Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into maubot_moanos

CHANGELOG.md

@@ -26,6 +26,7 @@
 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics`
 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`).
 
+**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. 
 
 # 2022-06-13
 

docs/configuring-playbook-bridge-mautrix-facebook.md

@@ -91,3 +91,5 @@ Once connected, you should be able to verify that you're browsing the web throug
 Then proceed to log in to [Facebook/Messenger](https://www.facebook.com/).
 
 Once logged in, proceed to [set up bridging](#usage).
+
+If that doesn't work, enable 2FA [Facebook help page on enabling 2FA](https://www.facebook.com/help/148233965247823) and try to login again with a new password, and entering the 2FA code when prompted, it may take more then one try, in between attempts, check facebook.com to see if they are requiring another password change

docs/configuring-playbook-prometheus-grafana.md

@@ -90,6 +90,7 @@ matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_b
 
 Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above).
 
+Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. 
 
 ### Collecting Synapse worker metrics to an external Prometheus server
 
@@ -130,4 +131,3 @@ scrape_configs:
 - [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2)
 - [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana)
 - [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)
-

roles/matrix-base/defaults/main.yml

@@ -8,6 +8,10 @@
 # Example value: example.com
 matrix_domain: ~
 
+# The optional matrix admin MXID, used in bridges' configs to set bridge admin user
+# Example value: "@someone:{{ matrix_domain }}"
+matrix_admin: ''
+
 # This will contain the homeserver implementation that is in use.
 # Valid values: synapse, dendrite
 #

roles/matrix-bridge-beeper-linkedin/defaults/main.yml

@@ -25,6 +25,8 @@ matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }
 matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"
 matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
 
+matrix_beeper_linkedin_bridge_presence: true
+
 # A list of extra arguments to pass to the container
 matrix_beeper_linkedin_container_extra_arguments: []
 

roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2

@@ -238,6 +238,9 @@ bridge:
     #     mxid - Specific user
     permissions:
         "{{ matrix_beeper_linkedin_homeserver_domain }}": user
+        {% if matrix_admin %}
+        "{{ matrix_admin }}": admin
+        {% endif %}
 
 
 
@@ -256,12 +259,12 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: WARNING
         paho:
-            level: INFO
+            level: WARNING
         aiohttp:
-            level: INFO
+            level: WARNING
     root:
-        level: DEBUG
+        level: WARNING
         handlers: [ console]
 

roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2

@@ -199,6 +199,9 @@ bridge:
     #     mxid - Specific user
     permissions:
         "{{ matrix_go_skype_bridge_homeserver_domain }}": user
+        {% if matrix_admin %}
+        "{{ matrix_admin }}": admin
+        {% endif %}
 
     relaybot:
         # Whether or not relaybot support is enabled.

roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2

@@ -203,6 +203,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_facebook_homeserver_domain }}': user
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
     relay:
         # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any
@@ -250,11 +253,11 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: WARNING
         paho:
-            level: INFO
+            level: WARNING
         aiohttp:
-            level: INFO
+            level: WARNING
     root:
-        level: DEBUG
+        level: WARNING
         handlers: [console]

roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2

@@ -119,6 +119,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_googlechat_homeserver_domain }}': user
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
 # Python logging configuration.
 #
@@ -138,11 +141,11 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: WARNING
         hangups:
-            level: DEBUG
+            level: WARNING
         aiohttp:
-            level: INFO
+            level: WARNING
     root:
-        level: DEBUG
+        level: WARNING
         handlers: [console]

roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2

@@ -116,6 +116,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_hangouts_homeserver_domain }}': user
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
 # Python logging configuration.
 #
@@ -135,11 +138,11 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: WARNING
         hangups:
-            level: DEBUG
+            level: WARNING
         aiohttp:
-            level: INFO
+            level: WARNING
     root:
-        level: DEBUG
+        level: WARNING
         handlers: [console]

roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2

@@ -166,7 +166,7 @@ bridge:
   # been sent to Instagram.
   delivery_receipts: false
   # Whether or not delivery errors should be reported as messages in the Matrix room.
-  delivery_error_reports: false
+  delivery_error_reports: true
   # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
   # This field will automatically be changed back to false after it,
   # except if the config file is not writable.
@@ -187,6 +187,9 @@ bridge:
   #     mxid - Specific user
   permissions:
     "{{ matrix_mautrix_instagram_homeserver_domain }}": user
+    {% if matrix_admin %}
+    "{{ matrix_admin }}": admin
+    {% endif %}
   # Provisioning API part of the web server for automated portal creation and fetching information.
   # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
   provisioning:
@@ -216,13 +219,13 @@ logging:
       formatter: colored
   loggers:
     mau:
-      level: DEBUG
+      level: WARNING
     mauigpapi:
-      level: DEBUG
+      level: WARNING
     paho:
-      level: INFO
+      level: WARNING
     aiohttp:
-      level: INFO
+      level: WARNING
   root:
-    level: DEBUG
+    level: WARNING
     handlers: [console]

roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2

@@ -177,7 +177,7 @@ bridge:
     # Note that this is not related to Signal delivery receipts.
     delivery_receipts: false
     # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented)
-    delivery_error_reports: false
+    delivery_error_reports: true
     # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
     # This field will automatically be changed back to false after it,
     # except if the config file is not writable.
@@ -225,6 +225,9 @@ bridge:
     #     mxid - Specific user
     permissions: 
         {{ matrix_mautrix_signal_bridge_permissions|from_yaml }}
+        {% if matrix_admin %}
+        "{{ matrix_admin }}": admin
+        {% endif %}
 
     relay:
         # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
@@ -266,9 +269,9 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: {{ matrix_mautrix_signal_log_level }}
+            level: WARNING
         aiohttp:
-            level: INFO
+            level: WARNING
     root:
-        level: {{ matrix_mautrix_signal_log_level }}
+        level: WARNING
         handlers: [console]

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -105,11 +105,11 @@ bridge:
     # synced when they send messages. The maximum is 10000, after which the Telegram server
     # will not send any more members.
     # Defaults to no local limit (-> limited to 10000 by server)
-    max_initial_member_sync: -1
+    max_initial_member_sync: 10
     # Whether or not to sync the member list in channels.
     # If no channel admins have logged into the bridge, the bridge won't be able to sync the member
     # list regardless of this setting.
-    sync_channel_members: true
+    sync_channel_members: false
     # Whether or not to skip deleted members when syncing members.
     skip_deleted_members: true
     # Whether or not to automatically synchronize contacts and chats of Matrix users logged into
@@ -204,7 +204,7 @@ bridge:
     # been sent to Telegram.
     delivery_receipts: false
     # Whether or not delivery errors should be reported as messages in the Matrix room.
-    delivery_error_reports: false
+    delivery_error_reports: true
     # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
     # This field will automatically be changed back to false after it,
     # except if the config file is not writable.
@@ -291,6 +291,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_telegram_homeserver_domain }}': full
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
     # Options related to the message relay Telegram bot.
     relaybot:
@@ -401,11 +404,11 @@ logging:
             formatter: precise
     loggers:
         mau:
-            level: DEBUG
+            level: WARNING
         telethon:
-            level: DEBUG
+            level: WARNING
         aiohttp:
-            level: INFO
+            level: WARNING
     root:
-        level: DEBUG
+        level: WARNING
         handlers: [console]

roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2

@@ -149,7 +149,7 @@ bridge:
     # been sent to Twitter.
     delivery_receipts: false
     # Whether or not delivery errors should be reported as messages in the Matrix room.
-    delivery_error_reports: false
+    delivery_error_reports: true
     # Whether or not non-fatal polling errors should send notices to the notice room.
     temporary_disconnect_notices: true
     # Number of seconds to sleep more than the previous error when a polling error occurs.
@@ -175,6 +175,9 @@ bridge:
     #     mxid - Specific user
     permissions:
       '{{ matrix_mautrix_twitter_homeserver_domain }}': user
+      {% if matrix_admin %}
+      '{{ matrix_admin }}': admin
+      {% endif %}
 
 
 # Python logging configuration.
@@ -195,9 +198,9 @@ logging:
             formatter: colored
     loggers:
         mau:
-            level: DEBUG
+            level: WARNING
         aiohttp:
-            level: INFO
+            level: WARNING
     root:
-        level: DEBUG
+        level: WARNING
         handlers: [console]

roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -187,6 +187,9 @@ bridge:
     #     mxid - Specific user
     permissions:
         "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
+        {% if matrix_admin %}
+        "{{ matrix_admin }}": admin
+        {% endif %}
 
     # Settings for relay mode
     relay:

roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2

@@ -25,7 +25,7 @@ presence:
   # Bridge Discord online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -117,7 +117,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2

@@ -78,7 +78,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2

@@ -18,7 +18,7 @@ presence:
   # Bridge Instagram online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -61,7 +61,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2

@@ -29,7 +29,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Optionally, you can apply filters to the console logging
   #console:
   #  level: info
@@ -80,7 +80,7 @@ presence:
   # Bridge online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
   # if the im.vector.user_status state setting should be diabled
   #disableStatusState: false
   # A blacklist of remote user IDs for the im.vector.user_status state setting

roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2

@@ -32,7 +32,7 @@ presence:
   # Bridge Discord online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -75,7 +75,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2

@@ -78,7 +78,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2

@@ -28,7 +28,7 @@ presence:
   # Bridge Twitter online/offline status
   enabled: true
   # How often to send status to the homeserver in milliseconds
-  interval: 500
+  interval: 5000
 
 provisioning:
   # Regex of Matrix IDs allowed to use the puppet bridge
@@ -71,7 +71,7 @@ logging:
   # Log level of console output
   # Allowed values starting with most verbose:
   # silly, debug, verbose, info, warn, error
-  console: info
+  console: warn
   # Date and time formatting
   lineDateFormat: MMM-D HH:mm:ss.SSS
   # Logging files

roles/matrix-grafana/defaults/main.yml

@@ -4,7 +4,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.5.3
+matrix_grafana_version: 9.0.1
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

roles/matrix-mailer/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
 
-matrix_mailer_version: 4.95-r0-2
+matrix_mailer_version: 4.95-r0-4
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

roles/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml

@@ -22,6 +22,10 @@
         source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
         force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
         force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}"
+      register: result
+      retries: "{{ matrix_container_retries_count }}"
+      delay: "{{ matrix_container_retries_delay }}"
+      until: result is not failed
 
     # We store the password in a file and make the `htpasswd` tool read it from there,
     # as opposed to passing it directly on stdin (which will expose it to other processes on the server).

roles/matrix-prometheus-node-exporter/defaults/main.yml

@@ -18,9 +18,10 @@ matrix_prometheus_node_exporter_container_extra_arguments: []
 #   - "--collector.systemd"
 #   - "--collector.logind"
 #
-# Note: the above is just an example. We have not confirmed that these collectors work when running in a container.
-# In fact, the systemd collector is exhibiting issues:
-# > caller=collector.go:169 level=error msg="collector failed" name=systemd duration_seconds=0.000121001 err="couldn't get dbus connection: dial unix /var/run/dbus/system_bus_socket: connect: no such file or directory"
+# Note: the above is just an example. Various collectors may require various tweaks to be able to run.
+# Running the systemd collector requires the following `matrix_prometheus_node_exporter_container_extra_arguments`:
+# - the socket to be mounted as well (`--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave`)
+# - (on AppArmor-based distros) disabling AppArmor protection (`--security-opt apparmor=unconfined`)
 matrix_prometheus_node_exporter_process_extra_arguments: []
 
 # List of systemd services that matrix-prometheus.service depends on

roles/matrix-prometheus/defaults/main.yml

@@ -4,7 +4,7 @@
 
 matrix_prometheus_enabled: false
 
-matrix_prometheus_version: v2.33.3
+matrix_prometheus_version: v2.36.2
 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
 matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
 
@@ -26,6 +26,19 @@ matrix_prometheus_systemd_wanted_services_list: []
 # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9090"), or empty string to not expose.
 matrix_prometheus_container_http_host_bind_port: ''
 
+# A list of default arguments to pass to the prometheus process
+matrix_prometheus_process_default_arguments:
+  - "--config.file=/etc/prometheus/prometheus.yml"
+  - "--storage.tsdb.path=/prometheus"
+  - "--web.console.libraries=/usr/share/prometheus/console_libraries"
+  - "--web.console.templates=/usr/share/prometheus/consoles"
+
+# A list of extra arguments to pass to the prometheus process
+matrix_prometheus_process_extra_arguments: []
+
+# holds the final list of process arguments
+matrix_prometheus_process_arguments: "{{ matrix_prometheus_process_default_arguments + matrix_prometheus_process_extra_arguments }}"
+
 # Tells whether the "synapse" scraper configuration is enabled.
 matrix_prometheus_scraper_synapse_enabled: false
 

roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2

@@ -31,7 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \
 			{% for arg in matrix_prometheus_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_prometheus_docker_image }}
+			{{ matrix_prometheus_docker_image }} {{ matrix_prometheus_process_arguments|join(' ') }}
 
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true'
 ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true'

roles/matrix-synapse/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
 
 matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
 matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
-matrix_synapse_version: v1.61.0
+matrix_synapse_version: v1.61.1
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"