From abf70f777258de8c75aa4a758f0074ed07f3043f Mon Sep 17 00:00:00 2001 From: Olaf Schoenwald Date: Sat, 12 Sep 2020 10:52:25 +0200 Subject: [PATCH 01/44] Adds example for Caddy2 Caddyfile --- .DS_Store | Bin 0 -> 6148 bytes examples/caddy2/Caddyfile | 126 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 .DS_Store create mode 100644 examples/caddy2/Caddyfile diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..7ca3f0dd3376c60b62a895fce41d817aca687d8c GIT binary patch literal 6148 zcmeHK%Wl&^6ur~B)JcoT0;yekgT$hWQbCCjLQ2y_5Q&#Cf(4+|uHDp*kRH)J>e2&x46M_Tyb|wAiD!^UF?NWw=*M-oVK0hC9gekvNKnepT%+byX?5n1Ao%5T|J7U%n2et z5#+%0;qvN55P9*W9gia~730{l!!#>qrC-~f&2Aqw_pF?Ia50Xn3HCa z(mjReA$8~>aK%y)OCZnK5CP>!%BtY!Ju6tgK0?TYU#BS+O;~&z#zUWHpnB0w1>fAd z=tAiEYX!6dOA7G)!9wELQn-*Pwhm Date: Sat, 12 Sep 2020 11:04:16 +0200 Subject: [PATCH 02/44] Comment in host-cars --- examples/host-vars.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/host-vars.yml b/examples/host-vars.yml index 64d12097..e4e08bda 100644 --- a/examples/host-vars.yml +++ b/examples/host-vars.yml @@ -4,6 +4,9 @@ # Note: this playbook does not touch the server referenced here. # Installation happens on another server ("matrix."). # +# Plesae remember, if you've deployed the wrong URL, you have to run the Uninstalling step, +# cause you can't change the Domain after deployment. +# # Example value: example.com matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE From 77635c452937750aac3d9e5b7508f740d7e033ad Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 12 Sep 2020 14:11:16 -0500 Subject: [PATCH 03/44] Fix links to using your own webserver doc --- docs/configuring-playbook-ssl-certificates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 916f6838..5b5c7cdc 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -3,7 +3,7 @@ By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.` and possibly `element.`) Those certificates are used when configuring the nginx reverse proxy installed by this playbook. -They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook. +They can also be used for configuring [your own webserver](configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook. If you need to retrieve certificates for other domains (e.g. your base domain) or more control over certificate retrieval, read below. @@ -13,7 +13,7 @@ Things discussed in this document: - [Using your own SSL certificates](#using-your-own-ssl-certificates), if you don't want to or can't use Let's Encrypt certificates, but are still interested in using the integrated nginx reverse proxy server -- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](docs/configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you +- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you - [Obtaining SSL certificates for additional domains](#obtaining-ssl-certificates-for-additional-domains), if you'd like to host additional domains on the Matrix server and would like the playbook to help you obtain and renew certificates for those domains automatically From b0511603fd9f4cf129f5501ce7af6320d6161364 Mon Sep 17 00:00:00 2001 From: Dominik Zajac Date: Sat, 12 Sep 2020 22:10:41 +0200 Subject: [PATCH 04/44] Update configuring-playbook-jitsi.md modified example for jitsi ldap authentication to show all available variables. --- docs/configuring-playbook-jitsi.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index efc5eaaf..72402360 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -56,11 +56,19 @@ The default authentication mode of Jitsi is `internal`, however LDAP is also sup ```yaml matrix_jitsi_enable_auth: true matrix_jitsi_auth_type: ldap -matrix_jitsi_ldap_url: ldap://ldap.DOMAIN # or ldaps:// if using tls -matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN" -matrix_jitsi_ldap_filter: "(&(uid=%u)(employeeType=active))" -matrix_jitsi_ldap_use_tls: false -matrix_jitsi_ldap_start_tls: true +matrix_jitsi_ldap_url: "ldap://ldap.DOMAIN" +matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN +#matrix_jitsi_ldap_binddn: "" +#matrix_jitsi_ldap_bindpw: "" +matrix_jitsi_ldap_filter: "uid=%u" +matrix_jitsi_ldap_auth_method: "bind" +matrix_jitsi_ldap_version: "3" +matrix_jitsi_ldap_use_tls: true +matrix_jitsi_ldap_tls_ciphers: "" +matrix_jitsi_ldap_tls_check_peer: true +matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt" +matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs" +matrix_jitsi_ldap_start_tls: false ``` For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap) and the [saslauthd `LDAP_SASLAUTHD`](https://github.com/winlibs/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD) documentation. From a49718632a9cd56372bf3d5aad20f9805b409210 Mon Sep 17 00:00:00 2001 From: 0hlov3 <36544727+0hlov3@users.noreply.github.com> Date: Sat, 12 Sep 2020 23:26:11 +0200 Subject: [PATCH 05/44] Delete .DS_Store Removes DS-Store --- .DS_Store | Bin 6148 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 7ca3f0dd3376c60b62a895fce41d817aca687d8c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK%Wl&^6ur~B)JcoT0;yekgT$hWQbCCjLQ2y_5Q&#Cf(4+|uHDp*kRH)J>e2&x46M_Tyb|wAiD!^UF?NWw=*M-oVK0hC9gekvNKnepT%+byX?5n1Ao%5T|J7U%n2et z5#+%0;qvN55P9*W9gia~730{l!!#>qrC-~f&2Aqw_pF?Ia50Xn3HCa z(mjReA$8~>aK%y)OCZnK5CP>!%BtY!Ju6tgK0?TYU#BS+O;~&z#zUWHpnB0w1>fAd z=tAiEYX!6dOA7G)!9wELQn-*Pwhm Date: Sat, 12 Sep 2020 23:26:27 +0200 Subject: [PATCH 06/44] Removes DS_Store --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 32ab139f..d6068088 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ !/inventory/host_vars/.gitkeep !/inventory/scripts /roles/*/files/scratchpad +.DS_Store From c366e2636009a9668611b8d2a61e1ec1038ad2a5 Mon Sep 17 00:00:00 2001 From: 0hlov3 Date: Sun, 13 Sep 2020 03:11:37 +0200 Subject: [PATCH 07/44] Updates exempes/caddy2/Caddyfile to SSL Grade A+ --- examples/caddy2/Caddyfile | 68 ++++++++++++++++++++++++++++----------- 1 file changed, 49 insertions(+), 19 deletions(-) diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 09b3367e..0abb25af 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -27,13 +27,17 @@ matrix.DOMAIN.tld { } header { - Access-Control-Allow-Origin * - Strict-Transport-Security "mag=age=31536000;" - X-Frame-Options "DENY" + # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type + X-Content-Type-Options "nosniff" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + # X-Robots-Tag + X-Robots-Tag "noindex, noarchive, nofollow" 167,9 79% - Strict-Transport-Security "mag=age=31536000;" - X-Frame-Options "DENY" - X-XSS-Protection "1; mode=block" } # Cache @@ -78,23 +82,36 @@ matrix.DOMAIN.tld { } } -:8448 { - handle { - encode zstd gzip +matrix.DOMAIN.tld:8448 { + handle { + encode zstd gzip - reverse_proxy localhost:8448 { - header_up X-Forwarded-Port {http.request.port} - header_up X-Forwarded-Proto {http.request.scheme} - header_up X-Forwarded-TlsProto {tls_protocol} - header_up X-Forwarded-TlsCipher {tls_cipher} - header_up X-Forwarded-HttpsProto {proto} - } - } + reverse_proxy 127.0.0.1:8048 { + header_up X-Forwarded-Port {http.request.port} + header_up X-Forwarded-Proto {http.request.scheme} + header_up X-Forwarded-TlsProto {tls_protocol} + header_up X-Forwarded-TlsCipher {tls_cipher} + header_up X-Forwarded-HttpsProto {proto} + } + } } dimension.DOMAIN.tld { - tls {$CADDY_TLS} + tls {$CADDY_TLS} + + header { + # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type + X-Content-Type-Options "nosniff" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + # X-Robots-Tag + X-Robots-Tag "noindex, noarchive, nofollow" + } handle { encode zstd gzip @@ -111,7 +128,20 @@ dimension.DOMAIN.tld { element.DOMAIN.tld { - tls {$CADDY_TLS} + tls {$CADDY_TLS} + + header { + # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type + X-Content-Type-Options "nosniff" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + # X-Robots-Tag + X-Robots-Tag "noindex, noarchive, nofollow" + } handle { encode zstd gzip From c19abe4a76cdb2d9285f63d2cbf43005658fefe7 Mon Sep 17 00:00:00 2001 From: 0hlov3 Date: Sun, 13 Sep 2020 04:19:19 +0200 Subject: [PATCH 08/44] Changes matrix_dimension_integrations_ui_url from /riot to /element https://dimension.t2bot.io/ --- roles/matrix-dimension/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 770f5bcb..33e7212c 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -27,7 +27,7 @@ matrix_dimension_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_dimension_container_extra_arguments: [] -matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/riot" +matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element" matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar" matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" From 6fefbc248abbc8e2d1666d4a26b8caa8e3229dcb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 13 Sep 2020 09:51:04 +0300 Subject: [PATCH 09/44] Fix typo and wording --- examples/host-vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/host-vars.yml b/examples/host-vars.yml index e4e08bda..409f344a 100644 --- a/examples/host-vars.yml +++ b/examples/host-vars.yml @@ -4,8 +4,8 @@ # Note: this playbook does not touch the server referenced here. # Installation happens on another server ("matrix."). # -# Plesae remember, if you've deployed the wrong URL, you have to run the Uninstalling step, -# cause you can't change the Domain after deployment. +# If you've deployed using the wrong domain, you'll have to run the Uninstalling step, +# because you can't change the Domain after deployment. # # Example value: example.com matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE From 6e8a39119bdeee039ec63a6e7fbc14122f81a226 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 14 Sep 2020 10:19:47 +0300 Subject: [PATCH 10/44] Update matrix-reminder-bot (0.1.0 -> 0.2.0) --- roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index a502690e..8f4a2c2f 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -3,7 +3,7 @@ matrix_bot_matrix_reminder_bot_enabled: true -matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-0.1.0" +matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-v0.2.0" matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}" matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot" From b24333dd0f8b22bbfe4f386596dd10a1b7c1055b Mon Sep 17 00:00:00 2001 From: Scott Crossen Date: Mon, 14 Sep 2020 11:11:30 -0700 Subject: [PATCH 11/44] Use the same naming convention as the other mx-puppet suite. --- .../templates/systemd/matrix-mx-puppet-instagram.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 4c4b74a5..b94c399a 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix mx-puppet-instagram bridge +Description=Matrix Mx Puppet Instagram server {% for service in matrix_mx_puppet_instagram_systemd_required_services_list %} Requires={{ service }} After={{ service }} From 8f41041f6db84a2b8b10ddd9e035c42d47962118 Mon Sep 17 00:00:00 2001 From: Daniel Wiegreffe Date: Tue, 15 Sep 2020 09:11:56 +0200 Subject: [PATCH 12/44] replacement of the docker image for appservice-slack to the officially maintained image --- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 58dde6a0..8974d2e0 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -3,7 +3,7 @@ matrix_appservice_slack_enabled: true -matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:cadair" +matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack" From faa96ca0c3aa8fb824cc1ddebb5eed93f40be710 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Tue, 15 Sep 2020 06:15:30 -0500 Subject: [PATCH 13/44] Update element (1.7.5 -> 1.7.7) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 8592c270..0aaa8a52 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -2,7 +2,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_docker_image: "vectorim/riot-web:v1.7.5" +matrix_client_element_docker_image: "vectorim/riot-web:v1.7.7" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element" From 59e1abb07203263917dd46c3a6bf6c04afab0b1a Mon Sep 17 00:00:00 2001 From: 0hlov3 Date: Tue, 15 Sep 2020 14:54:47 +0200 Subject: [PATCH 14/44] Corrects the Caddyfile --- examples/caddy2/Caddyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 0abb25af..55fca3fd 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -49,7 +49,7 @@ matrix.DOMAIN.tld { # identity handle @identity { - reverse_proxy localhost:8090/_matrix/identity { + reverse_proxy localhost:8090 { header_up X-Forwarded-Port {http.request.port} header_up X-Forwarded-Proto {http.request.scheme} header_up X-Forwarded-TlsProto {tls_protocol} @@ -60,7 +60,7 @@ matrix.DOMAIN.tld { # search handle @search { - reverse_proxy localhost:8090/_matrix/client/r0/user_directory/search { + reverse_proxy localhost:8090 { header_up X-Forwarded-Port {http.request.port} header_up X-Forwarded-Proto {http.request.scheme} header_up X-Forwarded-TlsProto {tls_protocol} From 8029ca59c9dc20b057f85e9f0aeb52585a64cde0 Mon Sep 17 00:00:00 2001 From: jens quade Date: Wed, 16 Sep 2020 13:14:29 +0200 Subject: [PATCH 15/44] Update configuring-playbook-dimension.md Improved formatting for a header that was attached to the previous paragraph (...by inserting a newline). --- docs/configuring-playbook-dimension.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index 2b6b30ed..604e6aa6 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -38,6 +38,7 @@ Follow our [Registering users](registering-users.md) guide to learn how to regis You are required to specify an access token (belonging to this new user) for Dimension to work. To get an access token for the Dimension user, you can follow one of two options: + *Through an interactive login*: 1. In a private browsing session (incognito window), open Element. From e10e3e354d0da178852f0a033acc51f704244837 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 16 Sep 2020 16:35:12 +0300 Subject: [PATCH 16/44] Upgrade Synapse (v1.19.1 -> v1.19.2) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index c8bc2fd5..0962f0b0 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.2" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 152c1636039902b60fa5831d3b1e18c47a0d62d6 Mon Sep 17 00:00:00 2001 From: tctovsli Date: Thu, 17 Sep 2020 10:20:41 +0200 Subject: [PATCH 17/44] Fixed dead link to mx-puppet-discord --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a8044354..72018115 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation -- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation +- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation - (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation From b3926e7ccad4e5ee42b65705d274a1bba15b7e9a Mon Sep 17 00:00:00 2001 From: Daniel Wiegreffe Date: Fri, 18 Sep 2020 13:26:07 +0200 Subject: [PATCH 18/44] Update main.yml --- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 8974d2e0..eef7d070 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -3,7 +3,7 @@ matrix_appservice_slack_enabled: true -matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack" +matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.5.0" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack" From 65e22a6888a5ca1de5e699399d6d0c6213e46043 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 18 Sep 2020 17:36:48 +0300 Subject: [PATCH 19/44] Upgrade Synapse (v1.19.2 -> v1.19.3) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 0962f0b0..812d06e8 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.2" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.3" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From dd217137b6a735af25aac61351c2d0efab6f52e6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 22 Sep 2020 19:28:07 +0300 Subject: [PATCH 20/44] Upgrade Synapse (v1.19.3 -> v1.20.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 30 +++++++++---------- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 812d06e8..229814a0 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.3" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d02d743e..e687a500 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -366,11 +366,10 @@ retention: # min_lifetime: 1d # max_lifetime: 1y - # Retention policy limits. If set, a user won't be able to send a - # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime' - # that's not within this range. This is especially useful in closed federations, - # in which server admins can make sure every federating server applies the same - # rules. + # Retention policy limits. If set, and the state of a room contains a + # 'm.room.retention' event in its state which contains a 'min_lifetime' or a + # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy + # to these limits when running purge jobs. # #allowed_lifetime_min: 1d #allowed_lifetime_max: 1y @@ -390,18 +389,19 @@ retention: # 'longest_max_lifetime' of '3d' will handle every room with a retention policy # which 'max_lifetime' is lower than or equal to three days. # - # The rationale for this per-job configuration is that some rooms might have a - # retention policy with a low 'max_lifetime', where history needs to be purged - # of outdated messages on a more frequent basis than for the rest of the rooms - # (e.g. every 12h), but not want that purge to be performed by a job that's - # iterating over every room it knows, which could be heavy on the server. + # If any purge job is configured, it is strongly recommended to have at least + # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime' + # set, or one job without 'shortest_max_lifetime' and one job without + # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if + # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a + # room's policy to these values is done after the policies are retrieved from + # Synapse's database (which is done using the range specified in a purge job's + # configuration). # #purge_jobs: - # - shortest_max_lifetime: 1d - # longest_max_lifetime: 3d + # - longest_max_lifetime: 3d # interval: 12h # - shortest_max_lifetime: 3d - # longest_max_lifetime: 1y # interval: 1d # Inhibits the /requestToken endpoints from returning an error that might leak @@ -1923,9 +1923,7 @@ email: # Directory in which Synapse will try to find the template files below. # If not set, default templates from within the Synapse package will be used. # - # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates. - # If you *do* uncomment it, you will need to make sure that all the templates - # below are in the directory. + # Do not uncomment this setting unless you want to customise the templates. # # Synapse will look for the following templates in this directory: # From 32ac4706cb66f3552712f7971d3b31aa654de806 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 22 Sep 2020 19:28:27 +0300 Subject: [PATCH 21/44] Upgrade matrix-corporal (1.9.0 -> 1.10.0) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index f077b465..5bae9a9b 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0" +matrix_corporal_docker_image: "devture/matrix-corporal:1.10.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" From 329fef048f24e38b7fb8dbb7a5fb4802736faf58 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 22 Sep 2020 19:43:23 +0300 Subject: [PATCH 22/44] Upgrade matrix-corporal (1.10.0 -> 1.10.1) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 5bae9a9b..27b2b92a 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.10.0" +matrix_corporal_docker_image: "devture/matrix-corporal:1.10.1" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" From e68450f094f2072dd85362d47a0d01fa03837992 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 24 Sep 2020 18:43:54 +0300 Subject: [PATCH 23/44] Upgrade Synapse (v1.20.0 -> v1.20.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 229814a0..bd8d2be9 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.0" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.1" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From dc2def914eb273cdbda94012d5e138f90c9b1e20 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Thu, 24 Sep 2020 18:37:31 -0500 Subject: [PATCH 24/44] Allow configuration of Element's bug_report_endpoint_url and showLabsSettings showLabsSettings is the new enableLabs I guess. enableLabs doesn't seem to do anything anymore. It had been deprecated for a while. This PR also removes @riot-bot:matrix.org as the default welcome_user_id since it doesn't exist anymore. --- roles/matrix-client-element/defaults/main.yml | 4 +++- roles/matrix-client-element/templates/config.json.j2 | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 0aaa8a52..b3d9e0ce 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -30,9 +30,11 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" matrix_client_element_permalinkPrefix: "https://matrix.to" +matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" +matrix_client_element_showLabsSettings: true # Element public room directory server(s) matrix_client_element_roomdir_servers: ['matrix.org'] -matrix_client_element_welcome_user_id: "@riot-bot:matrix.org" +matrix_client_element_welcome_user_id: ~ # Branding of Element matrix_client_element_brand: "Element" diff --git a/roles/matrix-client-element/templates/config.json.j2 b/roles/matrix-client-element/templates/config.json.j2 index bb8d6571..e87907e4 100644 --- a/roles/matrix-client-element/templates/config.json.j2 +++ b/roles/matrix-client-element/templates/config.json.j2 @@ -20,8 +20,8 @@ "integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }}, "integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }}, "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }}, - "bug_report_endpoint_url": "https://riot.im/bugreports/submit", - "enableLabs": true, + "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }}, + "showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }}, "roomDirectory": { "servers": {{ matrix_client_element_roomdir_servers|to_json }} }, From f6b0f0a477c71d417fce603f7c7f6a0662f13cae Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Sat, 26 Sep 2020 16:24:09 +0000 Subject: [PATCH 25/44] Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element --- group_vars/matrix_servers | 2 -- roles/matrix-base/defaults/main.yml | 8 ++++---- .../templates/static-files/well-known/matrix-client.j2 | 6 +++--- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b82dbf23..c399fb89 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -18,8 +18,6 @@ matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}" -matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}" - ###################################################################### # # /matrix-base diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index c70781b3..3fbbd76e 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -59,13 +59,13 @@ matrix_integration_manager_ui_url: ~ # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. -# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server -matrix_riot_jitsi_preferredDomain: '' +# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server +matrix_client_element_jitsi_preferredDomain: '' # Controls whether Element should use End-to-End Encryption by default. # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. -# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md -matrix_riot_e2ee_default: true +# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md +matrix_client_element_e2ee_default: true # The Docker network that all services would be put into matrix_docker_network: "matrix" diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index a4c1c439..3df0037b 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -18,12 +18,12 @@ ] } {% endif %} - {% if matrix_riot_jitsi_preferredDomain %}, + {% if matrix_client_element_jitsi_preferredDomain %}, "im.vector.riot.jitsi": { - "preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} - {% if not matrix_riot_e2ee_default %}, + {% if not matrix_client_element_e2ee_default %}, "im.vector.riot.e2ee": { "default": false } From b9c8d059d02ec59c6f7947ded42043996d304428 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Sat, 26 Sep 2020 16:27:40 +0000 Subject: [PATCH 26/44] Support both the im.vector.riot and io.element variants in client .well-known According to the docs, "e2ee" is already under "io.element": https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md#disabling-encryption-by-default however "jitsi" is still under "im.vector.riot": https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server For now let's just maintain backward and forward compatibility for both settings since the client version is out of the control of this playbook. --- .../templates/static-files/well-known/matrix-client.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 index 3df0037b..6dc5ff23 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -19,11 +19,17 @@ } {% endif %} {% if matrix_client_element_jitsi_preferredDomain %}, + "io.element.jitsi": { + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + }, "im.vector.riot.jitsi": { "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} {% if not matrix_client_element_e2ee_default %}, + "io.element.e2ee": { + "default": false + }, "im.vector.riot.e2ee": { "default": false } From 172bf24df760e308ef7f5ea520dbac5c86cac1bd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 28 Sep 2020 09:06:39 +0300 Subject: [PATCH 27/44] Enable self-building of matrix-synapse-admin on non-amd64 Related to #658 (Github Issue). --- group_vars/matrix_servers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b82dbf23..2af4a3d3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1024,6 +1024,8 @@ matrix_synapse_admin_enabled: false # Synapse Admin's HTTP port to the local host. matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}" +matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}" + ###################################################################### # # /matrix-synapse-admin From 3e2f0a4240f618f3af0a13542541be6479194949 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 28 Sep 2020 09:11:00 +0300 Subject: [PATCH 28/44] Upgrade matrix-synapse-admin (0.4.1 -> 0.5.0) Related to #658 (Github Issue). --- roles/matrix-synapse-admin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index aec38703..17de0636 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -7,7 +7,7 @@ matrix_synapse_admin_container_self_build: false matrix_synapse_admin_docker_repo: "https://github.com/Awesome-Technologies/synapse-admin.git" matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.4.1" +matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.5.0" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" # A list of extra arguments to pass to the container From 3818d828529e406d528a33ca5b2f27fed6e47986 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 28 Sep 2020 22:20:36 +0300 Subject: [PATCH 29/44] Upgrade Element (1.7.7 -> 1.7.8) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index b3d9e0ce..5219bcc3 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -2,7 +2,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false -matrix_client_element_docker_image: "vectorim/riot-web:v1.7.7" +matrix_client_element_docker_image: "vectorim/riot-web:v1.7.8" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element" From 3d702fe03b0895959aa9b6d1bf7ab0d7c611adcf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Sep 2020 12:23:39 +0300 Subject: [PATCH 30/44] Avoid set_fact with error message to prevent confusion --- roles/matrix-base/tasks/sanity_check.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 2afb68e1..3541b1b2 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -1,19 +1,11 @@ --- -- set_fact: - matrix_ansible_outdated_fail_msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" - -- name: Fail if running on Ansible < 2.5 - fail: - msg: "{{ matrix_ansible_outdated_fail_msg }}" - when: "ansible_version.major <= 2 and ansible_version.minor < 5" - # Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`. # The bug has been fixed in Ansible 2.5.2. -- name: Fail if running on Ansible 2.5.x (lower than 2.5.2) +- name: Fail if running on Ansible < 2.5 or Ansible 2.5.x (lower than 2.5.2) fail: - msg: "{{ matrix_ansible_outdated_fail_msg }}" - when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2" + msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" + when: "(ansible_version.major <= 2 and ansible_version.minor < 5) or (ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2)" - name: (Deprecation) Catch and report renamed settings fail: From 7eb8192a5121369002e6241e3733eb2b3d25dbfa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Sep 2020 12:37:39 +0300 Subject: [PATCH 31/44] Comlain about version requirement on Ansible v1 I don't believe Ansible v1 would even go as far as executing this sanity check, but.. Adding an extra defensive check for completeness. --- roles/matrix-base/tasks/sanity_check.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 3541b1b2..23f90b85 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -1,11 +1,13 @@ --- +# We generally support Ansible 2.5.2 and above. +# # Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`. # The bug has been fixed in Ansible 2.5.2. - name: Fail if running on Ansible < 2.5 or Ansible 2.5.x (lower than 2.5.2) fail: msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" - when: "(ansible_version.major <= 2 and ansible_version.minor < 5) or (ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2)" + when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 5) or (ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2)" - name: (Deprecation) Catch and report renamed settings fail: From ac3ba1d91990948e7c11f0922f8bd6e7f31183f3 Mon Sep 17 00:00:00 2001 From: Clement Renaud Date: Tue, 29 Sep 2020 12:33:47 +0200 Subject: [PATCH 32/44] element web : update welcome page template --- .../templates/welcome.html.j2 | 48 +++++++++++-------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/roles/matrix-client-element/templates/welcome.html.j2 b/roles/matrix-client-element/templates/welcome.html.j2 index b2918393..b45a9766 100644 --- a/roles/matrix-client-element/templates/welcome.html.j2 +++ b/roles/matrix-client-element/templates/welcome.html.j2 @@ -97,19 +97,10 @@ h1::after { color: #2e2f32 !important; } -.mx_ButtonHeadline { - margin-bottom: 14px; -} - .mx_ButtonLabel { margin-left: 20px; } -.mx_ButtonWrapperText { - font-size: 13px; - margin-bottom: 10px; -} - .mx_Header_title { font-size: 24px; font-weight: 600; @@ -128,7 +119,7 @@ h1::after { } .mx_ButtonCreateAccount { - background-color: #03B381; + background-color: #0DBD8B; color: white !important; } @@ -150,6 +141,32 @@ h1::after { background-image: url('welcome/images/icon-room-directory.svg'); } +/* +.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component +If it is set on the page, we should show the buttons. Otherwise, we have to assume +we don't have an account and should hide them. No account == no guest account either. + */ +.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions { + display: none; +} + +.mx_ButtonRow.mx_WelcomePage_guestFunctions { + margin-top: 20px; +} +.mx_ButtonRow.mx_WelcomePage_guestFunctions > div { + margin: 0 auto; +} + +@media only screen and (max-width: 480px) { + .mx_ButtonRow { + flex-direction: column; + } + + .mx_ButtonRow > * { + margin: 0 0 10px 0; + } +} +
@@ -175,17 +192,10 @@ h1::after { See https://github.com/vector-im/riot-web/issues/8622. TODO: Convert to config option if possible. --> -
+ From 43c5f3ec6e275e959a06c2f8ba4a075ac521b95f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Sep 2020 18:14:37 +0300 Subject: [PATCH 33/44] Do not create /home/matrix when creating the matrix user --- roles/matrix-base/tasks/setup_matrix_user.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-base/tasks/setup_matrix_user.yml b/roles/matrix-base/tasks/setup_matrix_user.yml index 295643e9..ab5e8111 100644 --- a/roles/matrix-base/tasks/setup_matrix_user.yml +++ b/roles/matrix-base/tasks/setup_matrix_user.yml @@ -17,6 +17,9 @@ uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}" state: present group: "{{ matrix_user_groupname }}" + home: "{{ matrix_base_data_path }}" + create_home: no + system: yes register: matrix_user - name: Set Matrix Group UID Variable From 3a3383fada6fb709ef2b77538b3f4e9783589aed Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Wed, 30 Sep 2020 16:40:24 -0500 Subject: [PATCH 34/44] Add support for postgres 13 --- CHANGELOG.md | 6 +++--- roles/matrix-postgres/defaults/main.yml | 3 ++- .../tasks/util/detect_existing_postgres_version.yml | 5 +++++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e1002b9..749f4bca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -307,11 +307,11 @@ Additionally, Postgres [upgrading](docs/maintenance-postgres.md#upgrading-postgr # 2019-10-04 -## Postgres 12 support +## Postgres 13 support -The playbook now installs [Postgres 12](https://www.postgresql.org/about/news/1976/) by default. +The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default. -If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x or 11.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql). +If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x, or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql). # 2019-10-03 diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index b5c6f6a8..f4fc180e 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -12,7 +12,8 @@ matrix_postgres_docker_image_v9: "postgres:9.6.19-alpine" matrix_postgres_docker_image_v10: "postgres:10.14-alpine" matrix_postgres_docker_image_v11: "postgres:11.9-alpine" matrix_postgres_docker_image_v12: "postgres:12.4-alpine" -matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}" +matrix_postgres_docker_image_v13: "postgres:13.0-alpine" +matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}" # This variable is assigned at runtime. Overriding its value has no effect. matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}' diff --git a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml index 805d0cbd..9032c15e 100644 --- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml @@ -49,3 +49,8 @@ set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}" when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')" + +- name: Determine corresponding Docker image to detected version (use 12.x, if detected) + set_fact: + matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}" + when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')" From e89dc7c7a8579da66e93e7afb6da405d7fe43b41 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Wed, 30 Sep 2020 19:54:28 -0500 Subject: [PATCH 35/44] Undo bad changelog edit --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 749f4bca..3e1002b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -307,11 +307,11 @@ Additionally, Postgres [upgrading](docs/maintenance-postgres.md#upgrading-postgr # 2019-10-04 -## Postgres 13 support +## Postgres 12 support -The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default. +The playbook now installs [Postgres 12](https://www.postgresql.org/about/news/1976/) by default. -If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x, or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql). +If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x or 11.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql). # 2019-10-03 From 3bfbbc10bcf673334739d9d42d45a936899d81a0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 1 Oct 2020 09:46:43 +0300 Subject: [PATCH 36/44] Announce Postgres v13 upgrade --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e1002b9..ef67ae66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# 2020-10-01 + +## Postgres 13 support + +The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default. + +If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql). + # 2020-09-01 ## matrix-registration support From 07fa8404bfc4675ceb7c8d70be97111f01437a1a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 1 Oct 2020 18:30:30 +0300 Subject: [PATCH 37/44] Upgrade matrix-corporal (1.10.1 -> 1.11.0) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 27b2b92a..52681a30 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.10.1" +matrix_corporal_docker_image: "devture/matrix-corporal:1.11.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" From 23daec748c2f73b19987ef29075ec17b03cadd07 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Oct 2020 11:52:17 +0300 Subject: [PATCH 38/44] Require Ansible v2.7 or newer (because of items2dict and dict2items) Interestingly, no one has reported this failure before #662 (Github Issue). It doesn't make sense to keep saying that we support such old Ansible versions, when we're not even testing on anything close to those. Time is also passing and such versions are getting more and more ancient. It's time we bumped our requirements to something that is more likely to work. --- docs/ansible.md | 4 ++-- roles/matrix-base/tasks/sanity_check.yml | 9 +++------ 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/docs/ansible.md b/docs/ansible.md index 1ba430f4..1ac08b5f 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -9,7 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv ## Supported Ansible versions -Ansible 2.5.2 or newer is required. +Ansible 2.7.0 or newer is required. ## Checking your Ansible version @@ -49,7 +49,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -devture/ansible:2.9.9-r0 +devture/ansible:2.9.13-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). diff --git a/roles/matrix-base/tasks/sanity_check.yml b/roles/matrix-base/tasks/sanity_check.yml index 23f90b85..e504bfe9 100644 --- a/roles/matrix-base/tasks/sanity_check.yml +++ b/roles/matrix-base/tasks/sanity_check.yml @@ -1,13 +1,10 @@ --- -# We generally support Ansible 2.5.2 and above. -# -# Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`. -# The bug has been fixed in Ansible 2.5.2. -- name: Fail if running on Ansible < 2.5 or Ansible 2.5.x (lower than 2.5.2) +# We generally support Ansible 2.7.0 and above. +- name: Fail if running on Ansible < 2.7 fail: msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md" - when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 5) or (ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2)" + when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 7)" - name: (Deprecation) Catch and report renamed settings fail: From ae75920be920f4fc539af4e866f0a46c2cff1449 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Oct 2020 12:00:56 +0300 Subject: [PATCH 39/44] Update changelog Related to 23daec748c2f73b1 and #662 (Github Issue). --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ef67ae66..247e4e14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2020-10-02 + +## Minimum Ansible version raised to v2.7.0 + +We were claiming to support [Ansible](https://www.ansible.com/) v2.5.2 and higher, but issues like [#662](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/662) demonstrate that we need at least v2.7.0. + +If you've been using the playbook without getting any errors until now, you're probably on a version higher than that already (or you're not using the `matrix-ma1sd` and `matrix-client-element` roles). + +Our [Ansible docs page](docs/ansible.md) contains information on how to run a more up-to-date version of Ansible. + + # 2020-10-01 ## Postgres 13 support From ee8dd44837b92a3bb253a067b9425d1f949aff00 Mon Sep 17 00:00:00 2001 From: Hardy Erlinger Date: Fri, 2 Oct 2020 22:53:06 +0200 Subject: [PATCH 40/44] Use up-to-date PostgreSQL container version for backups. --- docs/maintenance-postgres.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index d385bc9c..14d5cdb9 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -45,7 +45,7 @@ docker run \ --log-driver=none \ --network=matrix \ --env-file=/matrix/postgres/env-postgres-psql \ -postgres:12.4-alpine \ +postgres:13.0-alpine \ pg_dumpall -h matrix-postgres \ | gzip -c \ > /postgres.sql.gz From 8370ee0647d9420f6e0bd59d7d2e0df6d334ffe5 Mon Sep 17 00:00:00 2001 From: Panagiotis Vasilopoulos Date: Sun, 4 Oct 2020 19:28:22 +0000 Subject: [PATCH 41/44] caddy2: removed unknown tls directive --- examples/caddy2/Caddyfile | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index 55fca3fd..1438a50b 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -1,7 +1,4 @@ matrix.DOMAIN.tld { - - tls {$CADDY_TLS} - @identity { path /_matrix/identity/* } @@ -97,10 +94,7 @@ matrix.DOMAIN.tld:8448 { } dimension.DOMAIN.tld { - - tls {$CADDY_TLS} - - header { +header { # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # Enable cross-site filter (XSS) and tell browser to block detected attacks @@ -127,9 +121,6 @@ dimension.DOMAIN.tld { } element.DOMAIN.tld { - - tls {$CADDY_TLS} - header { # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -153,4 +144,4 @@ element.DOMAIN.tld { header_up X-Forwarded-TlsCipher {tls_cipher} header_up X-Forwarded-HttpsProto {proto} } -} \ No newline at end of file +} From 1f9c173a7ec3cb071f6857c59a6ef6c619cc9702 Mon Sep 17 00:00:00 2001 From: dhose <4066579+dhose@users.noreply.github.com> Date: Tue, 6 Oct 2020 11:42:32 +0200 Subject: [PATCH 42/44] Adding '.python-version' to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index d6068088..36c65bda 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ !/inventory/scripts /roles/*/files/scratchpad .DS_Store +.python-version From 6a72e3fa540edb9ef427b4ab804ef5aeb6e28a7d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 7 Oct 2020 08:54:46 +0300 Subject: [PATCH 43/44] Try to make importing SQLite from older Synapse version work If the SQLite database was from an older version of Synapse, it appears that Synapse would try to run migrations on it first, before importing. This was failing, because the file wasn't writable. Hopefully, this fixes the problem. --- roles/matrix-postgres/tasks/import_sqlite_db.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres/tasks/import_sqlite_db.yml b/roles/matrix-postgres/tasks/import_sqlite_db.yml index fe0deba8..c877ead4 100644 --- a/roles/matrix-postgres/tasks/import_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_sqlite_db.yml @@ -81,6 +81,6 @@ --entrypoint=python -v {{ matrix_synapse_config_dir_path }}:/data -v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store - -v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro + -v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }} {{ matrix_synapse_docker_image }} /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml From 898f319e1175fc5b77bf36c6338dd25daf0fb831 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 7 Oct 2020 09:06:59 +0300 Subject: [PATCH 44/44] Add additional notice to SQLite importing docs --- docs/importing-sqlite.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/importing-sqlite.md b/docs/importing-sqlite.md index cb30d098..9e3a910d 100644 --- a/docs/importing-sqlite.md +++ b/docs/importing-sqlite.md @@ -20,4 +20,7 @@ Run this command (make sure to replace `` with a f ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_homeserver_db=' --tags=import-sqlite-db -**Note**: `` must be a file path to a `homeserver.db` file on the server (not on your local machine!). +**Notes**: + +- `` must be a file path to a `homeserver.db` **file on the server** (not on your local machine!). +- if the SQLite database is from an older version of Synapse, the **importing procedure may run migrations on it to bring it up to date**. That is, your SQLite database file may get modified and become unusable with your older Synapse version. Keeping a copy of the original is probably wise.