Merge remote-tracking branch 'master' into feature/add-worker-support

This commit is contained in:
Marcel Partap 2020-10-11 20:59:05 +02:00
commit 93a8ea7e4a
30 changed files with 281 additions and 82 deletions

2
.gitignore vendored
View file

@ -3,3 +3,5 @@
!/inventory/host_vars/.gitkeep
!/inventory/scripts
/roles/*/files/scratchpad
.DS_Store
.python-version

View file

@ -1,3 +1,22 @@
# 2020-10-02
## Minimum Ansible version raised to v2.7.0
We were claiming to support [Ansible](https://www.ansible.com/) v2.5.2 and higher, but issues like [#662](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/662) demonstrate that we need at least v2.7.0.
If you've been using the playbook without getting any errors until now, you're probably on a version higher than that already (or you're not using the `matrix-ma1sd` and `matrix-client-element` roles).
Our [Ansible docs page](docs/ansible.md) contains information on how to run a more up-to-date version of Ansible.
# 2020-10-01
## Postgres 13 support
The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default.
If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql).
# 2020-09-01
## matrix-registration support

View file

@ -56,7 +56,7 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation

View file

@ -9,7 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv
## Supported Ansible versions
Ansible 2.5.2 or newer is required.
Ansible 2.7.0 or newer is required.
## Checking your Ansible version
@ -49,7 +49,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
devture/ansible:2.9.9-r0
devture/ansible:2.9.13-r0
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

View file

@ -38,6 +38,7 @@ Follow our [Registering users](registering-users.md) guide to learn how to regis
You are required to specify an access token (belonging to this new user) for Dimension to work.
To get an access token for the Dimension user, you can follow one of two options:
*Through an interactive login*:
1. In a private browsing session (incognito window), open Element.

View file

@ -56,11 +56,19 @@ The default authentication mode of Jitsi is `internal`, however LDAP is also sup
```yaml
matrix_jitsi_enable_auth: true
matrix_jitsi_auth_type: ldap
matrix_jitsi_ldap_url: ldap://ldap.DOMAIN # or ldaps:// if using tls
matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN"
matrix_jitsi_ldap_filter: "(&(uid=%u)(employeeType=active))"
matrix_jitsi_ldap_use_tls: false
matrix_jitsi_ldap_start_tls: true
matrix_jitsi_ldap_url: "ldap://ldap.DOMAIN"
matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN
#matrix_jitsi_ldap_binddn: ""
#matrix_jitsi_ldap_bindpw: ""
matrix_jitsi_ldap_filter: "uid=%u"
matrix_jitsi_ldap_auth_method: "bind"
matrix_jitsi_ldap_version: "3"
matrix_jitsi_ldap_use_tls: true
matrix_jitsi_ldap_tls_ciphers: ""
matrix_jitsi_ldap_tls_check_peer: true
matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
matrix_jitsi_ldap_start_tls: false
```
For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap) and the [saslauthd `LDAP_SASLAUTHD`](https://github.com/winlibs/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD) documentation.

View file

@ -3,7 +3,7 @@
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `element.<your-domain>`)
Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
They can also be used for configuring [your own webserver](configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
If you need to retrieve certificates for other domains (e.g. your base domain) or more control over certificate retrieval, read below.
@ -13,7 +13,7 @@ Things discussed in this document:
- [Using your own SSL certificates](#using-your-own-ssl-certificates), if you don't want to or can't use Let's Encrypt certificates, but are still interested in using the integrated nginx reverse proxy server
- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](docs/configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you
- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you
- [Obtaining SSL certificates for additional domains](#obtaining-ssl-certificates-for-additional-domains), if you'd like to host additional domains on the Matrix server and would like the playbook to help you obtain and renew certificates for those domains automatically

View file

@ -20,4 +20,7 @@ Run this command (make sure to replace `<server-path-to-homeserver.db>` with a f
ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_homeserver_db=<server-path-to-homeserver.db>' --tags=import-sqlite-db
**Note**: `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` file on the server (not on your local machine!).
**Notes**:
- `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` **file on the server** (not on your local machine!).
- if the SQLite database is from an older version of Synapse, the **importing procedure may run migrations on it to bring it up to date**. That is, your SQLite database file may get modified and become unusable with your older Synapse version. Keeping a copy of the original is probably wise.

View file

@ -45,7 +45,7 @@ docker run \
--log-driver=none \
--network=matrix \
--env-file=/matrix/postgres/env-postgres-psql \
postgres:12.4-alpine \
postgres:13.0-alpine \
pg_dumpall -h matrix-postgres \
| gzip -c \
> /postgres.sql.gz

147
examples/caddy2/Caddyfile Normal file
View file

@ -0,0 +1,147 @@
matrix.DOMAIN.tld {
@identity {
path /_matrix/identity/*
}
@noidentity {
not path /_matrix/identity/*
}
@search {
path /_matrix/client/r0/user_directory/search/*
}
@nosearch {
not path /_matrix/client/r0/user_directory/search/*
}
@static {
path /matrix/static-files/*
}
@nostatic {
not path /matrix/static-files/*
}
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
167,9 79%
}
# Cache
header @static {
# Cache
Cache-Control "public, max-age=31536000"
defer
}
# identity
handle @identity {
reverse_proxy localhost:8090 {
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}
# search
handle @search {
reverse_proxy localhost:8090 {
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}
handle {
encode zstd gzip
reverse_proxy localhost:8008 {
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}
}
matrix.DOMAIN.tld:8448 {
handle {
encode zstd gzip
reverse_proxy 127.0.0.1:8048 {
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}
}
dimension.DOMAIN.tld {
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
}
handle {
encode zstd gzip
reverse_proxy localhost:8184 {
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}
}
element.DOMAIN.tld {
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
}
handle {
encode zstd gzip
reverse_proxy localhost:8765 {
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}

View file

@ -4,6 +4,9 @@
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE

View file

@ -18,8 +18,6 @@
matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
######################################################################
#
# /matrix-base
@ -1045,6 +1043,8 @@ matrix_synapse_admin_enabled: false
# Synapse Admin's HTTP port to the local host.
matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}"
######################################################################
#
# /matrix-synapse-admin

View file

@ -59,13 +59,13 @@ matrix_integration_manager_ui_url: ~
# The domain name where a Jitsi server is self-hosted.
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
matrix_riot_jitsi_preferredDomain: ''
# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
matrix_client_element_jitsi_preferredDomain: ''
# Controls whether Element should use End-to-End Encryption by default.
# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
matrix_riot_e2ee_default: true
# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
matrix_client_element_e2ee_default: true
# The Docker network that all services would be put into
matrix_docker_network: "matrix"

View file

@ -1,19 +1,10 @@
---
- set_fact:
matrix_ansible_outdated_fail_msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
- name: Fail if running on Ansible < 2.5
# We generally support Ansible 2.7.0 and above.
- name: Fail if running on Ansible < 2.7
fail:
msg: "{{ matrix_ansible_outdated_fail_msg }}"
when: "ansible_version.major <= 2 and ansible_version.minor < 5"
# Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`.
# The bug has been fixed in Ansible 2.5.2.
- name: Fail if running on Ansible 2.5.x (lower than 2.5.2)
fail:
msg: "{{ matrix_ansible_outdated_fail_msg }}"
when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 7)"
- name: (Deprecation) Catch and report renamed settings
fail:

View file

@ -17,6 +17,9 @@
uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
state: present
group: "{{ matrix_user_groupname }}"
home: "{{ matrix_base_data_path }}"
create_home: no
system: yes
register: matrix_user
- name: Set Matrix Group UID Variable

View file

@ -18,12 +18,18 @@
]
}
{% endif %}
{% if matrix_riot_jitsi_preferredDomain %},
{% if matrix_client_element_jitsi_preferredDomain %},
"io.element.jitsi": {
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
},
"im.vector.riot.jitsi": {
"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
}
{% endif %}
{% if not matrix_riot_e2ee_default %},
{% if not matrix_client_element_e2ee_default %},
"io.element.e2ee": {
"default": false
},
"im.vector.riot.e2ee": {
"default": false
}

View file

@ -3,7 +3,7 @@
matrix_bot_matrix_reminder_bot_enabled: true
matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-0.1.0"
matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-v0.2.0"
matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"

View file

@ -3,7 +3,7 @@
matrix_appservice_slack_enabled: true
matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:cadair"
matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.5.0"
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"

View file

@ -1,6 +1,6 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix mx-puppet-instagram bridge
Description=Matrix Mx Puppet Instagram server
{% for service in matrix_mx_puppet_instagram_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}

View file

@ -2,7 +2,7 @@ matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
matrix_client_element_docker_image: "vectorim/riot-web:v1.7.5"
matrix_client_element_docker_image: "vectorim/riot-web:v1.7.8"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
@ -30,9 +30,11 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
matrix_client_element_permalinkPrefix: "https://matrix.to"
matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit"
matrix_client_element_showLabsSettings: true
# Element public room directory server(s)
matrix_client_element_roomdir_servers: ['matrix.org']
matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
matrix_client_element_welcome_user_id: ~
# Branding of Element
matrix_client_element_brand: "Element"

View file

@ -20,8 +20,8 @@
"integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }},
"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }},
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"enableLabs": true,
"bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }},
"showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }},
"roomDirectory": {
"servers": {{ matrix_client_element_roomdir_servers|to_json }}
},

View file

@ -97,19 +97,10 @@ h1::after {
color: #2e2f32 !important;
}
.mx_ButtonHeadline {
margin-bottom: 14px;
}
.mx_ButtonLabel {
margin-left: 20px;
}
.mx_ButtonWrapperText {
font-size: 13px;
margin-bottom: 10px;
}
.mx_Header_title {
font-size: 24px;
font-weight: 600;
@ -128,7 +119,7 @@ h1::after {
}
.mx_ButtonCreateAccount {
background-color: #03B381;
background-color: #0DBD8B;
color: white !important;
}
@ -150,6 +141,32 @@ h1::after {
background-image: url('welcome/images/icon-room-directory.svg');
}
/*
.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component
If it is set on the page, we should show the buttons. Otherwise, we have to assume
we don't have an account and should hide them. No account == no guest account either.
*/
.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions {
display: none;
}
.mx_ButtonRow.mx_WelcomePage_guestFunctions {
margin-top: 20px;
}
.mx_ButtonRow.mx_WelcomePage_guestFunctions > div {
margin: 0 auto;
}
@media only screen and (max-width: 480px) {
.mx_ButtonRow {
flex-direction: column;
}
.mx_ButtonRow > * {
margin: 0 0 10px 0;
}
}
</style>
<div class="mx_Parent">
@ -175,17 +192,10 @@ h1::after {
See https://github.com/vector-im/riot-web/issues/8622.
TODO: Convert to config option if possible. -->
<!-- BEGIN Ansible: Remove these lines when guest access is disabled -->
<div class="mx_ButtonRow">
<div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
<div>
<div class="mx_ButtonWrapperText">_t("Need help?")</div>
<a href="#/user/@riot-bot:matrix.org?action=chat" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconHelp">
<div class="mx_ButtonLabel">_t("Chat with Riot Bot")</div>
</a>
</div>
<div>
<div class="mx_ButtonWrapperText">_t("Explore rooms")</div>
<a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
<div class="mx_ButtonLabel">_t("Room Directory")</div>
<div class="mx_ButtonLabel">_t("Explore rooms")</div>
</a>
</div>
</div>

View file

@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']
matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0"
matrix_corporal_docker_image: "devture/matrix-corporal:1.11.0"
matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"

View file

@ -27,7 +27,7 @@ matrix_dimension_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_dimension_container_extra_arguments: []
matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/riot"
matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"]
matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"

View file

@ -12,7 +12,8 @@ matrix_postgres_docker_image_v9: "postgres:9.6.19-alpine"
matrix_postgres_docker_image_v10: "postgres:10.14-alpine"
matrix_postgres_docker_image_v11: "postgres:11.9-alpine"
matrix_postgres_docker_image_v12: "postgres:12.4-alpine"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
matrix_postgres_docker_image_v13: "postgres:13.0-alpine"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
# This variable is assigned at runtime. Overriding its value has no effect.
matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'

View file

@ -81,6 +81,6 @@
--entrypoint=python
-v {{ matrix_synapse_config_dir_path }}:/data
-v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}
{{ matrix_synapse_docker_image }}
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml

View file

@ -49,3 +49,8 @@
set_fact:
matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}"
when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')"
- name: Determine corresponding Docker image to detected version (use 12.x, if detected)
set_fact:
matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}"
when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')"

View file

@ -7,7 +7,7 @@ matrix_synapse_admin_container_self_build: false
matrix_synapse_admin_docker_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.4.1"
matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.5.0"
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
# A list of extra arguments to pass to the container

View file

@ -5,7 +5,7 @@ matrix_synapse_enabled: true
matrix_synapse_container_image_self_build: false
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.1"
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.1"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"

View file

@ -399,11 +399,10 @@ retention:
# min_lifetime: 1d
# max_lifetime: 1y
# Retention policy limits. If set, a user won't be able to send a
# 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
# that's not within this range. This is especially useful in closed federations,
# in which server admins can make sure every federating server applies the same
# rules.
# Retention policy limits. If set, and the state of a room contains a
# 'm.room.retention' event in its state which contains a 'min_lifetime' or a
# 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy
# to these limits when running purge jobs.
#
#allowed_lifetime_min: 1d
#allowed_lifetime_max: 1y
@ -423,18 +422,19 @@ retention:
# 'longest_max_lifetime' of '3d' will handle every room with a retention policy
# which 'max_lifetime' is lower than or equal to three days.
#
# The rationale for this per-job configuration is that some rooms might have a
# retention policy with a low 'max_lifetime', where history needs to be purged
# of outdated messages on a more frequent basis than for the rest of the rooms
# (e.g. every 12h), but not want that purge to be performed by a job that's
# iterating over every room it knows, which could be heavy on the server.
# If any purge job is configured, it is strongly recommended to have at least
# a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime'
# set, or one job without 'shortest_max_lifetime' and one job without
# 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if
# 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a
# room's policy to these values is done after the policies are retrieved from
# Synapse's database (which is done using the range specified in a purge job's
# configuration).
#
#purge_jobs:
# - shortest_max_lifetime: 1d
# longest_max_lifetime: 3d
# - longest_max_lifetime: 3d
# interval: 12h
# - shortest_max_lifetime: 3d
# longest_max_lifetime: 1y
# interval: 1d
# Inhibits the /requestToken endpoints from returning an error that might leak
@ -1957,9 +1957,7 @@ email:
# Directory in which Synapse will try to find the template files below.
# If not set, default templates from within the Synapse package will be used.
#
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
# If you *do* uncomment it, you will need to make sure that all the templates
# below are in the directory.
# Do not uncomment this setting unless you want to customise the templates.
#
# Synapse will look for the following templates in this directory:
#