diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ba51998..e2b11369 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -405,7 +405,7 @@ Additional details are available in the [Authenticate using Matrix OpenID (Auth- ## Draupnir moderation tool (bot) support -Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install and configure the [Draupnir](https://github.com/Gnuxie/Draupnir) moderation tool (bot). Draupnir is a fork of [Mjolnir](docs/configuring-playbook-bot-mjolnir.md) (which the playbook has supported for a long time) maintained by Mjolnir's former lead developer. +Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install and configure the [Draupnir](https://github.com/the-draupnir-project/Draupnir) moderation tool (bot). Draupnir is a fork of [Mjolnir](docs/configuring-playbook-bot-mjolnir.md) (which the playbook has supported for a long time) maintained by Mjolnir's former lead developer. Additional details are available in [Setting up Draupnir](docs/configuring-playbook-bot-draupnir.md). diff --git a/README.md b/README.md index 2a8b54ca..42f540c7 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ Bots provide various additional functionality to your installation. | [Postmoogle](https://gitlab.com/etke.cc/postmoogle) | x | Email to matrix bot | [Link](docs/configuring-playbook-bot-postmoogle.md) | | [Go-NEB](https://github.com/matrix-org/go-neb) | x | A multi functional bot written in Go | [Link](docs/configuring-playbook-bot-go-neb.md) | | [Mjolnir](https://github.com/matrix-org/mjolnir) | x | A moderation tool for Matrix | [Link](docs/configuring-playbook-bot-mjolnir.md) | -| [Draupnir](https://github.com/Gnuxie/Draupnir) | x | A moderation tool for Matrix (Fork of Mjolnir) | [Link](docs/configuring-playbook-bot-draupnir.md) | +| [Draupnir](https://github.com/the-draupnir-project/Draupnir) | x | A moderation tool for Matrix (Fork of Mjolnir) | [Link](docs/configuring-playbook-bot-draupnir.md) | | [Buscarron](https://gitlab.com/etke.cc/buscarron) | x | Web forms (HTTP POST) to matrix | [Link](docs/configuring-playbook-bot-buscarron.md) | | [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) | x | ChatGPT from matrix | [Link](docs/configuring-playbook-bot-chatgpt.md) | diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 23fa644f..f60b777c 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -1,8 +1,8 @@ # Setting up draupnir (optional) -The playbook can install and configure the [draupnir](https://github.com/Gnuxie/Draupnir) moderation bot for you. +The playbook can install and configure the [draupnir](https://github.com/the-draupnir-project/Draupnir) moderation bot for you. -See the project's [documentation](https://github.com/Gnuxie/Draupnir) to learn what it does and why it might be useful to you. +See the project's [documentation](https://github.com/the-draupnir-project/Draupnir) to learn what it does and why it might be useful to you. If your migrating from Mjolnir skip to step 5b. @@ -77,7 +77,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -You can refer to the upstream [documentation](https://github.com/Gnuxie/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot. +You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot. You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index af405115..eaac3385 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2959,10 +2959,7 @@ devture_postgres_gid: "{{ matrix_user_gid }}" devture_postgres_connection_username: matrix devture_postgres_db_name: matrix -devture_postgres_systemd_services_to_stop_for_maintenance_list: | - {{ - ['matrix-' + matrix_homeserver_implementation + '.service'] - }} +devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}" devture_postgres_managed_databases_auto: | {{ diff --git a/requirements.yml b/requirements.yml index 116f1c82..25c77881 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,7 +16,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v15.3-0 + version: v16.0-2 - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: a0cc7c1c696872ba8880d9c5e5a54098de825030 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git @@ -30,19 +30,19 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.2-0 + version: v1.9.2-1 - src: git+https://github.com/geerlingguy/ansible-role-docker version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.1.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git - version: v8922-0 + version: v8922-1 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.45.0-1 + version: v2.47.0-0 name: prometheus - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.6.1-0 diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index b7e56c34..ae65b4ff 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -1,13 +1,13 @@ --- # A moderation tool for Matrix -# Project source code URL: https://github.com/Gnuxie/Draupnir +# Project source code URL: https://github.com/the-draupnir-project/Draupnir matrix_bot_draupnir_enabled: true -matrix_bot_draupnir_version: "v1.84.0" +matrix_bot_draupnir_version: "v1.85.1" matrix_bot_draupnir_container_image_self_build: false -matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git" +matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git" matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}" matrix_bot_draupnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -36,6 +36,16 @@ matrix_bot_draupnir_access_token: "" # Note: draupnir is fairly verbose - expect a lot of messages from it. matrix_bot_draupnir_management_room: "" +# Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot. +# This setting is described the following way in the Configuration. +# +# Whether or not Draupnir should apply `m.room.server_acl` events. +# DO NOT change this to `true` unless you are very confident that you know what you are doing. +# +# Please follow the advice of upstream and only change this value if you know what your doing. +# Its Exposed here because its common enough to be valid to expose. +matrix_bot_draupnir_disable_server_acl: "false" + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 index 95acbd35..36488a11 100644 --- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -51,9 +51,11 @@ recordIgnoredInvites: false # (see verboseLogging to adjust this a bit.) managementRoom: "{{ matrix_bot_draupnir_management_room }}" +# Deprecated and will be removed in a future version. +# Running with verboseLogging is unsupported. # Whether Draupnir should log a lot more messages in the room, -# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room. -verboseLogging: false +# mainly involves "all-OK" messages, and debugging messages for when draupnir checks bans in a room. +#verboseLogging: false # The log level of terminal (or container) output, # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. @@ -73,6 +75,10 @@ verifyPermissionsOnStartup: true # turn on to trial some untrusted configuration or lists. noop: false +# Whether or not Draupnir should apply `m.room.server_acl` events. +# DO NOT change this to `true` unless you are very confident that you know what you are doing. +disableServerACL: "{{ matrix_bot_draupnir_disable_server_acl }}" + # Whether Draupnir should check member lists quicker (by using a different endpoint), # keep in mind that enabling this will miss invited (but not joined) users. # diff --git a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml index ec194855..61462aa7 100644 --- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml @@ -5,7 +5,7 @@ matrix_appservice_discord_enabled: false matrix_appservice_discord_container_image_self_build: false -matrix_appservice_discord_version: v3.1.0 +matrix_appservice_discord_version: v4.0.0 matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_name_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}" matrix_appservice_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else 'ghcr.io/' }}" matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 36fd5fef..0f54689b 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.6.1 +matrix_mautrix_discord_version: v0.6.2 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 8d5ce244..1075379d 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -6,9 +6,9 @@ matrix_mautrix_gmessages_enabled: true matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" -matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" +matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" -matrix_mautrix_gmessages_version: v0.1.0 +matrix_mautrix_gmessages_version: v0.2.0 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 9f630f51..9e38996c 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.10.0 +matrix_mautrix_whatsapp_version: v0.10.1 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 695a6edc..d1e17b4e 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.40 +matrix_client_element_version: v1.11.43 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 600a3f08..338ada2f 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -288,6 +288,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_element_enabled | bool" +- name: Ensure Matrix nginx-proxy configuration for Schildichat domain deleted + ansible.builtin.file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-schildichat.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_schildichat_enabled | bool" + - name: Ensure Matrix nginx-proxy configuration for Hydrogen domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf" diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index a46c1716..73e794c2 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -5,7 +5,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.8 +matrix_sliding_sync_version: v0.99.10 matrix_sliding_sync_scheme: https diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index d1069191..249e8c8f 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.91.1 +matrix_synapse_version: v1.92.2 matrix_synapse_username: '' matrix_synapse_uid: '' @@ -1008,9 +1008,9 @@ matrix_synapse_redaction_retention_period: 7d matrix_synapse_user_ips_max_age: 28d -matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-compress-state:latest" +matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-tools:v0.0.1" matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix: "registry.gitlab.com/" -matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" +matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':stable') or matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state" diff --git a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 4a6a01b7..2441e4a8 100644 --- a/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -3,6 +3,7 @@ Description=Synapse worker ({{ matrix_synapse_worker_container_name }}) AssertPathExists={{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }} After=matrix-synapse.service +Requires=matrix-synapse.service [Service] Type=simple diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index a12b4401..47cbc2a0 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -170,6 +170,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$) - ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$ - ^/_matrix/client/(r0|v3|unstable)/capabilities$ + - ^/_matrix/client/(r0|v3|unstable)/notifications$ # Encryption requests # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri`