From 5345125e496279fb20ccf72fcbe8a11fd6612e71 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 21 Oct 2023 13:21:26 +0000 Subject: [PATCH 01/37] Update ajbura/cinny Docker tag to v3 --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 518c021c..2a50a1a6 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" # renovate: datasource=docker depName=ajbura/cinny -matrix_client_cinny_version: v2.2.6 +matrix_client_cinny_version: v3.0.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 4948f82141dbaa6f851e757b5a0489e2a6a7b84b Mon Sep 17 00:00:00 2001 From: mcnesium Date: Sat, 21 Oct 2023 15:47:59 +0200 Subject: [PATCH 02/37] Map /.well-known/matrix/support for support discovery --- examples/apache/matrix-synapse.conf | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index 2c7b3dde..17c6b6ea 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -37,6 +37,7 @@ # Keep some URIs free for different proxy/location ProxyPassMatch ^/.well-known/matrix/client ! ProxyPassMatch ^/.well-known/matrix/server ! + ProxyPassMatch ^/.well-known/matrix/support ! ProxyPassMatch ^/_matrix/identity ! ProxyPassMatch ^/_matrix/client/r0/user_directory/search ! @@ -46,11 +47,11 @@ ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client retry=0 nocanon ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client - + # Proxy Admin API (necessary for Synapse-Admin) # ProxyPass /_synapse/admin http://127.0.0.1:8008/_synapse/admin retry=0 nocanon # ProxyPassReverse /_synapse/admin http://127.0.0.1:8008/_synapse/admin - + # Proxy Synapse-Admin # ProxyPass /synapse-admin http://127.0.0.1:8766 retry=0 nocanon # ProxyPassReverse /synapse-admin http://127.0.0.1:8766 @@ -64,6 +65,7 @@ Header always set Content-Type "application/json" Header always set Access-Control-Allow-Origin "*" + # Map /.well-known/matrix/server for server discovery Alias /.well-known/matrix/server /matrix/static-files/.well-known/matrix/server @@ -72,6 +74,16 @@ Header always set Content-Type "application/json" + + # Map /.well-known/matrix/support for support discovery + Alias /.well-known/matrix/support /matrix/static-files/.well-known/matrix/support + + Require all granted + + + Header always set Content-Type "application/json" + + AllowOverride All # Apache 2.4: From 01c31dd849e7ebbe736221b7648a4b934f62f4fa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 12:11:04 +0300 Subject: [PATCH 03/37] Enable `allow_public_rooms_over_federation` by default for Synapse --- CHANGELOG.md | 32 +++++++++++++++++++ roles/custom/matrix-synapse/defaults/main.yml | 9 ++++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f621c27..0c560da6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,35 @@ +# 2023-10-23 + +## Enabling `allow_public_rooms_over_federation` by default for Synapse + +**TDLR**: if your Matrix server is federating (which it mostly likely is, unless you've [disabled federation](docs/configuring-playbook-federation.md#disabling-federation)), your public rooms will not only be joinable across federation (as they've always been), but from now on will be discoverable (made available as a list across federation). We're changing this by flipping the value for Synapse's `allow_public_rooms_over_federation` setting to `true`, going against the upstream default. Servers that disable federation are not affected. + +We generally try to stick to the default configuration for Synapse (and all other components), unless these defaults seem wrong or harmful. One such previous case from a few months ago was us [Enabling `forget_rooms_on_leave` by default for Synapse](#enabling-forget_rooms_on_leave-by-default-for-synapse) - the default value was making Synapse more wasteful of resources by default. + +Today, we're going against upstream defaults again and flipping the `allow_public_rooms_over_federation` configuration option to `true`. +This way, public rooms on your server will be made discoverable by others via federation, using the [`GET /_matrix/federation/v1/publicRooms` of the Server-Server API](https://spec.matrix.org/v1.8/server-server-api/#get_matrixfederationv1publicrooms). + +The upstream Synapse default is `false` (disabled), so that public rooms are not exposed for other servers to discover (learn about their existence). Nevertheless, even if these rooms are not exposed (listed) for discovery, they are **still joinable** by anyone who knows their address or is invited to the room by an existing member. + +**We go against the upstream default** in an effort to make Matrix federation more useful - a public room should be globally public - not only joinable, but also discoverable across federation. + +The **historical reasoning** behind this change is as follows: + +- `allow_public_rooms_over_federation` seems to have been enabled by default for Synapse until v1.7.0 (~2019), just like we believe it should be for a globally-federating network - rooms should be joinable and discoverable across federation. + +- In Synapse v1.7.0 (~2019), `allow_public_rooms_over_federation` [got disabled](https://github.com/matrix-org/synapse/blob/e9069c9f919685606506f04527332e83fbfa44d9/docs/upgrade.md?plain=1#L1877-L1891) by default in a [security-by-obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) workaround for misconfigured servers. See the [Avoiding unwelcome visitors on private Matrix servers](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/) `matrix.org` blog article. We believe that people wishing for a truly private server, should [disable federation](docs/configuring-playbook-federation.md#disabling-federation), instead of having a fully-federating server and trying to hide its public rooms. We also provide other workarounds below. We (and the Synapse team, obviously) believe that Matrix should federate by default, so federating the public room list seems to make sense. + +- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. On 19th of October 2023, `matrixrooms.info` was indexing `23831` Matrix servers. Of these, only `1937` servers (8%) were making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 92% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. + +Here are **actions you may wish to take** as a result of this change: + +- (recommended) embrace the new default. If your Matrix server is federating, your public rooms have always been joinable across federation anyway. Exposing the list of public rooms does no harm and more-so does good by contributing to the usefulness of the Matrix network by facilitating room discovery. + +- (switch to a better way of doings things on your semi-private server) The problem that the Synapse team appears to have solved by flipping the `allow_public_rooms_over_federation` default in Synapse v1.7.0 seems to for "mostly private" servers, which federate and have a bunch of rooms made public in an effort to allow people on the same homeserver to easily find and join them (self-onboarding). With the introduction of Matrix Spaces, you can reorganize your flow around spaces - you can auto-join your users to a Matrix Space (via Synapse's `auto_join_rooms` setting - controlled by our `matrix_synapse_auto_join_rooms` variable), then add a bunch of rooms to the space and make them joinable by people belonging to the space. That is to say, do not make rooms public unless they are public - use other mechanisms for semi-public rooms. Alternatively, you can also stick to what you're doing (public rooms) and set `m.federate: true` when creating them (clients like Element have a nice UI checkbox for this) to explicitly disable federation for these rooms. + +- (keeping the old behavior) if you wish to keep doing what you're doing (keeping your Matrix server federating, but hiding its public rooms list), add `matrix_synapse_allow_public_rooms_over_federation: false` to your `vars.yml` configuration. This restores the old behavior. You may also consider [disabling federation](docs/configuring-playbook-federation.md#disabling-federation) completely instead of relying on security-by-obscurity measures. + + # 2023-10-18 ## Postgres parameters are automatically tuned now diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 3ad23058..7e53f585 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -312,8 +312,13 @@ matrix_synapse_presence_enabled: true matrix_synapse_allow_public_rooms_without_auth: false # Controls whether remote servers can fetch this server's public rooms directory via federation. -# For private servers, you most likely wish to forbid it. -matrix_synapse_allow_public_rooms_over_federation: false +# The upstream default is `false`, but we try to make Matrix federation more useful. +# +# For private servers, you may wish to forbid it to align yourself with upstream defaults. +# However, disabling federation completely (see `matrix_synapse_federation_enabled`) is a better way to make your server private, +# instead of relying on security-by-obscurity -- federating with others, having your public rooms joinable by anyone, +# but hiding them and thinking you've secured them. +matrix_synapse_allow_public_rooms_over_federation: true # Whether to require authentication to retrieve profile data (avatars, # display names) of other users through the client API. Defaults to From f49e3f1e021a883fc7dd56fb25f9fa91f2725d65 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 12:18:08 +0300 Subject: [PATCH 04/37] Update Matrix Room Search indexing statistics This brings the values up-to-date as of the latest indexing run done today. Due to a bug, the previous values were somewhat off. The new numbers are different and actually demonstrate that the situation is much worse than initially imagined. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c560da6..d3c977bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ The **historical reasoning** behind this change is as follows: - In Synapse v1.7.0 (~2019), `allow_public_rooms_over_federation` [got disabled](https://github.com/matrix-org/synapse/blob/e9069c9f919685606506f04527332e83fbfa44d9/docs/upgrade.md?plain=1#L1877-L1891) by default in a [security-by-obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) workaround for misconfigured servers. See the [Avoiding unwelcome visitors on private Matrix servers](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/) `matrix.org` blog article. We believe that people wishing for a truly private server, should [disable federation](docs/configuring-playbook-federation.md#disabling-federation), instead of having a fully-federating server and trying to hide its public rooms. We also provide other workarounds below. We (and the Synapse team, obviously) believe that Matrix should federate by default, so federating the public room list seems to make sense. -- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. On 19th of October 2023, `matrixrooms.info` was indexing `23831` Matrix servers. Of these, only `1937` servers (8%) were making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 92% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. +- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. Today (on 23rd of October 2023), `matrixrooms.info` is indexing `23066` Matrix servers. Of these, only `781` servers (3%) are making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 97% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. Here are **actions you may wish to take** as a result of this change: From 03f5344c3752d41226c2bc99cb0329e47c267420 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 12:34:55 +0300 Subject: [PATCH 05/37] Improve changelog entry wording to mention the room directory Hopefully, this makes it clearer that it's not just "public rooms" that will now be exposed, but rather "public rooms which are also published to the room directory". --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d3c977bf..0d2d09b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Enabling `allow_public_rooms_over_federation` by default for Synapse -**TDLR**: if your Matrix server is federating (which it mostly likely is, unless you've [disabled federation](docs/configuring-playbook-federation.md#disabling-federation)), your public rooms will not only be joinable across federation (as they've always been), but from now on will be discoverable (made available as a list across federation). We're changing this by flipping the value for Synapse's `allow_public_rooms_over_federation` setting to `true`, going against the upstream default. Servers that disable federation are not affected. +**TDLR**: if your Matrix server is federating (which it mostly likely is, unless you've [disabled federation](docs/configuring-playbook-federation.md#disabling-federation)), your public rooms will not only be joinable across federation (as they've always been), but from now on will be discoverable (made available as a list across federation). We're changing this by flipping the value for Synapse's `allow_public_rooms_over_federation` setting to `true`, going against the upstream default. Servers that disable federation are not affected. Servers that have public rooms which are not published to the room directory are also not affected. We generally try to stick to the default configuration for Synapse (and all other components), unless these defaults seem wrong or harmful. One such previous case from a few months ago was us [Enabling `forget_rooms_on_leave` by default for Synapse](#enabling-forget_rooms_on_leave-by-default-for-synapse) - the default value was making Synapse more wasteful of resources by default. @@ -25,7 +25,7 @@ Here are **actions you may wish to take** as a result of this change: - (recommended) embrace the new default. If your Matrix server is federating, your public rooms have always been joinable across federation anyway. Exposing the list of public rooms does no harm and more-so does good by contributing to the usefulness of the Matrix network by facilitating room discovery. -- (switch to a better way of doings things on your semi-private server) The problem that the Synapse team appears to have solved by flipping the `allow_public_rooms_over_federation` default in Synapse v1.7.0 seems to for "mostly private" servers, which federate and have a bunch of rooms made public in an effort to allow people on the same homeserver to easily find and join them (self-onboarding). With the introduction of Matrix Spaces, you can reorganize your flow around spaces - you can auto-join your users to a Matrix Space (via Synapse's `auto_join_rooms` setting - controlled by our `matrix_synapse_auto_join_rooms` variable), then add a bunch of rooms to the space and make them joinable by people belonging to the space. That is to say, do not make rooms public unless they are public - use other mechanisms for semi-public rooms. Alternatively, you can also stick to what you're doing (public rooms) and set `m.federate: true` when creating them (clients like Element have a nice UI checkbox for this) to explicitly disable federation for these rooms. +- (switch to a better way of doings things on your semi-private server) The problem that the Synapse team appears to have solved by flipping the `allow_public_rooms_over_federation` default in Synapse v1.7.0 seems to for "mostly private" servers, which federate and have a bunch of rooms made public (and published in their room directory) in an effort to allow people on the same homeserver to easily find and join them (self-onboarding). With the introduction of Matrix Spaces, you can reorganize your flow around spaces - you can auto-join your users to a Matrix Space (via Synapse's `auto_join_rooms` setting - controlled by our `matrix_synapse_auto_join_rooms` variable), then add a bunch of rooms to the space and make them joinable by people belonging to the space. That is to say, do not make rooms public and do not publish them to the room directory unless they are really public. Instead, use other mechanisms for semi-public rooms or private rooms. One alternative is to stick to what you're doing (public rooms published to your rooms directory) but having a `m.federate: true` flag set during creation (clients like Element have a nice UI checkbox for this) to explicitly disable federation for them. - (keeping the old behavior) if you wish to keep doing what you're doing (keeping your Matrix server federating, but hiding its public rooms list), add `matrix_synapse_allow_public_rooms_over_federation: false` to your `vars.yml` configuration. This restores the old behavior. You may also consider [disabling federation](docs/configuring-playbook-federation.md#disabling-federation) completely instead of relying on security-by-obscurity measures. From c6f1dfa72494bb7191d4bb4e1d63b1658b4e10e0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 13:54:59 +0300 Subject: [PATCH 06/37] Switch Renovate versioning for matrix-dynamic-dns to semver Related to e87f5c11d7adf852 --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 996597f9..816a33a2 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -# renovate: datasource=docker depName=linuxserver/ddclient +# renovate: datasource=docker depName=linuxserver/ddclient versioning=semver matrix_dynamic_dns_version: v3.10.0-ls136 # The docker container to use when in mode From 3588cf610ecd99c5e29f79115275a5b33982916e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 13:57:21 +0300 Subject: [PATCH 07/37] Upgrade ddclient (v3.10.0-ls136 -> v3.11.0-ls137) Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2961 --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 816a33a2..23462583 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -8,7 +8,7 @@ matrix_dynamic_dns_enabled: true matrix_dynamic_dns_daemon_interval: '300' # renovate: datasource=docker depName=linuxserver/ddclient versioning=semver -matrix_dynamic_dns_version: v3.10.0-ls136 +matrix_dynamic_dns_version: v3.11.0-ls137 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 0393bd63562bf958205614d7f7d467aa9a48cf32 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 23 Oct 2023 13:58:40 +0300 Subject: [PATCH 08/37] Update Matrix Room Search indexing statistics again Fixup for f49e3f1e021a883f. It appears that many servers are incredibly slow, so the value was misreported and more are online than previously estimated. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d2d09b3..9a787876 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ The **historical reasoning** behind this change is as follows: - In Synapse v1.7.0 (~2019), `allow_public_rooms_over_federation` [got disabled](https://github.com/matrix-org/synapse/blob/e9069c9f919685606506f04527332e83fbfa44d9/docs/upgrade.md?plain=1#L1877-L1891) by default in a [security-by-obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) workaround for misconfigured servers. See the [Avoiding unwelcome visitors on private Matrix servers](https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers/) `matrix.org` blog article. We believe that people wishing for a truly private server, should [disable federation](docs/configuring-playbook-federation.md#disabling-federation), instead of having a fully-federating server and trying to hide its public rooms. We also provide other workarounds below. We (and the Synapse team, obviously) believe that Matrix should federate by default, so federating the public room list seems to make sense. -- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. Today (on 23rd of October 2023), `matrixrooms.info` is indexing `23066` Matrix servers. Of these, only `781` servers (3%) are making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 97% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. +- [etke.cc](https://etke.cc/) has been developing the free-software [Matrix Rooms Search](https://gitlab.com/etke.cc/mrs) project for a while now. One public (demo) instance of it is hosted at [matrixrooms.info](https://matrixrooms.info/). This search engine tries to go through the Matrix federation and discover & index public rooms to allow people to find them. We believe it's vital for Matrix (and any chat or social network for that matter) to be more discoverable, so that people can find communities and others to talk to. Today (on 23rd of October 2023), `matrixrooms.info` is indexing `23066` Matrix servers. Of these, only `1567` servers (7%) are making their public rooms discoverable. Who knows what wonderful communities and rooms are available on these 93% other Matrix servers that are supposedly federating, but are still gate-keeping their public room list. Indubitably, many of these servers are hosted via matrix-docker-ansible-deploy, so we feel partially responsible for making Matrix federation less useful. Here are **actions you may wish to take** as a result of this change: From 6b86bed4f97bbb632234041e9c64d7950e7fb86a Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Mon, 23 Oct 2023 19:09:30 +0300 Subject: [PATCH 09/37] add .gitattributes with checking out with lf line endings --- .gitattributes | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..6313b56c --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto eol=lf From d46c02cd6f6f58d763cbb4e4269277b57d33a29b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Oct 2023 18:24:54 +0300 Subject: [PATCH 10/37] Upgrade Element (v1.11.46 -> v1.11.47) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 484881f7..3bc9c152 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.46 +matrix_client_element_version: v1.11.47 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 90c3e7595ea870c8dd9a61b362034bdd52d9dca1 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 24 Oct 2023 18:49:20 +0300 Subject: [PATCH 11/37] Update grafana 10.1.5 -> 10.2.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2b0ccc8d..cef847f6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 7.0.1 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.1.5-0 + version: v10.2.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8960-1 name: jitsi From 9032170e8c02d9ee3af8906ec27b06fe073d8441 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 24 Oct 2023 19:09:34 +0300 Subject: [PATCH 12/37] Upgrade Synapse (v1.94.0 -> v1.95.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 7e53f585..4cfc725d 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.94.0 +matrix_synapse_version: v1.95.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 7c12c508d7630a986fb8ca6afc326efcb071b9c4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Oct 2023 03:59:15 +0000 Subject: [PATCH 13/37] Update nginx Docker tag to v1.25.3 --- roles/custom/matrix-nginx-proxy/defaults/main.yml | 2 +- .../matrix-synapse-reverse-proxy-companion/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 36eb7aa4..429fc9fc 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -2,7 +2,7 @@ # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true # renovate: datasource=docker depName=nginx -matrix_nginx_proxy_version: 1.25.2-alpine +matrix_nginx_proxy_version: 1.25.3-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml index 28a2dae6..5cd68f2a 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -26,7 +26,7 @@ matrix_synapse_reverse_proxy_companion_enabled: true # renovate: datasource=docker depName=nginx -matrix_synapse_reverse_proxy_companion_version: 1.25.2-alpine +matrix_synapse_reverse_proxy_companion_version: 1.25.3-alpine matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion" matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d" From 33d271efdd17b24159840500e33cc696876d80f2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 25 Oct 2023 15:28:52 +0300 Subject: [PATCH 14/37] Upgrade Dendrite (v0.13.3 -> v0.13.4) --- roles/custom/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index f63030ee..9830021b 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -11,7 +11,7 @@ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" # renovate: datasource=docker depName=matrixdotorg/dendrite-monolith -matrix_dendrite_docker_image_tag: "v0.13.3" +matrix_dendrite_docker_image_tag: "v0.13.4" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 338af8151b7418a1ca4d56a11c4d95850224045f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Oct 2023 21:44:12 +0000 Subject: [PATCH 15/37] Update linuxserver/ddclient Docker tag to v3.11.1 --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 23462583..5a990dbb 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -8,7 +8,7 @@ matrix_dynamic_dns_enabled: true matrix_dynamic_dns_daemon_interval: '300' # renovate: datasource=docker depName=linuxserver/ddclient versioning=semver -matrix_dynamic_dns_version: v3.11.0-ls137 +matrix_dynamic_dns_version: 3.11.1 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From ffc2aef0b259637511f1938dd4a266e6e9abfbe9 Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 26 Oct 2023 22:34:08 +0300 Subject: [PATCH 16/37] fix jitsi auth (w/ auth; w/o auth), closes #2589 --- group_vars/matrix_servers | 1 + requirements.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2ca07dce..4b3abf95 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2551,6 +2551,7 @@ jitsi_etherpad_enabled: "{{ etherpad_enabled }}" jitsi_etherpad_base: "{{ etherpad_base_url if etherpad_enabled else 'https://scalar.vector.im/etherpad' }}" # Allow verification using JWT and matrix-UVS +jitsi_prosody_auth_matrix_uvs_sync_power_levels: "{{ matrix_user_verification_service_enabled }}" jitsi_prosody_auth_matrix_uvs_auth_token: "{{ matrix_user_verification_service_uvs_auth_token }}" jitsi_prosody_auth_matrix_uvs_location: "{{ matrix_user_verification_service_container_url }}" diff --git a/requirements.yml b/requirements.yml index cef847f6..b110101e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8960-1 + version: v8960-2 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From 09b013adfaaf1915d9d215c1ae1305a87f567bf3 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 27 Oct 2023 10:11:20 +0300 Subject: [PATCH 17/37] Update borgmatic 1.8.3 -> 1.8.4 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index b110101e..f5c80ffb 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.6-1.8.3-0 + version: v1.2.6-1.8.4-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 65de453988f224d8a4af8b2c33e9710e305c8021 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Oct 2023 15:36:35 +0000 Subject: [PATCH 18/37] Update ajbura/cinny Docker tag to v3.1.0 --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 2a50a1a6..94623aa0 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" # renovate: datasource=docker depName=ajbura/cinny -matrix_client_cinny_version: v3.0.0 +matrix_client_cinny_version: v3.1.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From eaa9a52eeb3eb68166b40b443e3690fb421150df Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Fri, 27 Oct 2023 19:06:59 +0100 Subject: [PATCH 19/37] Update main.yml --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index efd39620..4e8f709f 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -5,7 +5,7 @@ matrix_bot_chatgpt_enabled: true # renovate: datasource=docker depName=ghcr.io/matrixgpt/matrix-chatgpt-bot -matrix_bot_chatgpt_version: 3.1.2 +matrix_bot_chatgpt_version: 3.1.4 matrix_bot_chatgpt_container_image_self_build: false matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot" From a53ae8a2fc7d4f72c1894c02ecd4d1a03e6e99d1 Mon Sep 17 00:00:00 2001 From: Ant Somers Date: Mon, 30 Oct 2023 19:49:58 +0300 Subject: [PATCH 20/37] Fix matrix-user-verification-service file Related to #2375, #2975, and #2847 --- .../systemd/matrix-user-verification-service.service.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index 68398263..6c757ae1 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -17,7 +17,7 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --rm \ --name={{ matrix_user_verification_service_container_name }} \ --log-driver=none \ @@ -37,6 +37,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ {% for network in matrix_user_verification_service_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_user_verification_service_container_name }} {% endfor %} +ExecStart=/usr/bin/env docker start --attach matrix-user-verification-service ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_user_verification_service_container_name }} 2>/dev/null' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' From 670ae6f602a3004742a8a7f58b7cd6db8662b5f8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 Oct 2023 08:32:08 +0200 Subject: [PATCH 21/37] Upgrade Jitsi (v8960-2 -> v8960-3) and pass jitsi_user_username explicitly It would work even without explicitly passing `jitsi_user_username` as auto-detection logic will run. Passing it explicitly spares the Jitsi role some work. Related to: - https://github.com/mother-of-all-self-hosting/ansible-role-jitsi/pull/2 - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2974#issuecomment-1784256903 --- group_vars/matrix_servers | 2 ++ requirements.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 4b3abf95..03370aef 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2491,6 +2491,8 @@ jitsi_base_path: "{{ matrix_base_data_path }}/jitsi" jitsi_uid: "{{ matrix_user_uid }}" jitsi_gid: "{{ matrix_user_gid }}" +jitsi_user_username: "{{ matrix_user_username }}" + # Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # the Jitsi HTTP port to the local host. diff --git a/requirements.yml b/requirements.yml index f5c80ffb..ccbe300f 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,7 +37,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.2.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8960-2 + version: v8960-3 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 From 9df69e017bf781ec4609c51e020892cf6a530de0 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Oct 2023 13:09:18 +0200 Subject: [PATCH 22/37] Update cinny 3.1.0 -> 3.2.0 --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 94623aa0..5ab1bd38 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" # renovate: datasource=docker depName=ajbura/cinny -matrix_client_cinny_version: v3.1.0 +matrix_client_cinny_version: v3.2.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 090737773fa4fd6e9f2852feeb921b7f5c743178 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:25:34 +0200 Subject: [PATCH 23/37] Update synapse 1.95.0 -> 1.95.1 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 4cfc725d..2dda2cf3 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true # renovate: datasource=docker depName=matrixdotorg/synapse -matrix_synapse_version: v1.95.0 +matrix_synapse_version: v1.95.1 matrix_synapse_username: '' matrix_synapse_uid: '' From 4ff9b0d6a544c818d6f709e4d9ecab1a324ab4ab Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 1 Nov 2023 09:31:42 +0200 Subject: [PATCH 24/37] Upgrade Heisenbridge (1.14.5 -> 1.14.6) --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index 0bd59951..c8d1bf94 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -5,7 +5,7 @@ matrix_heisenbridge_enabled: true # renovate: datasource=docker depName=hif1/heisenbridge -matrix_heisenbridge_version: 1.14.5 +matrix_heisenbridge_version: 1.14.6 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From ebcafc6518cf62bb5081bf9a742b5dc171091da2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 2 Nov 2023 18:10:50 +0200 Subject: [PATCH 25/37] Upgrade postgres-backup The new version supports v16. Related to: https://github.com/devture/com.devture.ansible.role.postgres_backup/pull/3 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ccbe300f..25e49b07 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,7 +18,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: v16.0-8 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: a0cc7c1c696872ba8880d9c5e5a54098de825030 + version: d2c2585fe3f5ebf39045bc90c97ee160e1341594 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git From ebe7e3b6e0929d527f8000e69a59bdf43c7f1982 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Nov 2023 09:31:51 +0200 Subject: [PATCH 26/37] Forward /_matrix/client/v3 to identity server (not just /_matrix/client/r0) Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954 --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 8ecaf64e..dd46299e 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -185,7 +185,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} - location ^~ /_matrix/client/r0/user_directory/search { + location ^~ /_matrix/client/(r0|v3)/user_directory/search { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -202,7 +202,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} - location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ { + location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; From 7436fd435bd5d2aee99c37f0568a9f599187aedc Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Mon, 6 Nov 2023 08:51:50 +0100 Subject: [PATCH 27/37] Update configuring-playbook-bridge-beeper-linkedin.md --- docs/configuring-playbook-bridge-beeper-linkedin.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/configuring-playbook-bridge-beeper-linkedin.md b/docs/configuring-playbook-bridge-beeper-linkedin.md index 6ec294fb..a51b2781 100644 --- a/docs/configuring-playbook-bridge-beeper-linkedin.md +++ b/docs/configuring-playbook-bridge-beeper-linkedin.md @@ -32,14 +32,10 @@ You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/co ## Set up Double Puppeting -If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. - -### Method 1: automatically, by enabling Shared Secret Auth +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have to enable Shared Secred Auth. The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. -This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. - ## Usage From b0a2211c1371aa094ae4565b74e2db5fb8b8edef Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Mon, 6 Nov 2023 09:13:10 +0100 Subject: [PATCH 28/37] Update configuring-playbook-sliding-sync-proxy.md --- docs/configuring-playbook-sliding-sync-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index a7aab981..982314ca 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -8,7 +8,7 @@ See the project's [documentation](https://github.com/matrix-org/sliding-sync) to Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi). -Element X Android requires manual compilation to get it working with a non-`matrix.org` homeseserver. It's also less feature-complete than the iOS version. +Element X Android is less feature-complete than the iOS version. **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. From 8d87b5c95155bb3103acbcf74ec2e71bbc125272 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 7 Nov 2023 16:06:34 +0000 Subject: [PATCH 29/37] Update vectorim/element-web Docker tag to v1.11.48 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3bc9c152..63b95db9 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" # renovate: datasource=docker depName=vectorim/element-web -matrix_client_element_version: v1.11.47 +matrix_client_element_version: v1.11.48 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" From 7d668a488e089e8e72bf0372b6d516ff304508c1 Mon Sep 17 00:00:00 2001 From: Chikage Date: Wed, 8 Nov 2023 04:35:24 +0900 Subject: [PATCH 30/37] add self-build for matrix_user_verification Currently v3.0.0 tested with no issues. So remove matrix_user_verification_service_docker_image from groups_vars. /.npm must be writable or an error will be reported. --- group_vars/matrix_servers | 3 --- .../defaults/main.yml | 5 ++++ .../tasks/setup_install.yml | 25 +++++++++++++++++++ ...atrix-user-verification-service.service.j2 | 1 + 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 03370aef..9b27fcb4 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4303,9 +4303,6 @@ matrix_user_creator_users_auto: | # ###################################################################### -## FIXME: Needs to be updated when there is a proper release by upstream. -matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service@sha256:d2aabc984dd69d258c91900c36928972d7aaef19d776caa3cd6a0fbc0e307270" - matrix_user_verification_service_enabled: false matrix_user_verification_service_systemd_required_services_list: | {{ diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index 068ef2af..46ae72db 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -5,6 +5,10 @@ matrix_user_verification_service_ansible_name: "Matrix User Verification Service # Enable by default. This is overwritten in provided group vars. matrix_user_verification_service_enabled: true +matrix_user_verification_service_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_user_verification_service_container_image_self_build_repo: "https://github.com/matrix-org/matrix-user-verification-service" +matrix_user_verification_service_container_image_self_build_branch: "{{ 'master' if matrix_registration_version == 'latest' else matrix_user_verification_service_version }}" + # Fix version tag # renovate: datasource=docker depName=matrixdotorg/matrix-user-verification-service matrix_user_verification_service_version: "v3.0.0" @@ -13,6 +17,7 @@ matrix_user_verification_service_version: "v3.0.0" matrix_user_verification_service_base_path: "{{ matrix_base_data_path }}/user-verification-service" matrix_user_verification_service_config_path: "{{ matrix_user_verification_service_base_path }}/config" matrix_user_verification_service_config_env_file: "{{ matrix_user_verification_service_config_path }}/.env" +matrix_user_verification_service_docker_src_files_path: "{{ matrix_user_verification_service_base_path }}/docker-src" # Docker matrix_user_verification_service_docker_image_name_prefix: "{{ matrix_container_global_registry_prefix }}" diff --git a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml index 54d5d979..700614cb 100644 --- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml +++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml @@ -9,6 +9,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_user_verification_service_config_path }}", when: true} + - {path: "{{ matrix_user_verification_service_docker_src_files_path }}", when: "{{ matrix_user_verification_service_container_image_self_build }}"} when: item.when | bool - name: Ensure Matrix User Verification Service image is pulled @@ -21,6 +22,30 @@ retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed + when: "not matrix_user_verification_service_container_image_self_build | bool" + +- name: Ensure Matrix User Verification Service repository is present when self-building + ansible.builtin.git: + repo: "{{ matrix_user_verification_service_container_image_self_build_repo }}" + dest: "{{ matrix_user_verification_service_docker_src_files_path }}" + version: "{{ matrix_user_verification_service_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_user_verification_service_git_pull_results + when: "matrix_user_verification_service_container_image_self_build | bool" + +- name: Ensure Matrix User Verification Service image is built + community.docker.docker_image: + name: "{{ matrix_user_verification_service_docker_image }}" + source: build + force_source: "{{ matrix_user_verification_service_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_user_verification_service_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_user_verification_service_docker_src_files_path }}" + pull: true + when: "matrix_user_verification_service_container_image_self_build | bool" - name: Ensure Matrix User Verification Service env file installed ansible.builtin.template: diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index 6c757ae1..268e4298 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -24,6 +24,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ + --tmpfs /.npm \ --network={{ matrix_user_verification_service_container_network }} \ {% if matrix_user_verification_service_container_http_host_bind_port %} -p {{ matrix_user_verification_service_container_http_host_bind_port }}:3000 \ From ad230555e9a612b3e3a775f4aaf1f98c742e0779 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Nov 2023 11:31:18 +0200 Subject: [PATCH 31/37] Try to fix /_matrix/client/v3 for ma1sd via URL rewriting to (/_matrix/client/r0) Hopefully fixes: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954 Untested. Patch inspired by: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2954#issuecomment-1795029963 --- roles/custom/matrix-nginx-proxy/defaults/main.yml | 12 ++++++++++++ .../templates/nginx/conf.d/matrix-domain.conf.j2 | 8 ++++++++ 2 files changed, 20 insertions(+) diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 429fc9fc..36064480 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -331,6 +331,12 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" +# Controls whether the user directory search API will be URL-rewritten (/_matrix/client/v3/user_directory/search -> /_matrix/client/r0/user_directory/search). +# This is to assist identity servers which only handle the r0 endpoints. +# The v3 endpoints are the same (spec-wise), so they can usually be redirected without downsides. +# If this is disabled, API requests will be forwarded as-is, without any URL rewriting. +matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled: true + # Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain). # This allows another service to control registrations involving 3PIDs. # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md @@ -338,6 +344,12 @@ matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:{{ matrix_ma1sd_container_port }}" +# Controls whether the user directory search API will be URL-rewritten (/_matrix/client/v3/register/(email|msisdn)/requestToken -> /_matrix/client/r0/register/(email|msisdn)/requestToken). +# This is to assist identity servers which only handle the r0 endpoints. +# The v3 endpoints are the same (spec-wise), so they can usually be redirected without downsides. +# If this is disabled, API requests will be forwarded as-is, without any URL rewriting. +matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled: true + # Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-ma1sd:{{ matrix_ma1sd_container_port }}" diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index dd46299e..ad550103 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -186,6 +186,10 @@ {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} location ^~ /_matrix/client/(r0|v3)/user_directory/search { + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} + {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -203,6 +207,10 @@ {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} + {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; From a88a4c2b827b62a814586883c112fffed15a87be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Nov 2023 16:30:02 +0200 Subject: [PATCH 32/37] Use regex-enabled location blocks when matching with regex Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2986 --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index ad550103..3d6ae7df 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -119,7 +119,7 @@ # Redirect other endpoints registered by the media-repo to its container # /_matrix/client/r0/logout # /_matrix/client/r0/logout/all - location ^~ /_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) { + location ~ ^/_matrix/client/(r0|v1|v3|unstable)/(logout|logout/all) { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -142,7 +142,7 @@ # Redirect other endpoints registered by the media-repo to its container # /_matrix/client/r0/admin/purge_media_cache # /_matrix/client/r0/admin/quarantine_media/{roomId:[^/]+} - location ^~ /_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) { + location ~ ^/_matrix/client/(r0|v1|v3|unstable)/admin/(purge_media_cache|quarantine_media/.*) { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; @@ -185,7 +185,7 @@ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} - location ^~ /_matrix/client/(r0|v3)/user_directory/search { + location ~ ^/_matrix/client/(r0|v3)/user_directory/search { {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; {% endif %} From 81ee0749c874b9986fa8942aa96d76736b2334fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=2E=20K=C3=BCchel?= Date: Thu, 9 Nov 2023 08:00:25 +0100 Subject: [PATCH 33/37] Update matrix-domain.conf.j2 - trying to fix issue #2954 (#2985) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update matrix-domain.conf.j2 exchanged "^~" with "~" as a pattern matching in the location part. I am very sure, that it only works using "~". I am not quite sure though, if this is the right way to do it, because "~" is probably more expensive than "^~" the rewrite has to be behind the definition of the $backend. Otherwise nginx will fail to work. This is probably because "break" goes directly to the proxy_pass which uses $backend. * Update matrix-domain.conf.j2 also change the order of "set $backend" and "rewrite" here in the 3pid registration section * Update matrix-domain.conf.j2 - repeat v3_to_r0 rewrite in else-statement as you said: repeat it for the else-case, where the ma1sd might be running on sans_container. * Update matrix-domain.conf.j2 - corrected wrong variable atrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled is the right variable to check (twice) in the corresponding branch. * matrix-domain.conf.j2 - fix-2954: change all whitespaces to tabs as you do it --------- Co-authored-by: Tobias Küchel --- .../nginx/conf.d/matrix-domain.conf.j2 | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 3d6ae7df..d28cbf15 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -186,16 +186,18 @@ {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %} location ~ ^/_matrix/client/(r0|v3)/user_directory/search { - {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} - rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; - {% endif %} - {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container }}"; + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} proxy_pass http://$backend; {% else %} + {% if matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} {# Generic configuration for use outside of our container setup #} proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container }}; {% endif %} @@ -207,16 +209,18 @@ {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %} location ~ ^/_matrix/client/(r0|v3)/register/(email|msisdn)/requestToken$ { - {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} - rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; - {% endif %} - {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}"; + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} proxy_pass http://$backend; {% else %} + {% if matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled %} + rewrite ^(.*?)/v3/(.*?)$ $1/r0/$2 break; + {% endif %} {# Generic configuration for use outside of our container setup #} proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container }}; {% endif %} From b77a438169d7eae816d0b2764309b635d63cc978 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 9 Nov 2023 13:39:21 +0200 Subject: [PATCH 34/37] Upgrade Traefik (v2.10.5-0 -> v2.10.5-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 25e49b07..cbda8ec8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.5-0 + version: v2.10.5-1 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From d74efc13105705f26d3c995996670666edb95862 Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Thu, 9 Nov 2023 14:08:32 +0100 Subject: [PATCH 35/37] Remove mention of Android Element X being less feature complete than the iOS version (#2982) * Remove mention of Android Element X being less feature complete than iOS version Quoting upstream: > Element X Android and Element X iOS apps are in a similar state. > > https://github.com/vector-im/element-x-android/issues/911 * Update configuring-playbook-sliding-sync-proxy.md --- docs/configuring-playbook-sliding-sync-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index 982314ca..f5bc6f76 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -8,7 +8,7 @@ See the project's [documentation](https://github.com/matrix-org/sliding-sync) to Element X iOS is [available on TestFlight](https://testflight.apple.com/join/uZbeZCOi). -Element X Android is less feature-complete than the iOS version. +Element X Android is [available on the Github Releases page](https://github.com/vector-im/element-x-android/releases). **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. From a0e649286d05dee3edeb5487190b60c3d81a65fb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Nov 2023 19:00:27 +0000 Subject: [PATCH 36/37] Update frenck/action-yamllint action to v1.4.2 --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index d10ebec5..8e7df118 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,7 +13,7 @@ jobs: - name: Check out uses: actions/checkout@v4 - name: Run yamllint - uses: frenck/action-yamllint@v1.4.1 + uses: frenck/action-yamllint@v1.4.2 ansible-lint: name: ansible-lint runs-on: ubuntu-latest From e6be3709f004439e1de65e61283c4a919d5d0fd6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Nov 2023 19:00:31 +0000 Subject: [PATCH 37/37] Update ghcr.io/matrix-org/sliding-sync Docker tag to v0.99.12 --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index aaa257ff..f7ebdee8 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -6,7 +6,7 @@ matrix_sliding_sync_enabled: true # renovate: datasource=docker depName=ghcr.io/matrix-org/sliding-sync -matrix_sliding_sync_version: v0.99.11 +matrix_sliding_sync_version: v0.99.12 matrix_sliding_sync_scheme: https