From 367cddb715dcd75cb5e1bb9eca2cce997b69fc25 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Tue, 9 Nov 2021 15:01:18 +0100 Subject: [PATCH 01/46] Upgrade Element (v1.9.4) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 104b778f..1273859d 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.9.3 +matrix_client_element_version: v1.9.4 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 735c966ab69cc8aa141a341426ad401631417dac Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 10 Nov 2021 17:39:21 +0200 Subject: [PATCH 02/46] Disable systemd services when stopping to uninstall them Until now, we were leaving services "enabled" (symlinks in /etc/systemd/system/multi-user.target.wants/). We clean these up now. Broken symlinks may still exist in older installations that enabled/disabled services. We're not taking care to fix these up. It's just a cosmetic defect anyway. --- roles/matrix-bot-go-neb/tasks/setup_uninstall.yml | 1 + roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml | 1 + roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-appservice-discord/tasks/setup_install.yml | 1 + .../matrix-bridge-appservice-discord/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml | 1 + .../tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml | 1 + .../matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml | 1 + .../matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml | 2 ++ roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml | 1 + .../matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml | 1 + .../matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml | 1 + .../tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml | 1 + roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml | 1 + roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 1 + roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml | 1 + .../matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml | 1 + roles/matrix-bridge-sms/tasks/setup_uninstall.yml | 3 ++- roles/matrix-client-element/tasks/migrate_riot_web.yml | 1 + roles/matrix-client-element/tasks/setup_uninstall.yml | 1 + roles/matrix-client-hydrogen/tasks/setup_uninstall.yml | 1 + roles/matrix-corporal/tasks/setup_corporal.yml | 1 + roles/matrix-coturn/tasks/setup_uninstall.yml | 2 ++ roles/matrix-dimension/tasks/setup_uninstall.yml | 1 + roles/matrix-dynamic-dns/tasks/uninstall.yml | 1 + roles/matrix-email2matrix/tasks/setup_uninstall.yml | 1 + roles/matrix-etherpad/tasks/setup_uninstall.yml | 1 + roles/matrix-grafana/tasks/setup.yml | 1 + roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 1 + roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 1 + roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 1 + roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 1 + roles/matrix-ma1sd/tasks/migrate_mxisd.yml | 1 + roles/matrix-ma1sd/tasks/setup_uninstall.yml | 1 + roles/matrix-mailer/tasks/setup_mailer.yml | 1 + roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 1 + roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml | 1 + .../matrix-postgres/tasks/migrate_postgres_data_directory.yml | 2 +- roles/matrix-prometheus-node-exporter/tasks/setup.yml | 1 + roles/matrix-prometheus-postgres-exporter/tasks/setup.yml | 1 + roles/matrix-prometheus/tasks/setup_uninstall.yml | 1 + roles/matrix-redis/tasks/setup_redis.yml | 1 + roles/matrix-registration/tasks/setup_uninstall.yml | 1 + roles/matrix-sygnal/tasks/setup_uninstall.yml | 1 + roles/matrix-synapse-admin/tasks/setup.yml | 1 + roles/matrix-synapse/tasks/goofys/setup_uninstall.yml | 1 + roles/matrix-synapse/tasks/import_media_store.yml | 1 + roles/matrix-synapse/tasks/synapse/setup_uninstall.yml | 1 + 65 files changed, 68 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml index 49ad1fe7..3610eb44 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-bot-go-neb state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_bot_go_neb_service_stat.stat.exists|bool" diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml index 141e61ba..d7e41201 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-bot-matrix-reminder-bot state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml index 7127543e..7fff5e13 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-bot-mjolnir state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 6d3fdd0f..546e5043 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -54,6 +54,7 @@ service: name: matrix-appservice-discord state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_appservice_discord_stat_db.stat.exists" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 4e8c1fdc..5dd8075d 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-appservice-discord state: stopped + enabled: no daemon_reload: yes when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 2b5e5dfd..51507817 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-appservice-irc state: stopped + enabled: no daemon_reload: yes when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml index 0b83d02e..2dfe1c7b 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-appservice-slack state: stopped + enabled: no daemon_reload: yes when: "matrix_appservice_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml index d8e973ce..81440b88 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-appservice-webhooks state: stopped + enabled: no daemon_reload: yes when: "matrix_appservice_webhooks_service_stat.stat.exists" diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml index 004b788e..175613f0 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-beeper-linkedin state: stopped + enabled: no daemon_reload: yes when: "matrix_beeper_linkedin_service_stat.stat.exists" diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml index 853faf7a..cf100a89 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-heisenbridge state: stopped + enabled: no daemon_reload: yes when: "matrix_heisenbridge_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index fb9dcca4..d5230bca 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -86,6 +86,7 @@ service: name: matrix-mautrix-facebook state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mautrix_facebook_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index efc8aa74..abbce350 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mautrix-facebook state: stopped + enabled: no daemon_reload: yes when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index f68ee505..293e8817 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -85,6 +85,7 @@ service: name: matrix-mautrix-googlechat state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mautrix_googlechat_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml index d3adb7e2..bdcaa6e7 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mautrix-googlechat state: stopped + enabled: no daemon_reload: yes when: "matrix_mautrix_googlechat_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index d5373134..fb5236fd 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -85,6 +85,7 @@ service: name: matrix-mautrix-hangouts state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mautrix_hangouts_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml index 14413e94..34348cfd 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mautrix-hangouts state: stopped + enabled: no daemon_reload: yes when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml index c5c8a3e6..02e20b61 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml @@ -8,6 +8,7 @@ service: name: matrix-mautrix-instagram state: stopped + enabled: no daemon_reload: yes when: "matrix_mautrix_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml index 2ca6a9a9..b36ef81d 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_uninstall.yml @@ -10,6 +10,7 @@ service: name: matrix-mautrix-signal-daemon state: stopped + enabled: no daemon_reload: yes when: "matrix_mautrix_signal_daemon_service_stat.stat.exists" @@ -29,6 +30,7 @@ service: name: matrix-mautrix-signal state: stopped + enabled: no daemon_reload: yes when: "matrix_mautrix_signal_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index e2e583f2..1e87f1ae 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -107,6 +107,7 @@ service: name: matrix-mautrix-telegram state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mautrix_telegram_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index b14bd737..bc84edbb 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mautrix-telegram state: stopped + enabled: no daemon_reload: yes when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index f3dd0570..ddd49dd0 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -93,6 +93,7 @@ service: name: matrix-mautrix-whatsapp state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mautrix_whatsapp_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 93f5c4c8..7dd4b402 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mautrix-whatsapp state: stopped + enabled: no daemon_reload: yes when: "matrix_mautrix_whatsapp_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml index b5b83c98..a0298ad9 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mx-puppet-discord state: stopped + enabled: no daemon_reload: yes when: "matrix_mx_puppet_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index b1d5f0b5..3ed4867c 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -31,6 +31,7 @@ service: name: matrix-mx-puppet-groupme state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mx_puppet_groupme_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml index cc4fdfa5..f9ecce58 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mx-puppet-groupme state: stopped + enabled: no daemon_reload: yes when: "matrix_mx_puppet_groupme_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml index 4b5e67ac..9ad4e13d 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mx-puppet-instagram state: stopped + enabled: no daemon_reload: yes when: "matrix_mx_puppet_instagram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index 997a6317..a39e7acf 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -31,6 +31,7 @@ service: name: matrix-mx-puppet-skype state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mx_puppet_skype_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml index 72b3a945..a1af7e33 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mx-puppet-skype state: stopped + enabled: no daemon_reload: yes when: "matrix_mx_puppet_skype_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index d816ceeb..8ef8ac4e 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -31,6 +31,7 @@ service: name: matrix-mx-puppet-slack state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mx_puppet_slack_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml index 73314a66..f6e7d33e 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mx-puppet-slack state: stopped + enabled: no daemon_reload: yes when: "matrix_mx_puppet_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 3bcef36e..a92d63fb 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -31,6 +31,7 @@ service: name: matrix-mx-puppet-steam state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mx_puppet_steam_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml index 1ee95eb3..608bde73 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mx-puppet-steam state: stopped + enabled: no daemon_reload: yes when: "matrix_mx_puppet_steam_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 5767ed17..a6250a16 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -31,6 +31,7 @@ service: name: matrix-mx-puppet-twitter state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_mx_puppet_twitter_stat_database.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml index 1d663531..1382ee58 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-mx-puppet-twitter state: stopped + enabled: no daemon_reload: yes when: "matrix_mx_puppet_twitter_service_stat.stat.exists" diff --git a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml index 03ddaad0..ad8442bc 100644 --- a/roles/matrix-bridge-sms/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-sms-bridge state: stopped + enabled: no daemon_reload: yes when: "matrix_sms_bridge_service_stat.stat.exists" @@ -16,4 +17,4 @@ file: path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" state: absent - when: "matrix_sms_bridge_service_stat.stat.exists" \ No newline at end of file + when: "matrix_sms_bridge_service_stat.stat.exists" diff --git a/roles/matrix-client-element/tasks/migrate_riot_web.yml b/roles/matrix-client-element/tasks/migrate_riot_web.yml index dd0eb0f8..304e9fbf 100644 --- a/roles/matrix-client-element/tasks/migrate_riot_web.yml +++ b/roles/matrix-client-element/tasks/migrate_riot_web.yml @@ -10,6 +10,7 @@ service: name: matrix-riot-web state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_client_element_enabled|bool and matrix_client_riot_web_service_stat.stat.exists" diff --git a/roles/matrix-client-element/tasks/setup_uninstall.yml b/roles/matrix-client-element/tasks/setup_uninstall.yml index 74a4720e..82805b78 100644 --- a/roles/matrix-client-element/tasks/setup_uninstall.yml +++ b/roles/matrix-client-element/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-client-element state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_client_element_service_stat.stat.exists|bool" diff --git a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml index d72f9e3f..64d20166 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-client-hydrogen state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_client_hydrogen_service_stat.stat.exists|bool" diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index e668de27..8e007c4f 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -83,6 +83,7 @@ service: name: matrix-corporal state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" diff --git a/roles/matrix-coturn/tasks/setup_uninstall.yml b/roles/matrix-coturn/tasks/setup_uninstall.yml index 4674903f..b642c6d0 100644 --- a/roles/matrix-coturn/tasks/setup_uninstall.yml +++ b/roles/matrix-coturn/tasks/setup_uninstall.yml @@ -10,6 +10,7 @@ service: name: matrix-coturn state: stopped + enabled: no daemon_reload: yes when: "matrix_coturn_service_stat.stat.exists|bool" @@ -17,6 +18,7 @@ service: name: matrix-coturn state: stopped + enabled: no daemon_reload: yes failed_when: false when: "matrix_coturn_service_stat.stat.exists|bool" diff --git a/roles/matrix-dimension/tasks/setup_uninstall.yml b/roles/matrix-dimension/tasks/setup_uninstall.yml index 9bc4ac8b..21f34df0 100644 --- a/roles/matrix-dimension/tasks/setup_uninstall.yml +++ b/roles/matrix-dimension/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-dimension state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_dimension_service_stat.stat.exists|bool" diff --git a/roles/matrix-dynamic-dns/tasks/uninstall.yml b/roles/matrix-dynamic-dns/tasks/uninstall.yml index f3caba25..9d511051 100644 --- a/roles/matrix-dynamic-dns/tasks/uninstall.yml +++ b/roles/matrix-dynamic-dns/tasks/uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-dynamic-dns state: stopped + enabled: no daemon_reload: yes when: "matrix_dynamic_dns_service_stat.stat.exists" diff --git a/roles/matrix-email2matrix/tasks/setup_uninstall.yml b/roles/matrix-email2matrix/tasks/setup_uninstall.yml index b0b44cca..270b9250 100644 --- a/roles/matrix-email2matrix/tasks/setup_uninstall.yml +++ b/roles/matrix-email2matrix/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-email2matrix state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_email2matrix_service_stat.stat.exists|bool" diff --git a/roles/matrix-etherpad/tasks/setup_uninstall.yml b/roles/matrix-etherpad/tasks/setup_uninstall.yml index 8f40f420..a63d3fb1 100644 --- a/roles/matrix-etherpad/tasks/setup_uninstall.yml +++ b/roles/matrix-etherpad/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-etherpad state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_etherpad_service_stat.stat.exists|bool" diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 00d2e230..c5cee64c 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -93,6 +93,7 @@ service: name: matrix-grafana state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index dd2a7bd2..4e2be696 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -68,6 +68,7 @@ service: name: matrix-jitsi-jicofo state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jicofo_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index b73426db..558a6cf1 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -68,6 +68,7 @@ service: name: matrix-jitsi-jvb state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_jvb_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index fd051fda..39a571ae 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -59,6 +59,7 @@ service: name: matrix-jitsi-prosody state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 2b8a2cd2..4fdcc67b 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -69,6 +69,7 @@ service: name: matrix-jitsi-web state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_jitsi_enabled|bool and matrix_jitsi_web_service_stat.stat.exists" diff --git a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml index 1d966204..c36c3de9 100644 --- a/roles/matrix-ma1sd/tasks/migrate_mxisd.yml +++ b/roles/matrix-ma1sd/tasks/migrate_mxisd.yml @@ -23,6 +23,7 @@ service: name: matrix-mxisd state: stopped + enabled: no daemon_reload: yes when: "matrix_mxisd_service_stat.stat.exists" diff --git a/roles/matrix-ma1sd/tasks/setup_uninstall.yml b/roles/matrix-ma1sd/tasks/setup_uninstall.yml index b36ab508..153f6e08 100644 --- a/roles/matrix-ma1sd/tasks/setup_uninstall.yml +++ b/roles/matrix-ma1sd/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-ma1sd state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_ma1sd_service_stat.stat.exists|bool" diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 251a52da..def17883 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -79,6 +79,7 @@ service: name: matrix-mailer state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index e577491b..d325d2f0 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -193,6 +193,7 @@ service: name: matrix-nginx-proxy state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 9761088d..68eae443 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -69,6 +69,7 @@ service: name: matrix-postgres-backup state: stopped + enabled: no daemon_reload: yes when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" diff --git a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml index ef5fbf47..e62feee3 100644 --- a/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml +++ b/roles/matrix-postgres/tasks/migrate_postgres_data_directory.yml @@ -69,4 +69,4 @@ - name: Ensure systemd reloaded after getting rid of outdated matrix-postgres.service service: daemon_reload: yes - when: "result_pg_old_data_dir_stat.stat.exists" \ No newline at end of file + when: "result_pg_old_data_dir_stat.stat.exists" diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index 34086e6c..fa8eb767 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -38,6 +38,7 @@ service: name: matrix-prometheus-node-exporter state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index 076ece1a..37743b66 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -38,6 +38,7 @@ service: name: matrix-prometheus-postgres-exporter state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_prometheus_postgres_exporter_enabled|bool and matrix_prometheus_postgres_exporter_service_stat.stat.exists" diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/matrix-prometheus/tasks/setup_uninstall.yml index dd46a222..d99c1a8e 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/matrix-prometheus/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-prometheus state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_prometheus_service_stat.stat.exists|bool" diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index 6f00282b..f1f32238 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -72,6 +72,7 @@ service: name: matrix-redis state: stopped + enabled: no daemon_reload: yes when: "not matrix_redis_enabled|bool and matrix_redis_service_stat.stat.exists" diff --git a/roles/matrix-registration/tasks/setup_uninstall.yml b/roles/matrix-registration/tasks/setup_uninstall.yml index 573f8170..8afd1084 100644 --- a/roles/matrix-registration/tasks/setup_uninstall.yml +++ b/roles/matrix-registration/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-registration state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_registration_service_stat.stat.exists|bool" diff --git a/roles/matrix-sygnal/tasks/setup_uninstall.yml b/roles/matrix-sygnal/tasks/setup_uninstall.yml index dc50078c..f2b6133f 100644 --- a/roles/matrix-sygnal/tasks/setup_uninstall.yml +++ b/roles/matrix-sygnal/tasks/setup_uninstall.yml @@ -9,6 +9,7 @@ service: name: matrix-sygnal state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_sygnal_service_stat.stat.exists|bool" diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index 6fb47fb3..d54583af 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -59,6 +59,7 @@ service: name: matrix-synapse-admin state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "not matrix_synapse_admin_enabled|bool and matrix_synapse_admin_service_stat.stat.exists" diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml index 91d43456..317a5371 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -7,6 +7,7 @@ service: name: matrix-goofys state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_goofys_service_stat.stat.exists" diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/matrix-synapse/tasks/import_media_store.yml index 487bcb35..42455b44 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/matrix-synapse/tasks/import_media_store.yml @@ -44,6 +44,7 @@ service: name: matrix-synapse state: stopped + enabled: no daemon_reload: yes register: stopping_result diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml index f1cdf167..070856e4 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -7,6 +7,7 @@ service: name: matrix-synapse state: stopped + enabled: no daemon_reload: yes register: stopping_result when: "matrix_synapse_service_stat.stat.exists" From 7a4f49c457e6346989152b0679907a51d25c631c Mon Sep 17 00:00:00 2001 From: sakkiii Date: Wed, 10 Nov 2021 22:52:23 +0530 Subject: [PATCH 03/46] Nginx Minio Update (1.21.3 -> 1.21.4) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index ff917c90..e3c19d86 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,5 +1,5 @@ matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.21.3-alpine +matrix_nginx_proxy_version: 1.21.4-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but From cd26af2f6fac44b49f4cd9f098e16a64c89104fe Mon Sep 17 00:00:00 2001 From: sakkiii Date: Wed, 10 Nov 2021 22:58:45 +0530 Subject: [PATCH 04/46] Certbot Update (v1.20.0 -> v1.21.0) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index e3c19d86..3bb2723d 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -437,7 +437,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.20.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.21.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From c4d2c8394ca90facc7605ab2bc16b4cc993b0c84 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 Nov 2021 15:42:34 +0200 Subject: [PATCH 05/46] Abort if on an unsupported Postgres version (v9.6) Official support ends today (2021-11-11). Synapse still supports v9.6, but we'd better force users to transition to newer versions anyway. --- roles/matrix-postgres/tasks/setup_postgres.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 4294bc11..96a20d25 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -18,6 +18,11 @@ matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" when: matrix_postgres_enabled|bool +- name: Abort if on an unsupported Postgres version + fail: + msg: "You're on Postgres {{ matrix_postgres_detected_version }}, which is no longer supported. To upgrade, see docs/maintenance-postgres.md" + when: "matrix_postgres_enabled|bool and matrix_postgres_detected_version.startswith('9.')" + - name: Inject warning if on an old version of Postgres set_fact: matrix_playbook_runtime_results: | From b19576030188381b353766e90f63117ac1e165a7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 Nov 2021 16:04:11 +0200 Subject: [PATCH 06/46] Mention dropped Postgres v9.6 support in the changelog Related to c4d2c8394ca90f --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c706b4a6..7e124159 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2021-11-11 + +## Dropped support for Postgres v9.6 + +Postgres v9.6 reached its end of life today, so the playbook will refuse to run for you if you're still on that version. + +Synapse still supports v9.6 (for now), but we're retiring support for it early, to avoid having to maintain support for so many Postgres versions. Users that are still on Postgres v9.6 can easily [upgrade Postgres](docs/maintenance-postgres.md#upgrading-postgresql) via the playbook. + + # 2021-10-23 ## Hangouts bridge no longer updated, superseded by a Googlechat bridge From f01b9c386519e8967bc01ee32bec39bfcbc682b7 Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Fri, 12 Nov 2021 04:50:29 +0200 Subject: [PATCH 07/46] Upgrade Heisenbridge (1.5.0 -> 1.6.0) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index f25f502f..9a87a6da 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -3,7 +3,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.5.0 +matrix_heisenbridge_version: 1.6.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From c0656448f75d9fc09b6b290a7d987da2a1c76b4a Mon Sep 17 00:00:00 2001 From: JokerGermany <30293477+JokerGermany@users.noreply.github.com> Date: Sat, 13 Nov 2021 01:18:22 +0100 Subject: [PATCH 08/46] Port 80 for IPv6 --- .../templates/nginx/conf.d/matrix-base-domain.conf.j2 | 1 + .../templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 | 4 +++- .../templates/nginx/conf.d/matrix-client-element.conf.j2 | 2 ++ .../templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 | 2 ++ .../templates/nginx/conf.d/matrix-dimension.conf.j2 | 4 +++- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 2 ++ .../templates/nginx/conf.d/matrix-grafana.conf.j2 | 6 ++++-- .../templates/nginx/conf.d/matrix-jitsi.conf.j2 | 2 ++ .../templates/nginx/conf.d/matrix-riot-web.conf.j2 | 2 ++ .../templates/nginx/conf.d/matrix-sygnal.conf.j2 | 2 ++ 10 files changed, 23 insertions(+), 4 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 index b0294283..3aff997d 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-base-domain.conf.j2 @@ -36,6 +36,7 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; server_name {{ matrix_nginx_proxy_base_domain_hostname }}; server_tokens off; diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 index 6cb5f57a..79269f43 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 @@ -33,6 +33,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }}; server_tokens off; @@ -83,7 +85,7 @@ server { ssl_stapling_verify on; ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }}/chain.pem; {% endif %} - + {% if matrix_nginx_proxy_ssl_session_tickets_off %} ssl_session_tickets off; {% endif %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 index 2f4f4aa1..095d5fcf 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 @@ -41,6 +41,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_element_hostname }}; diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 index 1ea4a344..c0794205 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2 @@ -39,6 +39,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_hydrogen_hostname }}; diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 index ef8ee972..292cc4c2 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 @@ -36,6 +36,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }}; server_tokens off; @@ -86,7 +88,7 @@ server { ssl_stapling_verify on; ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_dimension_hostname }}/chain.pem; {% endif %} - + {% if matrix_nginx_proxy_ssl_session_tickets_off %} ssl_session_tickets off; {% endif %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index b6506b43..02201b9c 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -161,6 +161,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }}; server_tokens off; diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 index 0f7c43c5..209c1cd0 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-grafana.conf.j2 @@ -43,6 +43,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_grafana_hostname }}; @@ -94,12 +96,12 @@ server { ssl_stapling_verify on; ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_grafana_hostname }}/chain.pem; {% endif %} - + {% if matrix_nginx_proxy_ssl_session_tickets_off %} ssl_session_tickets off; {% endif %} ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; - ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; {{ render_vhost_directives() }} } diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index 86d95453..7fccce94 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -78,6 +78,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_jitsi_hostname }}; server_tokens off; diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 index d153d5c2..5bcbeba5 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-riot-web.conf.j2 @@ -24,6 +24,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname }}; diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 index 9c4af1d9..ba442b37 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-sygnal.conf.j2 @@ -35,6 +35,8 @@ server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_sygnal_hostname }}; server_tokens off; From 7756cc4c8ee05612c53660122131be399328d0c5 Mon Sep 17 00:00:00 2001 From: b Date: Sun, 14 Nov 2021 20:30:13 +0200 Subject: [PATCH 09/46] replace port 8048 with matrix_synapse_container_default_federation_port --- group_vars/matrix_servers | 3 ++- roles/matrix-dimension/defaults/main.yml | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++-- roles/matrix-synapse/defaults/main.yml | 2 +- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- .../templates/synapse/systemd/matrix-synapse.service.j2 | 2 +- 6 files changed, 8 insertions(+), 7 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d58f4dda..cfca8c92 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1720,7 +1720,8 @@ matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + m matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" # # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. -matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}" +matrix_synapse_container_default_federation_port: 8048 +matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_default_federation_port|string }}" # # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index f7a84ca1..a5e0bf1a 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -39,7 +39,7 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" -matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048" +matrix_dimension_homeserver_federationUrl: ""http://matrix-synapse:{{matrix_synapse_container_default_federation_port|string}}"" # Database-related configuration fields. diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 3bb2723d..af549b94 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -116,8 +116,8 @@ matrix_nginx_proxy_proxy_synapse_enabled: false matrix_nginx_proxy_proxy_synapse_hostname: "matrix-nginx-proxy" matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}" # The addresses where the Federation API is, when using Synapse. -matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:8048" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:8048" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_default_federation_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_default_federation_port|string}}" # Controls whether proxying the Element domain should be done. matrix_nginx_proxy_proxy_element_enabled: false diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ce596c6b..eb9d8e66 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -146,7 +146,7 @@ matrix_synapse_federation_rr_transactions_per_room_per_second: 50 # Controls whether the TLS federation listener is enabled (tcp/8448). # Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`). -# Note that federation may potentially be enabled as non-TLS on tcp/8048 as well. +# Note that federation may potentially be enabled as non-TLS on `matrix_synapse_container_default_federation_port` as well. # If you're serving Synapse behind an HTTPS-capable reverse-proxy, # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`). matrix_synapse_tls_federation_listener_enabled: true diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cebe7a1f..2bfec1b4 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -302,7 +302,7 @@ listeners: {% if matrix_synapse_federation_port_enabled %} # Unsecure HTTP listener (Federation API): for when matrix traffic passes through a reverse proxy # that unwraps TLS. - - port: 8048 + - port: {{ matrix_synapse_container_default_federation_port }} tls: false bind_addresses: ['::'] type: http diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 2fbaac7b..d58f1f19 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -46,7 +46,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:8448 \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} - -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:8048 \ + -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_default_federation_port }} \ {% endif %} {% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %} -p {{ matrix_synapse_container_metrics_api_host_bind_port }}:{{ matrix_synapse_metrics_port }} \ From 5e97f5a4e6319a057905a8fd2c4d9bb409f3d1cb Mon Sep 17 00:00:00 2001 From: b Date: Sun, 14 Nov 2021 20:57:27 +0200 Subject: [PATCH 10/46] fixed matrix_dimension_homeserver_federationUrl --- roles/matrix-dimension/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index a5e0bf1a..48958020 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -39,7 +39,7 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" -matrix_dimension_homeserver_federationUrl: ""http://matrix-synapse:{{matrix_synapse_container_default_federation_port|string}}"" +matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{matrix_synapse_container_default_federation_port|string}}" # Database-related configuration fields. From 61b743f86dcc05c308747adc7ab7756383b2fd92 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sun, 14 Nov 2021 19:10:56 +0000 Subject: [PATCH 11/46] Postgres Minor Updates (14.1, 13.5, 12.9, 11.14, 10.19) --- roles/matrix-postgres/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 91a31d99..42413286 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -18,11 +18,11 @@ matrix_postgres_architecture: amd64 matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.18{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}" -matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.0{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.19{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.14{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.9{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.5{{ matrix_postgres_docker_image_suffix }}" +matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.1{{ matrix_postgres_docker_image_suffix }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v14 }}" # This variable is assigned at runtime. Overriding its value has no effect. From afccc2b11fc8b8ac02ccc659dfc9497d58f55686 Mon Sep 17 00:00:00 2001 From: b Date: Sun, 14 Nov 2021 23:32:25 +0200 Subject: [PATCH 12/46] make 8448 configurable instead of hard coded --- roles/matrix-synapse/defaults/main.yml | 2 ++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- .../templates/synapse/systemd/matrix-synapse.service.j2 | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ce596c6b..c42d1f21 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -27,6 +27,8 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" + matrix_synapse_container_default_federation_api_port: 8448 + # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8008"), or empty string to not expose. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cebe7a1f..b3e4478b 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -276,7 +276,7 @@ listeners: {% if matrix_synapse_federation_port_enabled and matrix_synapse_tls_federation_listener_enabled %} # TLS-enabled listener: for when matrix traffic is sent directly to synapse. - - port: 8448 + - port: {{ matrix_federation_public_port }} tls: true bind_addresses: ['::'] type: http diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 2fbaac7b..c5329642 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -43,7 +43,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ -p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %} - -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:8448 \ + -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_default_federation_api_port }} \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:8048 \ From 1d0e594defe2809714ad6e57fa8039522a7551ac Mon Sep 17 00:00:00 2001 From: iucca Date: Sun, 14 Nov 2021 23:45:07 +0100 Subject: [PATCH 13/46] updated whatsapp config, backfill doesn't work --- roles/matrix-base/defaults/main.yml | 6 + .../templates/config.yaml.j2 | 195 ++++++++++++------ .../templates/synapse/homeserver.yaml.j2 | 5 + 3 files changed, 140 insertions(+), 66 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index bf376c94..a6f287f6 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -98,6 +98,10 @@ matrix_identity_server_url: ~ matrix_integration_manager_rest_url: ~ matrix_integration_manager_ui_url: ~ +# Enable backfilling history sync payloads from bridges using batch sending? +# This requires a server with MSC2716 support, which is currently an experimental feature in synapse. +matrix_bridges_backfill_enabled: false + # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. # See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server @@ -121,6 +125,8 @@ matrix_client_element_e2ee_secure_backup_setup_methods: [] # The Docker network that all services would be put into matrix_docker_network: "matrix" + + # Controls whether we'll preserve the vars.yml file on the Matrix server. # If you have a differently organized inventory, you may wish to disable this feature, # or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index b3b1caf1..849b15d4 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -7,6 +7,10 @@ homeserver: domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} # Application service host/registration related details. # Changing these values requires regeneration of the registration. + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. + # The bridge will use the appservice as_token to authorize requests. +# status_endpoint: "null" appservice: # The address that the homeserver can use to connect to this appservice. @@ -28,9 +32,6 @@ appservice: max_open_conns: 20 max_idle_conns: 2 - # Path to the Matrix room state store. - state_store_path: ./mx-state.json - # The unique ID of this appservice. id: whatsapp # Appservice bot details. @@ -51,79 +52,142 @@ bridge: # Localpart template of MXIDs for WhatsApp users. # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" - # Displayname template for WhatsApp users. - # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user - # {{ '{{.Jid}}' }} - phone number (international format) - # The following variables are also available, but will cause problems on multi-user instances: - # {{ '{{.Name}}' }} - display name from contact list - # {{ '{{.Short}}' }} - short display name from contact list - displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}" - # WhatsApp connection timeout in seconds. - connection_timeout: 20 - # Maximum number of times to retry connecting on connection error. - max_connection_attempts: 3 - # Number of seconds to wait between connection attempts. - # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts - connection_retry_delay: -1 - # Whether or not the bridge should send a notice to the user's management room when it retries connecting. - # If false, it will only report when it stops retrying. - report_connection_retry: true - # Maximum number of seconds to wait for chats to be sent at startup. - # If this is too low and you have lots of chats, it could cause backfilling to fail. - chat_list_wait: 30 - # Maximum number of seconds to wait to sync portals before force unlocking message processing. - # If this is too low and you have lots of chats, it could cause backfilling to fail. - portal_sync_wait: 600 + displayname_template: "{{ '{{if .PushName}}{{.PushName}}{{else if .BusinessName}}{{.BusinessName}}{{else}}{{.JID}}{{end}} (WA)' }}" - # Whether or not to send call start/end notices to Matrix. - call_notices: - start: true - end: true + # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp? + delivery_receipts: false + # Should incoming calls send a message to the Matrix room? + call_start_notices: true + # Should another user's cryptographic identity changing send a message to Matrix? + identity_change_notices: false + # Should a "reactions not yet supported" warning be sent to the Matrix room when a user reacts to a message? + reaction_notices: true - # Number of chats to sync for new users. - initial_chat_sync_count: 10 - # Number of old messages to fill when creating new portal rooms. - initial_history_fill_count: 20 - # Maximum number of chats to sync when recovering from downtime. - # Set to -1 to sync all new chats during downtime. - recovery_chat_sync_limit: -1 - # Whether or not to sync history when recovering from downtime. - recovery_history_backfill: true - # Maximum number of seconds since last message in chat to skip - # syncing the chat in any case. This setting will take priority - # over both recovery_chat_sync_limit and initial_chat_sync_count. - # Default is 3 days = 259200 seconds - sync_max_chat_age: 259200 + portal_message_buffer: 128 - # Whether or not to sync with custom puppets to receive EDUs that - # are not normally sent to appservices. + # Settings for handling history sync payloads. These settings only apply right after login, + # because the phone only sends the history sync data once, and there's no way to re-request it + # (other than logging out and back in again). + history_sync: + # Should the bridge create portals for chats in the history sync payload? + create_portals: true + # Maximum age of chats in seconds to create portals for. Set to 0 to create portals for all chats in sync payload. + max_age: 604800 + # Enable backfilling history sync payloads from WhatsApp using batch sending? + # This requires a server with MSC2716 support, which is currently an experimental feature in synapse. + # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml. + # Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers. + backfill: {{ matrix_bridges_backfill_enabled }} + # Use double puppets for backfilling? + # In order to use this, the double puppets must be in the appservice's user ID namespace + # (because the bridge can't use the double puppet access token with batch sending). + # This only affects double puppets on the local server, double puppets on other servers will never be used. + double_puppet_backfill: {{ matrix_bridges_backfill_enabled }} + # Should the bridge request a full sync from the phone when logging in? + # This bumps the size of history syncs from 3 months to 1 year. + request_full_sync: false + + user_avatar_sync: true + # Should Matrix users leaving groups be bridged to WhatsApp? + bridge_matrix_leave: true + + + # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices. sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # When double puppeting is enabled, users can use `!wa toggle` to change whether + # presence and read receipts are bridged. These settings set the default values. + # Existing users won't be affected when these are changed. + default_bridge_receipts: true + default_bridge_presence: true + # Servers to always allow double puppeting from + double_puppet_server_map: "{{ matrix_domain }}" + + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth # - # If set, custom puppets will be enabled automatically for local users + # If set, double puppeting will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` # manually. - login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} + login_shared_secret_map: + "{{ matrix_mautrix_whatsapp_homeserver_domain }}": {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} - # Whether or not to invite own WhatsApp user's Matrix puppet into private - # chat portals when backfilling if needed. - # This always uses the default puppet instead of custom puppets due to - # rate limits and timestamp massaging. - invite_own_puppet_for_backfilling: true - # Whether or not to explicitly set the avatar and room name for private - # chat portal rooms. This can be useful if the previous field works fine, - # but causes room avatar/name bugs. + + # Should the bridge explicitly set the avatar and room name for private chat portal rooms? private_chat_portal_meta: false - + # Should Matrix m.notice-type messages be bridged? + bridge_notices: true + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: false + # When using double puppeting, should archived chats be moved to a specific tag in Matrix? + # Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix. + # This can be set to a tag (e.g. m.lowpriority), or null to disable. + archive_tag: null + # Same as above, but for pinned chats. The favorite tag is called m.favourite + pinned_tag: null + # Should mute status and tags only be bridged when the portal room is created? + tag_only_on_create: true + # Should WhatsApp status messages be bridged into a Matrix room? + # Disabling this won't affect already created status broadcast rooms. + enable_status_broadcast: true + # Should the bridge use thumbnails from WhatsApp? + # They're disabled by default due to very low resolution. + whatsapp_thumbnail: false # Allow invite permission for user. User can invite any bots to room with whatsapp # users (private chat and groups) allow_user_invite: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: true # The prefix for commands. Only required in non-management rooms. command_prefix: "!wa" + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a WhatsApp bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + # It is recommended to also set private_chat_portal_meta to true when using this. + default: false + # Options for automatic key sharing. + key_sharing: + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow: false + # Require the requesting device to have a valid cross-signing signature? + # This doesn't require that the bridge has verified the device, only that the user has verified it. + # Not yet implemented. + require_cross_signing: false + # Require devices to be verified by the bridge? + # Verification by the bridge is not yet implemented. + require_verification: true + # Permissions for using the bridge. # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise # user - Access to use the bridge to chat with a WhatsApp account. # admin - User level and some additional administration tools # Permitted keys: @@ -133,15 +197,13 @@ bridge: permissions: "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - relaybot: - # Whether or not relaybot support is enabled. + # Settings for relay mode + relay: + # Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. enabled: false - # The management room for the bot. This is where all status notifications are posted and - # in this room, you can use `!wa ` instead of `!wa relaybot `. Omitting - # the command prefix completely like in user management rooms is not possible. - management: '!foo:example.com' - # List of users to invite to all created rooms that include the relaybot. - invites: [] + # Should only admins be allowed to set themselves as relay users? + admin_only: true # The formats to use when sending messages to WhatsApp via the relaybot. message_formats: m.text: "{{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" @@ -152,6 +214,7 @@ bridge: m.audio: "{{ '{{ .Sender.Displayname }}' }}: sent an audio file" m.video: "{{ '{{ .Sender.Displayname }}' }}: sent a video" m.location: "{{ '{{ .Sender.Displayname }}' }}: sent a location" + # Logging config. logging: # The directory for log files. Will be created if not found. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index cebe7a1f..aa99d94d 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2875,6 +2875,11 @@ opentracing: # events: worker1 # typing: worker1 +{% if matrix_bridges_backfill_enabled %} +Experimental: + msc2716_enabled: true +{% endif %} + # The worker that is used to run background tasks (e.g. cleaning up expired # data). If not provided this defaults to the main process. # From 4ff8fddd72d8a17ca567ccfcd8489ef7235027fd Mon Sep 17 00:00:00 2001 From: iucca Date: Sun, 14 Nov 2021 23:57:52 +0100 Subject: [PATCH 14/46] updated whatsapp config, backfill doesn't work --- docs/configuring-playbook-bridge-mautrix-whatsapp.md | 9 +++++++++ .../templates/config.yaml.j2 | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index 1e5f7038..0101cecc 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -10,6 +10,15 @@ Use the following playbook configuration: matrix_mautrix_whatsapp_enabled: true ``` +## Enable backfilling history +This requires a server with MSC2716 support, which is currently an experimental feature in synapse. +Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers. + +Use the following playbook configuration: + +```yaml +matrix_bridges_backfill_enabled: true +``` ## Set up Double Puppeting diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 849b15d4..8e6d8eda 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -10,7 +10,7 @@ homeserver: # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. -# status_endpoint: "null" + status_endpoint: "null" appservice: # The address that the homeserver can use to connect to this appservice. From 708a7108b3d9c6814e9c9a0fe34c7eb795befe91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Mon, 15 Nov 2021 10:29:13 +0700 Subject: [PATCH 15/46] Upgrade Mautrix Facebook bridge version --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 6c1d6b69..2b453bab 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -6,7 +6,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.3.1 +matrix_mautrix_facebook_version: v0.3.2 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" From 8abe1ac483407a7f1e2ab9fdf31f717038dfeeb7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 08:18:39 +0200 Subject: [PATCH 16/46] Warn people if on an old SQLite-supporting mautrix-facebook version Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1401 https://github.com/mautrix/facebook/releases/tag/v0.3.2 says that this version re-adds SQLite support. --- CHANGELOG.md | 2 ++ .../tasks/validate_config.yml | 14 +++----------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e124159..43af8dd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -253,6 +253,8 @@ The fact that we've renamed Synapse's database from `homeserver` to `synapse` (i ## (Breaking Change) The mautrix-facebook bridge now requires a Postgres database +**Update from 2021-11-15**: SQLite support has been re-added to the mautrix-facebook bridge in [v0.3.2](https://github.com/mautrix/facebook/releases/tag/v0.3.2). You can ignore this changelog entry. + A new version of the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge has been released. It's a full rewrite of its backend and the bridge now requires Postgres. New versions of the bridge can no longer run on SQLite. **TLDR**: if you're NOT using an [external Postgres server](docs/configuring-playbook-external-postgres.md) and have NOT forcefully kept the bridge on SQLite during [The big move to all-on-Postgres (potentially dangerous)](#the-big-move-to-all-on-postgres-potentially-dangerous), you will be automatically upgraded without manual intervention. All you need to do is send a `login` message to the Facebook bridge bot again. diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml index 0879bad9..1e482efb 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -10,22 +10,14 @@ - "matrix_mautrix_facebook_homeserver_token" - block: - - name: Fail if on SQLite, unless on the last version supporting SQLite - fail: - msg: >- - You're trying to use the mautrix-facebook bridge with an SQLite database. - Going forward, this bridge only supports Postgres. - To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database - when: "not matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" - - - name: Inject warning if still on SQLite + - name: Inject warning if on an old SQLite-supporting version set_fact: matrix_playbook_runtime_results: | {{ matrix_playbook_runtime_results|default([]) + [ - "NOTE: Your mautrix-facebook bridge setup is still on SQLite. Your bridge is not getting any updates and will likely stop working at some point. To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database" + "NOTE: Your mautrix-facebook bridge is still on SQLite and on the last version that supported it, before support was dropped. Support has been subsequently re-added in v0.3.2, so we advise you to upgrade (by removing your `matrix_mautrix_facebook_docker_image` definition from vars.yml)" ] }} - when: "matrix_mautrix_facebook_database_engine == 'sqlite'" + when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" From c08880d175fdbb737784e8043c58e49a48ba2502 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 09:15:44 +0200 Subject: [PATCH 17/46] Upgrade postgres-backup to v14 --- roles/matrix-postgres-backup/defaults/main.yml | 1 + .../tasks/util/detect_existing_postgres_version.yml | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index 522764ac..e1f252fe 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -32,6 +32,7 @@ matrix_postgres_backup_docker_image_v10: "{{ matrix_container_global_registry_pr matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:11{{ matrix_postgres_backup_docker_image_suffix }}" matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}" matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14{{ matrix_postgres_backup_docker_image_suffix }}" matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v13 }}" # This variable is assigned at runtime. Overriding its value has no effect. diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml index 87a81f74..10828cc7 100644 --- a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml @@ -54,3 +54,8 @@ set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v12 }}" when: "matrix_postgres_backup_detected_version == '12' or matrix_postgres_backup_detected_version.startswith('12.')" + +- name: Determine corresponding Docker image to detected version (use 13.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v13 }}" + when: "matrix_postgres_backup_detected_version == '13' or matrix_postgres_backup_detected_version.startswith('13.')" From 266bdbc902e430f8bb566c955fb8ff58772904c9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 10:29:25 +0200 Subject: [PATCH 18/46] Update matrix-corporal documentation --- docs/configuring-playbook-matrix-corporal.md | 41 +++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-matrix-corporal.md b/docs/configuring-playbook-matrix-corporal.md index fb12e94a..eb635c64 100644 --- a/docs/configuring-playbook-matrix-corporal.md +++ b/docs/configuring-playbook-matrix-corporal.md @@ -37,6 +37,7 @@ matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-corporal matrix_corporal_enabled: true +# See below for an example of how to use a locally-stored static policy matrix_corporal_policy_provider_config: | { "Type": "http", @@ -74,10 +75,48 @@ Matrix Corporal operates with a specific Matrix user on your server. By default, it's `matrix-corporal` (controllable by the `matrix_corporal_reconciliation_user_id_local_part` setting, see above). No matter what Matrix user id you configure to run it with, make sure that: -- the Matrix Corporal user is created by [registering it](registering-users.md). Use a password you remember, as you'll need to log in from time to time to create or join rooms +- the Matrix Corporal user is created by [registering it](registering-users.md) **with administrator privileges**. Use a password you remember, as you'll need to log in from time to time to create or join rooms - the Matrix Corporal user is joined and has Admin/Moderator-level access to any rooms you want it to manage +### Using a locally-stored static policy + +If you'd like to use a [static policy file](https://github.com/devture/matrix-corporal/blob/master/docs/policy-providers.md#static-file-pull-style-policy-provider), you can use a configuration like this: + +```yaml +matrix_corporal_policy_provider_config: | + { + "Type": "static_file", + "Path": "/etc/matrix-corporal/policy.json" + } + +# Modify the policy below as you see fit +matrix_aux_file_definitions: + - dest: "{{ matrix_corporal_config_dir_path }}/policy.json" + content: | + { + "schemaVersion": 1, + "identificationStamp": "stamp-1", + "flags": { + "allowCustomUserDisplayNames": false, + "allowCustomUserAvatars": false, + "forbidRoomCreation": false, + "forbidEncryptedRoomCreation": true, + "forbidUnencryptedRoomCreation": false, + "allowCustomPassthroughUserPasswords": true, + "allowUnauthenticatedPasswordResets": false, + "allow3pidLogin": false + }, + "managedCommunityIds": [], + "managedRoomIds": [], + "users": [] + } +``` + +To learn more about what the policy configuration, see the matrix-corporal documentation on [policy](https://github.com/devture/matrix-corporal/blob/master/docs/policy.md). + +Each time you update the policy in your `vars.yml` file, you'd need to re-run the playbook and restart matrix-corporal (`--tags=setup-all,start` or `--tags=setup-aux-files,setup-corporal,start`). + ## Matrix Corporal files From 0d4764a21346e168bc3a9c6f1248bc2cf6986eff Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 11:24:01 +0200 Subject: [PATCH 19/46] Upgrade matrix-corporal (2.1.2 -> 2.1.3) 2.1.3 fixes a security vulnerability, which allowed attackers to circuimvent policy checks by sending HTTP requests with trailing slashes. Learn more in the matrix-corporal changelog: https://github.com/devture/matrix-corporal/blob/master/CHANGELOG.md --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 313f79a8..fd6b65d3 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.1.2 +matrix_corporal_version: 2.1.3 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From 07496069c8cad666d8cdbe3ac9cec466f556dfd5 Mon Sep 17 00:00:00 2001 From: b Date: Mon, 15 Nov 2021 12:07:54 +0200 Subject: [PATCH 20/46] rellocating variables for consistency --- group_vars/matrix_servers | 8 ++++++-- roles/matrix-dimension/defaults/main.yml | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 5 +++-- roles/matrix-synapse/defaults/main.yml | 4 +++- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- .../templates/synapse/systemd/matrix-synapse.service.j2 | 2 +- 6 files changed, 15 insertions(+), 8 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index cfca8c92..e67403b3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1047,6 +1047,8 @@ matrix_dimension_enabled: false # the Dimension HTTP port to the local host. matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8184' }}" +matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{matrix_synapse_container_federation_port|string}}" + matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}" matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}" @@ -1306,6 +1308,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1 # Settings controlling matrix-synapse-proxy.conf matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_port|string}}" + # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" @@ -1720,8 +1725,7 @@ matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + m matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" # # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. -matrix_synapse_container_default_federation_port: 8048 -matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_default_federation_port|string }}" +matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_port|string }}" # # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 48958020..fc1f17a6 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -39,7 +39,7 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" -matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{matrix_synapse_container_default_federation_port|string}}" +matrix_dimension_homeserver_federationUrl: "" # Database-related configuration fields. diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index af549b94..ea26084e 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -115,9 +115,10 @@ matrix_nginx_proxy_proxy_riot_compat_redirect_hostname: "riot.{{ matrix_domain } matrix_nginx_proxy_proxy_synapse_enabled: false matrix_nginx_proxy_proxy_synapse_hostname: "matrix-nginx-proxy" matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}" + # The addresses where the Federation API is, when using Synapse. -matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_default_federation_port|string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_default_federation_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "" # Controls whether proxying the Element domain should be done. matrix_nginx_proxy_proxy_element_enabled: false diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index eb9d8e66..8e32764a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -27,6 +27,8 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" +matrix_synapse_container_federation_port: 8048 + # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8008"), or empty string to not expose. @@ -146,7 +148,7 @@ matrix_synapse_federation_rr_transactions_per_room_per_second: 50 # Controls whether the TLS federation listener is enabled (tcp/8448). # Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`). -# Note that federation may potentially be enabled as non-TLS on `matrix_synapse_container_default_federation_port` as well. +# Note that federation may potentially be enabled as non-TLS on `matrix_synapse_container_federation_port` as well. # If you're serving Synapse behind an HTTPS-capable reverse-proxy, # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`). matrix_synapse_tls_federation_listener_enabled: true diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 2bfec1b4..7a7cdfa5 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -302,7 +302,7 @@ listeners: {% if matrix_synapse_federation_port_enabled %} # Unsecure HTTP listener (Federation API): for when matrix traffic passes through a reverse proxy # that unwraps TLS. - - port: {{ matrix_synapse_container_default_federation_port }} + - port: {{ matrix_synapse_container_default_federation_port|to_json }} tls: false bind_addresses: ['::'] type: http diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index d58f1f19..0224c3fb 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -46,7 +46,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:8448 \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} - -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_default_federation_port }} \ + -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_federation_port }} \ {% endif %} {% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %} -p {{ matrix_synapse_container_metrics_api_host_bind_port }}:{{ matrix_synapse_metrics_port }} \ From 8c3e25de1bfb98b79ee84c8a0598eacb75cf9e77 Mon Sep 17 00:00:00 2001 From: boris runakov Date: Mon, 15 Nov 2021 13:01:22 +0200 Subject: [PATCH 21/46] renamed var to matrix_synapse_container_federation_api_port --- roles/matrix-synapse/defaults/main.yml | 2 +- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- .../templates/synapse/systemd/matrix-synapse.service.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index c42d1f21..7a889fbd 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -27,7 +27,7 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" - matrix_synapse_container_default_federation_api_port: 8448 + matrix_synapse_container_federation_api_port: 8448 # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container). # diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index b3e4478b..43f9baf8 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -276,7 +276,7 @@ listeners: {% if matrix_synapse_federation_port_enabled and matrix_synapse_tls_federation_listener_enabled %} # TLS-enabled listener: for when matrix traffic is sent directly to synapse. - - port: {{ matrix_federation_public_port }} + - port: {{ matrix_synapse_container_federation_api_port }} tls: true bind_addresses: ['::'] type: http diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index c5329642..f4e62936 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -43,7 +43,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ -p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %} - -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_default_federation_api_port }} \ + -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_port }} \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:8048 \ From 994c0e504cffbee5af5051ada8fcb4abe3ddc3cf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 14:46:44 +0200 Subject: [PATCH 22/46] Ensure some matrix-nginx-proxy variables are defined Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1397 --- roles/matrix-nginx-proxy/tasks/validate_config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 9661ae5e..39a2dfe5 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -43,5 +43,7 @@ msg: "The `{{ item }}` variable must be defined and have a non-null value" with_items: - "matrix_ssl_lets_encrypt_support_email" + - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container" + - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container" when: "vars[item] == '' or vars[item] is none" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" From edf63bfdd7a65b487a55b9762d30823e08f7b399 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 14:48:25 +0200 Subject: [PATCH 23/46] Add some to_json invocations --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 43f9baf8..4e5ddea3 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -269,14 +269,14 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} listeners: {% if matrix_synapse_metrics_enabled %} - type: metrics - port: {{ matrix_synapse_metrics_port }} + port: {{ matrix_synapse_metrics_port|to_json }} bind_addresses: - '0.0.0.0' {% endif %} {% if matrix_synapse_federation_port_enabled and matrix_synapse_tls_federation_listener_enabled %} # TLS-enabled listener: for when matrix traffic is sent directly to synapse. - - port: {{ matrix_synapse_container_federation_api_port }} + - port: {{ matrix_synapse_container_federation_api_port|to_json }} tls: true bind_addresses: ['::'] type: http From ba48aa70f73fb54a37c4e13ed32cd80ce83a8018 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 14:52:08 +0200 Subject: [PATCH 24/46] Fix variable name typo Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1397 --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e88ed256..1a1cf6eb 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -302,7 +302,7 @@ listeners: {% if matrix_synapse_federation_port_enabled %} # Unsecure HTTP listener (Federation API): for when matrix traffic passes through a reverse proxy # that unwraps TLS. - - port: {{ matrix_synapse_container_default_federation_port|to_json }} + - port: {{ matrix_synapse_container_federation_port|to_json }} tls: false bind_addresses: ['::'] type: http From c1bc7b9f934a1862442a4e0d7e81f017ccb101d3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 14:56:11 +0200 Subject: [PATCH 25/46] Rename variables to prevent confusion Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1397 and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1399 --- group_vars/matrix_servers | 8 ++++---- roles/matrix-synapse/defaults/main.yml | 6 +++--- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- .../templates/synapse/systemd/matrix-synapse.service.j2 | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e67403b3..52dc671c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1047,7 +1047,7 @@ matrix_dimension_enabled: false # the Dimension HTTP port to the local host. matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8184' }}" -matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{matrix_synapse_container_federation_port|string}}" +matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}" matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}" @@ -1308,8 +1308,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1 # Settings controlling matrix-synapse-proxy.conf matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_port|string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" # When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" @@ -1725,7 +1725,7 @@ matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + m matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" # # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. -matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_port|string }}" +matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port|string }}" # # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index cfc985b4..624a6b5e 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -27,9 +27,9 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" -matrix_synapse_container_federation_api_port: 8448 +matrix_synapse_container_federation_api_tls_port: 8448 -matrix_synapse_container_federation_port: 8048 +matrix_synapse_container_federation_api_plain_port: 8048 # Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container). # @@ -150,7 +150,7 @@ matrix_synapse_federation_rr_transactions_per_room_per_second: 50 # Controls whether the TLS federation listener is enabled (tcp/8448). # Only makes sense if federation is enabled (`matrix_synapse_federation_enabled`). -# Note that federation may potentially be enabled as non-TLS on `matrix_synapse_container_federation_port` as well. +# Note that federation may potentially be enabled as non-TLS on `matrix_synapse_container_federation_api_plain_port` as well. # If you're serving Synapse behind an HTTPS-capable reverse-proxy, # you can disable the TLS listener (`matrix_synapse_tls_federation_listener_enabled: false`). matrix_synapse_tls_federation_listener_enabled: true diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1a1cf6eb..a8e0ab6f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -276,7 +276,7 @@ listeners: {% if matrix_synapse_federation_port_enabled and matrix_synapse_tls_federation_listener_enabled %} # TLS-enabled listener: for when matrix traffic is sent directly to synapse. - - port: {{ matrix_synapse_container_federation_api_port|to_json }} + - port: {{ matrix_synapse_container_federation_api_tls_port|to_json }} tls: true bind_addresses: ['::'] type: http @@ -302,7 +302,7 @@ listeners: {% if matrix_synapse_federation_port_enabled %} # Unsecure HTTP listener (Federation API): for when matrix traffic passes through a reverse proxy # that unwraps TLS. - - port: {{ matrix_synapse_container_federation_port|to_json }} + - port: {{ matrix_synapse_container_federation_api_plain_port|to_json }} tls: false bind_addresses: ['::'] type: http diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 011d30f7..0451fd8d 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -43,10 +43,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ -p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %} - -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_port }} \ + -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_tls_port }} \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_container_federation_api_plain_host_bind_port %} - -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_federation_port }} \ + -p {{ matrix_synapse_container_federation_api_plain_host_bind_port }}:{{ matrix_synapse_container_federation_api_plain_port }} \ {% endif %} {% if matrix_synapse_metrics_enabled and matrix_synapse_container_metrics_api_host_bind_port %} -p {{ matrix_synapse_container_metrics_api_host_bind_port }}:{{ matrix_synapse_metrics_port }} \ From e72ae8bc484cfc1e35a2cd463ec81bebdf2a3342 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 15 Nov 2021 17:23:25 +0200 Subject: [PATCH 26/46] Upgrade matrix-corporal (2.1.3 -> 2.1.4) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index fd6b65d3..ccc7ef65 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.1.3 +matrix_corporal_version: 2.1.4 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From ae122466fc232d21da3cd5cdf5fcdf0a4625d460 Mon Sep 17 00:00:00 2001 From: iucca Date: Mon, 15 Nov 2021 19:23:28 +0100 Subject: [PATCH 27/46] updated whatsapp config --- docs/configuring-playbook-bridge-mautrix-whatsapp.md | 11 +++++++++-- roles/matrix-base/defaults/main.yml | 4 ---- .../templates/config.yaml.j2 | 10 +++++++--- .../templates/synapse/homeserver.yaml.j2 | 5 ----- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index 0101cecc..1e94e618 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -13,11 +13,18 @@ matrix_mautrix_whatsapp_enabled: true ## Enable backfilling history This requires a server with MSC2716 support, which is currently an experimental feature in synapse. Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers. - Use the following playbook configuration: ```yaml -matrix_bridges_backfill_enabled: true +matrix_synapse_configuration_extension_yaml: | + experimental_features: + msc2716_enabled: true +``` +```yaml +matrix_mautrix_whatsapp_configuration_extension_yaml: + bridge: + history_sync: + backfill: true ``` ## Set up Double Puppeting diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index a6f287f6..f61a5381 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -98,10 +98,6 @@ matrix_identity_server_url: ~ matrix_integration_manager_rest_url: ~ matrix_integration_manager_ui_url: ~ -# Enable backfilling history sync payloads from bridges using batch sending? -# This requires a server with MSC2716 support, which is currently an experimental feature in synapse. -matrix_bridges_backfill_enabled: false - # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. # See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 8e6d8eda..133cba2a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -33,7 +33,7 @@ appservice: max_idle_conns: 2 # The unique ID of this appservice. - id: whatsapp + id: whatsappbot # Appservice bot details. bot: # Username of the appservice bot. @@ -77,12 +77,13 @@ bridge: # This requires a server with MSC2716 support, which is currently an experimental feature in synapse. # It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml. # Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers. - backfill: {{ matrix_bridges_backfill_enabled }} + backfill: false # Use double puppets for backfilling? # In order to use this, the double puppets must be in the appservice's user ID namespace # (because the bridge can't use the double puppet access token with batch sending). # This only affects double puppets on the local server, double puppets on other servers will never be used. - double_puppet_backfill: {{ matrix_bridges_backfill_enabled }} + # Doesn't work out of box with this playbook + double_puppet_backfill: false # Should the bridge request a full sync from the phone when logging in? # This bumps the size of history syncs from 3 months to 1 year. request_full_sync: false @@ -137,6 +138,9 @@ bridge: # Should WhatsApp status messages be bridged into a Matrix room? # Disabling this won't affect already created status broadcast rooms. enable_status_broadcast: true + # Should the status broadcast room be muted and moved into low priority by default? + # This is only applied when creating the room, the user can unmute/untag it later. + mute_status_broadcast: true # Should the bridge use thumbnails from WhatsApp? # They're disabled by default due to very low resolution. whatsapp_thumbnail: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index aa99d94d..cebe7a1f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2875,11 +2875,6 @@ opentracing: # events: worker1 # typing: worker1 -{% if matrix_bridges_backfill_enabled %} -Experimental: - msc2716_enabled: true -{% endif %} - # The worker that is used to run background tasks (e.g. cleaning up expired # data). If not provided this defaults to the main process. # From 3535c9711791591fa6ebc3ba53355b5e1a97523a Mon Sep 17 00:00:00 2001 From: iucca Date: Mon, 15 Nov 2021 19:25:08 +0100 Subject: [PATCH 28/46] updated whatsapp config --- roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 133cba2a..35865893 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -33,7 +33,7 @@ appservice: max_idle_conns: 2 # The unique ID of this appservice. - id: whatsappbot + id: whatsapp # Appservice bot details. bot: # Username of the appservice bot. From adf2dc13b394b9520aa67b0e629c9bde7ede38d1 Mon Sep 17 00:00:00 2001 From: IUCCA <33322841+IUCCA@users.noreply.github.com> Date: Mon, 15 Nov 2021 19:27:49 +0100 Subject: [PATCH 29/46] Update main.yml --- roles/matrix-base/defaults/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index f61a5381..bf376c94 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -121,8 +121,6 @@ matrix_client_element_e2ee_secure_backup_setup_methods: [] # The Docker network that all services would be put into matrix_docker_network: "matrix" - - # Controls whether we'll preserve the vars.yml file on the Matrix server. # If you have a differently organized inventory, you may wish to disable this feature, # or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve. From 788999d29cce126bace2b8e907e99c9b32fb423c Mon Sep 17 00:00:00 2001 From: iucca Date: Mon, 15 Nov 2021 19:34:56 +0100 Subject: [PATCH 30/46] updated whatsapp config --- docs/configuring-playbook-bridge-mautrix-whatsapp.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index 1e94e618..2af38be1 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -8,7 +8,8 @@ Use the following playbook configuration: ```yaml matrix_mautrix_whatsapp_enabled: true -``` +``` +Whatsapp multidevice beta is required, now it is enough if Whatsapp is connected to the Internet every 2 weeks. ## Enable backfilling history This requires a server with MSC2716 support, which is currently an experimental feature in synapse. From 1ec67f49b07c5c096288ed73021ecf2770b4a1f4 Mon Sep 17 00:00:00 2001 From: boris runakov Date: Mon, 15 Nov 2021 22:43:05 +0200 Subject: [PATCH 31/46] replaced 8008 where possible --- group_vars/matrix_servers | 6 +++--- .../scripts/matrix_build_room_list.py | 5 +++-- .../tasks/purge_database_build_list.yml | 4 ++-- .../matrix-awx/tasks/purge_database_events.yml | 4 ++-- roles/matrix-awx/tasks/purge_database_main.yml | 18 +++++++++--------- .../tasks/purge_database_no_local.yml | 6 +++--- .../matrix-awx/tasks/purge_database_users.yml | 6 +++--- roles/matrix-awx/tasks/purge_media_local.yml | 6 +++--- roles/matrix-awx/tasks/purge_media_main.yml | 10 +++++----- roles/matrix-awx/tasks/purge_media_remote.yml | 6 +++--- roles/matrix-base/defaults/main.yml | 2 +- .../defaults/main.yml | 4 ++-- .../defaults/main.yml | 2 +- roles/matrix-bridge-sms/defaults/main.yml | 2 +- roles/matrix-corporal/defaults/main.yml | 2 +- roles/matrix-ma1sd/defaults/main.yml | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++-- roles/matrix-synapse/defaults/main.yml | 4 +++- .../templates/synapse/homeserver.yaml.j2 | 2 +- .../synapse/systemd/matrix-synapse.service.j2 | 2 +- .../matrix-synapse-register-user.j2 | 4 ++-- .../templates/synapse/worker.yaml.j2 | 2 +- roles/matrix-synapse/vars/workers.yml | 2 +- 23 files changed, 54 insertions(+), 51 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 52dc671c..139ccb02 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -19,9 +19,9 @@ matrix_container_global_registry_prefix: "docker.io/" matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" -# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:8008'. +# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}'. # This is because we explicitly disable them for the main Synapse process. -matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:8008' }}" +matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string }}" ###################################################################### # @@ -1722,7 +1722,7 @@ matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + m # you can expose Synapse's ports to the host. # # For exposing the Matrix Client API's port (plain HTTP) to the local host. -matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8008' }}" +matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_client_api_port|string }}" # # For exposing the Matrix Federation API's plain port (plain HTTP) to the local host. matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_synapse_container_federation_api_plain_port|string }}" diff --git a/roles/matrix-awx/scripts/matrix_build_room_list.py b/roles/matrix-awx/scripts/matrix_build_room_list.py index 3abfcd8c..94779ca7 100644 --- a/roles/matrix-awx/scripts/matrix_build_room_list.py +++ b/roles/matrix-awx/scripts/matrix_build_room_list.py @@ -5,10 +5,11 @@ import json janitor_token = sys.argv[1] synapse_container_ip = sys.argv[2] +synapse_container_port = sys.argv[3] # collect total amount of rooms -rooms_raw_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms' +rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms' rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token} rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header) rooms_raw_python = json.loads(rooms_raw.text) @@ -19,7 +20,7 @@ total_rooms = rooms_raw_python["total_rooms"] room_list_file = open("/tmp/room_list_complete.json", "w") for i in range(0, total_rooms, 100): - rooms_inc_url = 'http://' + synapse_container_ip + ':8008/_synapse/admin/v1/rooms?from=' + str(i) + rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i) rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header) room_list_file.write(rooms_inc.text) diff --git a/roles/matrix-awx/tasks/purge_database_build_list.yml b/roles/matrix-awx/tasks/purge_database_build_list.yml index 5ca57d22..339510f0 100644 --- a/roles/matrix-awx/tasks/purge_database_build_list.yml +++ b/roles/matrix-awx/tasks/purge_database_build_list.yml @@ -2,9 +2,9 @@ - name: Collect entire room list into stdout shell: | - curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}' + curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/rooms?from={{ item }}' register: awx_rooms_output - + - name: Print stdout to file delegate_to: 127.0.0.1 shell: | diff --git a/roles/matrix-awx/tasks/purge_database_events.yml b/roles/matrix-awx/tasks/purge_database_events.yml index aaef3cba..586bc17c 100644 --- a/roles/matrix-awx/tasks/purge_database_events.yml +++ b/roles/matrix-awx/tasks/purge_database_events.yml @@ -2,11 +2,11 @@ - name: Purge all rooms with more then N events shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" + curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" register: awx_purge_command - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml index 6b132091..2cdf0330 100644 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ b/roles/matrix-awx/tasks/purge_database_main.yml @@ -31,7 +31,7 @@ - name: Collect access token for janitor user shell: | - curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' + curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) register: awx_janitors_token no_log: True @@ -47,7 +47,7 @@ - name: Run build_room_list.py script shell: | - runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} + runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }} register: awx_rooms_total when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) @@ -69,7 +69,7 @@ shell: | jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - + - name: Count number of rooms with no local users delegate_to: 127.0.0.1 shell: | @@ -84,7 +84,7 @@ when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - name: Purge all rooms with no local users - include_tasks: purge_database_no_local.yml + include_tasks: purge_database_no_local.yml loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}" when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) @@ -116,7 +116,7 @@ no_log: True - name: Purge all rooms with more then N users - include_tasks: purge_database_users.yml + include_tasks: purge_database_users.yml loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}" when: awx_purge_mode.find("Number of users [slower]") != -1 @@ -141,7 +141,7 @@ no_log: True - name: Purge all rooms with more then N events - include_tasks: purge_database_events.yml + include_tasks: purge_database_events.yml loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}" when: awx_purge_mode.find("Number of events [slower]") != -1 @@ -171,7 +171,7 @@ wait: yes tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: yes when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -237,7 +237,7 @@ wait: yes tower_host: "https://{{ awx_host }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: yes + validate_certs: yes when: (awx_purge_mode.find("Perform final shrink") != -1) - name: Revert 'Deploy/Update a Server' job template @@ -272,7 +272,7 @@ when: (awx_purge_mode.find("Perform final shrink") != -1) no_log: True -- name: Print total number of rooms processed +- name: Print total number of rooms processed debug: msg: '{{ awx_rooms_total.stdout }}' when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) diff --git a/roles/matrix-awx/tasks/purge_database_no_local.yml b/roles/matrix-awx/tasks/purge_database_no_local.yml index 33f99c49..e464f56d 100644 --- a/roles/matrix-awx/tasks/purge_database_no_local.yml +++ b/roles/matrix-awx/tasks/purge_database_no_local.yml @@ -2,11 +2,11 @@ - name: Purge all rooms with no local users shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room' + curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room' register: awx_purge_command - + - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-awx/tasks/purge_database_users.yml b/roles/matrix-awx/tasks/purge_database_users.yml index 1c8da14d..d315a9ef 100644 --- a/roles/matrix-awx/tasks/purge_database_users.yml +++ b/roles/matrix-awx/tasks/purge_database_users.yml @@ -2,11 +2,11 @@ - name: Purge all rooms with more then N users shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" + curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" register: awx_purge_command - + - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-awx/tasks/purge_media_local.yml b/roles/matrix-awx/tasks/purge_media_local.yml index 2074d5d8..7ef79eca 100644 --- a/roles/matrix-awx/tasks/purge_media_local.yml +++ b/roles/matrix-awx/tasks/purge_media_local.yml @@ -7,11 +7,11 @@ - name: Purge local media to specific date shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' + curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' register: awx_purge_command - + - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml index 9c5f6bfb..0c322b85 100644 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ b/roles/matrix-awx/tasks/purge_media_main.yml @@ -9,7 +9,7 @@ include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' no_log: True - + - name: Ensure curl and jq intalled on target machine apt: pkg: @@ -23,7 +23,7 @@ - name: Collect access token for janitor user shell: | - curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' + curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' register: awx_janitors_token no_log: True @@ -31,7 +31,7 @@ delegate_to: 127.0.0.1 shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" register: awx_purge_dates - + - name: Calculate initial size of local media repository shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_before @@ -47,12 +47,12 @@ no_log: True - name: Purge local media with loop - include_tasks: purge_media_local.yml + include_tasks: purge_media_local.yml loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" when: awx_purge_media_type == "Local Media" - name: Purge remote media with loop - include_tasks: purge_media_remote.yml + include_tasks: purge_media_remote.yml loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" when: awx_purge_media_type == "Remote Media" diff --git a/roles/matrix-awx/tasks/purge_media_remote.yml b/roles/matrix-awx/tasks/purge_media_remote.yml index 1418d9a6..5bb71918 100644 --- a/roles/matrix-awx/tasks/purge_media_remote.yml +++ b/roles/matrix-awx/tasks/purge_media_remote.yml @@ -7,11 +7,11 @@ - name: Purge remote media to specific date shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' + curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' register: awx_purge_command - + - name: Print output of purge command - debug: + debug: msg: "{{ awx_purge_command.stdout }}" - name: Pause for 5 seconds to let Synapse breathe diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index bf376c94..8f3203ab 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -91,7 +91,7 @@ matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" # Specifies where the homeserver is on the container network. # Where this is depends on whether there's a reverse-proxy in front of it, etc. # This likely gets overriden elsewhere. -matrix_homeserver_container_url: "http://matrix-synapse:8008" +matrix_homeserver_container_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_identity_server_url: ~ diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 10b3d7b4..317ea0c0 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -33,7 +33,7 @@ matrix_appservice_slack_slack_port: 9003 matrix_appservice_slack_container_http_host_bind_port: '' matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" -matrix_appservice_slack_homeserver_url: "http://matrix-synapse:8008" +matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}" matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack' @@ -82,7 +82,7 @@ matrix_appservice_slack_configuration_extension_yaml: | # Optional #matrix_admin_room: "!aBcDeF:matrix.org" #homeserver: - # url: http://localhost:8008 + # url: http://localhost:{{ matrix_synapse_container_client_api_port }} # server_name: my.server # Optional #tls: diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 2b9fe310..e051ea22 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -36,7 +36,7 @@ matrix_appservice_webhooks_matrix_port: 6789 matrix_appservice_webhooks_container_http_host_bind_port: '' matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" -matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008" +matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}" matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks' diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 55f99101..8f2f79a0 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -26,7 +26,7 @@ matrix_sms_bridge_systemd_wanted_services_list: [] matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080' matrix_sms_bridge_homeserver_hostname: 'matrix-synapse' -matrix_sms_bridge_homeserver_port: '8008' +matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}" matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" matrix_sms_bridge_default_room: '' diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index fd6b65d3..d542fd77 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -36,7 +36,7 @@ matrix_corporal_var_dir_path: "{{ matrix_corporal_base_path }}/var" matrix_corporal_matrix_homeserver_domain_name: "{{ matrix_domain }}" -# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:8008"). +# Controls where matrix-corporal can reach your Synapse server (e.g. "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"). # If Synapse runs on the same machine, you may need to add its service to `matrix_corporal_systemd_required_services_list`. matrix_corporal_matrix_homeserver_api_endpoint: "" diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index adee0b44..9e1e611a 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -83,7 +83,7 @@ matrix_ma1sd_threepid_medium_email_connectors_smtp_password: "" # so that ma1sd can rewrite the original URL to one that would reach the homeserver. matrix_ma1sd_dns_overwrite_enabled: false matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}" -matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:8008" +matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" # Override the default session templates # To use this, fill in the template variables with the full desired template as a multi-line YAML variable diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index ea26084e..368d9bdd 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -197,8 +197,8 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-pr matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "127.0.0.1:12080" # The addresses where the Matrix Client API is, when using Synapse. -matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:8008" -matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:8008" +matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" +matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" # This needs to be equal or higher than the maximum upload size accepted by Synapse. matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: 50 diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 624a6b5e..a6feb1ab 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -27,11 +27,13 @@ matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" +matrix_synapse_container_client_api_port: 8008 + matrix_synapse_container_federation_api_tls_port: 8448 matrix_synapse_container_federation_api_plain_port: 8048 -# Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/8008 in the container). +# Controls whether the matrix-synapse container exposes the Client/Server API port (tcp/{{ matrix_synapse_container_client_api_port }} in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8008"), or empty string to not expose. matrix_synapse_container_client_api_host_bind_port: '' diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index a8e0ab6f..e1ee7307 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -289,7 +289,7 @@ listeners: # Unsecure HTTP listener (Client API): for when matrix traffic passes through a reverse proxy # that unwraps TLS. - - port: 8008 + - port: {{ matrix_synapse_container_client_api_port|tojson }} tls: false bind_addresses: ['::'] type: http diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 0451fd8d..7fec6649 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -40,7 +40,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ --network={{ matrix_docker_network }} \ {% if matrix_synapse_container_client_api_host_bind_port %} - -p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ + -p {{ matrix_synapse_container_client_api_host_bind_port }}:{{ matrix_synapse_container_client_api_port }} \ {% endif %} {% if matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled and matrix_synapse_container_federation_api_tls_host_bind_port %} -p {{ matrix_synapse_container_federation_api_tls_host_bind_port }}:{{ matrix_synapse_container_federation_api_tls_port }} \ diff --git a/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 b/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 index 456c0667..228cc9ea 100644 --- a/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 +++ b/roles/matrix-synapse/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2 @@ -11,7 +11,7 @@ password=$2 admin=$3 if [ "$admin" -eq "1" ]; then - docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --admin http://localhost:8008 + docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --admin http://localhost:{{ matrix_synapse_container_client_api_port }} else - docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --no-admin http://localhost:8008 + docker exec matrix-synapse register_new_matrix_user -u "$user" -p "$password" -c /data/homeserver.yaml --no-admin http://localhost:{{ matrix_synapse_container_client_api_port }} fi diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index 36ae5a7e..40714f44 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -38,7 +38,7 @@ worker_listeners: {% endif %} {% if matrix_synapse_worker_details.type == 'frontend_proxy' %} -worker_main_http_uri: http://matrix-synapse:8008 +worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} {% endif %} worker_daemonize: false diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 049ae9b5..fda7227c 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -319,7 +319,7 @@ matrix_synapse_workers_frontend_proxy_endpoints: # the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration # file. For example: - # worker_main_http_uri: http://127.0.0.1:8008 + # worker_main_http_uri: http://127.0.0.1:{{ matrix_synapse_container_client_api_port }} matrix_synapse_workers_avail_list: - appservice From b272e6147ad923174edb85b20a4a2f78148ad25f Mon Sep 17 00:00:00 2001 From: iucca Date: Tue, 16 Nov 2021 13:37:11 +0100 Subject: [PATCH 32/46] Resolved server_map --- .../defaults/main.yml | 1 + .../templates/config.yaml.j2 | 19 +++---------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 7409fb4d..a39cdeb9 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -74,6 +74,7 @@ matrix_mautrix_whatsapp_appservice_database_uri: "{{ # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). matrix_mautrix_whatsapp_login_shared_secret: '' +matrix_mautrix_whatsapp_login_shared_secret_map: "{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}" # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 35865893..a4335936 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -15,11 +15,9 @@ homeserver: appservice: # The address that the homeserver can use to connect to this appservice. address: {{ matrix_mautrix_whatsapp_appservice_address }} - # The hostname and port where this appservice should listen. hostname: 0.0.0.0 port: 8080 - # Database config. database: # The database type. "sqlite3" and "postgres" are supported. @@ -31,7 +29,6 @@ appservice: # Maximum number of connections. Mostly relevant for Postgres. max_open_conns: 20 max_idle_conns: 2 - # The unique ID of this appservice. id: whatsapp # Appservice bot details. @@ -42,7 +39,6 @@ appservice: # to leave display name/avatar as-is. displayname: WhatsApp bridge bot avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr - # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" @@ -53,7 +49,6 @@ bridge: # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. username_template: "{{ 'whatsapp_{{.}}' }}" displayname_template: "{{ '{{if .PushName}}{{.PushName}}{{else if .BusinessName}}{{.BusinessName}}{{else}}{{.JID}}{{end}} (WA)' }}" - # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp? delivery_receipts: false # Should incoming calls send a message to the Matrix room? @@ -62,9 +57,7 @@ bridge: identity_change_notices: false # Should a "reactions not yet supported" warning be sent to the Matrix room when a user reacts to a message? reaction_notices: true - portal_message_buffer: 128 - # Settings for handling history sync payloads. These settings only apply right after login, # because the phone only sends the history sync data once, and there's no way to re-request it # (other than logging out and back in again). @@ -87,12 +80,9 @@ bridge: # Should the bridge request a full sync from the phone when logging in? # This bumps the size of history syncs from 3 months to 1 year. request_full_sync: false - user_avatar_sync: true # Should Matrix users leaving groups be bridged to WhatsApp? bridge_matrix_leave: true - - # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices. sync_with_custom_puppets: true # Should the bridge update the m.direct account data event when double puppeting is enabled. @@ -105,8 +95,8 @@ bridge: default_bridge_receipts: true default_bridge_presence: true # Servers to always allow double puppeting from - double_puppet_server_map: "{{ matrix_domain }}" - + double_puppet_server_map: + "{{ matrix_mautrix_whatsapp_homeserver_domain }}": {{ matrix_mautrix_whatsapp_homeserver_address }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -114,10 +104,7 @@ bridge: # If set, double puppeting will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` # manually. - login_shared_secret_map: - "{{ matrix_mautrix_whatsapp_homeserver_domain }}": {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} - - + login_shared_secret_map: {{ matrix_mautrix_whatsapp_login_shared_secret_map|to_json }} # Should the bridge explicitly set the avatar and room name for private chat portal rooms? private_chat_portal_meta: false # Should Matrix m.notice-type messages be bridged? From 949ae80117e6f58e4bb415cfc1db576a077d2afc Mon Sep 17 00:00:00 2001 From: iucca Date: Tue, 16 Nov 2021 14:22:06 +0100 Subject: [PATCH 33/46] added server_map variable and renamed secret_map --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 9 ++++++--- .../templates/config.yaml.j2 | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index a39cdeb9..3d630fcf 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -36,7 +36,6 @@ matrix_mautrix_whatsapp_homeserver_token: '' matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot - # Database-related configuration fields. # # To use SQLite, stick to these defaults. @@ -71,10 +70,14 @@ matrix_mautrix_whatsapp_appservice_database_uri: "{{ }[matrix_mautrix_whatsapp_database_engine] }}" - # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). matrix_mautrix_whatsapp_login_shared_secret: '' -matrix_mautrix_whatsapp_login_shared_secret_map: "{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}" +matrix_mautrix_whatsapp_bridge_login_shared_secret_map: + "{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_mautrix_whatsapp_bridge_double_puppet_server_map: + "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index a4335936..394f16a6 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -104,7 +104,7 @@ bridge: # If set, double puppeting will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` # manually. - login_shared_secret_map: {{ matrix_mautrix_whatsapp_login_shared_secret_map|to_json }} + login_shared_secret_map: {{ matrix_mautrix_whatsapp_bridge_login_shared_secret_map|to_json }} # Should the bridge explicitly set the avatar and room name for private chat portal rooms? private_chat_portal_meta: false # Should Matrix m.notice-type messages be bridged? From d3a9ec98de7d336be98b2432919720f45a5b8101 Mon Sep 17 00:00:00 2001 From: boris runakov Date: Tue, 16 Nov 2021 21:03:21 +0200 Subject: [PATCH 34/46] refactoring --- group_vars/matrix_servers | 7 +++++++ roles/matrix-base/defaults/main.yml | 2 +- roles/matrix-base/tasks/validate_config.yml | 9 +++++++++ roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- .../tasks/validate_config.yml | 1 + .../matrix-bridge-appservice-webhooks/defaults/main.yml | 2 +- .../tasks/validate_config.yml | 1 + roles/matrix-bridge-sms/defaults/main.yml | 2 +- roles/matrix-bridge-sms/tasks/validate_config.yml | 1 + roles/matrix-ma1sd/defaults/main.yml | 2 +- roles/matrix-ma1sd/tasks/validate_config.yml | 1 + roles/matrix-nginx-proxy/defaults/main.yml | 4 ++-- roles/matrix-nginx-proxy/tasks/validate_config.yml | 2 ++ .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- 14 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 roles/matrix-base/tasks/validate_config.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 139ccb02..7aa10625 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -113,6 +113,7 @@ matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}" +matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}" matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}" @@ -151,6 +152,7 @@ matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_pr matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}" +matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}" matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}" @@ -567,6 +569,7 @@ matrix_sms_bridge_systemd_required_services_list: | matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}" +matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}" matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}" ###################################################################### @@ -1216,6 +1219,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" # ma1sd's web-server port. matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_default_port|string }}" + # We enable Synapse integration via its Postgres database by default. # When using another Identity store, you might wish to disable this and define # your own configuration in `matrix_ma1sd_configuration_extension_yaml`. @@ -1308,6 +1312,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1 # Settings controlling matrix-synapse-proxy.conf matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" +matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" +matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" + matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 8f3203ab..6639c223 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -91,7 +91,7 @@ matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" # Specifies where the homeserver is on the container network. # Where this is depends on whether there's a reverse-proxy in front of it, etc. # This likely gets overriden elsewhere. -matrix_homeserver_container_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" +matrix_homeserver_container_url: "" matrix_identity_server_url: ~ diff --git a/roles/matrix-base/tasks/validate_config.yml b/roles/matrix-base/tasks/validate_config.yml new file mode 100644 index 00000000..8bb3fca0 --- /dev/null +++ b/roles/matrix-base/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required Matrix Base settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`) for using this playbook. + when: "vars[item] == ''" + with_items: + - "matrix_homeserver_container_url" \ No newline at end of file diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 317ea0c0..4f4d5e2f 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -33,7 +33,7 @@ matrix_appservice_slack_slack_port: 9003 matrix_appservice_slack_container_http_host_bind_port: '' matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" -matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" +matrix_appservice_slack_homeserver_url: "" matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}" matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack' diff --git a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml index 8af10f2f..e02c6ab0 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/validate_config.yml @@ -8,5 +8,6 @@ with_items: - "matrix_appservice_slack_control_room_id" - "matrix_appservice_slack_appservice_token" + - "matrix_appservice_slack_homeserver_url" - "matrix_appservice_slack_homeserver_token" - "matrix_appservice_slack_id_token" diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index e051ea22..25419900 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -36,7 +36,7 @@ matrix_appservice_webhooks_matrix_port: 6789 matrix_appservice_webhooks_container_http_host_bind_port: '' matrix_appservice_webhooks_homeserver_media_url: "{{ matrix_server_fqn_matrix }}" -matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" +matrix_appservice_webhooks_homeserver_url: "" matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}" matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks' diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml index b92a0eb9..48f63e68 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/validate_config.yml @@ -7,6 +7,7 @@ when: "vars[item] == ''" with_items: - "matrix_appservice_webhooks_appservice_token" + - "matrix_appservice_webhooks_homeserver_url" - "matrix_appservice_webhooks_homeserver_token" - "matrix_appservice_webhooks_id_token" - "matrix_appservice_webhooks_api_secret" diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 8f2f79a0..d3a686ce 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -26,7 +26,7 @@ matrix_sms_bridge_systemd_wanted_services_list: [] matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080' matrix_sms_bridge_homeserver_hostname: 'matrix-synapse' -matrix_sms_bridge_homeserver_port: "{{ matrix_synapse_container_client_api_port }}" +matrix_sms_bridge_homeserver_port: "" matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" matrix_sms_bridge_default_room: '' diff --git a/roles/matrix-bridge-sms/tasks/validate_config.yml b/roles/matrix-bridge-sms/tasks/validate_config.yml index 6dc6ce9c..f89b18fa 100644 --- a/roles/matrix-bridge-sms/tasks/validate_config.yml +++ b/roles/matrix-bridge-sms/tasks/validate_config.yml @@ -7,6 +7,7 @@ when: "vars[item] == ''" with_items: - "matrix_sms_bridge_appservice_token" + - "matrix_sms_bridge_homeserver_port" - "matrix_sms_bridge_homeserver_token" - "matrix_sms_bridge_default_region" - "matrix_sms_bridge_default_timezone" diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index 9e1e611a..35a48e97 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -83,7 +83,7 @@ matrix_ma1sd_threepid_medium_email_connectors_smtp_password: "" # so that ma1sd can rewrite the original URL to one that would reach the homeserver. matrix_ma1sd_dns_overwrite_enabled: false matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}" -matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}" +matrix_ma1sd_dns_overwrite_homeserver_client_value: "" # Override the default session templates # To use this, fill in the template variables with the full desired template as a multi-line YAML variable diff --git a/roles/matrix-ma1sd/tasks/validate_config.yml b/roles/matrix-ma1sd/tasks/validate_config.yml index 4f80b154..1c64b134 100644 --- a/roles/matrix-ma1sd/tasks/validate_config.yml +++ b/roles/matrix-ma1sd/tasks/validate_config.yml @@ -46,6 +46,7 @@ when: "vars[item] == ''" with_items: - "matrix_ma1sd_threepid_medium_email_connectors_smtp_host" + - "matrix_ma1sd_dns_overwrite_homeserver_client_value" - name: (Deprecation) Catch and report renamed ma1sd variables fail: diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 368d9bdd..96468c20 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -197,8 +197,8 @@ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-nginx-pr matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "127.0.0.1:12080" # The addresses where the Matrix Client API is, when using Synapse. -matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" -matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" +matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "" +matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "" # This needs to be equal or higher than the maximum upload size accepted by Synapse. matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: 50 diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index 39a2dfe5..0de93873 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -45,5 +45,7 @@ - "matrix_ssl_lets_encrypt_support_email" - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container" - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container" + - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container" + - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" when: "vars[item] == '' or vars[item] is none" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e1ee7307..1f699ee2 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -289,7 +289,7 @@ listeners: # Unsecure HTTP listener (Client API): for when matrix traffic passes through a reverse proxy # that unwraps TLS. - - port: {{ matrix_synapse_container_client_api_port|tojson }} + - port: {{ matrix_synapse_container_client_api_port|to_json }} tls: false bind_addresses: ['::'] type: http From 394ecb0accf02397c1614588fc3a61343e8d30b2 Mon Sep 17 00:00:00 2001 From: boris runakov Date: Tue, 16 Nov 2021 21:14:28 +0200 Subject: [PATCH 35/46] remove default from variable name --- group_vars/matrix_servers | 10 +++++----- roles/matrix-awx/tasks/set_variables_ma1sd.yml | 2 +- roles/matrix-ma1sd/defaults/main.yml | 4 ++-- .../templates/systemd/matrix-ma1sd.service.j2 | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 12 ++++++------ 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 52dc671c..a1dc5f7f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1214,7 +1214,7 @@ matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # ma1sd's web-server port. -matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_default_port|string }}" +matrix_ma1sd_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:' + matrix_ma1sd_container_port|string }}" # We enable Synapse integration via its Postgres database by default. # When using another Identity store, you might wish to disable this and define @@ -1296,8 +1296,8 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corpor matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:41081" matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_ma1sd_enabled }}" -matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}" -matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}" +matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" +matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" # By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy. # Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy. @@ -1714,8 +1714,8 @@ matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm6 # When ma1sd is enabled, we can use it to validate email addresses and phone numbers. # Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. -matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_default_port|string if matrix_ma1sd_enabled else '' }}" -matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_default_port|string if matrix_ma1sd_enabled else '' }}" +matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port|string if matrix_ma1sd_enabled else '' }}" +matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port|string if matrix_ma1sd_enabled else '' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index 81012d28..db5037d1 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -30,7 +30,7 @@ insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true' - 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_default_port }}"' + 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_container_port }}"' when: awx_matrix_ma1sd_auth_store == 'LDAP/AD' - name: Remove entire ma1sd configuration extension diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index adee0b44..0b9144dd 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -19,8 +19,8 @@ matrix_ma1sd_docker_src_files_path: "{{ matrix_ma1sd_base_path }}/docker-src/ma1 matrix_ma1sd_config_path: "{{ matrix_ma1sd_base_path }}/config" matrix_ma1sd_data_path: "{{ matrix_ma1sd_base_path }}/data" -matrix_ma1sd_default_port: 8090 -# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/{{ matrix_ma1sd_default_port }} in the container). +matrix_ma1sd_container_port: 8090 +# Controls whether the matrix-ma1sd container exposes its HTTP port (tcp/{{ matrix_ma1sd_container_port }} in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8090"), or empty string to not expose. matrix_ma1sd_container_http_host_bind_port: '' diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 696e8008..8e5cc6dd 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -26,7 +26,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ --tmpfs=/tmp:rw,exec,nosuid,size=10m \ --network={{ matrix_docker_network }} \ {% if matrix_ma1sd_container_http_host_bind_port %} - -p {{ matrix_ma1sd_container_http_host_bind_port }}:{{ matrix_ma1sd_default_port }} \ + -p {{ matrix_ma1sd_container_http_host_bind_port }}:{{ matrix_ma1sd_container_port }} \ {% endif %} {% if matrix_ma1sd_verbose_logging %} -e MA1SD_LOG_LEVEL=debug \ diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index ea26084e..fba0f4ea 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -166,20 +166,20 @@ matrix_nginx_proxy_proxy_matrix_corporal_api_addr_sans_container: "127.0.0.1:410 # This can be used to forward the API endpoint to another service, augmenting the functionality of Synapse's own User Directory Search. # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/directory.md matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false -matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}" -matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}" +matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" +matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" # Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain). # This allows another service to control registrations involving 3PIDs. # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false -matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}" -matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}" +matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" +matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false -matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_default_port }}" -matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_default_port }}" +matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" +matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" # Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_synapse_metrics: false From 75cb4ce3b02ba0cd005e6cb008b2bc0227eb60dd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 17 Nov 2021 10:38:52 +0200 Subject: [PATCH 36/46] Add warning about matrix_ma1sd_default_port being renamed Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1403 --- roles/matrix-ma1sd/tasks/validate_config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-ma1sd/tasks/validate_config.yml b/roles/matrix-ma1sd/tasks/validate_config.yml index 1c64b134..5f621fca 100644 --- a/roles/matrix-ma1sd/tasks/validate_config.yml +++ b/roles/matrix-ma1sd/tasks/validate_config.yml @@ -57,6 +57,7 @@ with_items: - {'old': 'matrix_ma1sd_container_expose_port', 'new': ''} - {'old': 'matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template', 'new': 'matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template'} + - {'old': 'matrix_ma1sd_default_port', 'new': 'matrix_ma1sd_container_port'} - name: (Deprecation) Catch and report mxisd variables fail: From f8fe68b38523b20cf5896d46a7cf8582ad35eaa0 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 17 Nov 2021 14:54:49 +0000 Subject: [PATCH 37/46] Allow workers to serve new v3 APIs https://github.com/matrix-org/synapse/pull/11371/commits/1f196f59cb91a1a7f8206e4dd0c93fcd05c2d9c1 --- .../nginx/conf.d/matrix-synapse.conf.j2 | 2 +- .../files/workers-doc-to-yaml.awk | 2 +- roles/matrix-synapse/vars/workers.yml | 70 +++++++++---------- 3 files changed, 37 insertions(+), 37 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 30f4877c..720b5086 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -120,7 +120,7 @@ server { {% endfor %} {% if matrix_nginx_proxy_synapse_presence_disabled %} # FIXME: keep in sync with synapse workers documentation manually - location ~ ^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status { + location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status { proxy_pass http://frontend_proxy_upstream$request_uri; proxy_set_header Host $host; } diff --git a/roles/matrix-synapse/files/workers-doc-to-yaml.awk b/roles/matrix-synapse/files/workers-doc-to-yaml.awk index d9295e32..ca58b486 100755 --- a/roles/matrix-synapse/files/workers-doc-to-yaml.awk +++ b/roles/matrix-synapse/files/workers-doc-to-yaml.awk @@ -86,7 +86,7 @@ enable_parsing { # FIXME: https://github.com/matrix-org/synapse/issues/7530 # https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456#issuecomment-719015911 - if (api_endpoint_regex == "^/_matrix/client/(r0|unstable)/auth/.*/fallback/web$") { + if (api_endpoint_regex == "^/_matrix/client/(r0|v3|unstable)/auth/.*/fallback/web$") { worker_stanza_append(" # FIXME: possible bug with SSO and multiple generic workers\n") worker_stanza_append(" # see https://github.com/matrix-org/synapse/issues/7530\n") worker_stanza_append(" # " api_endpoint_regex linefeed) diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 049ae9b5..db9b519e 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -5,10 +5,10 @@ matrix_synapse_workers_generic_worker_endpoints: # expressions: # Sync requests - - ^/_matrix/client/(v2_alpha|r0)/sync$ - - ^/_matrix/client/(api/v1|v2_alpha|r0)/events$ - - ^/_matrix/client/(api/v1|r0)/initialSync$ - - ^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$ + - ^/_matrix/client/(v2_alpha|r0|v3)/sync$ + - ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$ + - ^/_matrix/client/(api/v1|r0|v3)/initialSync$ + - ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ # Federation requests - ^/_matrix/federation/v1/event/ @@ -39,40 +39,40 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/send/ # Client API requests - - ^/_matrix/client/(api/v1|r0|unstable)/createRoom$ - - ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$ - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$ - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$ - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$ - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - - ^/_matrix/client/(api/v1|r0|unstable)/account/3pid$ - - ^/_matrix/client/(api/v1|r0|unstable)/devices$ - - ^/_matrix/client/(api/v1|r0|unstable)/keys/query$ - - ^/_matrix/client/(api/v1|r0|unstable)/keys/changes$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$ - ^/_matrix/client/versions$ - - ^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$ - - ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$ - - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ - - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/ - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/ - - ^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$ - - ^/_matrix/client/(api/v1|r0|unstable)/search$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ # Registration/login requests - - ^/_matrix/client/(api/v1|r0|unstable)/login$ - - ^/_matrix/client/(r0|unstable)/register$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ + - ^/_matrix/client/(r0|v3|unstable)/register$ - ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$ # Event sending requests - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/ - - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ - - ^/_matrix/client/(api/v1|r0|unstable)/join/ - - ^/_matrix/client/(api/v1|r0|unstable)/profile/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ # Additionally, the following REST endpoints can be handled for GET requests: @@ -86,7 +86,7 @@ matrix_synapse_workers_generic_worker_endpoints: # for the room are in flight: # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/messages$ + # ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/messages$ # Additionally, the following endpoints should be included if Synapse is configured # to use SSO (you only need to include the ones for whichever SSO provider you're @@ -94,7 +94,7 @@ matrix_synapse_workers_generic_worker_endpoints: # for all SSO providers # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect + # ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect # ^/_synapse/client/pick_idp$ # ^/_synapse/client/pick_username # ^/_synapse/client/new_user_consent$ @@ -110,7 +110,7 @@ matrix_synapse_workers_generic_worker_endpoints: # CAS requests. # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|unstable)/login/cas/ticket$ + # ^/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$ # Ensure that all SSO logins go to a single process. # For multiple workers not handling the SSO endpoints properly, see @@ -292,7 +292,7 @@ matrix_synapse_workers_user_dir_endpoints: # Handles searches in the user directory. It can handle REST endpoints matching # the following regular expressions: - - ^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$ + - ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$ # When using this worker you must also set `update_user_directory: False` in the # shared configuration file to stop the main synapse running background @@ -303,13 +303,13 @@ matrix_synapse_workers_frontend_proxy_endpoints: # load from the main synapse. It can handle REST endpoints matching the following # regular expressions: - - ^/_matrix/client/(api/v1|r0|unstable)/keys/upload + - ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload # If `use_presence` is False in the homeserver config, it can also handle REST # endpoints matching the following regular expressions: # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status + # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status # This "stub" presence handler will pass through `GET` request but make the # `PUT` effectively a no-op. From e1a6d1e4b231abb07b8203d988489caf7902093d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 17 Nov 2021 17:21:15 +0200 Subject: [PATCH 38/46] Upgrade Synapse (1.46.0 -> 1.47.0) We had to remove UID/GID environment variables that we used to pass to the Synapse container, because it was causing a problem after https://github.com/matrix-org/synapse/pull/11209 We were using both `--user` and UID/GID environment variables until now. --- roles/matrix-synapse/defaults/main.yml | 4 +-- .../tasks/synapse/setup_install.yml | 2 -- .../templates/synapse/homeserver.yaml.j2 | 31 ++++++++++++++----- .../systemd/matrix-synapse-worker.service.j2 | 2 -- .../synapse/systemd/matrix-synapse.service.j2 | 2 -- roles/matrix-synapse/vars/workers.yml | 18 ++++++----- 6 files changed, 36 insertions(+), 23 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a6feb1ab..e48e3e89 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.46.0 -matrix_synapse_version_arm64: v1.46.0 +matrix_synapse_version: v1.47.0 +matrix_synapse_version_arm64: v1.47.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index b658cfff..09ec798d 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -67,8 +67,6 @@ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data - -e UID={{ matrix_user_uid }} - -e GID={{ matrix_user_gid }} -e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml -e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }} -e SYNAPSE_REPORT_STATS=no diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1f699ee2..1780fb91 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -66,8 +66,28 @@ pid_file: /homeserver.pid # Otherwise, it should be the URL to reach Synapse's client HTTP listener (see # 'listeners' below). # +# Defaults to 'https:///'. +# public_baseurl: https://{{ matrix_server_fqn_matrix }}/ +# Uncomment the following to tell other servers to send federation traffic on +# port 443. +# +# By default, other servers will try to reach our server on port 8448, which can +# be inconvenient in some environments. +# +# Provided 'https:///' on port 443 is routed to Synapse, this +# option configures Synapse to serve a file at +# 'https:///.well-known/matrix/server'. This will tell other +# servers to send traffic to port 443 instead. +# +# See https://matrix-org.github.io/synapse/latest/delegate.html for more +# information. +# +# Defaults to 'false'. +# +#serve_server_wellknown: true + # Set the soft limit on the number of file descriptors synapse can use # Zero is used to indicate synapse should set the soft limit to the # hard limit. @@ -1271,7 +1291,7 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # in on this server. # # (By default, no suggestion is made, so it is left up to the client. -# This setting is ignored unless public_baseurl is also set.) +# This setting is ignored unless public_baseurl is also explicitly set.) # #default_identity_server: https://matrix.org @@ -1296,8 +1316,6 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # by the Matrix Identity Service API specification: # https://matrix.org/docs/spec/identity_service/latest # -# If a delegate is specified, the config option public_baseurl must also be filled out. -# account_threepid_delegates: email: {{ matrix_synapse_account_threepid_delegates_email|to_json }} msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }} @@ -1990,11 +2008,10 @@ sso: # phishing attacks from evil.site. To avoid this, include a slash after the # hostname: "https://my.client/". # - # If public_baseurl is set, then the login fallback page (used by clients - # that don't natively support the required login flows) is whitelisted in - # addition to any URLs in this list. + # The login fallback page (used by clients that don't natively support the + # required login flows) is whitelisted in addition to any URLs in this list. # - # By default, this list is empty. + # By default, this list contains only the login fallback page. # #client_whitelist: # - https://riot.im/develop diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 6c90c9a3..43dc42d1 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -17,8 +17,6 @@ ExecStartPre={{ matrix_host_command_sleep }} 5 ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_worker_container_name }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - -e UID={{ matrix_user_uid }} \ - -e GID={{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 7fec6649..188db5ef 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -33,8 +33,6 @@ ExecStartPre={{ matrix_host_command_sleep }} 3 ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --env=UID={{ matrix_user_uid }} \ - --env=GID={{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index fda7227c..ad9a7315 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -271,19 +271,19 @@ matrix_synapse_workers_media_repository_endpoints: # expose the `media` resource. For example: # ```yaml - # worker_listeners: - # - type: http - # port: 8085 - # resources: - # - names: - # - media + # worker_listeners: + # - type: http + # port: 8085 + # resources: + # - names: + # - media # ``` # Note that if running multiple media repositories they must be on the same server # and you must configure a single instance to run the background tasks, e.g.: # ```yaml - # media_instance_running_background_jobs: "media-repository-1" + # media_instance_running_background_jobs: "media-repository-1" # ``` # Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately). @@ -319,7 +319,9 @@ matrix_synapse_workers_frontend_proxy_endpoints: # the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration # file. For example: - # worker_main_http_uri: http://127.0.0.1:{{ matrix_synapse_container_client_api_port }} + # ```yaml + # worker_main_http_uri: http://127.0.0.1:8008 + # ``` matrix_synapse_workers_avail_list: - appservice From d41e9230da30a5f12beac49ad4d66c53d8750f2d Mon Sep 17 00:00:00 2001 From: rakshazi Date: Wed, 17 Nov 2021 21:34:46 +0200 Subject: [PATCH 39/46] expose smtp_user and smtp_pass to ansible configs (role: matrix-synapse) --- roles/matrix-synapse/defaults/main.yml | 2 ++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e48e3e89..dc8a9eb0 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -473,6 +473,8 @@ matrix_synapse_turn_allow_guests: False matrix_synapse_email_enabled: false matrix_synapse_email_smtp_host: "" matrix_synapse_email_smtp_port: 587 +matrix_synapse_email_smtp_user: "" +matrix_synapse_email_smtp_pass: "" matrix_synapse_email_smtp_require_transport_security: false matrix_synapse_email_notif_from: "Matrix " matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1780fb91..042ea083 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2338,9 +2338,8 @@ email: # Username/password for authentication to the SMTP server. By default, no # authentication is attempted. - # - #smtp_user: "exampleusername" - #smtp_pass: "examplepassword" + smtp_user: {{ matrix_synapse_email_smtp_user|string|to_json }} + smtp_pass: {{ matrix_synapse_email_smtp_pass|string|to_json }} # Uncomment the following to require TLS transport security for SMTP. # By default, Synapse will connect over plain text, and will then switch to From 110d91b06ed235957d263ce85e62dade022940e3 Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Thu, 18 Nov 2021 13:05:30 +0200 Subject: [PATCH 40/46] Upgrade Heisenbridge (1.6.0 -> 1.7.0) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 9a87a6da..9a769432 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -3,7 +3,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.6.0 +matrix_heisenbridge_version: 1.7.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 2e73dac39fb55c4f526d7deba173f0b9e9f6d180 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 19 Nov 2021 10:51:46 +0200 Subject: [PATCH 41/46] Upgrade matrix-corporal (2.1.4 -> 2.2.0) There was also a 2.1.5 security release made today. 2.2.0 contains the same security fix + more. Both make handling of Client-Server API v3-prefixed requests better. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1404 --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 5c90fe99..f6040263 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.1.4 +matrix_corporal_version: 2.2.0 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From 2734adfb4e30bfabe5b2b8f2d01c1ea4cc049e15 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 20 Nov 2021 09:28:27 +0200 Subject: [PATCH 42/46] Upgrade matrix-corporal (2.2.0 -> 2.2.1) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index f6040263..dfc71479 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_version: 2.2.0 +matrix_corporal_version: 2.2.1 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility From fc751f0330ac487de1ba4526eca969da8889abf4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 20 Nov 2021 09:31:04 +0200 Subject: [PATCH 43/46] Upgrade exim-relay (4.94.2-r0-4 -> 4.94.2-r0-5) --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 71a33752..e60ea50f 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_version: 4.94.2-r0-4 +matrix_mailer_version: 4.94.2-r0-5 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" From e11e31e2c602b775b94b8292cfbd26ad2964346d Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Mon, 22 Nov 2021 16:53:20 +0100 Subject: [PATCH 44/46] Update main.yml --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 1273859d..b05f0d85 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.9.4 +matrix_client_element_version: v1.9.5 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 6b07ee3b582e06b92e9e237a68cff4b4bfa68acd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 23 Nov 2021 14:50:07 +0200 Subject: [PATCH 45/46] Upgrade Synapse (1.47.0 -> 1.47.1) - security fixes Learn more here: https://github.com/matrix-org/synapse/releases/tag/v1.47.1 --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index dc8a9eb0..56d448df 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.47.0 -matrix_synapse_version_arm64: v1.47.0 +matrix_synapse_version: v1.47.1 +matrix_synapse_version_arm64: v1.47.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From e8a57ad432ed40d01078a12db471ce515d29d38b Mon Sep 17 00:00:00 2001 From: Toni Spets Date: Tue, 23 Nov 2021 15:03:09 +0200 Subject: [PATCH 46/46] Upgrade Heisenbridge (1.7.0 -> 1.7.1) --- roles/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 9a769432..cd5a0858 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -3,7 +3,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.7.0 +matrix_heisenbridge_version: 1.7.1 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"