Merge branch 'master' into pub.solar
This commit is contained in:
commit
a501786ce6
17 changed files with 77 additions and 36 deletions
|
@ -56,7 +56,7 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
|
|||
|
||||
If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
|
||||
|
||||
In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ;
|
||||
In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;
|
||||
|
||||
```
|
||||
- idp_id: keycloak
|
||||
|
@ -70,7 +70,7 @@ In case you encounter errors regarding the parsing of the variables, you can try
|
|||
userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
|
||||
user_mapping_provider:
|
||||
config:
|
||||
display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}"
|
||||
email_template: "{%raw}{{ user.email }}{% endraw %}"
|
||||
display_name_template: "{% raw %}{{ user.given_name }}{% endraw %} {% raw %}{{ user.family_name }}{% endraw %}"
|
||||
email_template: "{% raw %}{{ user.email }}{% endraw %}"
|
||||
```
|
||||
|
||||
|
|
|
@ -380,6 +380,7 @@ matrix_mautrix_signal_database_password: "{{ matrix_synapse_macaroon_secret_key
|
|||
#
|
||||
######################################################################
|
||||
|
||||
matrix_mautrix_signal_container_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -1777,6 +1778,7 @@ matrix_prometheus_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en
|
|||
|
||||
matrix_prometheus_scraper_synapse_enabled: "{{ matrix_synapse_enabled and matrix_synapse_metrics_enabled }}"
|
||||
matrix_prometheus_scraper_synapse_targets: ['matrix-synapse:{{ matrix_synapse_metrics_port }}']
|
||||
matrix_prometheus_scraper_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}"
|
||||
matrix_prometheus_scraper_synapse_rules_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
|
||||
|
||||
matrix_prometheus_scraper_node_enabled: "{{ matrix_prometheus_node_exporter_enabled }}"
|
||||
|
|
|
@ -16,4 +16,3 @@
|
|||
}
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -128,18 +128,13 @@
|
|||
validate_certs: yes
|
||||
when: customise_base_domain_website is undefined
|
||||
|
||||
- name: Ensure group "sftp" exists
|
||||
group:
|
||||
name: sftp
|
||||
state: present
|
||||
|
||||
- name: If user doesn't define a sftp_password, create a disabled 'sftp' account
|
||||
user:
|
||||
name: sftp
|
||||
comment: SFTP user to set custom web files and access servers export
|
||||
shell: /bin/false
|
||||
home: /home/sftp
|
||||
group: sftp
|
||||
group: matrix
|
||||
password: '*'
|
||||
update_password: always
|
||||
when: sftp_password|length == 0
|
||||
|
@ -150,15 +145,20 @@
|
|||
comment: SFTP user to set custom web files and access servers export
|
||||
shell: /bin/false
|
||||
home: /home/sftp
|
||||
group: sftp
|
||||
group: matrix
|
||||
password: "{{ sftp_password | password_hash('sha512') }}"
|
||||
update_password: always
|
||||
when: sftp_password|length > 0
|
||||
|
||||
- name: Ensure group "sftp" exists
|
||||
group:
|
||||
name: sftp
|
||||
state: present
|
||||
|
||||
- name: adding existing user 'sftp' to group matrix
|
||||
user:
|
||||
name: sftp
|
||||
groups: matrix
|
||||
groups: sftp
|
||||
append: yes
|
||||
when: customise_base_domain_website is defined
|
||||
|
||||
|
@ -214,14 +214,14 @@
|
|||
group: sftp
|
||||
mode: '0644'
|
||||
when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")
|
||||
|
||||
- name: Alter SSH Subsystem State 1
|
||||
|
||||
- name: Remove any existing Subsystem lines
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
line: "Subsystem sftp /usr/lib/openssh/sftp-server"
|
||||
state: absent
|
||||
regexp: '^Subsystem'
|
||||
|
||||
- name: Alter SSH Subsystem State 2
|
||||
- name: Set SSH Subsystem State
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
insertafter: "^# override default of no subsystems"
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
- name: Purge local media to specific date
|
||||
shell: |
|
||||
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}'
|
||||
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000'
|
||||
register: purge_command
|
||||
|
||||
- name: Print output of purge command
|
||||
|
|
|
@ -17,15 +17,16 @@
|
|||
- jq
|
||||
state: present
|
||||
|
||||
- name: Collect access token for janitor user
|
||||
shell: |
|
||||
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token'
|
||||
register: janitors_token
|
||||
|
||||
- name: Collect the internal IP of the matrix-synapse container
|
||||
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
|
||||
register: synapse_container_ip
|
||||
|
||||
|
||||
- name: Collect access token for janitor user
|
||||
shell: |
|
||||
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
|
||||
register: janitors_token
|
||||
no_log: True
|
||||
|
||||
- name: Generate list of dates to purge to
|
||||
delegate_to: 127.0.0.1
|
||||
shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
- name: Purge remote media to specific date
|
||||
shell: |
|
||||
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}'
|
||||
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000'
|
||||
register: purge_command
|
||||
|
||||
- name: Print output of purge command
|
||||
|
|
|
@ -66,7 +66,7 @@
|
|||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "{{ item }}:"
|
||||
regexp: "{{ item }}"
|
||||
line: "{{ item }}"
|
||||
insertbefore: '# Synapse Extension End'
|
||||
with_items:
|
||||
|
@ -78,7 +78,7 @@
|
|||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "{{ item }}:"
|
||||
regexp: "{{ item }}"
|
||||
line: "{{ item }}"
|
||||
insertbefore: '# Synapse Extension End'
|
||||
state: absent
|
||||
|
|
|
@ -3,6 +3,10 @@
|
|||
|
||||
matrix_mautrix_signal_enabled: true
|
||||
|
||||
matrix_mautrix_signal_self_build: false
|
||||
matrix_mautrix_signal_docker_repo: "https://mau.dev/tulir/mautrix-signal.git"
|
||||
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
|
||||
|
||||
matrix_mautrix_signal_version: latest
|
||||
matrix_mautrix_signal_daemon_version: latest
|
||||
# See: https://mau.dev/tulir/mautrix-signal/container_registry
|
||||
|
|
|
@ -8,13 +8,34 @@
|
|||
The matrix-bridge-mautrix-signal role needs to execute before the matrix-synapse role.
|
||||
when: "matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- name: Ensure Mautrix Signal repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_mautrix_signal_docker_repo }}"
|
||||
dest: "{{ matrix_mautrix_signal_docker_src_files_path }}"
|
||||
force: "yes"
|
||||
register: matrix_mautrix_signal_git_pull_results
|
||||
when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_container_self_build|bool"
|
||||
|
||||
- name: Ensure Mautrix Signal image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_mautrix_signal_docker_image }}"
|
||||
source: build
|
||||
force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_mautrix_signal_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_mautrix_signal_enabled|bool and matrix_mautrix_signal_container_self_build|bool"
|
||||
|
||||
- name: Ensure Mautrix Signal image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_mautrix_signal_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
|
||||
when: matrix_mautrix_signal_enabled|bool
|
||||
when: "matrix_mautrix_signal_enabled|bool and not matrix_mautrix_signal_container_self_build|bool"
|
||||
|
||||
|
||||
- name: Ensure Mautrix Signal Daemon image is pulled
|
||||
docker_image:
|
||||
|
|
|
@ -3,7 +3,7 @@ matrix_client_element_enabled: true
|
|||
matrix_client_element_container_image_self_build: false
|
||||
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
|
||||
|
||||
matrix_client_element_version: v1.7.31
|
||||
matrix_client_element_version: v1.7.32
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: []
|
|||
# List of systemd services that matrix-corporal.service depends on
|
||||
matrix_corporal_systemd_required_services_list: ['docker.service']
|
||||
|
||||
matrix_corporal_version: 2.1.0
|
||||
matrix_corporal_version: 2.1.1
|
||||
matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
|
||||
matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
matrix_grafana_enabled: false
|
||||
|
||||
matrix_grafana_version: 8.0.3
|
||||
matrix_grafana_version: 8.0.6
|
||||
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
||||
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
matrix_nginx_proxy_enabled: true
|
||||
matrix_nginx_proxy_version: 1.21.0-alpine
|
||||
matrix_nginx_proxy_version: 1.21.1-alpine
|
||||
|
||||
# We use an official nginx image, which we fix-up to run unprivileged.
|
||||
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
||||
|
@ -404,7 +404,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
|
|||
|
||||
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
||||
matrix_ssl_lets_encrypt_staging: false
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.16.0"
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.17.0"
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||
matrix_ssl_lets_encrypt_support_email: ~
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
matrix_prometheus_enabled: false
|
||||
|
||||
matrix_prometheus_version: v2.28.0
|
||||
matrix_prometheus_version: v2.28.1
|
||||
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
|
||||
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
@ -34,6 +34,7 @@ matrix_prometheus_scraper_synapse_rules_synapse_tag: "master"
|
|||
matrix_prometheus_scraper_synapse_rules_download_url: "https://raw.githubusercontent.com/matrix-org/synapse/{{ matrix_prometheus_scraper_synapse_rules_synapse_tag }}/contrib/prometheus/synapse-v2.rules"
|
||||
|
||||
matrix_prometheus_scraper_synapse_targets: []
|
||||
matrix_prometheus_scraper_synapse_workers_enabled_list: []
|
||||
|
||||
# Tells whether the "node" scraper configuration is enabled.
|
||||
# This configuration aims to scrape the current node (this server).
|
||||
|
|
|
@ -31,6 +31,19 @@ scrape_configs:
|
|||
metrics_path: '/_synapse/metrics'
|
||||
static_configs:
|
||||
- targets: {{ matrix_prometheus_scraper_synapse_targets|to_json }}
|
||||
labels:
|
||||
instance: {{ matrix_domain }}
|
||||
job: master
|
||||
index: 0
|
||||
{% for worker in matrix_prometheus_scraper_synapse_workers_enabled_list %}
|
||||
{% if worker.metrics_port != 0 %}
|
||||
- targets: ['matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}']
|
||||
labels:
|
||||
instance: {{ matrix_domain }}
|
||||
job: {{ worker.type }}
|
||||
index: {{ worker.instanceId }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_prometheus_scraper_node_enabled %}
|
||||
|
@ -43,4 +56,4 @@ scrape_configs:
|
|||
- job_name: postgres
|
||||
static_configs:
|
||||
- targets: {{ matrix_prometheus_scraper_postgres_targets|to_json }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
|
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
|||
# amd64 gets released first.
|
||||
# arm32 relies on self-building, so the same version can be built immediately.
|
||||
# arm64 users need to wait for a prebuilt image to become available.
|
||||
matrix_synapse_version: v1.37.1
|
||||
matrix_synapse_version_arm64: v1.37.1
|
||||
matrix_synapse_version: v1.38.0
|
||||
matrix_synapse_version_arm64: v1.38.0
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue