pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2021-02-05 14:51:51 +01:00
parent 7e9b56c634 62f79af0a8
commit 831aabaa87
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
111 changed files with 1414 additions and 647 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

93
CHANGELOG.md
View file

@ -1,3 +1,96 @@
# 2021-01-31
## Etherpad support
Thanks to [@pushytoxin](https://github.com/pushytoxin), the playbook can now install the [Etherpad](https://etherpad.org) realtime collaborative text editor. It can be used in a [Jitsi](https://jitsi.org/) audio/video call or integrated as a widget into Matrix chat rooms via the [Dimension](https://dimension.t2bot.io) integration manager.
To get it installed, follow [our Etherpad docs page](docs/configuring-playbook-etherpad.md).
# 2021-01-22
## (Breaking Change) Postgres changes that require manual intervention
We've made a lot of changes to our Postgres setup and some manual action is required (described below). Sorry about the hassle.
**TLDR**: people running an [external Postgres server](docs/configuring-playbook-external-postgres.md) don't need to change anything for now. Everyone else (the common/default case) is affected and manual intervention is required.
### Why?
- we had a default Postgres password (`matrix_postgres_connection_password: synapse-password`), which we think is **not ideal for security anymore**. We now ask you to generate/provide a strong password yourself. Postgres is normally not exposed outside the container network, making it relatively secure, but still:
- by tweaking the configuration, you may end up intentionally or unintentionally exposing your Postgres server to the local network (or even publicly), while still using the default default credentials (`synapse` + `synapse-password`)
- we can't be sure we trust all these services (bridges, etc). Some of them may try to talk to or attack `matrix-postgres` using the default credentials (`synapse` + `synapse-password`)
- you may have other containers running on the same Docker network, which may try to talk to or attack `matrix-postgres` using the default credentials (`synapse` + `synapse-password`)
- our Postgres usage **was overly-focused on Synapse** (default username of `synapse` and default/main database of `homeserver`). Additional homeserver options are likely coming in the future ([Dendrite](https://matrix.org/docs/projects/server/dendrite), [Conduit](https://matrix.org/docs/projects/server/conduit), [The Construct](https://matrix.org/docs/projects/server/construct)), so being too focused on `matrix-synapse` is not great. From now on, Synapse is just another component of this playbook, which happens to have an *additional database* (called `synapse`) on the Postgres server.
- we try to reorganize things a bit, to make the playbook even friendlier to people running an [external Postgres server](docs/configuring-playbook-external-postgres.md). Work on this will proceed in the future.
So, this is some **effort to improve security** and to **prepare for a brighter future of having more homeserver options** than just Synapse.
### What has really changed?
- the default superuser Postgres username is now `matrix` (used to be `synapse`)
- the default Postgres database is now `matrix` (used to be `homeserver`)
- Synapse's database is now `synapse` (used to be `homeserver`). This is now just another "additional database" that the playbook manages for you
- Synapse's user called `synapse` is just a regular user that can only use the `synapse` database (not a superuser anymore)
### What do I do if I'm using the integrated Postgres server (default)?
By default, the playbook runs an integrated Postgres server for you in a container (`matrix-postgres`). Unless you've explicitly configured an [external Postgres server](docs/configuring-playbook-external-postgres.md), these steps are meant for you.
To migrate to the new setup, expect a few minutes of downtime, while you follow these steps:
1. We believe the steps below are safe and you won't encounter any data loss, but consider [making a Postgres backup](docs/maintenance-postgres.md#backing-up-postgresql) anyway. If you've never backed up Postgres, now would be a good time to try it.
2. Generate a strong password to be used for your superuser Postgres user (called `matrix`). You can use `pwgen -s 64 1` to generate it, or some other tool. The **maximum length** for a Postgres password is 100 bytes (characters). Don't go crazy!
3. Update your playbook's `inventory/host_vars/matrix.DOMAIN/vars.yml` file, adding a line like this:
```yaml
matrix_postgres_connection_password: 'YOUR_POSTGRES_PASSWORD_HERE'
```
.. where `YOUR_POSTGRES_PASSWORD_HERE` is to be replaced with the password you generated during step #2.
4. Stop all services: `ansible-playbook -i inventory/hosts setup.yml --tags=stop`
5. Log in to the server via SSH. The next commands will be performed there.
6. Start the Postgres database server: `systemctl start matrix-postgres`
7. Open a Postgres shell: `/usr/local/bin/matrix-postgres-cli`
8. Execute the following query, while making sure to **change the password inside** (**don't forget the ending `;`**):
```sql
CREATE ROLE matrix LOGIN SUPERUSER PASSWORD 'YOUR_POSTGRES_PASSWORD_HERE';
```
.. where `YOUR_POSTGRES_PASSWORD_HERE` is to be replaced with the password you generated during step #2.
9. Execute the following queries as you see them (no modifications necessary, so you can just **paste them all at once**):
```sql
CREATE DATABASE matrix OWNER matrix;
ALTER DATABASE postgres OWNER TO matrix;
ALTER DATABASE template0 OWNER TO matrix;
ALTER DATABASE template1 OWNER TO matrix;
\c matrix;
ALTER DATABASE homeserver RENAME TO synapse;
ALTER ROLE synapse NOSUPERUSER NOCREATEDB NOCREATEROLE;
\quit
```
You may need to press *Enter* after pasting the lines above.
10. Re-run the playbook normally: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
### What do I do if I'm using an external Postgres server?
If you've explicitly configured an [external Postgres server](docs/configuring-playbook-external-postgres.md), there are **no changes** that you need to do at this time.
The fact that we've renamed Synapse's database from `homeserver` to `synapse` (in our defaults) should not affect you, as you're already explicitly defining `matrix_synapse_database_database` (if you've followed our guide, that is). If you're not explicitly defining this variable, you may wish to do so (`matrix_synapse_database_database: homeserver`), to avoid the new `synapse` default and keep things as they were.
# 2021-01-20
## (Breaking Change) The mautrix-facebook bridge now requires a Postgres database

130
README.md
View file

@ -4,9 +4,16 @@
## Purpose
This Ansible playbook is meant to easily let you run your own [Matrix](http://matrix.org/) homeserver.
This [Ansible](https://www.ansible.com/) playbook is meant to help you run your own [Matrix](http://matrix.org/) homeserver, along with the [various services](#supported-services) related to that.
That is, it lets you join the Matrix network with your own `@<username>:<your-domain>` identifier, all hosted on your own server.
That is, it lets you join the Matrix network using your own `@<username>:<your-domain>` identifier, all hosted on your own server (see [prerequisites](docs/prerequisites.md)).
We run all services in [Docker](https://www.docker.com/) containers (see [the container images we use](docs/container-images.md)), which lets us have a predictable and up-to-date setup, across multiple supported distros (see [prerequisites](docs/prerequisites.md)) and [architectures](docs/alternative-architectures.md) (x86/amd64 being recommended).
[Installation](docs/README.md) (upgrades) and some maintenance tasks are automated using [Ansible](https://www.ansible.com/) (see [our Ansible guide](docs/ansible.md)).
## Supported services
Using this playbook, you can get the following services configured on your server:
@ -56,6 +63,12 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation
- (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation
- (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation
- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
@ -64,12 +77,12 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms - see [docs/configuring-playbook-email2matrix.md](docs/configuring-playbook-email2matrix.md) for setup documentation
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients - see [docs/configuring-playbook-dimension.md](docs/configuring-playbook-dimension.md) for setup documentation
- (optional) [Etherpad](https://etherpad.org), an open source collaborative text editor - see [docs/configuring-playbook-etherpad.md](docs/configuring-playbook-etherpad.md) for setup documentation
- (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform - see [docs/configuring-playbook-jitsi.md](docs/configuring-playbook-jitsi.md) for setup documentation
- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
@ -85,33 +98,6 @@ Sticking with the defaults (which install a subset of the above components) is t
You can always re-run the playbook later to add or remove components.
## What's different about this Ansible playbook?
This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy) Ansible deployment, but:
- this one is a complete Ansible playbook (instead of just a role), so it's **easier to run** - especially for folks not familiar with Ansible
- this one installs and hooks together **a lot more Matrix-related services** for you (see above)
- this one **can be executed more than once** without causing trouble
- works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+), **Archlinux**
- this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place
- this one **doesn't necessarily take over** ports 80 and 443. By default, it sets up nginx for you there, but you can also [use your own webserver](docs/configuring-playbook-own-webserver.md)
- this one **runs everything in Docker containers**, so it's likely more predictable and less fragile (see [Docker images used by this playbook](#docker-images-used-by-this-playbook))
- this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you
- this one optionally can store the `media_store` content repository files on [Amazon S3](https://aws.amazon.com/s3/) (but defaults to storing files on the server's filesystem)
- this one optionally **allows you to use an external PostgreSQL server** for Synapse's database (but defaults to running one in a container)
- helps you **import data from a previous installation** (so you can migrate your manual virtualenv/Docker setup to a more managed one)
## Installation
To configure and install Matrix on your own server, follow the [README in the docs/ directory](docs/README.md).
@ -124,88 +110,6 @@ This playbook evolves over time, sometimes with backward-incompatible changes.
When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up with what's new.
## Docker images used by this playbook
This playbook sets up your server using the following Docker images:
- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/matrix-org/synapse) Matrix homeserver (optional)
- [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
- [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional)
- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional)
- [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional)
- [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional)
- [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional)
- [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) - the [Email2Matrix](https://github.com/devture/email2matrix) email server, which can relay email messages to Matrix rooms (optional)
- [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) - [Matrix Corporal](https://github.com/devture/matrix-corporal): reconciliator and gateway for a managed Matrix server (optional)
- [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) - [matrix-registration](https://github.com/ZerataX/matrix-registration): a simple python application to have a token based matrix registration (optional)
- [nginx](https://hub.docker.com/_/nginx/) - the [nginx](http://nginx.org/) web server (optional)
- [certbot/certbot](https://hub.docker.com/r/certbot/certbot/) - the [certbot](https://certbot.eff.org/) tool for obtaining SSL certificates from [Let's Encrypt](https://letsencrypt.org/) (optional)
- [tulir/mautrix-telegram](https://mau.dev/tulir/mautrix-telegram/container_registry) - the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge to [Telegram](https://telegram.org/) (optional)
- [tulir/mautrix-whatsapp](https://mau.dev/tulir/mautrix-whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
- [tulir/mautrix-facebook](https://mau.dev/tulir/mautrix-facebook/container_registry) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [tulir/mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts/container_registry) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [tulir/mautrix-signal](https://mau.dev/tulir/mautrix-signal/container_registry) - the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge to [Signal](https://www.signal.org/) (optional)
- [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
- [cadair/matrix-appservice-slack](https://hub.docker.com/r/cadair/matrix-appservice-slack) - the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge to [Slack](https://slack.com/) (optional)
- [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)
- [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-brdige](https://github.com/benkuly/matrix-sms-bridge) (optional)
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https://www.skype.com) (optional)
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https://slack.com) (optional)
- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional)
- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional)
- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)
- [jitsi/jicofo](https://hub.docker.com/r/jitsi/jicofo) - the [Jitsi](https://jitsi.org/) Focus component (optional)
- [jitsi/prosody](https://hub.docker.com/r/jitsi/prosody) - the [Jitsi](https://jitsi.org/) Prosody XMPP server component (optional)
- [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional)
- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
- [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional)
## Deficiencies
This Ansible playbook can be improved in the following ways:
- setting up automatic backups to one or more storage providers
## Support
- Matrix room: [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com)

2
docs/alternative-architectures.md
View file

@ -21,6 +21,6 @@ matrix_architecture: "arm32"
## Implementation details
For `amd64`, prebuilt images are used everywhere (because all images are available for this architecture).
For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used everywhere, because all images are available for this architecture.
For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.

5
docs/configuring-playbook-bridge-appservice-discord.md
View file

@ -38,8 +38,9 @@ To [adjust room access privileges](#adjusting-room-access-privileges) or do vari
There's the Discord bridge's guide for [setting privileges on bridge managed rooms](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#set-privileges-on-bridge-managed-rooms). To do the same with our container setup, run the following command on the server:
```
docker exec -it matrix-appservice-discord /bin/sh -c 'cp /build/tools/adminme.js /tmp/adminme.js && cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /tmp/adminme.js -c /cfg/config.yaml -r "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100'
```sh
docker exec -it matrix-appservice-discord \
/bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100'
```

2
docs/configuring-playbook-bridge-mautrix-signal.md
View file

@ -14,7 +14,7 @@ matrix_mautrix_signal_enabled: true
## Set up Double Puppeting
If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-whatsapp/wiki/Authentication#replacing-whatsapp-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it.
If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-signal/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Shared Secret Auth

26
docs/configuring-playbook-etherpad.md Normal file
View file

@ -0,0 +1,26 @@
# Setting up Etherpad (optional)
[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io)
When enabled together with the Jitsi audio/video conferencing system (see [our docs on Jitsi](configuring-playbook-jitsi.md)), it will be made available as an option during the conferences.
## Prerequisites
For the self-hosted Etherpad instance to be available to your users, you must first enable and configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md)
## Installing
[Etherpad](https://etherpad.org) installation is disabled by default. You can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_etherpad_enabled: true
```
## Set Dimension default to the self-hosted Etherpad
The Dimension administrator users can configure the default URL template. The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab. Replace `scalar.vector.im` with your own Dimension domain.
### Removing the integrated Etherpad chat
If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template.
Example: `https://dimension.<your-domain>/etherpad/p/$roomId_$padName?showChat=false`

1
docs/configuring-playbook-external-postgres.md
View file

@ -4,6 +4,7 @@ By default, this playbook would set up a PostgreSQL database server on your mach
If that's alright, you can skip this.
If you'd like to use an external PostgreSQL server that you manage, you can edit your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
It should be something like this:
```yaml

3
docs/configuring-playbook-nginx.md
View file

@ -34,8 +34,7 @@ Possible values are:
- `"intermediate"` (**default**) - Recommended configuration for a general-purpose server
- `"old"` - Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8
**Be really carefull when setting it to `"modern"`**. This could break comunication with other Matrix servers, limiting your federation posibilities. The
[Federarion tester](https://federationtester.matrix.org/) also won't work.
**Be really carefull when setting it to `"modern"`**. This could break comunication with other Matrix servers, limiting your federation posibilities.
Besides changing the preset (`matrix_nginx_proxy_ssl_preset`), you can also directly override these 3 variables:

2
docs/configuring-playbook.md
View file

@ -33,7 +33,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional)
- [Setting Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional)
- [Setting up Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional)
### Core service adjustments

87
docs/container-images.md Normal file
View file

@ -0,0 +1,87 @@
# Container Images used by the playbook
This page summarizes the container ([Docker](https://www.docker.com/)) images used by the playbook when setting up your server.
We try to stick to official images (provided by their respective projects) as much as possible.
## Container images used by default
These services are enabled and used by default, but you can turn them off, if you wish.
- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/matrix-org/synapse) Matrix homeserver (optional)
- [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
- [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional)
- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional)
- [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional)
- [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional)
- [nginx](https://hub.docker.com/_/nginx/) - the [nginx](http://nginx.org/) web server (optional)
- [certbot/certbot](https://hub.docker.com/r/certbot/certbot/) - the [certbot](https://certbot.eff.org/) tool for obtaining SSL certificates from [Let's Encrypt](https://letsencrypt.org/) (optional)
## Optional other container images we may use
These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later):
- [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional)
- [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) - the [Etherpad](https://etherpad.org) realtime collaborative text editor that can be used in a Jitsi audio/video call or integrated as a widget into Matrix chat rooms via the Dimension integration manager (optional)
- [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) - the [Email2Matrix](https://github.com/devture/email2matrix) email server, which can relay email messages to Matrix rooms (optional)
- [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) - [Matrix Corporal](https://github.com/devture/matrix-corporal): reconciliator and gateway for a managed Matrix server (optional)
- [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) - [matrix-registration](https://github.com/ZerataX/matrix-registration): a simple python application to have a token based matrix registration (optional)
- [tulir/mautrix-telegram](https://mau.dev/tulir/mautrix-telegram/container_registry) - the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge to [Telegram](https://telegram.org/) (optional)
- [tulir/mautrix-whatsapp](https://mau.dev/tulir/mautrix-whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
- [tulir/mautrix-facebook](https://mau.dev/tulir/mautrix-facebook/container_registry) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [tulir/mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts/container_registry) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [tulir/mautrix-signal](https://mau.dev/tulir/mautrix-signal/container_registry) - the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge to [Signal](https://www.signal.org/) (optional)
- [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
- [cadair/matrix-appservice-slack](https://hub.docker.com/r/cadair/matrix-appservice-slack) - the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge to [Slack](https://slack.com/) (optional)
- [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)
- [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) (optional)
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https://www.skype.com) (optional)
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https://slack.com) (optional)
- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional)
- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional)
- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)
- [jitsi/jicofo](https://hub.docker.com/r/jitsi/jicofo) - the [Jitsi](https://jitsi.org/) Focus component (optional)
- [jitsi/prosody](https://hub.docker.com/r/jitsi/prosody) - the [Jitsi](https://jitsi.org/) Prosody XMPP server component (optional)
- [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional)
- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
- [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional)

119
docs/faq.md
View file

@ -21,11 +21,11 @@ For a lot more generic questions and answers, see the [matrix.org FAQ](https://m
[Matrix](https://matrix.org/) is a new type of realtime communication (chat) network, the closest analogy to which is probably "email".
You don't just use the "email" protocols (SMTP, POP3, IMAP) directly though. There's a some *server* somewhere which stores your data (`@gmail.com`, `@yahoo.com`, `@hotmail.com`, `@your-company.com`) and you access using these "email" protocol using use some *client* program (Outlook, Thunderbird, some website, etc).
You don't just use the "email" protocols (SMTP, POP3, IMAP) directly though. There's a *server* somewhere which stores your data (`@gmail.com`, `@yahoo.com`, `@hotmail.com`, `@your-company.com`) and you access it by using these "email" protocols via some *client* program (Outlook, Thunderbird, some website, etc).
In the world of the Matrix chat protocol, there are various client programs. The first and currently most full-featured one is called [Element](https://element.io/) (used to be called Riot.im and Vector.im in the past). There are [many other clients](https://matrix.org/clients/). You can switch clients as much as you want until you find the one that is right for you on a given platform (you may use Element on your desktop, but Fluffychat on your phone, etc).
Matrix is also like email due to the fact that are many servers around the world which can all talk to each other (you can send email from `@gmail.com` addresses to `@yahoo.com` and `@hotmail.com` addresses). It's the same with Matrix (`@bob:his-domain.com` can talk to `@alice:her-domain.org`).
Matrix is also like email due to the fact that there are many servers around the world which can all talk to each other (you can send email from `@gmail.com` addresses to `@yahoo.com` and `@hotmail.com` addresses). It's the same with Matrix (`@bob:his-domain.com` can talk to `@alice:her-domain.org`).
If someone else is hosting your Matrix server (you being `@user:matrix.org` or some other public server like this), all you need is a Matrix client program, like Element.
@ -37,11 +37,11 @@ In short:
- Element is a client program you can use to participate on the Matrix chat network via some server (yours or someone else's). There are also [many other client programs](https://matrix.org/clients/).
- Synapse is a server program you can use to host your very own Matrix server.
This FAQ here mostly focuses on installing Matrix services using the Ansible automation tool. You can learn much more about Matrix in the [matrix.org FAQ](https://matrix.org/faq/).
This FAQ here mostly focuses on installing various Matrix services using the Ansible automation tool. You can learn much more about Matrix in the [matrix.org FAQ](https://matrix.org/faq/).
## People I wish to talk to are not on Matrix. Can I talk to them?
You most likely can. Besides Matrix-native chats, Matrix also supports this concept of "bridging", which allows you to plug other networks into it.
You most likely can. Besides Matrix-native chats, Matrix also supports the concept of "bridging", which allows you to plug other networks into it.
This Ansible playbook can help you install [tens of bridges for various networks](configuring-playbook.md#bridging-other-networks).
@ -82,9 +82,9 @@ To learn more, see our [dedicated Ansible documentation page](ansible.md).
### Why use this playbook and not install Synapse and other things manually?
There's various guides telling you how easy it is to install [Synapse](https://github.com/matrix-org/synapse).
There are various guides telling you how easy it is to install [Synapse](https://github.com/matrix-org/synapse).
Reading this Ansible playbook's documentation, you may also be thinking:
Reading the documentation of this Ansible playbook, you may also be thinking:
> I don't know what [Ansible](https://www.ansible.com/) is. I don't know what [Docker](https://www.docker.com/) is. This looks more complicated.
@ -111,6 +111,33 @@ Besides Synapse, you'd need other things - a Postgres database, likely the [Elem
Using the playbook, you get all these components in a way that works well together out of the box.
### What's different about this Ansible playbook compared to [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy)?
This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy) Ansible deployment, but:
- this one is a complete Ansible playbook (instead of just a role), so it's **easier to run** - especially for folks not familiar with Ansible
- this one installs and hooks together **a lot more Matrix-related services** for you (see above)
- this one **can be executed more than once** without causing trouble
- works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+), **Archlinux**
- this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place
- this one **doesn't necessarily take over** ports 80 and 443. By default, it sets up nginx for you there, but you can also [use your own webserver](configuring-playbook-own-webserver.md)
- this one **runs everything in Docker containers**, so it's likely more predictable and less fragile (see [Docker images used by this playbook](container-images.md))
- this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you
- this one optionally can store the `media_store` content repository files on [Amazon S3](https://aws.amazon.com/s3/) (but defaults to storing files on the server's filesystem)
- this one optionally **allows you to use an external PostgreSQL server** for Synapse's database (but defaults to running one in a container)
- helps you **import data from a previous installation** (so you can migrate your manual virtualenv/Docker setup to a more managed one)
- this one is actually **maintained**
## Server-related
@ -146,7 +173,7 @@ It also lets us have a unified setup which runs the same across various supporte
### Is Docker a hard requirement?
Yes. See [Why don't you use Podman instead of Docker?](#is-docker-a-hard-requirement) for why we're not using another container runtime.
Yes. See [Why don't you use Podman instead of Docker?](#why-dont-you-use-podman-instead-of-docker) for why we're not using another container runtime.
All of our services run in containers. It's how we achieve predictability and also how we support tens of different services across lots of distros.
@ -176,7 +203,7 @@ This largely depends on your use case. It's not so much the number of users that
Federated rooms with lots of history and containing hundreds of other servers are very heavy CPU-wise and memory-wise.
You can probably use a 1 CPU + 1GB memory server to host hundreds of local users just fine, but as soon as of them joins a federated room like `#matrix:matrix.org` (Matrix HQ) or some IRC-bridged room (say `##linux`), your server will get the need for a lot more power (at least 2GB RAM, etc).
You can probably use a 1 CPU + 1GB memory server to host hundreds of local users just fine, but as soon as one of them joins a federated room like `#matrix:matrix.org` (Matrix HQ) or some IRC-bridged room (say `##linux`), your server will get the need for a lot more power (at least 2GB RAM, etc).
Running Matrix on a server with 1GB of memory is possible (especially if you disable some not-so-important services). See [How do I optimize this setup for a low-power server?](#how-do-i-optimize-this-setup-for-a-low-power-server).
@ -193,7 +220,7 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
### Why install my server at matrix.DOMAIN and not at the base DOMAIN?
It's the same with email servers. Your email address is likely `name@company.com`, not `name@mail.company.com`, even though it's really `mail.company.com` that is really handling your data for `@company.com` email to work.
It's the same with email servers. Your email address is likely `name@company.com`, not `name@mail.company.com`, even though it's `mail.company.com` that is really handling your data for `@company.com` email to work.
Using a separate domain name is easier to manage (although it's a little hard to get right at first) and keeps your Matrix server isolated from your website (if you have one), from your email server (if you have one), etc.
@ -203,7 +230,7 @@ If you'd really like to install Matrix services directly on the base domain, see
### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do?
If you're not in control of your base domain (or server handling it) at all, you can take a look at [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain)
If you're not in control of your base domain (or the server handling it) at all, you can take a look at [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain)
### I can't set up HTTPS on the base domain. How will I get Matrix federating?
@ -297,6 +324,36 @@ matrix_docker_installation_enabled: true
By default, we install a webserver for you (nginx), but you can also use [your own webserver](configuring-playbook-own-webserver.md).
### How is the effective configuration determined?
Configuration variables are defined in multiple places in this playbook and are considered in this order:
- there are defaults coming from each role's defaults file (`role/matrix*/defaults/main.yml`). These variable values aim to be good defaults for when the role is used standalone (outside of this collection of roles, also called playbook).
- then, there are overrides in `group_vars/matrix_servers`, which aim to adjust these "standalone role defaults" to something which better fits the playbook in its entirety.
- finally, there's your `inventory/host_vars/matrix.DOMAIN/vars.yml` file, which is the ultimate override
### What configuration variables are available?
You can discover the variables you can override in each role (`role/matrix*/defaults/main.yml`).
As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overriden by values defined in `group_vars/matrix_servers`.
Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.DOMAIN/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features).
### I'd like to adjust some configuration which doesn't have a corresponding variable. How do I do it?
The playbook doesn't aim to expose all configuration settings for all services using variables.
Doing so would amount to hundreds of variables that we have to create and maintain.
Instead, we only try to make some important basics configurable using dedicated variables you can see in each role.
See [What configuration variables are available?](#what-configuration-variables-are-available).
Besides that, each role (component) aims to provide a `matrix_SOME_COMPONENT_configuration_extension_yaml` (or `matrix_SOME_COMPONENT_configuration_extension_json`) variable, which can be used to override the configuration.
Check each role's `role/matrix*/defaults/main.yml` for the corresponding variable and an example for how use it.
## Installation
@ -325,6 +382,46 @@ It can perform a local connection instead. Just set `ansible_connection=local` a
If you're running Ansible from within a container (one of the possibilities we list on our [dedicated Ansible documentation page](ansible.md)), then using `ansible_connection=local` is not possible.
## Troubleshooting
### I get "Error response from daemon: configured logging driver does not support reading" when I do `docker logs matrix-synapse`.
See [How can I see the logs?](#how-can-i-see-the-logs).
### How can I see the logs?
We utilize [systemd/journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html#Description) for logging.
To see logs for Synapse, run `journalctl -fu matrix-synapse.service`. You may wish to see the [manual page for journalctl](https://www.commandlinux.com/man-page/man1/journalctl.1.html).
Available service names can be seen by doing `ls /etc/systemd/system/matrix*.service` on the server.
Some services also log to files in `/matrix/*/data/..`, but we're slowly moving away from that.
We also disable Docker logging, so you can't use `docker logs matrix-*` either. We do this to prevent useless double (or even triple) logging and to avoid having to rotate log files.
We just simply delegate logging to journald and it takes care of persistence and expiring old data.
Also see: [How long do systemd/journald logs persist for?](#how-long-do-systemdjournald-logs-persist-for)
### How long do systemd/journald logs persist for?
On some distros, the journald logs are just in-memory and not persisted to disk.
Consult (and feel free to adjust) your distro's journald logging configuration in `/etc/systemd/journald.conf`.
To enable persistence and put some limits on how large the journal log files can become, adjust your configuration like this:
```ini
[Journal]
RuntimeMaxUse=200M
SystemMaxUse=1G
RateLimitInterval=0
RateLimitBurst=0
Storage=persistent
```
## Maintenance
### Do I need to do anything to keep my Matrix server updated?
@ -341,7 +438,7 @@ If your previous installation is done in some other way (not using this Ansible
### How do I back up the data on my server?
We haven't document this properly yet, but the general advice is to:
We haven't documented this properly yet, but the general advice is to:
- back up Postgres by making a database dump. See [Backing up PostgreSQL](maintenance-postgres.md#backing-up-postgresql)

13
docs/importing-postgres.md
View file

@ -7,8 +7,8 @@ Run this if you'd like to import your database from a previous installation.
## Prerequisites
For this to work, **the database name in Postgres must match** what this playbook uses.
This playbook uses a Postgres database name of `homeserver` by default (controlled by the `matrix_postgres_db_name` variable).
If your database name differs, be sure to change `matrix_postgres_db_name` to your desired name and to re-run the playbook before proceeding.
This playbook uses a Postgres database name of `synapse` by default (controlled by the `matrix_synapse_database_database` variable).
If your database name differs, be sure to change `matrix_synapse_database_database` to your desired name and to re-run the playbook before proceeding.
The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`).
@ -21,10 +21,17 @@ Before doing the actual import, **you need to upload your Postgres dump file to
To import, run this command (make sure to replace `<server-path-to-postgres-dump.sql>` with a file path on your server):
ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_postgres_dump=<server-path-to-postgres-dump.sql>' --tags=import-postgres
```sh
ansible-playbook -i inventory/hosts setup.yml \
--extra-vars='postgres_default_import_database=synapse server_path_postgres_dump=<server-path-to-postgres-dump.sql>' \
--tags=import-postgres
```
We specify the `synapse` database as the default import database. If your dump is a single-database dump (`pg_dump`), then we need to tell it where to go to. If you're redefining `matrix_synapse_database_database` to something other than `synapse`, please adjust it here too. For database dumps spanning multiple databases (`pg_dumpall`), you can remove the `postgres_default_import_database` definition (but it doesn't hurt to keep it too).
**Note**: `<server-path-to-postgres-dump.sql>` must be a file path to a Postgres dump file on the server (not on your local machine!).
## Troubleshooting
A table ownership issue can occur if you are importing from a Synapse installation which was both:

22
docs/installing.md
View file

@ -36,11 +36,19 @@ When you're ready to start the Matrix services (and set them up to auto-start in
ansible-playbook -i inventory/hosts setup.yml --tags=start
```
Now that the services are running, you might want to:
Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md)
- **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md)
- or [create your first user account](registering-users.md)
- or [set up the Dimension Integrations Manager](configuring-playbook-dimension.md)
- or [check if services work](maintenance-checking-services.md)
- or learn how to [upgrade your services when new versions are released](maintenance-upgrading-services.md)
- or learn how to [migrate to another server](maintenance-migrating.md)
## Things to do next
If you have started services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can:
- [check if services work](maintenance-checking-services.md)
- or [create your first Matrix user account](registering-users.md)
- or [set up additional services](configuring-playbook.md#other-configuration-options) (bridges to other chat networks, bots, etc.)
- or learn how to [upgrade services when new versions are released](maintenance-upgrading-services.md)
- or learn how to [maintain your server](faq.md#maintenance)
- or join some Matrix rooms:
* via the *Explore rooms* feature in Element or some other client, or by discovering them using this [matrix-static list](https://view.matrix.org). Note: joining large rooms may overload small servers.
* or come say Hi in our support room - [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting.
- or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))

13
docs/maintenance-postgres.md
View file

@ -19,6 +19,17 @@ You can use the `/usr/local/bin/matrix-postgres-cli` tool to get interactive ter
If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above tool will not be available.
By default, this tool puts you in the `matrix` database, which contains nothing.
To see the available databases, run `\list` (or just `\l`).
To change to another database (for example `synapse`), run `\connect synapse` (or just `\c synapse`).
You can then proceed to write queries. Example: `SELECT COUNT(*) FROM users;`
**Be careful**. Modifying the database directly (especially as services are running) is dangerous and may lead to irreversible database corruption.
When in doubt, consider [making a backup](#backing-up-postgresql).
## Vacuuming PostgreSQL
@ -53,6 +64,8 @@ pg_dumpall -h matrix-postgres \
If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above command will not work, because the credentials file (`/matrix/postgres/env-postgres-psql`) is not available.
If your server is on the ARM32 [architecture](alternative-architectures.md), you may need to remove the `-alpine` suffix from the image name in the command above.
Restoring a backup made this way can be done by [importing it](importing-postgres.md).

8
docs/prerequisites.md
View file

@ -2,13 +2,13 @@
To install Matrix services using this Ansible playbook, you need:
- (Recommended) An **x86** server running one of these operating systems:
- (Recommended) An **x86** server ([What kind of server specs do I need?](faq.md#what-kind-of-server-specs-do-i-need)) running one of these operating systems:
- **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300))
- **Debian** (9/Stretch+)
- **Ubuntu** (16.04+, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
- **Debian** (9/Stretch or newer)
- **Ubuntu** (16.04 or newer, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
- **Archlinux**
We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
Generally, newer is better. We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
This playbook somewhat supports running on non-`amd64` architectures like ARM. See [Alternative Architectures](alternative-architectures.md).

6
docs/self-building.md
View file

@ -2,13 +2,14 @@
**Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.**
The playbook supports the self-building of various components, which don't have a container image for your architecture. For `amd64`, self-building is not required.
The playbook supports self-building of various components, which don't have a container image for your architecture (see the [container images we use](container-images.md)). For `amd64`, self-building is not required.
For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building).
To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it. If not, it will build the image.
To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it directly. If not, it will build the image on the server itself.
Note that **not all components support self-building yet**.
List of roles where self-building the Docker image is currently possible:
- `matrix-synapse`
- `matrix-synapse-admin`
@ -18,6 +19,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-corporal`
- `matrix-ma1sd`
- `matrix-mailer`
- `matrix-bridge-appservice-irc`
- `matrix-bridge-appservice-slack`
- `matrix-bridge-mautrix-facebook`
- `matrix-bridge-mautrix-hangouts`

5
examples/hosts
View file

@ -9,10 +9,11 @@
# to the host line below or by adding `ansible_ssh_pipelining: False` to your variables file.
#
# If you're running this Ansible playbook on the same server as the one you're installing to,
# consider adding an additional `ansible_connection=local` argument below.
# consider adding an additional `ansible_connection=local` argument to the host line below.
#
# Ansible may fail to discover which Python interpreter to use on the host for some distros (like Ubuntu 20.04).
# You may sometimes need to explicitly add `ansible_python_interpreter=/usr/bin/python3` to lines below.
# You may sometimes need to explicitly add the argument `ansible_python_interpreter=/usr/bin/python3`
# to the host line below.
[matrix_servers]
matrix.<your-domain> ansible_host=<your-server's external IP address> ansible_ssh_user=root

14
examples/vars.yml
View file

@ -4,7 +4,7 @@
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
@ -18,12 +18,18 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
matrix_ssl_lets_encrypt_support_email: ''
# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: ""
matrix_coturn_turn_static_auth_secret: ''
# A secret used to protect access keys issued by the server.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_synapse_macaroon_secret_key: ""
matrix_synapse_macaroon_secret_key: ''
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
matrix_postgres_connection_password: ''

59
group_vars/matrix_servers
View file

@ -149,6 +149,8 @@ matrix_appservice_slack_database_password: "{{ matrix_synapse_macaroon_secret_ke
# We don't enable bridges by default.
matrix_appservice_irc_enabled: false
matrix_appservice_irc_container_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# matrix-appservice-irc's client-server port to the local host.
@ -755,7 +757,30 @@ matrix_dimension_database_password: "{{ matrix_synapse_macaroon_secret_key | pas
#
######################################################################
######################################################################
#
# matrix-etherpad
#
######################################################################
matrix_etherpad_enabled: false
matrix_etherpad_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
}}
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_etherpad_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_etherpad_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'etherpad.db') | to_uuid }}"
######################################################################
#
# /matrix-etherpad
#
######################################################################
######################################################################
#
@ -818,6 +843,13 @@ matrix_jitsi_web_stun_servers: |
else [ 'stun:meet-jit-si-turnrelay.jitsi.net:443']
}}
# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
# unless explicitly disabled by setting `matrix_jitsi_etherpad_enabled` to false.
# Falls back to the scalar.vector.im etherpad in case someone sets `matrix_jitsi_etherpad_enabled` to true,
# while also setting `matrix_etherpad_enabled` to false.
matrix_jitsi_etherpad_enabled: "{{ matrix_etherpad_enabled }}"
matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
######################################################################
#
# /matrix-jitsi
@ -1021,16 +1053,22 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr
matrix_postgres_enabled: true
matrix_postgres_connection_hostname: "matrix-postgres"
matrix_postgres_connection_username: "synapse"
# Please note that the max length of the password is 99 characters
matrix_postgres_connection_password: "synapse-password"
matrix_postgres_db_name: "homeserver"
matrix_postgres_architecture: "{{ matrix_architecture }}"
# We unset this if internal Postgres disabled, which will cascade to some other variables
# and tell users they need to set it (either here or in those variables).
matrix_postgres_connection_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
matrix_postgres_pgloader_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_postgres_additional_databases: |
{{
([{
'name': matrix_synapse_database_database,
'username': matrix_synapse_database_user,
'password': matrix_synapse_database_password,
}] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
+
([{
'name': matrix_ma1sd_database_name,
'username': matrix_ma1sd_database_username,
@ -1138,6 +1176,12 @@ matrix_postgres_additional_databases: |
'username': matrix_dimension_database_username,
'password': matrix_dimension_database_password,
}] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_etherpad_database_name,
'username': matrix_etherpad_database_username,
'password': matrix_etherpad_database_password,
}] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else [])
}}
matrix_postgres_import_roles_to_ignore: |
@ -1243,10 +1287,7 @@ matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (ma
# For exposing the Synapse Manhole port (plain HTTP) to the local host.
matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if matrix_synapse_manhole_enabled else '' }}"
matrix_synapse_database_host: "{{ matrix_postgres_connection_hostname }}"
matrix_synapse_database_user: "{{ matrix_postgres_connection_username }}"
matrix_synapse_database_password: "{{ matrix_postgres_connection_password }}"
matrix_synapse_database_database: "{{ matrix_postgres_db_name }}"
matrix_synapse_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'synapse.db') | to_uuid }}"
# We do not enable TLS in Synapse by default.
# TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse.

1
roles/matrix-base/defaults/main.yml
View file

@ -66,6 +66,7 @@ matrix_host_command_chown: "/usr/bin/env chown"
matrix_host_command_fusermount: "/usr/bin/env fusermount"
matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_host_command_sh: "/usr/bin/env sh"
matrix_ntpd_package: "ntp"
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"

9
roles/matrix-base/tasks/server_base/setup_debian.yml
View file

@ -23,7 +23,14 @@
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' and not ansible_distribution_release == 'bullseye'
- name: Ensure Docker repository is enabled (using Debian Buster on Debian Bullseye, for which there is no Docker yet)
apt_repository:
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} buster stable"
state: present
update_cache: yes
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' and ansible_distribution_release == 'bullseye'
- name: Ensure APT packages are installed
apt:

8
roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \
--log-driver=none \
@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem
{{ matrix_bot_matrix_reminder_bot_docker_image }} \
-c "matrix-reminder-bot /config/config.yaml"
ExecStop=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
ExecStop=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-matrix-reminder-bot

6
roles/matrix-bridge-appservice-discord/templates/config.yaml.j2
View file

@ -1,10 +1,10 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain }}
domain: {{ matrix_appservice_discord_bridge_domain|to_json }}
# This should be your publically facing URL because Discord may use it to
# fetch media from the media store.
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl|to_json }}
# Interval at which to process users in the 'presence queue'. If you have
# 5 users, one user will be processed every 500 milliseconds according to the
# value below. This has a minimum value of 250.
@ -33,7 +33,7 @@ bridge:
# Authentication configuration for the discord bot.
auth:
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
botToken: {{ matrix_appservice_discord_bot_token }}
botToken: {{ matrix_appservice_discord_bot_token|to_json }}
# You must enable "Privileged Gateway Intents" in your bot settings on discord.com (e.g. https://discord.com/developers/applications/12345/bot)
# for this to work
usePrivilegedIntents: {{ matrix_appservice_discord_auth_usePrivilegedIntents|to_json }}

8
roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis
{{ matrix_appservice_discord_docker_image }} \
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-discord

6
roles/matrix-bridge-appservice-irc/defaults/main.yml
View file

@ -3,7 +3,11 @@
matrix_appservice_irc_enabled: true
matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:release-0.17.1"
matrix_appservice_irc_container_self_build: false
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:release-0.23.0"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"

30
roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
View file

@ -2,15 +2,17 @@
- name: Ensure Appservice IRC paths exist
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_appservice_irc_base_path }}"
- "{{ matrix_appservice_irc_config_path }}"
- "{{ matrix_appservice_irc_data_path }}"
- { path: "{{ matrix_appservice_irc_base_path }}", when: true }
- { path: "{{ matrix_appservice_irc_config_path }}", when: true }
- { path: "{{ matrix_appservice_irc_data_path }}", when: true }
- { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_self_build }}" }
when: item.when|bool
- name: Check if an old passkey file already exists
stat:
@ -59,6 +61,26 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_self_build|bool"
- name: Ensure matrix-appservice-irc repository is present when self-building
git:
repo: "{{ matrix_appservice_irc_docker_repo }}"
dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
force: "yes"
register: matrix_appservice_irc_git_pull_results
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool"
- name: Ensure matrix-appservice-irc Docker image is build
docker_image:
name: "{{ matrix_appservice_irc_docker_image }}"
source: build
force_source: yes
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_irc_docker_src_files_path }}"
pull: yes
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
- name: Ensure Matrix Appservice IRC config installed
copy:

8
roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc
{{ matrix_appservice_irc_docker_image }} \
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-irc

8
roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla
{{ matrix_appservice_slack_docker_image }} \
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-slack

8
roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web
{{ matrix_appservice_webhooks_docker_image }} \
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-webhooks

7
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
View file

@ -69,6 +69,8 @@ matrix_mautrix_facebook_login_shared_secret: ''
matrix_mautrix_facebook_bridge_login_shared_secret_map: "{{ {matrix_mautrix_facebook_homeserver_domain: matrix_mautrix_facebook_login_shared_secret} if matrix_mautrix_facebook_login_shared_secret else {} }}"
matrix_mautrix_facebook_appservice_bot_username: facebookbot
matrix_mautrix_facebook_bridge_presence: true
# Default configuration template which covers the generic use case.
@ -101,8 +103,11 @@ matrix_mautrix_facebook_registration_yaml: |
users:
- exclusive: true
regex: '^@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_facebook_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_facebook_appservice_address }}
sender_localpart: facebookbot
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_facebook_appservice_bot_username }}
rate_limited: false
matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}"

2
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
View file

@ -46,7 +46,7 @@ appservice:
# The unique ID of this appservice.
id: facebook
# Username of the appservice bot.
bot_username: facebookbot
bot_username: {{ matrix_mautrix_facebook_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Facebook bridge bot

15
roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
View file

@ -13,8 +13,13 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
# This bridge uses another mechanism for migrations now (migrations happen automatically during regular startup),
# so going forward, running this alembic stuff will not necessary.
# People who are upgrading from an older version of the bridge should go through this migration
# first though, so we're keeping it around for now.
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@ -39,10 +44,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_facebook_docker_image }} \
python3 -m mautrix_facebook -c /config/config.yaml
python3 -m mautrix_facebook -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-facebook

7
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
View file

@ -71,6 +71,8 @@ matrix_mautrix_hangouts_appservice_database: "{{
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_hangouts_login_shared_secret: ''
matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
@ -101,8 +103,11 @@ matrix_mautrix_hangouts_registration_yaml: |
users:
- exclusive: true
regex: '^@hangouts_.+:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_hangouts_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_hangouts_appservice_address }}
sender_localpart: hangoutsbot
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_hangouts_appservice_bot_username }}
rate_limited: false
matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml|from_yaml }}"

2
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
View file

@ -32,7 +32,7 @@ appservice:
# The unique ID of this appservice.
id: hangouts
# Username of the appservice bot.
bot_username: hangoutsbot
bot_username: {{ matrix_mautrix_hangouts_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Hangouts bridge bot

10
roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null'
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@ -42,10 +42,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_hangouts_docker_image }} \
python3 -m mautrix_hangouts -c /config/config.yaml
python3 -m mautrix_hangouts -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-hangouts

4
roles/matrix-bridge-mautrix-signal/defaults/main.yml
View file

@ -43,6 +43,8 @@ matrix_mautrix_signal_daemon_systemd_wanted_services_list: []
matrix_mautrix_signal_appservice_token: ''
matrix_mautrix_signal_homeserver_token: ''
matrix_mautrix_signal_appservice_bot_username: signalbot
# Database-related configuration fields
#
# This bridge only supports postgres.
@ -59,7 +61,7 @@ matrix_mautrix_signal_database_connection_string: 'postgres://{{ matrix_mautrix_
matrix_mautrix_signal_appservice_database: "{{
{
'postgres': matrix_mautrix_facebook_database_connection_string,
'postgres': matrix_mautrix_signal_database_connection_string,
}[matrix_mautrix_signal_database_engine]
}}"

3
roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
View file

@ -35,6 +35,9 @@
- "{{ matrix_mautrix_signal_base_path }}"
- "{{ matrix_mautrix_signal_config_path }}"
- "{{ matrix_mautrix_signal_daemon_path }}"
- "{{ matrix_mautrix_signal_daemon_path }}/avatars"
- "{{ matrix_mautrix_signal_daemon_path }}/attachments"
- "{{ matrix_mautrix_signal_daemon_path }}/data"
- name: Ensure mautrix-signal config.yaml installed
copy:

2
roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
View file

@ -43,7 +43,7 @@ appservice:
# The unique ID of this appservice.
id: signal
# Username of the appservice bot.
bot_username: signalbot
bot_username: {{ matrix_mautrix_signal_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Signal bridge bot

5
roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2
View file

@ -6,9 +6,12 @@ namespaces:
users:
- exclusive: true
regex: '^@signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_signal_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
aliases:
- exclusive: true
regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_signal_appservice_address }}
sender_localpart: signalbot
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }}
rate_limited: false

10
roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
View file

@ -15,21 +15,23 @@ Wants={{ service }}
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
# We can't use `--read-only` for this bridge.
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
{{ matrix_mautrix_signal_daemon_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
Restart=always
RestartSec=30

15
roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2
View file

@ -14,8 +14,8 @@ Wants={{ service }}
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -23,19 +23,22 @@ ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal \
--log-driver=none \
--network={{ matrix_docker_network }} \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
{% if matrix_mautrix_signal_container_http_host_bind_port %}
-p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \
{% endif %}
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
-v {{ matrix_mautrix_signal_config_path }}:/data:z \
-v {{ matrix_mautrix_signal_config_path }}:/config:z \
{% for arg in matrix_mautrix_signal_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_signal_docker_image }} \
python3 -m mautrix_signal -c /data/config.yaml
python3 -m mautrix_signal -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
Restart=always
RestartSec=30

7
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View file

@ -30,6 +30,8 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
matrix_mautrix_telegram_appservice_bot_username: telegrambot
# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
@ -109,11 +111,14 @@ matrix_mautrix_telegram_registration_yaml: |
users:
- exclusive: true
regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
aliases:
- exclusive: true
regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
url: {{ matrix_mautrix_telegram_appservice_address }}
sender_localpart: telegrambot
rate_limited: false
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"

18
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
View file

@ -13,7 +13,7 @@ homeserver:
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_telegram_appservice_address }}
address: {{ matrix_mautrix_telegram_appservice_address|to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
@ -36,10 +36,10 @@ appservice:
# Whether or not the public-facing endpoints should be enabled.
enabled: true
# The prefix to use in the public-facing endpoints.
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
prefix: {{ matrix_mautrix_telegram_public_endpoint|to_json }}
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: {{ matrix_mautrix_telegram_appservice_public_external }}
external: {{ matrix_mautrix_telegram_appservice_public_external|to_json }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like Dimension (https://dimension.t2bot.io/).
@ -55,15 +55,15 @@ appservice:
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
bot_username: {{ matrix_mautrix_telegram_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
as_token: {{ matrix_mautrix_telegram_appservice_token|to_json }}
hs_token: {{ matrix_mautrix_telegram_homeserver_token|to_json }}
# Bridge config
bridge:
@ -330,10 +330,10 @@ bridge:
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix_mautrix_telegram_api_id }}
api_hash: {{ matrix_mautrix_telegram_api_hash }}
api_id: {{ matrix_mautrix_telegram_api_id|to_json }}
api_hash: {{ matrix_mautrix_telegram_api_hash|to_json }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: {{ matrix_mautrix_telegram_bot_token }}
bot_token: {{ matrix_mautrix_telegram_bot_token|to_json }}
# Telethon connection options.
connection:

10
roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null'
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@ -42,10 +42,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_telegram_docker_image }} \
python3 -m mautrix_telegram -c /config/config.yaml
python3 -m mautrix_telegram -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-telegram

7
roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View file

@ -27,6 +27,8 @@ matrix_mautrix_whatsapp_systemd_wanted_services_list: []
matrix_mautrix_whatsapp_appservice_token: ''
matrix_mautrix_whatsapp_homeserver_token: ''
matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot
# Database-related configuration fields.
#
@ -93,11 +95,14 @@ matrix_mautrix_whatsapp_registration_yaml: |
url: {{ matrix_mautrix_whatsapp_appservice_address }}
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
sender_localpart: whatsappbot
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_whatsapp_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$'
matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"

2
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
View file

@ -36,7 +36,7 @@ appservice:
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
username: {{ matrix_mautrix_whatsapp_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot

8
roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa
{{ matrix_mautrix_whatsapp_docker_image }} \
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-whatsapp

18
roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
View file

@ -122,20 +122,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc
{% endfor %}
{{ matrix_mx_puppet_discord_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-discord

18
roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2
View file

@ -66,20 +66,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst
{% endfor %}
{{ matrix_mx_puppet_instagram_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-instagram

25
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
View file

@ -42,30 +42,7 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
# Optionally enable/disable logging for certain modules
#disabled:
# - PresenceHandler
# - module: bot-sdk-MatrixLiteClient
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
#enabled:
# - Store
files: []
database:
{% if matrix_mx_puppet_skype_database_engine == 'postgres' %}

8
roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp
{% endfor %}
{{ matrix_mx_puppet_skype_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-skype

18
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
View file

@ -80,20 +80,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac
{% endfor %}
{{ matrix_mx_puppet_slack_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-slack

18
roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2
View file

@ -83,20 +83,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea
{% endfor %}
{{ matrix_mx_puppet_steam_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-steam

18
roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2
View file

@ -76,20 +76,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit
{% endfor %}
{{ matrix_mx_puppet_twitter_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-twitter

4
roles/matrix-client-element/defaults/main.yml
View file

@ -3,7 +3,7 @@ matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.17"
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.20"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
@ -59,6 +59,8 @@ matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welc
# URL to Wallpaper, shown in background of welcome page
matrix_client_element_branding_welcomeBackgroundUrl: ~
matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2"
# By default, there's no Element homepage (when logged in). If you wish to have one,
# point this to a `home.html` template file on your local filesystem.
matrix_client_element_embedded_pages_home_path: ~

2
roles/matrix-client-element/tasks/setup.yml
View file

@ -62,7 +62,7 @@
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
- {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"}
- {src: "{{ matrix_client_element_page_template_welcome_path }}", name: "welcome.html"}
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "matrix_client_element_enabled|bool and item.src is not none"

8
roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2
View file

@ -10,8 +10,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-client-element
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-client-element
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \
--log-driver=none \
@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element
{% endfor %}
{{ matrix_client_element_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-client-element
ExecStop=-{{ matrix_host_command_docker }} rm matrix-client-element
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-client-element

8
roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2
View file

@ -10,8 +10,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
--log-driver=none \
@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
{{ matrix_corporal_docker_image }} \
/matrix-corporal -config=/etc/matrix-corporal/config.json
ExecStop=-{{ matrix_host_command_docker }} kill matrix-corporal
ExecStop=-{{ matrix_host_command_docker }} rm matrix-corporal
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-corporal

6
roles/matrix-coturn/tasks/setup_uninstall.yml
View file

@ -41,7 +41,5 @@
path: "{{ matrix_coturn_base_path }}"
state: absent
- name: Ensure coturn Docker image doesn't exist
docker_image:
name: "{{ matrix_coturn_docker_image }}"
state: absent
# Intentionally not removing the Docker image when uninstalling.
# We can't be sure it had been pulled by us in the first place.

8
roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2
View file

@ -10,8 +10,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
--log-driver=none \
@ -42,8 +42,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
{{ matrix_coturn_docker_image }} \
-c /turnserver.conf
ExecStop=-{{ matrix_host_command_docker }} kill matrix-coturn
ExecStop=-{{ matrix_host_command_docker }} rm matrix-coturn
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null'
# This only reloads certificates (not other configuration).
# See: https://github.com/coturn/coturn/pull/236

8
roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null'
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
{% if matrix_dimension_database_engine == 'sqlite' %}
@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \
{% endfor %}
{{ matrix_dimension_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-dimension
ExecStop=-{{ matrix_host_command_docker }} rm matrix-dimension
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-dimension

3
roles/matrix-dynamic-dns/tasks/uninstall.yml
View file

@ -22,3 +22,6 @@
service:
daemon_reload: yes
when: "matrix_dynamic_dns_service_stat.stat.exists"
# Intentionally not removing the Docker image when uninstalling.
# We can't be sure it had been pulled by us in the first place.

8
roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dynamic-dns
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dynamic-dns
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \
--log-driver=none \
--network={{ matrix_docker_network }} \
@ -26,8 +26,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \
{% endfor %}
{{ matrix_dynamic_dns_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-dynamic-dns
ExecStop=-{{ matrix_host_command_docker }} rm matrix-dynamic-dns
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-dynamic-dns

8
roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2
View file

@ -8,8 +8,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \
--log-driver=none \
@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \
{% endfor %}
{{ matrix_email2matrix_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-email2matrix
ExecStop=-{{ matrix_host_command_docker }} rm matrix-email2matrix
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-email2matrix

93
roles/matrix-etherpad/defaults/main.yml Normal file
View file

@ -0,0 +1,93 @@
matrix_etherpad_enabled: false
matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad"
matrix_etherpad_docker_image: "docker.io/etherpad/etherpad:1.8.7"
matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}"
# List of systemd services that matrix-etherpad.service depends on.
matrix_etherpad_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-etherpad.service wants
matrix_etherpad_systemd_wanted_services_list: []
# Container user has to be able to write to the source file directories until this bug is fixed:
# https://github.com/ether/etherpad-lite/issues/2683
matrix_etherpad_user_uid: '5001'
matrix_etherpad_user_gid: '5001'
# Controls whether the matrix-etherpad container exposes its HTTP port (tcp/9001 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9001"), or empty string to not expose.
matrix_etherpad_container_http_host_bind_port: '9001'
# A list of extra arguments to pass to the container
matrix_etherpad_container_extra_arguments: []
matrix_etherpad_public_endpoint: '/etherpad'
# By default, the Etherpad app can be accessed within the Dimension domain
matrix_etherpad_base_url: "https://{{ matrix_server_fqn_dimension }}{{ matrix_etherpad_public_endpoint }}"
# Database-related configuration fields.
#
# Etherpad recommends using a dedicated database, and supports Sqlite only for development
#
# To use Postgres:
# - change the engine (`matrix_etherpad_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_etherpad_postgres_*` variables
matrix_etherpad_database_engine: 'sqlite'
matrix_etherpad_sqlite_database_path_local: "{{ matrix_etherpad_base_path }}/etherpad.db"
matrix_etherpad_sqlite_database_path_in_container: "/data/etherpad.db"
matrix_etherpad_database_username: 'matrix_etherpad'
matrix_etherpad_database_password: 'some-password'
matrix_etherpad_database_hostname: 'matrix-postgres'
matrix_etherpad_database_port: 5432
matrix_etherpad_database_name: 'matrix_etherpad'
matrix_etherpad_database_connection_string: 'postgres://{{ matrix_etherpad_database_username }}:{{ matrix_etherpad_database_password }}@{{ matrix_etherpad_database_hostname }}:{{ matrix_etherpad_database_port }}/{{ matrix_etherpad_database_name }}'
# Variables configuring the etherpad
matrix_etherpad_title: 'Etherpad'
matrix_etherpad_default_pad_text: |
Welcome to Etherpad!
This pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!
Get involved with Etherpad at https://etherpad.org
# Default Etherpad configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_etherpad_configuration_extension_json`)
# or completely replace this variable with your own template.
matrix_etherpad_configuration_default: "{{ lookup('template', 'templates/settings.json.j2') }}"
# Your custom JSON configuration for Etherpad goes here.
# This configuration extends the default starting configuration (`matrix_etherpad_configuration_json`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_etherpad_configuration_json`.
#
# Example configuration extension follows:
#
# matrix_etherpad_configuration_extension_json: |
# {
# "loadTest": true,
# "commitRateLimiting": {
# "duration": 1,
# "points": 10
# }
# }
#
matrix_etherpad_configuration_extension_json: '{}'
matrix_etherpad_configuration_extension: "{{ matrix_etherpad_configuration_extension_json|from_json if matrix_etherpad_configuration_extension_json|from_json is mapping else {} }}"
# Holds the final Etherpad configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_etherpad_configuration_json`.
matrix_etherpad_configuration: "{{ matrix_etherpad_configuration_default|combine(matrix_etherpad_configuration_extension, recursive=True) }}"

62
roles/matrix-etherpad/tasks/init.yml Normal file
View file

@ -0,0 +1,62 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}"
when: matrix_etherpad_enabled|bool
- block:
- name: Fail if matrix-nginx-proxy role already executed
fail:
msg: >-
Trying to append Etherpad's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
so that the matrix-nginx-proxy role would run after the matrix-etherpad role.
when: matrix_nginx_proxy_role_executed|default(False)|bool
- name: Generate Etherpad proxying configuration for matrix-nginx-proxy
set_fact:
matrix_etherpad_matrix_nginx_proxy_configuration: |
rewrite ^{{ matrix_etherpad_public_endpoint }}$ $scheme://$server_name{{ matrix_etherpad_public_endpoint }}/ permanent;
location {{ matrix_etherpad_public_endpoint }}/ {
{% if matrix_nginx_proxy_enabled|default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
proxy_pass http://matrix-etherpad:9001/;
{# These are proxy directives needed specifically by Etherpad #}
proxy_buffering off;
proxy_http_version 1.1; # recommended with keepalive connections
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% else %}
{# Generic configuration for use outside of our container setup #}
# A good guide for setting up your Etherpad behind nginx:
# https://docs.gandi.net/en/cloud/tutorials/etherpad_lite.html
proxy_pass http://127.0.0.1:9001/;
{% endif %}
}
- name: Register Etherpad proxying configuration with matrix-nginx-proxy
set_fact:
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks|default([])
+
[matrix_etherpad_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_etherpad_enabled|bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
debug:
msg: >-
NOTE: You've enabled the Etherpad tool but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_etherpad_public_endpoint }}`
URL endpoint to the matrix-etherpad container.
You can expose the container's port using the `matrix_etherpad_container_http_host_bind_port` variable.
when: "matrix_etherpad_enabled|bool and matrix_nginx_proxy_enabled is not defined"

21
roles/matrix-etherpad/tasks/main.yml Normal file
View file

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: run_setup|bool and matrix_etherpad_enabled|bool
tags:
- setup-all
- setup-etherpad
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: run_setup|bool and not matrix_etherpad_enabled|bool
tags:
- setup-all
- setup-etherpad
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: run_setup|bool and matrix_etherpad_enabled|bool
tags:
- setup-all
- setup-etherpad

36
roles/matrix-etherpad/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,36 @@
---
- name: Ensure Etherpad base path exists
file:
path: "{{ matrix_etherpad_base_path }}"
state: directory
mode: 0770
owner: "{{ matrix_etherpad_user_uid }}"
group: "{{ matrix_etherpad_user_gid }}"
- name: Ensure Etherpad config installed
copy:
content: "{{ matrix_etherpad_configuration|to_nice_json }}"
dest: "{{ matrix_etherpad_base_path }}/settings.json"
mode: 0640
owner: "{{ matrix_etherpad_user_uid }}"
group: "{{ matrix_etherpad_user_gid }}"
- name: Ensure Etherpad image is pulled
docker_image:
name: "{{ matrix_etherpad_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}"
- name: Ensure matrix-etherpad.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-etherpad.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-etherpad.service"
mode: 0644
register: matrix_etherpad_systemd_service_result
- name: Ensure systemd reloaded after matrix-etherpad.service installation
service:
daemon_reload: yes
when: "matrix_etherpad_systemd_service_result.changed|bool"

35
roles/matrix-etherpad/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,35 @@
---
- name: Check existence of matrix-etherpad service
stat:
path: "{{ matrix_systemd_path }}/matrix-etherpad.service"
register: matrix_etherpad_service_stat
- name: Ensure matrix-etherpad is stopped
service:
name: matrix-etherpad
state: stopped
daemon_reload: yes
register: stopping_result
when: "matrix_etherpad_service_stat.stat.exists|bool"
- name: Ensure matrix-etherpad.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-etherpad.service"
state: absent
when: "matrix_etherpad_service_stat.stat.exists|bool"
- name: Ensure systemd reloaded after matrix-etherpad.service removal
service:
daemon_reload: yes
when: "matrix_etherpad_service_stat.stat.exists|bool"
- name: Ensure Etherpad base directory doesn't exist
file:
path: "{{ matrix_etherpad_base_path }}"
state: absent
- name: Ensure Etherpad Docker image doesn't exist
docker_image:
name: "{{ matrix_etherpad_docker_image }}"
state: absent

5
roles/matrix-etherpad/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,5 @@
- name: Fail if Etherpad is enabled without the Dimension integrations manager
fail:
msg: >-
To integrate Etherpad notes with Matrix rooms you need to set "matrix_dimension_enabled" to true
when: "not matrix_dimension_enabled|bool"

106
roles/matrix-etherpad/templates/settings.json.j2 Normal file
View file

@ -0,0 +1,106 @@
{
"title": {{ matrix_etherpad_title|to_json }},
"favicon": "favicon.ico",
"skinName": "colibris",
"skinVariants": "super-light-toolbar super-light-editor light-background",
"ip": "::",
"port": 9001,
"showSettingsInAdminPage": true,
"dbType": {{ matrix_etherpad_database_engine|to_json }},
"dbSettings": {
{% if matrix_etherpad_database_engine == 'sqlite' %}
"filename": {{ matrix_etherpad_sqlite_database_path_in_container|to_json }}
{% elif matrix_etherpad_database_engine == 'postgres' %}
"database": {{ matrix_etherpad_database_name|to_json }},
"host": {{ matrix_etherpad_database_hostname|to_json }},
"password": {{ matrix_etherpad_database_password|to_json }},
"port": {{ matrix_etherpad_database_port|to_json }},
"user": {{ matrix_etherpad_database_username|to_json }}
{% endif %}
},
"defaultPadText" : {{ matrix_etherpad_default_pad_text|to_json }},
"suppressErrorsInPadText": false,
"requireSession": false,
"editOnly": false,
"minify": true,
"maxAge": 21600,
"abiword": null,
"soffice": null,
"tidyHtml": null,
"allowUnknownFileEnds": true,
"requireAuthentication": false,
"requireAuthorization": false,
"trustProxy": true,
"cookie": {
"sameSite": "Lax"
},
"disableIPlogging": true,
"automaticReconnectionTimeout": 0,
"scrollWhenFocusLineIsOutOfViewport": {
"percentage": {
"editionAboveViewport": 0,
"editionBelowViewport": 0
},
"duration": 0,
"scrollWhenCaretIsInTheLastLineOfViewport": false,
"percentageToScrollWhenUserPressesArrowUp": 0
},
"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
"loadTest": false,
"importExportRateLimiting": {
"windowMs": 90000,
"max": 10
},
"importMaxFileSize": 52428800,
"commitRateLimiting": {
"duration": 1,
"points": 10
},
"exposeVersion": false,
"padOptions": {
"noColors": false,
"showControls": true,
"showChat": false,
"showLineNumbers": true,
"useMonospaceFont": false,
"userName": false,
"userColor": false,
"rtl": false,
"alwaysShowChat": false,
"chatAndUsers": false,
"lang": "en-gb"
},
"padShortcutEnabled" : {
"altF9": true,
"altC": true,
"cmdShift2": true,
"delete": true,
"return": true,
"esc": true,
"cmdS": true,
"tab": true,
"cmdZ": true,
"cmdY": true,
"cmdI": true,
"cmdB": true,
"cmdU": true,
"cmd5": true,
"cmdShiftL": true,
"cmdShiftN": true,
"cmdShift1": true,
"cmdShiftC": true,
"cmdH": true,
"ctrlHome": true,
"pageUp": true,
"pageDown": true
},
"loglevel": "INFO",
"logconfig" :
{ "appenders": [
{ "type": "console",
"layout": {"type": "messagePassThrough"}
}
]
},
"customLocaleStrings": {}
}

49
roles/matrix-etherpad/templates/systemd/matrix-etherpad.service.j2 Normal file
View file

@ -0,0 +1,49 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Etherpad
{% for service in matrix_etherpad_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_etherpad_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-etherpad
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-etherpad
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
{% if matrix_etherpad_database_engine == 'sqlite' %}
ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_etherpad_user_uid }} {{ matrix_etherpad_sqlite_database_path_local }}
{% endif %}
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-etherpad \
--log-driver=none \
--user={{ matrix_etherpad_user_uid }}:{{ matrix_etherpad_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
{% if matrix_etherpad_container_http_host_bind_port %}
-p {{ matrix_etherpad_container_http_host_bind_port }}:9001 \
{% endif %}
--mount type=bind,src={{ matrix_etherpad_base_path }},dst=/data \
{% for arg in matrix_etherpad_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_etherpad_docker_image }} \
node --experimental-worker /opt/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js \
--settings /data/settings.json --credentials /data/credentials.json \
--sessionkey /data/sessionkey.json --apikey /data/apijey.json
ExecStop=-{{ matrix_host_command_docker }} kill matrix-etherpad
ExecStop=-{{ matrix_host_command_docker }} rm matrix-etherpad
Restart=always
RestartSec=30
SyslogIdentifier=matrix-etherpad
[Install]
WantedBy=multi-user.target

3
roles/matrix-jitsi/defaults/main.yml
View file

@ -67,6 +67,9 @@ matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
# Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`.
matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443']
# Controls whether Etherpad will be available within Jitsi
matrix_jitsi_etherpad_enabled: false
# Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12080"), or empty string to not expose.

7
roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml
View file

@ -89,8 +89,5 @@
state: absent
when: "not matrix_jitsi_enabled|bool"
- name: Ensure jitsi-jicofo Docker image doesn't exist
docker_image:
name: "{{ matrix_jitsi_jicofo_docker_image }}"
state: absent
when: "not matrix_jitsi_enabled|bool"
# Intentionally not removing the Docker image when uninstalling.
# We can't be sure it had been pulled by us in the first place.

7
roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml
View file

@ -89,8 +89,5 @@
state: absent
when: "not matrix_jitsi_enabled|bool"
- name: Ensure jitsi-jvb Docker image doesn't exist
docker_image:
name: "{{ matrix_jitsi_jvb_docker_image }}"
state: absent
when: "not matrix_jitsi_enabled|bool"
# Intentionally not removing the Docker image when uninstalling.
# We can't be sure it had been pulled by us in the first place.

7
roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml
View file

@ -80,8 +80,5 @@
state: absent
when: "not matrix_jitsi_enabled|bool"
- name: Ensure jitsi-prosody Docker image doesn't exist
docker_image:
name: "{{ matrix_jitsi_prosody_docker_image }}"
state: absent
when: "not matrix_jitsi_enabled|bool"
# Intentionally not removing the Docker image when uninstalling.
# We can't be sure it had been pulled by us in the first place.

8
roles/matrix-jitsi/tasks/setup_jitsi_web.yml
View file

@ -90,8 +90,6 @@
state: absent
when: "not matrix_jitsi_enabled|bool"
- name: Ensure jitsi-web Docker image doesn't exist
docker_image:
name: "{{ matrix_jitsi_web_docker_image }}"
state: absent
when: "not matrix_jitsi_enabled|bool"
# Intentionally not removing the Docker image when uninstalling.
# We can't be sure it had been pulled by us in the first place.

8
roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2
View file

@ -10,8 +10,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
--log-driver=none \
@ -23,8 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
{% endfor %}
{{ matrix_jitsi_jicofo_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jicofo

8
roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
View file

@ -10,8 +10,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
--log-driver=none \
@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
{% endfor %}
{{ matrix_jitsi_jvb_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jvb

8
roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
View file

@ -10,8 +10,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
--log-driver=none \
@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody
{% endfor %}
{{ matrix_jitsi_prosody_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-prosody

3
roles/matrix-jitsi/templates/web/custom-config.js.j2
View file

@ -11,5 +11,8 @@ config.p2p.stunServers = [
];
{% endif %}
{% if matrix_jitsi_etherpad_enabled %}
config.etherpad_base = {{ (matrix_jitsi_etherpad_base + '/p/') |to_json }}
{% endif %}
{{ matrix_jitsi_web_custom_config_extension }}

2
roles/matrix-jitsi/templates/web/env.j2
View file

@ -37,4 +37,6 @@ RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }}
START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }}
ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
{{ matrix_jitsi_web_environment_variables_extension }}

8
roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2
View file

@ -10,8 +10,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
--log-driver=none \
@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
{% endfor %}
{{ matrix_jitsi_web_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-web

8
roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null'
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
# so /tmp needs to be mounted with an exec option.
@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
{% endfor %}
{{ matrix_ma1sd_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd
ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-ma1sd

8
roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2
View file

@ -8,8 +8,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null'
# --hostname gives us a friendlier hostname than the default.
# The real hostname is passed via a `HOSTNAME` environment variable though.
@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
{% endfor %}
{{ matrix_mailer_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mailer
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mailer
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mailer

2
roles/matrix-nginx-proxy/defaults/main.yml
View file

@ -295,7 +295,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "docker.io/certbot/certbot:{{ matrix_ssl_architecture }}-v1.10.1"
matrix_ssl_lets_encrypt_certbot_docker_image: "docker.io/certbot/certbot:{{ matrix_ssl_architecture }}-v1.11.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~

2
roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
View file

@ -55,7 +55,7 @@
file:
path: "{{ matrix_systemd_path }}/{{ item.name }}"
state: absent
when: "{{ not item.applicable }}"
when: "not item.applicable|bool"
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
- name: Ensure Let's Encrypt SSL renewal script removed

5
roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
View file

@ -45,6 +45,11 @@ http {
keepalive_timeout 65;
#gzip on;
{# Map directive needed for proxied WebSocket upgrades #}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/conf.d/*.conf;
}

8
roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
View file

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
--log-driver=none \
@ -47,8 +47,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
{% endfor %}
{{ matrix_nginx_proxy_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
ExecStop=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null'
ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload
Restart=always
RestartSec=30

30
roles/matrix-postgres/defaults/main.yml
View file

@ -1,18 +1,27 @@
matrix_postgres_enabled: true
matrix_postgres_connection_hostname: ""
matrix_postgres_connection_username: ""
matrix_postgres_connection_hostname: "matrix-postgres"
matrix_postgres_connection_port: 5432
matrix_postgres_connection_username: "matrix"
matrix_postgres_connection_password: ""
matrix_postgres_db_name: ""
matrix_postgres_db_name: "matrix"
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
matrix_postgres_docker_image_v9: "docker.io/postgres:9.6.20-alpine"
matrix_postgres_docker_image_v10: "docker.io/postgres:10.15-alpine"
matrix_postgres_docker_image_v11: "docker.io/postgres:11.10-alpine"
matrix_postgres_docker_image_v12: "docker.io/postgres:12.5-alpine"
matrix_postgres_docker_image_v13: "docker.io/postgres:13.1-alpine"
matrix_postgres_architecture: amd64
# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images.
# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7).
# On ARM32, `-alpine` images fail with the following error:
# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault
matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
matrix_postgres_docker_image_v9: "docker.io/postgres:9.6.20{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v10: "docker.io/postgres:10.15{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v11: "docker.io/postgres:11.10{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v12: "docker.io/postgres:12.5{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_v13: "docker.io/postgres:13.1{{ matrix_postgres_docker_image_suffix }}"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
# This variable is assigned at runtime. Overriding its value has no effect.
@ -63,7 +72,10 @@ matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_post
# and before trying to run queries for creating additional databases/users against it.
#
# For most (subsequent) runs, Postgres would already be running, so no waiting will be happening at all.
matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: 15
#
# On ARM, we wait some more. ARM32 devices are especially known for being slow.
# ARM64 likely don't need such a long delay, but it doesn't hurt too much having it.
matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: "{{ 45 if matrix_postgres_architecture in ['arm32', 'arm64'] else 15 }}"
matrix_postgres_pgloader_container_image_self_build: false

9
roles/matrix-postgres/tasks/import_postgres.yml
View file

@ -35,6 +35,13 @@
postgres_import_wait_time: "{{ 7 * 86400 }}"
when: "postgres_import_wait_time|default('') == ''"
# By default, we connect and import into the main (`matrix`) database.
# Single-database dumps for Synapse may wish to import into `synapse` instead.
- name: Set postgres_default_import_database, if not provided
set_fact:
postgres_default_import_database: "{{ matrix_postgres_db_name }}"
when: "postgres_default_import_database|default('') == ''"
# Actual import work
- name: Ensure matrix-postgres is started
@ -76,7 +83,7 @@
{{ 'gunzip |' if server_path_postgres_dump.endswith('.gz') else '' }}
grep -vE '{{ matrix_postgres_import_roles_ignore_regex }}' |
grep -vE '{{ matrix_postgres_import_databases_ignore_regex }}' |
psql -v ON_ERROR_STOP=1 -h matrix-postgres"
psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname={{ postgres_default_import_database }}"
# This is a hack.
# See: https://ansibledaily.com/print-to-standard-output-without-escaping/

32
roles/matrix-postgres/tasks/setup_postgres.yml
View file

@ -120,6 +120,25 @@
- always
when: "matrix_postgres_enabled|bool and matrix_postgres_additional_databases|length > 0"
- name: Check existence of matrix-postgres backup data path
stat:
path: "{{ matrix_postgres_data_path }}-auto-upgrade-backup"
register: matrix_postgres_data_backup_path_stat
when: "matrix_postgres_enabled|bool"
- name: Inject warning if backup data remains
set_fact:
matrix_playbook_runtime_results: |
{{
matrix_playbook_runtime_results|default([])
+
[
"NOTE: You have some Postgres backup data in `{{ matrix_postgres_data_path }}-auto-upgrade-backup`, which was created during the last major Postgres update you ran. If your setup works well after this upgrade, feel free to delete this whole directory."
]
}}
when: "matrix_postgres_enabled|bool and matrix_postgres_data_backup_path_stat.stat.exists"
#
# Tasks related to getting rid of the internal postgres server (if it was previously enabled)
#
@ -155,9 +174,16 @@
when: "not matrix_postgres_enabled|bool"
# We just want to notify the user. Deleting data is too destructive.
- name: Notify if matrix-postgres local data remains
debug:
msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
- name: Inject warning if matrix-postgres local data remains
set_fact:
matrix_playbook_runtime_results: |
{{
matrix_playbook_runtime_results|default([])
+
[
"NOTE: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
]
}}
when: "not matrix_postgres_enabled|bool and matrix_postgres_data_path_stat.stat.exists"
- name: Remove Postgres scripts

18
roles/matrix-postgres/tasks/validate_config.yml
View file

@ -6,17 +6,29 @@
The `matrix_postgres_use_external` variable defined in your configuration is not used by this playbook anymore!
You'll need to adapt to the new way of using an external Postgres server.
It's a combination of `matrix_postgres_enabled: false` and specifying Postgres connection
details in a few `matrix_synapse_database_` variables.
details in a few `matrix_postgres_connection_` variables.
See the "Using an external PostgreSQL server (optional)" documentation page.
when: "'matrix_postgres_use_external' in vars"
# This is separate (from the other required variables below),
# because we'd like to have a friendlier message for our existing users.
- name: Fail if matrix_postgres_connection_password not defined
fail:
msg: >-
The playbook no longer has a default Postgres password defined in the `matrix_postgres_connection_password` variable, among lots of other Postgres changes.
You need to perform multiple manual steps to resolve this.
See our changelog for more details:
https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-postgres-changes-that-require-manual-intervention
when: "matrix_postgres_connection_password == ''"
- name: Fail if required Postgres settings not defined
fail:
msg: >
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_postgres_connection_hostname"
- "matrix_postgres_connection_port"
- "matrix_postgres_connection_username"
- "matrix_postgres_connection_password"
- "matrix_postgres_db_name"
@ -24,4 +36,4 @@
- name: Fail if Postgres password length exceeded
fail:
msg: "The maximum `matrix_postgres_connection_password` length is 99 characters"
when: "matrix_postgres_connection_hostname|length > 99"
when: "matrix_postgres_connection_password|length > 99"

10
roles/matrix-postgres/templates/sql/init-additional-db-user-and-role.sql.j2
View file

@ -2,18 +2,18 @@
-- Seen here: https://stackoverflow.com/a/49858797
DO $$
BEGIN
CREATE USER {{ additional_db.username }};
CREATE USER "{{ additional_db.username }}";
EXCEPTION WHEN DUPLICATE_OBJECT THEN
RAISE NOTICE 'not creating user {{ additional_db.username }}, since it already exists';
RAISE NOTICE 'not creating user "{{ additional_db.username }}", since it already exists';
END
$$;
-- This is useful for initial user creation (since we don't assign a password above) and for handling subsequent password changes
-- TODO - we should escape quotes in the password.
ALTER ROLE {{ additional_db.username }} PASSWORD '{{ additional_db.password }}';
ALTER ROLE "{{ additional_db.username }}" PASSWORD '{{ additional_db.password }}';
-- This will generate an error on subsequent execution
CREATE DATABASE {{ additional_db.name }} WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER {{ additional_db.username }};
CREATE DATABASE "{{ additional_db.name }}" WITH LC_CTYPE 'C' LC_COLLATE 'C' OWNER "{{ additional_db.username }}";
-- This is useful for changing the database owner subsequently
ALTER DATABASE {{ additional_db.name }} OWNER TO {{ additional_db.username }};
ALTER DATABASE "{{ additional_db.name }}" OWNER TO "{{ additional_db.username }}";

4
roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2
View file

@ -9,7 +9,7 @@ DefaultDependencies=no
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
--log-driver=none \
@ -31,7 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
{{ matrix_postgres_docker_image_to_use }}
ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres
ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-postgres

Some files were not shown because too many files have changed in this diff Show more