Merge branch 'spantaleev:master' into master
This commit is contained in:
commit
bb0810302d
|
@ -34,6 +34,8 @@ Updates to this section are trailed here:
|
||||||
|
|
||||||
Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in '/docs/Installation.md' of that repository.
|
Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in '/docs/Installation.md' of that repository.
|
||||||
|
|
||||||
|
For simpler installation steps you can use to get started with this system, check out our minimal installation guide at '/doc/Installation_Minimal.md'.
|
||||||
|
|
||||||
|
|
||||||
## Does I need a front-end WordPress site? And a DigitalOcean account?
|
## Does I need a front-end WordPress site? And a DigitalOcean account?
|
||||||
|
|
||||||
|
|
42
roles/matrix-awx/surveys/access_export.json.j2
Normal file
42
roles/matrix-awx/surveys/access_export.json.j2
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{
|
||||||
|
"name": "Access Export",
|
||||||
|
"description": "Access the services export.",
|
||||||
|
"spec": [
|
||||||
|
{
|
||||||
|
"question_name": "SFTP Authorisation Method",
|
||||||
|
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
|
||||||
|
"required": true,
|
||||||
|
"min": null,
|
||||||
|
"max": null,
|
||||||
|
"default": "{{ sftp_auth_method | string }}",
|
||||||
|
"choices": "Disabled\nPassword\nSSH Key",
|
||||||
|
"new_question": true,
|
||||||
|
"variable": "sftp_auth_method",
|
||||||
|
"type": "multiplechoice"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"question_name": "SFTP Password",
|
||||||
|
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
|
||||||
|
"required": false,
|
||||||
|
"min": 0,
|
||||||
|
"max": 64,
|
||||||
|
"default": "{{ sftp_password }}",
|
||||||
|
"choices": "",
|
||||||
|
"new_question": true,
|
||||||
|
"variable": "sftp_password",
|
||||||
|
"type": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"question_name": "SFTP Public SSH Key (More Secure)",
|
||||||
|
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
|
||||||
|
"required": false,
|
||||||
|
"min": 0,
|
||||||
|
"max": 16384,
|
||||||
|
"default": "{{ sftp_public_key }}",
|
||||||
|
"choices": "",
|
||||||
|
"new_question": true,
|
||||||
|
"variable": "sftp_public_key",
|
||||||
|
"type": "text"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "Backup Server",
|
"name": "Backup Server",
|
||||||
"description": "",
|
"description": "Performs a backup of the entire service to a remote location.",
|
||||||
"spec": [
|
"spec": [
|
||||||
{
|
{
|
||||||
"question_name": "Enable Backup",
|
"question_name": "Enable Backup",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "Configure Matrix Corporal",
|
"name": "Configure Matrix Corporal",
|
||||||
"description": "",
|
"description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.",
|
||||||
"spec": [
|
"spec": [
|
||||||
{
|
{
|
||||||
"question_name": "Enable Corporal",
|
"question_name": "Enable Corporal",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "Configure Dimension",
|
"name": "Configure Dimension",
|
||||||
"description": "",
|
"description": "Configure Dimension, the self-hosted integrations server.",
|
||||||
"spec": [
|
"spec": [
|
||||||
{
|
{
|
||||||
"question_name": "Enable Dimension",
|
"question_name": "Enable Dimension",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "",
|
"name": "Configure Element",
|
||||||
"description": "",
|
"description": "Configure Element web client, Element is the most developed Matrix client software.",
|
||||||
"spec": [
|
"spec": [
|
||||||
{
|
{
|
||||||
"question_name": "Enable Element-Web",
|
"question_name": "Enable Element-Web",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "",
|
"name": "Configure Jitsi",
|
||||||
"description": "",
|
"description": "Configure Jitsi conferencing settings.",
|
||||||
"spec": [
|
"spec": [
|
||||||
{
|
{
|
||||||
"question_name": "Enable Jitsi",
|
"question_name": "Enable Jitsi",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "",
|
"name": "Configure ma1sd",
|
||||||
"description": "",
|
"description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.",
|
||||||
"spec": [
|
"spec": [
|
||||||
{
|
{
|
||||||
"question_name": "Enable ma1sd",
|
"question_name": "Enable ma1sd",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "Configure Synapse",
|
"name": "Configure Synapse",
|
||||||
"description": "",
|
"description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.",
|
||||||
"spec": [
|
"spec": [
|
||||||
{
|
{
|
||||||
"question_name": "Enable Public Registration",
|
"question_name": "Enable Public Registration",
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
insertafter: '# Base Domain Settings Start'
|
insertafter: '# Base Domain Settings Start'
|
||||||
with_dict:
|
with_dict:
|
||||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
|
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
|
||||||
when: customise_base_domain_website|bool == false
|
when: (customise_base_domain_website is defined) and not customise_base_domain_website|bool
|
||||||
|
|
||||||
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
|
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
|
@ -19,7 +19,19 @@
|
||||||
insertafter: '# Base Domain Settings Start'
|
insertafter: '# Base Domain Settings Start'
|
||||||
with_dict:
|
with_dict:
|
||||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
|
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
|
||||||
when: customise_base_domain_website|bool == true
|
when: (customise_base_domain_website is defined) and customise_base_domain_website|bool
|
||||||
|
|
||||||
|
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
lineinfile:
|
||||||
|
path: '{{ awx_cached_matrix_vars }}'
|
||||||
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||||
|
line: "{{ item.key }}: {{ item.value }}"
|
||||||
|
insertafter: '# Custom Settings Start'
|
||||||
|
with_dict:
|
||||||
|
'sftp_auth_method': '"{{ sftp_auth_method }}"'
|
||||||
|
'sftp_password': '"{{ sftp_password }}"'
|
||||||
|
'sftp_public_key': '"{{ sftp_public_key }}"'
|
||||||
|
|
||||||
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
|
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
|
@ -30,28 +42,40 @@
|
||||||
insertafter: '# Custom Settings Start'
|
insertafter: '# Custom Settings Start'
|
||||||
with_dict:
|
with_dict:
|
||||||
'customise_base_domain_website': '{{ customise_base_domain_website }}'
|
'customise_base_domain_website': '{{ customise_base_domain_website }}'
|
||||||
'sftp_auth_method': '"{{ sftp_auth_method }}"'
|
when: customise_base_domain_website is defined
|
||||||
'sftp_password': '"{{ sftp_password }}"'
|
|
||||||
'sftp_public_key': '"{{ sftp_public_key }}"'
|
|
||||||
|
|
||||||
- name: Reload vars in matrix_vars.yml
|
- name: Reload vars in matrix_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
file: '{{ awx_cached_matrix_vars }}'
|
||||||
no_log: True
|
no_log: True
|
||||||
|
|
||||||
# ^ Is this even needed?
|
|
||||||
|
|
||||||
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
template:
|
template:
|
||||||
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
|
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
||||||
|
when: customise_base_domain_website is defined
|
||||||
|
|
||||||
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
|
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
|
||||||
copy:
|
copy:
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
||||||
dest: '/matrix/awx/configure_website_access_export.json'
|
dest: '/matrix/awx/configure_website_access_export.json'
|
||||||
mode: '0660'
|
mode: '0660'
|
||||||
|
when: customise_base_domain_website is defined
|
||||||
|
|
||||||
|
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
template:
|
||||||
|
src: './roles/matrix-awx/surveys/access_export.json.j2'
|
||||||
|
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
|
||||||
|
when: customise_base_domain_website is undefined
|
||||||
|
|
||||||
|
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
|
||||||
|
copy:
|
||||||
|
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
|
||||||
|
dest: '/matrix/awx/access_export.json'
|
||||||
|
mode: '0660'
|
||||||
|
when: customise_base_domain_website is undefined
|
||||||
|
|
||||||
- name: Collect AWX admin token the hard way!
|
- name: Collect AWX admin token the hard way!
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
|
@ -60,7 +84,7 @@
|
||||||
register: tower_token
|
register: tower_token
|
||||||
no_log: True
|
no_log: True
|
||||||
|
|
||||||
- name: Recreate 'Customise Base Domain Export' job template
|
- name: Recreate 'Configure Website + Access Export' job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_template:
|
awx.awx.tower_job_template:
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
|
name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
|
||||||
|
@ -80,6 +104,29 @@
|
||||||
tower_host: "https://{{ tower_host }}"
|
tower_host: "https://{{ tower_host }}"
|
||||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
|
when: customise_base_domain_website is defined
|
||||||
|
|
||||||
|
- name: Recreate 'Access Export' job template
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
awx.awx.tower_job_template:
|
||||||
|
name: "{{ matrix_domain }} - 1 - Access Export"
|
||||||
|
description: "Access the services export."
|
||||||
|
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||||
|
job_type: run
|
||||||
|
job_tags: "start,setup-nginx-proxy"
|
||||||
|
inventory: "{{ member_id }}"
|
||||||
|
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||||
|
playbook: setup.yml
|
||||||
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
|
survey_enabled: true
|
||||||
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
|
||||||
|
become_enabled: yes
|
||||||
|
state: present
|
||||||
|
verbosity: 1
|
||||||
|
tower_host: "https://{{ tower_host }}"
|
||||||
|
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||||
|
validate_certs: yes
|
||||||
|
when: customise_base_domain_website is undefined
|
||||||
|
|
||||||
- name: Ensure group "sftp" exists
|
- name: Ensure group "sftp" exists
|
||||||
group:
|
group:
|
||||||
|
@ -113,6 +160,7 @@
|
||||||
name: sftp
|
name: sftp
|
||||||
groups: matrix
|
groups: matrix
|
||||||
append: yes
|
append: yes
|
||||||
|
when: customise_base_domain_website is defined
|
||||||
|
|
||||||
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
|
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
|
||||||
file:
|
file:
|
||||||
|
@ -129,6 +177,7 @@
|
||||||
owner: matrix
|
owner: matrix
|
||||||
group: matrix
|
group: matrix
|
||||||
mode: '0574'
|
mode: '0574'
|
||||||
|
when: customise_base_domain_website is defined
|
||||||
|
|
||||||
- name: Ensure /chroot/export location exists
|
- name: Ensure /chroot/export location exists
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -16,8 +16,3 @@
|
||||||
- name: Ensure correct ownership of /matrix/synapse
|
- name: Ensure correct ownership of /matrix/synapse
|
||||||
shell: chown -R matrix:matrix /matrix/synapse
|
shell: chown -R matrix:matrix /matrix/synapse
|
||||||
|
|
||||||
- name: Fetch matrix_vars.yml file to AWX
|
|
||||||
fetch:
|
|
||||||
src: /matrix/awx/matrix_vars.yml
|
|
||||||
dest: /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/
|
|
||||||
flat: yes
|
|
||||||
|
|
|
@ -6,7 +6,12 @@
|
||||||
|
|
||||||
- name: Purge local media to specific date
|
- name: Purge local media to specific date
|
||||||
shell: |
|
shell: |
|
||||||
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout }}" 'https://matrix.{{ matrix_domain }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}'
|
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}'
|
||||||
|
register: purge_command
|
||||||
|
|
||||||
|
- name: Print output of purge command
|
||||||
|
debug:
|
||||||
|
msg: "{{ purge_command.stdout }}"
|
||||||
|
|
||||||
- name: Pause for 5 seconds to let Synapse breathe
|
- name: Pause for 5 seconds to let Synapse breathe
|
||||||
pause:
|
pause:
|
||||||
|
|
|
@ -21,6 +21,10 @@
|
||||||
shell: |
|
shell: |
|
||||||
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token'
|
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token'
|
||||||
register: janitors_token
|
register: janitors_token
|
||||||
|
|
||||||
|
- name: Collect the internal IP of the matrix-synapse container
|
||||||
|
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
|
||||||
|
register: synapse_container_ip
|
||||||
|
|
||||||
- name: Generate list of dates to purge to
|
- name: Generate list of dates to purge to
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
|
|
|
@ -6,7 +6,12 @@
|
||||||
|
|
||||||
- name: Purge local media to specific date
|
- name: Purge local media to specific date
|
||||||
shell: |
|
shell: |
|
||||||
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout }}" 'https://matrix.{{ matrix_domain }}/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}'
|
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}'
|
||||||
|
register: purge_command
|
||||||
|
|
||||||
|
- name: Print output of purge command
|
||||||
|
debug:
|
||||||
|
msg: "{{ purge_command.stdout }}"
|
||||||
|
|
||||||
- name: Pause for 5 seconds to let Synapse breathe
|
- name: Pause for 5 seconds to let Synapse breathe
|
||||||
pause:
|
pause:
|
||||||
|
|
|
@ -4,9 +4,11 @@
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
file: '{{ awx_cached_matrix_vars }}'
|
||||||
no_log: True
|
no_log: True
|
||||||
|
|
||||||
- name: Install jq on remote machine
|
- name: Install jq and curl on remote machine
|
||||||
apt:
|
apt:
|
||||||
name: jq
|
name:
|
||||||
|
- jq
|
||||||
|
- curl
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Collect access token of Dimension user
|
- name: Collect access token of Dimension user
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
matrix_sms_bridge_enabled: true
|
matrix_sms_bridge_enabled: true
|
||||||
|
|
||||||
matrix_sms_bridge_version: 0.5.5
|
matrix_sms_bridge_version: 0.5.7
|
||||||
matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}"
|
matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}"
|
||||||
|
|
||||||
matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge"
|
matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge"
|
||||||
|
|
|
@ -3,7 +3,7 @@ matrix_client_element_enabled: true
|
||||||
matrix_client_element_container_image_self_build: false
|
matrix_client_element_container_image_self_build: false
|
||||||
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
|
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
|
||||||
|
|
||||||
matrix_client_element_version: v1.7.25
|
matrix_client_element_version: v1.7.26
|
||||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||||
|
|
|
@ -35,3 +35,18 @@
|
||||||
with_dict:
|
with_dict:
|
||||||
'matrix_awx_dimension_user_created': 'true'
|
'matrix_awx_dimension_user_created': 'true'
|
||||||
when: not matrix_awx_dimension_user_created|bool
|
when: not matrix_awx_dimension_user_created|bool
|
||||||
|
|
||||||
|
- name: Ensure /chroot/website location has correct permissions
|
||||||
|
file:
|
||||||
|
path: /chroot/website
|
||||||
|
state: directory
|
||||||
|
owner: matrix
|
||||||
|
group: matrix
|
||||||
|
mode: '0574'
|
||||||
|
when: customise_base_domain_website is defined
|
||||||
|
|
||||||
|
- name: Ensure erroneous /chroot/website/matrix-domain location doesn't exist
|
||||||
|
file:
|
||||||
|
path: /chroot/website/matrix-domain
|
||||||
|
state: absent
|
||||||
|
when: customise_base_domain_website is defined
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
matrix_coturn_enabled: true
|
matrix_coturn_enabled: true
|
||||||
|
|
||||||
matrix_coturn_container_image_self_build: false
|
matrix_coturn_container_image_self_build: false
|
||||||
matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn/tree/master/docker/coturn/alpine.git"
|
matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
|
||||||
|
matrix_coturn_container_image_self_build_repo_version: "upstream/{{ matrix_coturn_version }}"
|
||||||
|
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
|
||||||
|
|
||||||
matrix_coturn_version: 4.5.2
|
matrix_coturn_version: 4.5.2
|
||||||
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
|
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
git:
|
git:
|
||||||
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
|
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
|
||||||
dest: "{{ matrix_coturn_docker_src_files_path }}"
|
dest: "{{ matrix_coturn_docker_src_files_path }}"
|
||||||
version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
|
version: "{{ matrix_coturn_container_image_self_build_repo_version }}"
|
||||||
force: "yes"
|
force: "yes"
|
||||||
register: matrix_coturn_git_pull_results
|
register: matrix_coturn_git_pull_results
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@
|
||||||
source: build
|
source: build
|
||||||
force_source: "{{ matrix_coturn_git_pull_results.changed }}"
|
force_source: "{{ matrix_coturn_git_pull_results.changed }}"
|
||||||
build:
|
build:
|
||||||
dockerfile: Dockerfile
|
dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}"
|
||||||
path: "{{ matrix_coturn_docker_src_files_path }}"
|
path: "{{ matrix_coturn_docker_src_files_path }}"
|
||||||
pull: yes
|
pull: yes
|
||||||
when: "matrix_coturn_container_image_self_build|bool"
|
when: "matrix_coturn_container_image_self_build|bool"
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
matrix_grafana_enabled: false
|
matrix_grafana_enabled: false
|
||||||
|
|
||||||
matrix_grafana_version: 7.5.4
|
matrix_grafana_version: 7.5.5
|
||||||
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
||||||
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -50,5 +50,3 @@ matrix_grafana_systemd_wanted_services_list: []
|
||||||
#
|
#
|
||||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3000"), or empty string to not expose.
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3000"), or empty string to not expose.
|
||||||
matrix_grafana_container_http_host_bind_port: ''
|
matrix_grafana_container_http_host_bind_port: ''
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
matrix_nginx_proxy_enabled: true
|
matrix_nginx_proxy_enabled: true
|
||||||
matrix_nginx_proxy_version: 1.19.10-alpine
|
matrix_nginx_proxy_version: 1.20.0-alpine
|
||||||
|
|
||||||
# We use an official nginx image, which we fix-up to run unprivileged.
|
# We use an official nginx image, which we fix-up to run unprivileged.
|
||||||
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
upstream generic_worker_upstream {
|
upstream generic_worker_upstream {
|
||||||
# ensures that requests from the same client will always be passed
|
# ensures that requests from the same client will always be passed
|
||||||
# to the same server (except when this server is unavailable)
|
# to the same server (except when this server is unavailable)
|
||||||
ip_hash;
|
hash $http_x_forwarded_for;
|
||||||
|
|
||||||
{% for worker in generic_workers %}
|
{% for worker in generic_workers %}
|
||||||
{% if matrix_nginx_proxy_enabled %}
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
|
|
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
||||||
# amd64 gets released first.
|
# amd64 gets released first.
|
||||||
# arm32 relies on self-building, so the same version can be built immediately.
|
# arm32 relies on self-building, so the same version can be built immediately.
|
||||||
# arm64 users need to wait for a prebuilt image to become available.
|
# arm64 users need to wait for a prebuilt image to become available.
|
||||||
matrix_synapse_version: v1.32.2
|
matrix_synapse_version: v1.33.1
|
||||||
matrix_synapse_version_arm64: v1.32.2
|
matrix_synapse_version_arm64: v1.33.1
|
||||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
|
|
@ -1178,69 +1178,6 @@ turn_allow_guests: {{ matrix_synapse_turn_allow_guests|to_json }}
|
||||||
#
|
#
|
||||||
enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
||||||
|
|
||||||
# Optional account validity configuration. This allows for accounts to be denied
|
|
||||||
# any request after a given period.
|
|
||||||
#
|
|
||||||
# Once this feature is enabled, Synapse will look for registered users without an
|
|
||||||
# expiration date at startup and will add one to every account it found using the
|
|
||||||
# current settings at that time.
|
|
||||||
# This means that, if a validity period is set, and Synapse is restarted (it will
|
|
||||||
# then derive an expiration date from the current validity period), and some time
|
|
||||||
# after that the validity period changes and Synapse is restarted, the users'
|
|
||||||
# expiration dates won't be updated unless their account is manually renewed. This
|
|
||||||
# date will be randomly selected within a range [now + period - d ; now + period],
|
|
||||||
# where d is equal to 10% of the validity period.
|
|
||||||
#
|
|
||||||
account_validity:
|
|
||||||
# The account validity feature is disabled by default. Uncomment the
|
|
||||||
# following line to enable it.
|
|
||||||
#
|
|
||||||
#enabled: true
|
|
||||||
|
|
||||||
# The period after which an account is valid after its registration. When
|
|
||||||
# renewing the account, its validity period will be extended by this amount
|
|
||||||
# of time. This parameter is required when using the account validity
|
|
||||||
# feature.
|
|
||||||
#
|
|
||||||
#period: 6w
|
|
||||||
|
|
||||||
# The amount of time before an account's expiry date at which Synapse will
|
|
||||||
# send an email to the account's email address with a renewal link. By
|
|
||||||
# default, no such emails are sent.
|
|
||||||
#
|
|
||||||
# If you enable this setting, you will also need to fill out the 'email' and
|
|
||||||
# 'public_baseurl' configuration sections.
|
|
||||||
#
|
|
||||||
#renew_at: 1w
|
|
||||||
|
|
||||||
# The subject of the email sent out with the renewal link. '%(app)s' can be
|
|
||||||
# used as a placeholder for the 'app_name' parameter from the 'email'
|
|
||||||
# section.
|
|
||||||
#
|
|
||||||
# Note that the placeholder must be written '%(app)s', including the
|
|
||||||
# trailing 's'.
|
|
||||||
#
|
|
||||||
# If this is not set, a default value is used.
|
|
||||||
#
|
|
||||||
#renew_email_subject: "Renew your %(app)s account"
|
|
||||||
|
|
||||||
# Directory in which Synapse will try to find templates for the HTML files to
|
|
||||||
# serve to the user when trying to renew an account. If not set, default
|
|
||||||
# templates from within the Synapse package will be used.
|
|
||||||
#
|
|
||||||
#template_dir: "res/templates"
|
|
||||||
|
|
||||||
# File within 'template_dir' giving the HTML to be displayed to the user after
|
|
||||||
# they successfully renewed their account. If not set, default text is used.
|
|
||||||
#
|
|
||||||
#account_renewed_html_path: "account_renewed.html"
|
|
||||||
|
|
||||||
# File within 'template_dir' giving the HTML to be displayed when the user
|
|
||||||
# tries to renew an account with an invalid renewal token. If not set,
|
|
||||||
# default text is used.
|
|
||||||
#
|
|
||||||
#invalid_token_html_path: "invalid_token.html"
|
|
||||||
|
|
||||||
# Time that a user's session remains valid for, after they log in.
|
# Time that a user's session remains valid for, after they log in.
|
||||||
#
|
#
|
||||||
# Note that this is not currently compatible with guest logins.
|
# Note that this is not currently compatible with guest logins.
|
||||||
|
@ -1445,13 +1382,97 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json
|
||||||
#auto_join_rooms_for_guests: false
|
#auto_join_rooms_for_guests: false
|
||||||
|
|
||||||
|
|
||||||
|
## Account Validity ##
|
||||||
|
|
||||||
|
# Optional account validity configuration. This allows for accounts to be denied
|
||||||
|
# any request after a given period.
|
||||||
|
#
|
||||||
|
# Once this feature is enabled, Synapse will look for registered users without an
|
||||||
|
# expiration date at startup and will add one to every account it found using the
|
||||||
|
# current settings at that time.
|
||||||
|
# This means that, if a validity period is set, and Synapse is restarted (it will
|
||||||
|
# then derive an expiration date from the current validity period), and some time
|
||||||
|
# after that the validity period changes and Synapse is restarted, the users'
|
||||||
|
# expiration dates won't be updated unless their account is manually renewed. This
|
||||||
|
# date will be randomly selected within a range [now + period - d ; now + period],
|
||||||
|
# where d is equal to 10% of the validity period.
|
||||||
|
#
|
||||||
|
account_validity:
|
||||||
|
# The account validity feature is disabled by default. Uncomment the
|
||||||
|
# following line to enable it.
|
||||||
|
#
|
||||||
|
#enabled: true
|
||||||
|
|
||||||
|
# The period after which an account is valid after its registration. When
|
||||||
|
# renewing the account, its validity period will be extended by this amount
|
||||||
|
# of time. This parameter is required when using the account validity
|
||||||
|
# feature.
|
||||||
|
#
|
||||||
|
#period: 6w
|
||||||
|
|
||||||
|
# The amount of time before an account's expiry date at which Synapse will
|
||||||
|
# send an email to the account's email address with a renewal link. By
|
||||||
|
# default, no such emails are sent.
|
||||||
|
#
|
||||||
|
# If you enable this setting, you will also need to fill out the 'email' and
|
||||||
|
# 'public_baseurl' configuration sections.
|
||||||
|
#
|
||||||
|
#renew_at: 1w
|
||||||
|
|
||||||
|
# The subject of the email sent out with the renewal link. '%(app)s' can be
|
||||||
|
# used as a placeholder for the 'app_name' parameter from the 'email'
|
||||||
|
# section.
|
||||||
|
#
|
||||||
|
# Note that the placeholder must be written '%(app)s', including the
|
||||||
|
# trailing 's'.
|
||||||
|
#
|
||||||
|
# If this is not set, a default value is used.
|
||||||
|
#
|
||||||
|
#renew_email_subject: "Renew your %(app)s account"
|
||||||
|
|
||||||
|
# Directory in which Synapse will try to find templates for the HTML files to
|
||||||
|
# serve to the user when trying to renew an account. If not set, default
|
||||||
|
# templates from within the Synapse package will be used.
|
||||||
|
#
|
||||||
|
# The currently available templates are:
|
||||||
|
#
|
||||||
|
# * account_renewed.html: Displayed to the user after they have successfully
|
||||||
|
# renewed their account.
|
||||||
|
#
|
||||||
|
# * account_previously_renewed.html: Displayed to the user if they attempt to
|
||||||
|
# renew their account with a token that is valid, but that has already
|
||||||
|
# been used. In this case the account is not renewed again.
|
||||||
|
#
|
||||||
|
# * invalid_token.html: Displayed to the user when they try to renew an account
|
||||||
|
# with an unknown or invalid renewal token.
|
||||||
|
#
|
||||||
|
# See https://github.com/matrix-org/synapse/tree/master/synapse/res/templates for
|
||||||
|
# default template contents.
|
||||||
|
#
|
||||||
|
# The file name of some of these templates can be configured below for legacy
|
||||||
|
# reasons.
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
# A custom file name for the 'account_renewed.html' template.
|
||||||
|
#
|
||||||
|
# If not set, the file is assumed to be named "account_renewed.html".
|
||||||
|
#
|
||||||
|
#account_renewed_html_path: "account_renewed.html"
|
||||||
|
|
||||||
|
# A custom file name for the 'invalid_token.html' template.
|
||||||
|
#
|
||||||
|
# If not set, the file is assumed to be named "invalid_token.html".
|
||||||
|
#
|
||||||
|
#invalid_token_html_path: "invalid_token.html"
|
||||||
|
|
||||||
|
|
||||||
## Metrics ###
|
## Metrics ###
|
||||||
|
|
||||||
# Enable collection and rendering of performance metrics
|
# Enable collection and rendering of performance metrics
|
||||||
#
|
#
|
||||||
enable_metrics: {{ matrix_synapse_metrics_enabled|to_json }}
|
enable_metrics: {{ matrix_synapse_metrics_enabled|to_json }}
|
||||||
|
|
||||||
|
|
||||||
# Enable sentry integration
|
# Enable sentry integration
|
||||||
# NOTE: While attempts are made to ensure that the logs don't contain
|
# NOTE: While attempts are made to ensure that the logs don't contain
|
||||||
# any sensitive information, this cannot be guaranteed. By enabling
|
# any sensitive information, this cannot be guaranteed. By enabling
|
||||||
|
@ -1892,7 +1913,7 @@ saml2_config:
|
||||||
# sub-properties:
|
# sub-properties:
|
||||||
#
|
#
|
||||||
# module: The class name of a custom mapping module. Default is
|
# module: The class name of a custom mapping module. Default is
|
||||||
# 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'.
|
# 'synapse.handlers.oidc.JinjaOidcMappingProvider'.
|
||||||
# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
|
# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
|
||||||
# for information on implementing a custom mapping provider.
|
# for information on implementing a custom mapping provider.
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in a new issue