stat: @@ -84,7 +88,7 @@ - name: Ensure Synapse homeserver config installed copy: - content: "{{ matrix_synapse_configuration|to_nice_yaml }}" + content: "{{ matrix_synapse_configuration|to_nice_yaml(indent=2, width=999999) }}" dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml" mode: 0644 owner: "{{ matrix_user_username }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 0308b406..63e3b7ad 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1414,7 +1414,7 @@ account_threepid_delegates: # - "#example:example.com" {% if matrix_synapse_auto_join_rooms|length > 0 %} auto_join_rooms: -{{ matrix_synapse_auto_join_rooms|to_nice_yaml }} +{{ matrix_synapse_auto_join_rooms|to_nice_yaml(indent=2, width=999999) }} {% endif %} # Where auto_join_rooms are specified, setting this flag ensures that the @@ -1977,8 +1977,14 @@ saml2_config: # # localpart_template: Jinja2 template for the localpart of the MXID. # If this is not set, the user will be prompted to choose their -# own username (see 'sso_auth_account_details.html' in the 'sso' -# section of this file). +# own username (see the documentation for the +# 'sso_auth_account_details.html' template). This template can +# use the 'localpart_from_email' filter. +# +# confirm_localpart: Whether to prompt the user to validate (or +# change) the generated localpart (see the documentation for the +# 'sso_auth_account_details.html' template), instead of +# registering the account right away. # # display_name_template: Jinja2 template for the display name to set # on first login. If unset, no displayname will be set. @@ -3013,4 +3019,36 @@ redis: password: {{ matrix_synapse_redis_password }} +## Background Updates ## + +# Background updates are database updates that are run in the background in batches. +# The duration, minimum batch size, default batch size, whether to sleep between batches and if so, how long to +# sleep can all be configured. This is helpful to speed up or slow down the updates. +# +background_updates: + # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set + # a time to change the default. + # + #background_update_duration_ms: 500 + + # Whether to sleep between updates. Defaults to True. Uncomment to change the default. + # + #sleep_enabled: false + + # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment + # and set a duration to change the default. + # + #sleep_duration_ms: 300 + + # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and + # set a size to change the default. + # + #min_batch_size: 10 + + # The batch size to use for the first iteration of a new background update. The default is 100. + # Uncomment and set a size to change the default. + # + #default_batch_size: 50 + + # vim:ft=yaml diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 188db5ef..e69ffa61 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -43,7 +43,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %} -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_tls_port }} \ {% endif %} - {% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} + {% if matrix_synapse_federation_enabled and matrix_synapse_federation_port_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_federation_api_plain_port }} \ {% endif %} {% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %}