Merge branch 'master' into pub.solar

This commit is contained in:
teutat3s 2022-12-07 21:01:52 +01:00
commit ce1cf0e78f
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
241 changed files with 3405 additions and 3101 deletions

View file

@ -1,3 +1,43 @@
# 2022-11-30
## matrix-postgres-backup has been replaced by the com.devture.ansible.role.postgres_backup external role
Just like we've [replaced Postgres with an external role](#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role) on 2022-11-28, we're now replacing `matrix-postgres-backup` with an external role - [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup).
You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `devture_postgres_backup` prefix.
# 2022-11-28
## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role
**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `devture_postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`).
The `matrix-postgres` role that has been part of the playbook for a long time has been replaced with the [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres) role. This was done as part of our work to [use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) for better code re-use and maintainability.
The new role is an upgraded version of the old `matrix-postgres` role with these notable differences:
- it uses different names for its variables (`matrix_postgres` -> `devture_postgres`)
- when [Vacuuming PostgreSQL](docs/maintenance-postgres.md#vacuuming-postgresql), it will vacuum all your databases, not just the Synapse one
You'll need to run `make roles` to install the new role. You would also need to rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix.
Note: the systemd service still remains the same - `matrix-postgres.service`. Your data will still be in `/matrix/postgres`, etc.
Postgres-related scripts will be moved to `/matrix/postgres/bin` (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`, etc). Also see [The playbook no longer installs scripts in /usr/local/bin](#the-playbook-no-longer-installs-scripts-in-usrlocalbin).
## The playbook no longer installs scripts to /usr/local/bin
The locations of various scripts installed by the playbook have changed.
The playbook no longer contaminates your `/usr/local/bin` directory.
All scripts installed by the playbook now live in `bin/` directories under `/matrix`. Some examples are below:
- `/usr/local/bin/matrix-remove-all` -> `/matrix/bin/remove-all`
- `/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`
- `/usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew` -> `/matrix/ssl/bin/lets-encrypt-certificates-renew`
- `/usr/local/bin/matrix-synapse-register-user` -> `/matrix/synapse/bin/register-user`
# 2022-11-25 # 2022-11-25
## 2x-5x performance improvements in playbook runtime ## 2x-5x performance improvements in playbook runtime

View file

@ -9,19 +9,14 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv
## Supported Ansible versions ## Supported Ansible versions
Ansible 2.7.1 or newer is required ([last discussion about Ansible versions](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/743)).
Note: Ubuntu 20.04 ships with Ansible 2.9.6 which is a buggy version (see this [bug](https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1880359)), which can't be used in combination with a host running new systemd (more details in [#517](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/517), [#669](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/669)). If this problem affects you, you can: avoid running Ubuntu 20.04 on your host; run Ansible from another machine targeting your host; or try to upgrade to a newer Ansible version (see below).
## Checking your Ansible version
In most cases, you won't need to worry about the Ansible version.
The playbook will try to detect it and tell you if you're on an unsupported version.
To manually check which version of Ansible you're on, run: `ansible --version`. To manually check which version of Ansible you're on, run: `ansible --version`.
If you're on an old version of Ansible, you should [upgrade Ansible to a newer version](#upgrading-ansible) or [use Ansible via Docker](#using-ansible-via-docker). For the **best experience**, we recommend getting the **latest version of Ansible available**.
We're not sure what's the minimum version of Ansible that can run this playbook successfully.
The lowest version that we've confirmed (on 2022-11-26) to be working fine is: `ansible-core` (`2.11.7`) combined with `ansible` (`4.10.0`).
If your distro ships with an Ansible version older than this, you may run into issues. Consider [Upgrading Ansible](#upgrading-ansible) or [using Ansible via Docker](#using-ansible-via-docker).
## Upgrading Ansible ## Upgrading Ansible

View file

@ -2,9 +2,11 @@
# Overview # Overview
Captcha can be enabled for this home server. This file explains how to do that. Captcha can be enabled for this home server. This file explains how to do that.
The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. If your homeserver is Dendrite then [hCapcha](https://www.hcaptcha.com) can be used instead.
## Getting keys ## ReCaptcha
### Getting keys
Requires a site/secret key pair from: Requires a site/secret key pair from:
@ -12,12 +14,39 @@ Requires a site/secret key pair from:
Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option
## Setting ReCaptcha Keys ### Setting ReCaptcha keys
Once registered as above, set the following values: Once registered as above, set the following values:
```yaml ```yaml
# for Synapse
matrix_synapse_enable_registration_captcha: true matrix_synapse_enable_registration_captcha: true
matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY' matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY'
matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY' matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY'
# for Dendrite
matrix_dendrite_client_api_enable_registration_captcha: true
matrix_dendrite_client_api_recaptcha_public_key: 'YOUR_SITE_KEY'
matrix_dendrite_client_api_recaptcha_private_key: 'YOUR_SECRET_KEY'
```
## hCaptcha
### Getting keys
Requires a site/secret key pair from:
<https://dashboard.hcaptcha.com/sites/new>
### Setting hCaptcha keys
```yaml
matrix_dendrite_client_api_enable_registration_captcha: true
matrix_dendrite_client_api_recaptcha_public_key: 'YOUR_SITE_KEY'
matrix_dendrite_client_api_recaptcha_private_key: 'YOUR_SECRET_KEY'
matrix_dendrite_client_api_recaptcha_siteverify_api: 'https://hcaptcha.com/siteverify'
matrix_dendrite_client_api_recaptcha_api_js_url: 'https://js.hcaptcha.com/1/api.js'
matrix_dendrite_client_api_recaptcha_form_field: 'h-captcha-response'
matrix_dendrite_client_api_recaptcha_sitekey_class: 'h-captcha'
``` ```

View file

@ -40,7 +40,7 @@ Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to
```yaml ```yaml
matrix_backup_borg_enabled: true matrix_backup_borg_enabled: true
matrix_backup_borg_location_repositories: matrix_backup_borg_location_repositories:
- USER@HOST:REPO - ssh://USER@HOST/./REPO
matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE"
matrix_backup_borg_ssh_key_private: | matrix_backup_borg_ssh_key_private: |
-----BEGIN OPENSSH PRIVATE KEY----- -----BEGIN OPENSSH PRIVATE KEY-----

View file

@ -93,4 +93,4 @@ To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This
### Collision with matrix-appservice-webhooks ### Collision with matrix-appservice-webhooks
If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_user_id_prefix: '_webhooks_'`). If you are also running [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md), it reserves its namespace by the default setting `matrix_appservice_webhooks_user_prefix: '_webhook_'`. You should take care if you modify its or hookshot's prefix that they do not collide with each other's namespace (default `matrix_hookshot_generic_userIdPrefix: '_webhooks_'`).

View file

@ -10,7 +10,7 @@ If you'd like to use an external PostgreSQL server that you manage, you can edit
If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this: If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this:
```yaml ```yaml
matrix_postgres_enabled: false devture_postgres_enabled: false
# Rewire Synapse to use your external Postgres server # Rewire Synapse to use your external Postgres server
matrix_synapse_database_host: "your-postgres-server-hostname" matrix_synapse_database_host: "your-postgres-server-hostname"

View file

@ -127,6 +127,16 @@ Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/
You may want to **limit the maximum video resolution**, to save up resources on both server and clients. You may want to **limit the maximum video resolution**, to save up resources on both server and clients.
## (Optional) Specify a Max number of participants on a Jitsi conference
The playbook allows a user to set a max number of participants allowed to join a Jitsi conference. By default there is no limit.
In order to set the max number of participants add the following variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```
matrix_prosody_jitsi_max_participants: <INTEGER OF MAX PARTICPANTS>
```
## (Optional) Additional JVBs ## (Optional) Additional JVBs
By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)) is deployed on the same host as the Matrix server. To allow more video-conferences to happen at the same time, you may need to provision additional JVB services on other hosts. By default, a single JVB ([Jitsi VideoBridge](https://github.com/jitsi/jitsi-videobridge)) is deployed on the same host as the Matrix server. To allow more video-conferences to happen at the same time, you may need to provision additional JVB services on other hosts.

View file

@ -1,6 +1,6 @@
# Setting up postgres backup (optional) # Setting up postgres backup (optional)
The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you. The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you via the [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup) Ansible role.
For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead. For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead.
@ -10,7 +10,7 @@ For a more complete backup solution (one that includes not only Postgres, but al
Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup: Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:
```yaml ```yaml
matrix_postgres_backup_enabled: true devture_postgres_backup_enabled: true
``` ```
Refer to the table below for additional configuration variables and their default values. Refer to the table below for additional configuration variables and their default values.
@ -18,12 +18,13 @@ Refer to the table below for additional configuration variables and their defaul
| Name | Default value | Description | | Name | Default value | Description |
| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
|`matrix_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| |`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|`matrix_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| |`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|`matrix_postgres_backup_keep_days`|`7`|Number of daily backups to keep| |`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|`matrix_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| |`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|`matrix_postgres_backup_keep_months`|`12`|Number of monthly backups to keep| |`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|`matrix_postgres_backup_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Storagepath for the database backups| |`devture_postgres_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_data_path` |
|`devture_postgres_data_path` | `"{{ devture_postgres_base_path }}/data"` | Storage path for postgres-backup database backups |
## Installing ## Installing

View file

@ -15,6 +15,9 @@ matrix_prometheus_node_exporter_enabled: true
# You can remove this, if unnecessary. # You can remove this, if unnecessary.
matrix_prometheus_postgres_exporter_enabled: true matrix_prometheus_postgres_exporter_enabled: true
# You can remove this, if unnecessary.
matrix_prometheus_nginxlog_exporter_enabled: true
matrix_grafana_enabled: true matrix_grafana_enabled: true
matrix_grafana_anonymous_access: false matrix_grafana_anonymous_access: false
@ -39,6 +42,7 @@ Name | Description
`matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
`matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures `matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures
`matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. `matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus.
`matrix_prometheus_nginxlog_exporter_enabled`|[NGINX Log Exporter](configuring-playbook-prometheus-nginxlog.md) is an addon of sorts to expose NGINX logs to Prometheus.
`matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.<your-domain>` subdomain) the dashboards with the graphs that we're interested in `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.<your-domain>` subdomain) the dashboards with the graphs that we're interested in
`matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option. `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option.
`matrix_grafana_default_admin_user`<br>`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here `matrix_grafana_default_admin_user`<br>`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here
@ -73,6 +77,7 @@ Name | Description
`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) `matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network)
`matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) `matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
`matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network)
`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)
`matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network)
`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`)

View file

@ -0,0 +1,59 @@
# Enabling metrics and graphs for NginX logs (optional)
It can be useful to have some (visual) insight into NignX logs.
This adds [prometheus-nginxlog-exporter](https://github.com/martin-helmich/prometheus-nginxlog-exporter/) to your matrix deployment.
It will provide a prometheus 'metrics' endpoint exposing data from both the `matrix-nginx-proxy` and `matrix-synapse-reverse-proxy-companion` logs and automatically aggregates the data with prometheus.
Optionally it visualizes the data, if [`matrix-grafana`](configuring-playbook-prometheus-grafana.md) is enabled, by means of a dedicated Grafana dashboard named `NGINX PROXY`
You can enable this role by adding the following settings in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_prometheus_nginxlog_exporter_enabled: true
# required depency
matrix_prometheus_enabled: true
# optional for visualization
matrix_grafana_enabled: true
```
x | Prerequisites | Variable | Description
|:--:|:--:|:--:|:--|
**REQUIRED** | `matrix-prometheus`| `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
_Optional_ | [`matrix-grafana`](configuring-playbook-prometheus-grafana.md) | [`matrix_grafana_enabled`](configuring-playbook-prometheus-grafana.md)|[Grafana](https://grafana.com) is the visual component. It shows (on the `stats.<your-domain>` subdomain) graphs that we're interested in. When enabled the `NGINX PROXY` dashboard is automatically added.
## Docker Image Compatibility
At the moment of writing only images for `amd64` and `arm64` architectures are available
The playbook currently does not support building an image.
You can however use a custom-build image by setting
```yaml
matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false
matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag
```
## Security and privacy
Metrics and resulting graphs can contain a lot of information. NginX logs contain information like IP address, URLs, UserAgents and more. This information can reveal usage patterns and could be considered Personally Identifiable Information (PII). Think about this before enabling (anonymous) access.
Please make sure you change the default Grafana password.
## Save metrics on an external Prometheus server
The playbook will automatically integrate the metrics into the Prometheus server provided with this playbook. You can choose to save data on an external Prometheus instance.
The metrics of this role will be exposed on `https://matrix.DOMAIN/metrics/nginxlog` when setting
```yaml
matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled: true
# required dependency
matrix_nginx_proxy_proxy_matrix_metrics_enabled: true
```
The playbook can provide a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/nginxlog`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`.
The following variables may be of interest:
Name | Description
-----|----------
`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service.

View file

@ -62,7 +62,7 @@ Migrating your existing data can happen in multiple ways:
Instead of using `s3_media_upload` directly, which is very slow and painful for an initial data migration, we recommend [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload). Instead of using `s3_media_upload` directly, which is very slow and painful for an initial data migration, we recommend [using another tool in combination with `s3_media_upload`](#using-another-tool-in-combination-with-s3_media_upload).
To copy your existing files, SSH into the server and run `/usr/local/bin/matrix-synapse-s3-storage-provider-shell`. To copy your existing files, SSH into the server and run `/matrix/synapse/ext/s3-storage-provider/bin/shell`.
This launches a Synapse container, which has access to the local media store, Postgres database, S3 store and has some convenient environment variables configured for you to use (`MEDIA_PATH`, `BUCKET`, `ENDPOINT`, `UPDATE_DB_DAYS`, etc). This launches a Synapse container, which has access to the local media store, Postgres database, S3 store and has some convenient environment variables configured for you to use (`MEDIA_PATH`, `BUCKET`, `ENDPOINT`, `UPDATE_DB_DAYS`, etc).
@ -76,12 +76,12 @@ Then use the following commands (`$` values come from environment variables - th
The `s3_media_upload upload` command may take a lot of time to complete. The `s3_media_upload upload` command may take a lot of time to complete.
Instead of running the above commands manually in the shell, you can also run the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because: Instead of running the above commands manually in the shell, you can also run the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` script which will run the same commands automatically. We demonstrate how to do it manually, because:
- it's what the upstream project demonstrates and it teaches you how to use the `s3_media_upload` tool - it's what the upstream project demonstrates and it teaches you how to use the `s3_media_upload` tool
- allows you to check and verify the output of each command, to catch mistakes - allows you to check and verify the output of each command, to catch mistakes
- includes progress bars and detailed output for each command - includes progress bars and detailed output for each command
- allows you to easily interrupt slow-running commands, etc. (the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`) - allows you to easily interrupt slow-running commands, etc. (the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` starts a container without interactive TTY support, so `Ctrl+C` may not work and you and require killing via `docker kill ..`)
### Using another tool in combination with `s3_media_upload` ### Using another tool in combination with `s3_media_upload`
@ -119,7 +119,7 @@ As described in [How it works?](#how-it-works) above, when new media is uploaded
By default, we periodically ensure that all local files are uploaded to S3 and are then removed from the local filesystem. This is done automatically using: By default, we periodically ensure that all local files are uploaded to S3 and are then removed from the local filesystem. This is done automatically using:
- the `/usr/local/bin/matrix-synapse-s3-storage-provider-migrate` script - the `/matrix/synapse/ext/s3-storage-provider/bin/migrate` script
- .. invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service - .. invoked via the `matrix-synapse-s3-storage-provider-migrate.service` service
- .. triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00 - .. triggered by the `matrix-synapse-s3-storage-provider-migrate.timer` timer, every day at 05:00

View file

@ -37,7 +37,7 @@ If you'd like more customization power, you can start with one of the presets an
If you increase worker counts too much, you may need to increase the maximum number of Postgres connections too (example): If you increase worker counts too much, you may need to increase the maximum number of Postgres connections too (example):
```yaml ```yaml
matrix_postgres_process_extra_arguments: [ devture_postgres_process_extra_arguments: [
"-c 'max_connections=200'" "-c 'max_connections=200'"
] ]
``` ```
@ -56,21 +56,27 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)). If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
This example configuration is for [keycloak](https://www.keycloak.org/), an opensource Identity Provider maintained by Red Hat.
For more detailed documentation on available options and how to setup keycloak, see the [Synapse documentation on OpenID Connect with keycloak](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md#keycloak).
In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ; In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ;
``` ```
matrix_synapse_configuration_extension_yaml: |
oidc_providers:
- idp_id: keycloak - idp_id: keycloak
idp_name: "Keycloak" idp_name: "My KeyCloak server"
issuer: "https://url.ix/auth/realms/x" issuer: "https://url.ix/auth/realms/{realm_name}"
client_id: "matrix" client_id: "matrix"
client_secret: "{{ vault_synapse_keycloak }}" client_secret: "{{ vault_synapse_keycloak }}"
scopes: ["openid", "profile"] scopes: ["openid", "profile"]
authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth"
token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token"
userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
user_mapping_provider: user_mapping_provider:
config: config:
display_name_template: "{% raw %}{{ user.given_name }}{% endraw %} {% raw %}{{ user.family_name }}{% endraw %}" localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
email_template: "{% raw %}{{ user.email }}{% endraw %}" email_template: "{% raw %}{{ user.email }}{% endraw %}"
allow_existing_users: true # Optional
backchannel_logout_enabled: true # Optional
``` ```

View file

@ -317,7 +317,7 @@ If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by def
Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file: Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:
```yaml ```yaml
matrix_playbook_docker_installation_enabled: true matrix_playbook_docker_installation_enabled: false
``` ```
### I run another webserver on the same server where I wish to install Matrix. What now? ### I run another webserver on the same server where I wish to install Matrix. What now?

View file

@ -97,9 +97,9 @@ Once the database is clear and the ownership of the tables has been fixed in the
Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal) Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal)
``` ```
/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:14.1-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse" /usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:15.0-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
``` ```
### Hints ### Hints
To open psql terminal run `/usr/local/bin/matrix-postgres-cli` To open psql terminal run `/matrix/postgres/bin/cli`

View file

@ -16,7 +16,7 @@ Table of contents:
## Getting a database terminal ## Getting a database terminal
You can use the `/usr/local/bin/matrix-postgres-cli` tool to get interactive terminal access ([psql](https://www.postgresql.org/docs/11/app-psql.html)) to the PostgreSQL server. You can use the `/matrix/postgres/bin/cli` tool to get interactive terminal access ([psql](https://www.postgresql.org/docs/11/app-psql.html)) to the PostgreSQL server.
If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above tool will not be available. If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above tool will not be available.
@ -99,7 +99,7 @@ Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"`
## Tuning PostgreSQL ## Tuning PostgreSQL
PostgreSQL can be tuned to make it run faster. This is done by passing extra arguments to Postgres with the `matrix_postgres_process_extra_arguments` variable. You should use a website like https://pgtune.leopard.in.ua/ or information from https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server to determine what Postgres settings you should change. PostgreSQL can be tuned to make it run faster. This is done by passing extra arguments to Postgres with the `devture_postgres_process_extra_arguments` variable. You should use a website like https://pgtune.leopard.in.ua/ or information from https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server to determine what Postgres settings you should change.
**Note**: the configuration generator at https://pgtune.leopard.in.ua/ adds spaces around the `=` sign, which is invalid. You'll need to remove it manually (`max_connections = 300` -> `max_connections=300`) **Note**: the configuration generator at https://pgtune.leopard.in.ua/ adds spaces around the `=` sign, which is invalid. You'll need to remove it manually (`max_connections = 300` -> `max_connections=300`)
@ -109,7 +109,7 @@ These are not recommended values and they may not work well for you. This is jus
Here is an example config for a small 2 core server with 4GB of RAM and SSD storage: Here is an example config for a small 2 core server with 4GB of RAM and SSD storage:
``` ```
matrix_postgres_process_extra_arguments: [ devture_postgres_process_extra_arguments: [
"-c shared_buffers=128MB", "-c shared_buffers=128MB",
"-c effective_cache_size=2304MB", "-c effective_cache_size=2304MB",
"-c effective_io_concurrency=100", "-c effective_io_concurrency=100",
@ -120,7 +120,7 @@ matrix_postgres_process_extra_arguments: [
Here is an example config for a 4 core server with 8GB of RAM on a Virtual Private Server (VPS); the paramters have been configured using https://pgtune.leopard.in.ua with the following setup: PostgreSQL version 12, OS Type: Linux, DB Type: Mixed type of application, Data Storage: SSD storage: Here is an example config for a 4 core server with 8GB of RAM on a Virtual Private Server (VPS); the paramters have been configured using https://pgtune.leopard.in.ua with the following setup: PostgreSQL version 12, OS Type: Linux, DB Type: Mixed type of application, Data Storage: SSD storage:
``` ```
matrix_postgres_process_extra_arguments: [ devture_postgres_process_extra_arguments: [
"-c max_connections=100", "-c max_connections=100",
"-c shared_buffers=2GB", "-c shared_buffers=2GB",
"-c effective_cache_size=6GB", "-c effective_cache_size=6GB",
@ -142,7 +142,7 @@ matrix_postgres_process_extra_arguments: [
Here is an example config for a large 6 core server with 24GB of RAM: Here is an example config for a large 6 core server with 24GB of RAM:
``` ```
matrix_postgres_process_extra_arguments: [ devture_postgres_process_extra_arguments: [
"-c max_connections=40", "-c max_connections=40",
"-c shared_buffers=1536MB", "-c shared_buffers=1536MB",
"-c checkpoint_completion_target=0.7", "-c checkpoint_completion_target=0.7",

View file

@ -9,7 +9,7 @@ Table of contents:
- [Managing users via a Web UI](#managing-users-via-a-web-ui) - [Managing users via a Web UI](#managing-users-via-a-web-ui)
- [Letting certain users register on your private server](#letting-certain-users-register-on-your-private-server) - [Letting certain users register on your private server](#letting-certain-users-register-on-your-private-server)
- [Enabling public user registration](#enabling-public-user-registration) - [Enabling public user registration](#enabling-public-user-registration)
- [Adding/Removing Administrator privileges to an existing user](#addingremoving-administrator-privileges-to-an-existing-user) - [Adding/Removing Administrator privileges to an existing Synapse user](#addingremoving-administrator-privileges-to-an-existing-synapse-user)
## Registering users manually ## Registering users manually
@ -23,7 +23,7 @@ ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-usern
**or** using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)): **or** using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
``` ```
/usr/local/bin/matrix-synapse-register-user <your-username> <your-password> <admin access: 0 or 1> /matrix/synapse/bin/register-user <your-username> <your-password> <admin access: 0 or 1>
``` ```
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier. **Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
@ -58,13 +58,24 @@ and running the [installation](installing.md) procedure once again.
If you're opening up registrations publicly like this, you might also wish to [configure CAPTCHA protection](configuring-captcha.md). If you're opening up registrations publicly like this, you might also wish to [configure CAPTCHA protection](configuring-captcha.md).
## Adding/Removing Administrator privileges to an existing user ## Adding/Removing Administrator privileges to an existing Synapse user
The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges. To change the admin privileges for a user, you need to run an SQL query like this against the `synapse` database:
* log on to your server with ssh
* execute with the username and 0/1 (0 = non-admin | 1 = admin)
```sql
UPDATE users SET admin=ADMIN_VALUE WHERE name = '@USER:DOMAIN'
``` ```
/usr/local/bin/matrix-change-user-admin-status <username> <0/1>
``` where:
- `ADMIN_VALUE` being either `0` (regular user) or `1` (admin)
- `USER` and `DOMAIN` pointing to a valid user on your server
If you're using the integrated Postgres server and not an [external Postgres server](configuring-playbook-external-postgres.md), you can launch a Postgres into the `synapse` database by:
- running `/matrix/postgres/bin/cli` - to launch [`psql`](https://www.postgresql.org/docs/current/app-psql.html)
- running `\c synapse` - to change to the `synapse` database
You can then proceed to run the query above.
**Note**: directly modifying the raw data of Synapse (or any other software) could cause the software to break. You've been warned!

View file

@ -12,7 +12,7 @@
## Uninstalling using a script ## Uninstalling using a script
Installing places a `/usr/local/bin/matrix-remove-all` script on the server. Installing places a `/matrix/bin/remove-all` script on the server.
You can run it to to have it uninstall things for you automatically (see below). **Use with caution!** You can run it to to have it uninstall things for you automatically (see below). **Use with caution!**
@ -25,8 +25,6 @@ If you prefer to uninstall manually, run these commands (most are meant to be ex
- delete the Matrix-related systemd `.service` and `.timer` files (`rm -f /etc/systemd/system/matrix*.{service,timer}`) and reload systemd (`systemctl daemon-reload`) - delete the Matrix-related systemd `.service` and `.timer` files (`rm -f /etc/systemd/system/matrix*.{service,timer}`) and reload systemd (`systemctl daemon-reload`)
- delete some helper scripts (`rm -f /usr/local/bin/matrix*`)
- delete some cached Docker images (`docker system prune -a`) or just delete them all (`docker rmi $(docker images -aq)`) - delete some cached Docker images (`docker system prune -a`) or just delete them all (`docker rmi $(docker images -aq)`)
- delete the Docker networks: `docker network rm matrix matrix-coturn` (might have been deleted already if you ran the `docker system prune` command) - delete the Docker networks: `docker network rm matrix matrix-coturn` (might have been deleted already if you ran the `docker system prune` command)

View file

@ -1,6 +1,6 @@
# Updating users passwords # Updating users passwords
## Option 1 (if you are using the default matrix-postgres container): ## Option 1 (if you are using the integrated Postgres database):
You can reset a user's password via the Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below): You can reset a user's password via the Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
@ -36,7 +36,7 @@ Use the Synapse User Admin API as described here: https://github.com/matrix-org/
This requires an [access token](obtaining-access-tokens.md) from a server admin account. *This method will also log the user out of all of their clients while the other options do not.* This requires an [access token](obtaining-access-tokens.md) from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md). If you didn't make your account a server admin when you created it, you can learn how to switch it now by reading about it in [Adding/Removing Administrator privileges to an existing Synapse user](registering-users.md#addingremoving-administrator-privileges-to-an-existing-synapse-user).
### Example: ### Example:
To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command: To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:

View file

@ -35,4 +35,4 @@ matrix_ssl_lets_encrypt_support_email: ''
# #
# The playbook creates additional Postgres users and databases (one for each enabled service) # The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account. # using this superuser account.
matrix_postgres_connection_password: '' devture_postgres_connection_password: ''

File diff suppressed because it is too large Load diff

View file

@ -34,7 +34,9 @@
- custom/matrix-base - custom/matrix-base
- custom/matrix-dynamic-dns - custom/matrix-dynamic-dns
- custom/matrix-mailer - custom/matrix-mailer
- custom/matrix-postgres
- role: galaxy/com.devture.ansible.role.postgres
- custom/matrix-redis - custom/matrix-redis
- custom/matrix-corporal - custom/matrix-corporal
- custom/matrix-bridge-appservice-discord - custom/matrix-bridge-appservice-discord
@ -78,6 +80,7 @@
- custom/matrix-synapse-admin - custom/matrix-synapse-admin
- custom/matrix-prometheus-node-exporter - custom/matrix-prometheus-node-exporter
- custom/matrix-prometheus-postgres-exporter - custom/matrix-prometheus-postgres-exporter
- custom/matrix-prometheus-nginxlog-exporter
- custom/matrix-prometheus - custom/matrix-prometheus
- custom/matrix-grafana - custom/matrix-grafana
- custom/matrix-registration - custom/matrix-registration
@ -95,8 +98,11 @@
- custom/matrix-nginx-proxy - custom/matrix-nginx-proxy
- custom/matrix-coturn - custom/matrix-coturn
- custom/matrix-aux - custom/matrix-aux
- custom/matrix-postgres-backup
- role: galaxy/com.devture.ansible.role.postgres_backup
- custom/matrix-backup-borg - custom/matrix-backup-borg
- custom/matrix-user-creator - custom/matrix-user-creator
- custom/matrix-common-after - custom/matrix-common-after

View file

@ -18,6 +18,12 @@
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
version: e75973e3a4edc12dfc3e880e43b12ebecbf82c61
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096 version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096

View file

@ -37,9 +37,9 @@ matrix_backup_borg_location_source_directories: []
# postgres db backup # postgres db backup
matrix_backup_borg_postgresql_enabled: true matrix_backup_borg_postgresql_enabled: true
matrix_backup_borg_supported_postgres_versions: ['12', '13', '14'] matrix_backup_borg_supported_postgres_versions: ['12', '13', '14', '15']
matrix_backup_borg_postgresql_databases: [] matrix_backup_borg_postgresql_databases: []
matrix_backup_borg_postgresql_databases_hostname: "matrix-postgres" matrix_backup_borg_postgresql_databases_hostname: ''
matrix_backup_borg_postgresql_databases_username: "matrix" matrix_backup_borg_postgresql_databases_username: "matrix"
matrix_backup_borg_postgresql_databases_password: "" matrix_backup_borg_postgresql_databases_password: ""
matrix_backup_borg_postgresql_databases_port: 5432 matrix_backup_borg_postgresql_databases_port: 5432

View file

@ -5,22 +5,22 @@
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled - name: Fail with matrix_backup_borg_version advice if Postgres not enabled
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You are not running a built-in Postgres server (`matrix_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen. You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
Consider setting `matrix_backup_borg_version` to your Postgres version manually. Consider setting `matrix_backup_borg_version` to your Postgres version manually.
when: not matrix_postgres_enabled when: not devture_postgres_enabled
- ansible.builtin.import_role: - ansible.builtin.include_role:
name: custom/matrix-postgres name: galaxy/com.devture.ansible.role.postgres
tasks_from: detect_existing_postgres_version tasks_from: detect_existing_postgres_version
- name: Fail if detected Postgres version is unsupported - name: Fail if detected Postgres version is unsupported
ansible.builtin.fail: ansible.builtin.fail:
msg: "You cannot use borg backup with such an old version ({{ matrix_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql" msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
when: "matrix_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions" when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
- name: Set the correct borg backup version to use - name: Set the correct borg backup version to use
ansible.builtin.set_fact: ansible.builtin.set_fact:
matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}" matrix_backup_borg_version: "{{ devture_postgres_detected_version }}"
- name: Ensure borg paths exist - name: Ensure borg paths exist
ansible.builtin.file: ansible.builtin.file:
@ -105,19 +105,3 @@
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
mode: 0644 mode: 0644
register: matrix_backup_borg_systemd_timer_result
- name: Ensure systemd reloaded after matrix-backup-borg.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_backup_borg_systemd_service_result.changed | bool"
- name: Ensure matrix-backup-borg.service enabled
ansible.builtin.service:
enabled: true
name: matrix-backup-borg.service
- name: Ensure matrix-backup-borg.timer enabled
ansible.builtin.service:
enabled: true
name: matrix-backup-borg.timer

View file

@ -1,12 +1,13 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required backup-borg settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_backup_borg_ssh_key_private" - {'name': 'matrix_backup_borg_ssh_key_private', when: true}
- "matrix_backup_borg_location_repositories" - {'name': 'matrix_backup_borg_location_repositories', when: true}
- {'name': 'matrix_backup_borg_postgresql_databases_hostname', when: "{{ matrix_backup_borg_postgresql_enabled }}"}
- name: Fail if encryption passphrase is undefined unless repository is unencrypted - name: Fail if encryption passphrase is undefined unless repository is unencrypted
ansible.builtin.fail: ansible.builtin.fail:

View file

@ -34,7 +34,7 @@ hooks:
hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }} hostname: {{ matrix_backup_borg_postgresql_databases_hostname|to_json }}
username: {{ matrix_backup_borg_postgresql_databases_username|to_json }} username: {{ matrix_backup_borg_postgresql_databases_username|to_json }}
password: {{ matrix_backup_borg_postgresql_databases_password|to_json }} password: {{ matrix_backup_borg_postgresql_databases_password|to_json }}
port: {{ matrix_backup_borg_postgresql_databases_port|to_json }} port: {{ matrix_backup_borg_postgresql_databases_port | int | to_json }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
after_backup: after_backup:

View file

@ -31,14 +31,21 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --n
{{ arg }} \ {{ arg }} \
{% endfor %} {% endfor %}
{{ matrix_backup_borg_docker_image }} \ {{ matrix_backup_borg_docker_image }} \
sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}" sh -c "borgmatic rcreate --encryption {{ matrix_backup_borg_encryption }}"
# The `CAP_DAC_OVERRIDE` capability is required, so that `root` in the container
# can read the `/etc/borgmatic.d/config.yaml` (`{{ matrix_backup_borg_config_path }}/config.yaml`) file,
# owned by `matrix:matrix` on the filesystem.
#
# `/root` is mountes as temporary filesystem, because we're using `--read-only` and because
# Borgmatic tries to write to at least a few paths under `/root` (`.config`, `.ssh`, `.borgmatic`).
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
--log-driver=none \ --log-driver=none \
--cap-drop=ALL \ --cap-drop=ALL \
--cap-add=CAP_DAC_OVERRIDE \
--read-only \ --read-only \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--network={{ matrix_docker_network }} \ --network={{ matrix_docker_network }} \
--tmpfs=/root:rw,noexec,nosuid,size=100m \
--tmpfs=/tmp:rw,noexec,nosuid,size=100m \ --tmpfs=/tmp:rw,noexec,nosuid,size=100m \
--mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \
--mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \

View file

@ -117,14 +117,10 @@ matrix_user_gid: ~
matrix_base_data_path: "/matrix" matrix_base_data_path: "/matrix"
matrix_base_data_path_mode: "750" matrix_base_data_path_mode: "750"
matrix_bin_path: "{{ matrix_base_data_path }}/bin"
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
# This is now unused. We keep it so that cleanup tasks can use it.
# To be removed in the future.
matrix_cron_path: "/etc/cron.d"
matrix_local_bin_path: "/usr/local/bin"
matrix_host_command_sleep: "/usr/bin/env sleep" matrix_host_command_sleep: "/usr/bin/env sleep"
matrix_host_command_chown: "/usr/bin/env chown" matrix_host_command_chown: "/usr/bin/env chown"
matrix_host_command_fusermount: "/usr/bin/env fusermount" matrix_host_command_fusermount: "/usr/bin/env fusermount"

View file

@ -1,6 +1,6 @@
--- ---
- name: Ensure Matrix base path exists - name: Ensure Matrix base paths exists
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
@ -9,14 +9,15 @@
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- "{{ matrix_base_data_path }}" - "{{ matrix_base_data_path }}"
- "{{ matrix_bin_path }}"
- name: Ensure Matrix network is created in Docker - name: Ensure Matrix network is created in Docker
community.docker.docker_network: community.docker.docker_network:
name: "{{ matrix_docker_network }}" name: "{{ matrix_docker_network }}"
driver: bridge driver: bridge
- name: Ensure matrix-remove-all script created - name: Ensure remove-all script created
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2" src: "{{ role_path }}/templates/bin/remove-all.j2"
dest: "{{ matrix_local_bin_path }}/matrix-remove-all" dest: "{{ matrix_bin_path }}/remove-all"
mode: 0750 mode: 0750

View file

@ -17,6 +17,7 @@
- {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'} - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'} - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
- {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'} - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
- {'old': 'matrix_local_bin_path', 'new': '<there is no global bin path anymore - each role has its own>'}
# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message. # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
- name: Fail if matrix_homeserver_generic_secret_key is undefined - name: Fail if matrix_homeserver_generic_secret_key is undefined

View file

@ -23,8 +23,6 @@ else
systemctl daemon-reload systemctl daemon-reload
echo "Remove matrix scripts"
find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete
echo "Remove unused Docker images and resources" echo "Remove unused Docker images and resources"
docker system prune -af docker system prune -af
echo "Remove Docker matrix network (should be gone already, but ..)" echo "Remove Docker matrix network (should be gone already, but ..)"

View file

@ -43,7 +43,7 @@ matrix_bot_buscarron_sqlite_database_path_in_container: "/data/bot.db"
matrix_bot_buscarron_database_username: 'buscarron' matrix_bot_buscarron_database_username: 'buscarron'
matrix_bot_buscarron_database_password: 'some-password' matrix_bot_buscarron_database_password: 'some-password'
matrix_bot_buscarron_database_hostname: 'matrix-postgres' matrix_bot_buscarron_database_hostname: ''
matrix_bot_buscarron_database_port: 5432 matrix_bot_buscarron_database_port: 5432
matrix_bot_buscarron_database_name: 'buscarron' matrix_bot_buscarron_database_name: 'buscarron'

View file

@ -11,8 +11,11 @@
- when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
dst: "{{ matrix_bot_buscarron_database_connection_string }}" dst: "{{ matrix_bot_buscarron_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -20,10 +23,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-bot-buscarron.service'] systemd_services_to_stop: ['matrix-bot-buscarron.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_bot_buscarron_requires_restart: true matrix_bot_buscarron_requires_restart: true
@ -89,15 +88,10 @@
src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
mode: 0644 mode: 0644
register: matrix_bot_buscarron_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-buscarron.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_buscarron_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-buscarron.service restarted, if necessary - name: Ensure matrix-bot-buscarron.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-bot-buscarron.service" name: "matrix-bot-buscarron.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_bot_buscarron_requires_restart | bool" when: "matrix_bot_buscarron_requires_restart | bool"

View file

@ -1,9 +1,10 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required Buscarron settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_bot_buscarron_password" - {'name': 'matrix_bot_buscarron_password', when: true}
- {'name': 'matrix_bot_buscarron_database_hostname', when: "{{ matrix_bot_buscarron_database_engine == 'postgres' }}"}

View file

@ -42,13 +42,9 @@
mode: 0644 mode: 0644
register: matrix_bot_go_neb_systemd_service_result register: matrix_bot_go_neb_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_go_neb_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-go-neb.service restarted, if necessary - name: Ensure matrix-bot-go-neb.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-bot-go-neb.service" name: "matrix-bot-go-neb.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_bot_go_neb_requires_restart | bool" when: "matrix_bot_go_neb_requires_restart | bool"

View file

@ -43,7 +43,7 @@ matrix_bot_honoroit_sqlite_database_path_in_container: "/data/bot.db"
matrix_bot_honoroit_database_username: 'honoroit' matrix_bot_honoroit_database_username: 'honoroit'
matrix_bot_honoroit_database_password: 'some-password' matrix_bot_honoroit_database_password: 'some-password'
matrix_bot_honoroit_database_hostname: 'matrix-postgres' matrix_bot_honoroit_database_hostname: ''
matrix_bot_honoroit_database_port: 5432 matrix_bot_honoroit_database_port: 5432
matrix_bot_honoroit_database_name: 'honoroit' matrix_bot_honoroit_database_name: 'honoroit'

View file

@ -11,8 +11,11 @@
- when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}" src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
dst: "{{ matrix_bot_honoroit_database_connection_string }}" dst: "{{ matrix_bot_honoroit_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -20,10 +23,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-bot-honoroit.service'] systemd_services_to_stop: ['matrix-bot-honoroit.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_bot_honoroit_requires_restart: true matrix_bot_honoroit_requires_restart: true
@ -91,13 +90,9 @@
mode: 0644 mode: 0644
register: matrix_bot_honoroit_systemd_service_result register: matrix_bot_honoroit_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_honoroit_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-honoroit.service restarted, if necessary - name: Ensure matrix-bot-honoroit.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-bot-honoroit.service" name: "matrix-bot-honoroit.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_bot_honoroit_requires_restart | bool" when: "matrix_bot_honoroit_requires_restart | bool"

View file

@ -1,10 +1,11 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required honoroit settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_bot_honoroit_password" - {'name': 'matrix_bot_honoroit_password', when: true}
- "matrix_bot_honoroit_roomid" - {'name': 'matrix_bot_honoroit_roomid', when: true}
- {'name': 'matrix_bot_honoroit_database_hostname', when: "{{ matrix_bot_honoroit_database_engine == 'postgres' }}"}

View file

@ -61,14 +61,3 @@
src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2" src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
mode: 0644 mode: 0644
register: matrix_bot_matrix_registration_bot_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary
ansible.builtin.service:
name: "matrix-bot-matrix-registration-bot.service"
state: restarted

View file

@ -44,7 +44,7 @@ matrix_bot_matrix_reminder_bot_sqlite_database_path_in_container: "/data/bot.db"
matrix_bot_matrix_reminder_bot_database_username: 'matrix_reminder_bot' matrix_bot_matrix_reminder_bot_database_username: 'matrix_reminder_bot'
matrix_bot_matrix_reminder_bot_database_password: 'some-password' matrix_bot_matrix_reminder_bot_database_password: 'some-password'
matrix_bot_matrix_reminder_bot_database_hostname: 'matrix-postgres' matrix_bot_matrix_reminder_bot_database_hostname: ''
matrix_bot_matrix_reminder_bot_database_port: 5432 matrix_bot_matrix_reminder_bot_database_port: 5432
matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot' matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot'

View file

@ -12,8 +12,11 @@
- when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}" src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}" dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -21,10 +24,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service'] systemd_services_to_stop: ['matrix-bot-matrix-reminder-bot.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_bot_matrix_reminder_bot_requires_restart: true matrix_bot_matrix_reminder_bot_requires_restart: true
@ -92,13 +91,9 @@
mode: 0644 mode: 0644
register: matrix_bot_matrix_reminder_bot_systemd_service_result register: matrix_bot_matrix_reminder_bot_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-bot-matrix-reminder-bot.service" name: "matrix-bot-matrix-reminder-bot.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_bot_matrix_reminder_bot_requires_restart | bool" when: "matrix_bot_matrix_reminder_bot_requires_restart | bool"

View file

@ -1,15 +1,16 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required matrix-reminder-bot settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_bot_matrix_reminder_bot_matrix_user_password" - {'name': 'matrix_bot_matrix_reminder_bot_matrix_user_password', when: true}
- "matrix_bot_matrix_reminder_bot_reminders_timezone" - {'name': 'matrix_bot_matrix_reminder_bot_reminders_timezone', when: true}
- {'name': 'matrix_bot_matrix_reminder_bot_database_hostname', when: "{{ matrix_bot_matrix_reminder_bot_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed settings - name: (Deprecation) Catch and report renamed matrix-reminder-bot settings
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
Your configuration contains a variable, which now has a different name. Your configuration contains a variable, which now has a different name.

View file

@ -27,7 +27,7 @@ matrix_bot_maubot_sqlite_database_path_in_container: "/data/maubot.db"
matrix_bot_maubot_database_username: matrix_bot_maubot matrix_bot_maubot_database_username: matrix_bot_maubot
matrix_bot_maubot_database_password: ~ matrix_bot_maubot_database_password: ~
matrix_bot_maubot_database_hostname: 'matrix-postgres' matrix_bot_maubot_database_hostname: ''
matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_port: 5432
matrix_bot_maubot_database_name: matrix_bot_maubot matrix_bot_maubot_database_name: matrix_bot_maubot

View file

@ -65,9 +65,3 @@
src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2" src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
mode: 0644 mode: 0644
register: matrix_bot_maubot_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-maubot.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_maubot_systemd_service_result.changed|bool"

View file

@ -1,10 +1,11 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required maubot settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- matrix_bot_maubot_unshared_secret - {'name': 'matrix_bot_maubot_unshared_secret', when: true}
- matrix_bot_maubot_admins - {'name': 'matrix_bot_maubot_admins', when: true}
- {'name': 'matrix_bot_maubot_database_hostname', when: "{{ matrix_bot_maubot_database_engine == 'postgres' }}"}

View file

@ -66,13 +66,9 @@
mode: 0644 mode: 0644
register: matrix_bot_mjolnir_systemd_service_result register: matrix_bot_mjolnir_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_mjolnir_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-mjolnir.service restarted, if necessary - name: Ensure matrix-bot-mjolnir.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-bot-mjolnir.service" name: "matrix-bot-mjolnir.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_bot_mjolnir_requires_restart | bool" when: "matrix_bot_mjolnir_requires_restart | bool"

View file

@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
matrix_bot_postmoogle_version: v0.9.9 matrix_bot_postmoogle_version: v0.9.10
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
@ -42,7 +42,7 @@ matrix_bot_postmoogle_sqlite_database_path_in_container: "/data/bot.db"
matrix_bot_postmoogle_database_username: 'postmoogle' matrix_bot_postmoogle_database_username: 'postmoogle'
matrix_bot_postmoogle_database_password: 'some-password' matrix_bot_postmoogle_database_password: 'some-password'
matrix_bot_postmoogle_database_hostname: 'matrix-postgres' matrix_bot_postmoogle_database_hostname: ''
matrix_bot_postmoogle_database_port: 5432 matrix_bot_postmoogle_database_port: 5432
matrix_bot_postmoogle_database_name: 'postmoogle' matrix_bot_postmoogle_database_name: 'postmoogle'
@ -78,18 +78,6 @@ matrix_bot_postmoogle_prefix: '!pm'
# Max email size in megabytes, including attachments # Max email size in megabytes, including attachments
matrix_bot_postmoogle_maxsize: '1024' matrix_bot_postmoogle_maxsize: '1024'
# DEPRECATED, use !pm users instead
# A list of whitelisted users allowed to use the bridge.
# If not defined, everyone is allowed.
# Example set of rules:
# matrix_bot_postmoogle_users:
# - @someone:example.com
# - @another:example.com
# - @bot.*:example.com
# - @*:another.com
matrix_bot_postmoogle_users:
- "@*:{{ matrix_domain }}"
# A list of admins # A list of admins
# Example set of rules: # Example set of rules:
# matrix_bot_postmoogle_admins: # matrix_bot_postmoogle_admins:
@ -99,9 +87,17 @@ matrix_bot_postmoogle_users:
# - @*:another.com # - @*:another.com
matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}" matrix_bot_postmoogle_admins: "{{ [matrix_admin] if matrix_admin else [] }}"
# Sentry DSN # Sentry DSN. Deprecated, use matrix_bot_postmoogle_monitoring_sentry_dsn
matrix_bot_postmoogle_sentry: '' matrix_bot_postmoogle_sentry: ''
# Sentry integration
matrix_bot_postmoogle_monitoring_sentry_dsn: "{{ matrix_bot_postmoogle_sentry }}"
matrix_bot_postmoogle_monitoring_sentry_rate: 20
# healthchecks.io integration
matrix_bot_postmoogle_monitoring_healthchecks_uuid: ''
matrix_bot_postmoogle_monitoring_healthchecks_duration: 60
# Log level # Log level
matrix_bot_postmoogle_loglevel: 'INFO' matrix_bot_postmoogle_loglevel: 'INFO'
@ -147,6 +143,15 @@ matrix_bot_postmoogle_tls_key: ""
# Mandatory TLS, even on plain SMTP port # Mandatory TLS, even on plain SMTP port
matrix_bot_postmoogle_tls_required: false matrix_bot_postmoogle_tls_required: false
# trusted proxies
matrix_bot_postmoogle_proxies: []
# reserved mailboxes
matrix_bot_postmoogle_mailboxes_reserved: []
# mailbox activation flow
matrix_bot_postmoogle_mailboxes_activation: none
# Additional environment variables to pass to the postmoogle container # Additional environment variables to pass to the postmoogle container
# #
# Example: # Example:

View file

@ -8,8 +8,11 @@
- when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}" src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
dst: "{{ matrix_bot_postmoogle_database_connection_string }}" dst: "{{ matrix_bot_postmoogle_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -17,10 +20,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-bot-postmoogle.service'] systemd_services_to_stop: ['matrix-bot-postmoogle.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_bot_postmoogle_requires_restart: true matrix_bot_postmoogle_requires_restart: true
@ -86,8 +85,3 @@
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-postmoogle.service"
mode: 0644 mode: 0644
register: matrix_bot_postmoogle_systemd_service_result register: matrix_bot_postmoogle_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-postmoogle.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"

View file

@ -1,9 +1,10 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required Postmoogle settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_bot_postmoogle_password" - {'name': 'matrix_bot_postmoogle_password', when: true}
- {'name': 'matrix_bot_postmoogle_database_hostname', when: "{{ matrix_bot_postmoogle_database_engine == 'postgres' }}"}

View file

@ -7,7 +7,6 @@ POSTMOOGLE_DB_DSN={{ matrix_bot_postmoogle_database_connection_string }}
POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }} POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }}
POSTMOOGLE_PREFIX={{ matrix_bot_postmoogle_prefix }} POSTMOOGLE_PREFIX={{ matrix_bot_postmoogle_prefix }}
POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }} POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }}
POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }}
POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }} POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }}
POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }} POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }}
POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }} POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }}
@ -16,5 +15,12 @@ POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }}
POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }} POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }}
POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }} POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }}
POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }} POSTMOOGLE_DATA_SECRET={{ matrix_bot_postmoogle_data_secret }}
POSTMOOGLE_PROXIES={{ matrix_bot_postmoogle_proxies | join(' ') }}
POSTMOOGLE_MONITORING_SENTRY_DSN={{ matrix_bot_postmoogle_monitoring_sentry_dsn }}
POSTMOOGLE_MONITORING_SENTRY_RATE={{ matrix_bot_postmoogle_monitoring_sentry_rate }}
POSTMOOGLE_MONITORING_HEALTHCHECKS_UUID={{ matrix_bot_postmoogle_monitoring_healthchecks_uuid }}
POSTMOOGLE_MONITORING_HEALTHCHECKS_DURATION={{ matrix_bot_postmoogle_monitoring_healthchecks_duration }}
POSTMOOGLE_MAILBOXES_RESERVED={{ matrix_bot_postmoogle_mailboxes_reserved | join(' ') }}
POSTMOOGLE_MAILBOXES_ACTIVATION={{ matrix_bot_postmoogle_mailboxes_activation }}
{{ matrix_bot_postmoogle_environment_variables_extension }} {{ matrix_bot_postmoogle_environment_variables_extension }}

View file

@ -60,7 +60,7 @@ matrix_appservice_discord_sqlite_database_path_in_container: "/data/discord.db"
matrix_appservice_discord_database_username: 'matrix_appservice_discord' matrix_appservice_discord_database_username: 'matrix_appservice_discord'
matrix_appservice_discord_database_password: 'some-password' matrix_appservice_discord_database_password: 'some-password'
matrix_appservice_discord_database_hostname: 'matrix-postgres' matrix_appservice_discord_database_hostname: ''
matrix_appservice_discord_database_port: 5432 matrix_appservice_discord_database_port: 5432
matrix_appservice_discord_database_name: 'matrix_appservice_discord' matrix_appservice_discord_database_name: 'matrix_appservice_discord'

View file

@ -12,8 +12,11 @@
- when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_appservice_discord_sqlite_database_path_local }}" src: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
dst: "{{ matrix_appservice_discord_database_connString }}" dst: "{{ matrix_appservice_discord_database_connString }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -21,10 +24,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-appservice-discord.service'] systemd_services_to_stop: ['matrix-appservice-discord.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_appservice_discord_requires_restart: true matrix_appservice_discord_requires_restart: true
@ -109,13 +108,9 @@
mode: 0644 mode: 0644
register: matrix_appservice_discord_systemd_service_result register: matrix_appservice_discord_systemd_service_result
- name: Ensure systemd reloaded after matrix-appservice-discord.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_discord_systemd_service_result.changed"
- name: Ensure matrix-appservice-discord.service restarted, if necessary - name: Ensure matrix-appservice-discord.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-appservice-discord.service" name: "matrix-appservice-discord.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_appservice_discord_requires_restart | bool" when: "matrix_appservice_discord_requires_restart | bool"

View file

@ -1,16 +1,17 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required appservice-discord settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_appservice_discord_client_id" - {'name': 'matrix_appservice_discord_client_id', when: true}
- "matrix_appservice_discord_bot_token" - {'name': 'matrix_appservice_discord_bot_token', when: true}
- "matrix_appservice_discord_appservice_token" - {'name': 'matrix_appservice_discord_appservice_token', when: true}
- "matrix_appservice_discord_homeserver_token" - {'name': 'matrix_appservice_discord_homeserver_token', when: true}
- "matrix_appservice_discord_homeserver_domain" - {'name': 'matrix_appservice_discord_homeserver_domain', when: true}
- {'name': 'matrix_appservice_discord_database_hostname', when: "{{ matrix_appservice_discord_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed appservice-discord variables - name: (Deprecation) Catch and report renamed appservice-discord variables
ansible.builtin.fail: ansible.builtin.fail:

View file

@ -29,8 +29,8 @@ matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999'
matrix_appservice_irc_database_engine: nedb matrix_appservice_irc_database_engine: nedb
matrix_appservice_irc_database_username: matrix_appservice_irc matrix_appservice_irc_database_username: matrix_appservice_irc
matrix_appservice_irc_database_password: ~ matrix_appservice_irc_database_password: 'some-password'
matrix_appservice_irc_database_hostname: 'matrix-postgres' matrix_appservice_irc_database_hostname: ''
matrix_appservice_irc_database_port: 5432 matrix_appservice_irc_database_port: 5432
matrix_appservice_irc_database_name: matrix_appservice_irc matrix_appservice_irc_database_name: matrix_appservice_irc

View file

@ -2,8 +2,8 @@
- name: Fail if Postgres not enabled - name: Fail if Postgres not enabled
ansible.builtin.fail: ansible.builtin.fail:
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
when: "not matrix_postgres_enabled | bool" when: "not devture_postgres_enabled | bool"
# Defaults # Defaults
@ -14,19 +14,19 @@
# Actual import work # Actual import work
- name: Ensure matrix-postgres is started - name: Ensure Postgres is started
ansible.builtin.service: ansible.builtin.service:
name: matrix-postgres name: "{{ devture_postgres_identifier }}"
state: started state: started
daemon_reload: true daemon_reload: true
register: matrix_postgres_service_start_result register: postgres_service_start_result
- name: Wait a bit, so that Postgres can start - name: Wait a bit, so that Postgres can start
ansible.builtin.wait_for: ansible.builtin.wait_for:
timeout: "{{ postgres_start_wait_time }}" timeout: "{{ postgres_start_wait_time }}"
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
become: false become: false
when: "matrix_postgres_service_start_result.changed | bool" when: postgres_service_start_result.changed | bool
- name: Check existence of matrix-appservice-irc service - name: Check existence of matrix-appservice-irc service
ansible.builtin.stat: ansible.builtin.stat:

View file

@ -1,6 +1,6 @@
--- ---
- ansible.builtin.import_role: - ansible.builtin.include_role:
name: custom/matrix-base name: custom/matrix-base
tasks_from: ensure_openssl_installed tasks_from: ensure_openssl_installed
@ -199,13 +199,9 @@
mode: 0644 mode: 0644
register: matrix_appservice_irc_systemd_service_result register: matrix_appservice_irc_systemd_service_result
- name: Ensure systemd reloaded after matrix-appservice-irc.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_irc_systemd_service_result.changed"
- name: Ensure matrix-appservice-irc.service restarted, if necessary - name: Ensure matrix-appservice-irc.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-appservice-irc.service" name: "matrix-appservice-irc.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_appservice_irc_requires_restart | bool" when: "matrix_appservice_irc_requires_restart | bool"

View file

@ -3,11 +3,12 @@
- name: Fail if required settings not defined - name: Fail if required settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_appservice_irc_appservice_token" - {'name': 'matrix_appservice_irc_appservice_token', when: true}
- "matrix_appservice_irc_homeserver_token" - {'name': 'matrix_appservice_irc_homeserver_token', when: true}
- {'name': 'matrix_appservice_irc_database_hostname', when: "{{ matrix_appservice_irc_database_engine == 'postgres' }}"}
# Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to # Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to
# let the playbook run without errors. # let the playbook run without errors.

View file

@ -90,7 +90,7 @@ matrix_appservice_kakaotalk_sqlite_database_path_in_container: "/data/appservice
matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk' matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk'
matrix_appservice_kakaotalk_database_password: 'some-password' matrix_appservice_kakaotalk_database_password: 'some-password'
matrix_appservice_kakaotalk_database_hostname: 'matrix-postgres' matrix_appservice_kakaotalk_database_hostname: ''
matrix_appservice_kakaotalk_database_port: 5432 matrix_appservice_kakaotalk_database_port: 5432
matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk' matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk'

View file

@ -109,9 +109,3 @@
src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2" src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service"
mode: 0644 mode: 0644
register: matrix_appservice_kakaotalk_systemd_service_result
- name: Ensure systemd reloaded after matrix-appservice-kakaotalk.service or matrix-appservice-kakaotalk-node.service installation
ansible.builtin.service:
daemon_reload: true
when: matrix_appservice_kakaotalk_node_systemd_service_result.changed or matrix_appservice_kakaotalk_systemd_service_result.changed

View file

@ -1,10 +1,11 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required appservice-kakaotalk settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_appservice_kakaotalk_appservice_token" - {'name': 'matrix_appservice_kakaotalk_appservice_token', when: true}
- "matrix_appservice_kakaotalk_homeserver_token" - {'name': 'matrix_appservice_kakaotalk_homeserver_token', when: true}
- {'name': 'matrix_appservice_kakaotalk_database_hostname', when: "{{ matrix_appservice_kakaotalk_database_engine == 'postgres' }}"}

View file

@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps
# matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
# It's a bare version number now. We try to somewhat retain compatibility below. # It's a bare version number now. We try to somewhat retain compatibility below.
matrix_appservice_slack_version: 2.0.1 matrix_appservice_slack_version: 2.0.2
matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}"
matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}"
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
@ -57,8 +57,8 @@ matrix_appservice_slack_id_token: ''
matrix_appservice_slack_database_engine: nedb matrix_appservice_slack_database_engine: nedb
matrix_appservice_slack_database_username: matrix_appservice_slack matrix_appservice_slack_database_username: matrix_appservice_slack
matrix_appservice_slack_database_password: ~ matrix_appservice_slack_database_password: 'some-passsword'
matrix_appservice_slack_database_hostname: 'matrix-postgres' matrix_appservice_slack_database_hostname: ''
matrix_appservice_slack_database_port: 5432 matrix_appservice_slack_database_port: 5432
matrix_appservice_slack_database_name: matrix_appservice_slack matrix_appservice_slack_database_name: matrix_appservice_slack

View file

@ -2,8 +2,8 @@
- name: Fail if Postgres not enabled - name: Fail if Postgres not enabled
ansible.builtin.fail: ansible.builtin.fail:
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
when: "not matrix_postgres_enabled | bool" when: "not devture_postgres_enabled | bool"
# Defaults # Defaults
@ -14,19 +14,19 @@
# Actual import work # Actual import work
- name: Ensure matrix-postgres is started - name: Ensure Postgres is started
ansible.builtin.service: ansible.builtin.service:
name: matrix-postgres name: "{{ devture_postgres_identifier }}"
state: started state: started
daemon_reload: true daemon_reload: true
register: matrix_postgres_service_start_result register: postgres_service_start_result
- name: Wait a bit, so that Postgres can start - name: Wait a bit, so that Postgres can start
ansible.builtin.wait_for: ansible.builtin.wait_for:
timeout: "{{ postgres_start_wait_time }}" timeout: "{{ postgres_start_wait_time }}"
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
become: false become: false
when: "matrix_postgres_service_start_result.changed | bool" when: "postgres_service_start_result.changed | bool"
- name: Ensure matrix-appservice-slack is stopped - name: Ensure matrix-appservice-slack is stopped
ansible.builtin.service: ansible.builtin.service:

View file

@ -87,15 +87,10 @@
src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2" src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
mode: 0644 mode: 0644
register: matrix_appservice_slack_systemd_service_result
- name: Ensure systemd reloaded after matrix-appservice-slack.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_slack_systemd_service_result.changed"
- name: Ensure matrix-appservice-slack.service restarted, if necessary - name: Ensure matrix-appservice-slack.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-appservice-slack.service" name: "matrix-appservice-slack.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_appservice_slack_requires_restart | bool" when: "matrix_appservice_slack_requires_restart | bool"

View file

@ -1,16 +1,17 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required appservice-slack settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_appservice_slack_control_room_id" - {'name': 'matrix_appservice_slack_control_room_id', when: true}
- "matrix_appservice_slack_appservice_token" - {'name': 'matrix_appservice_slack_appservice_token', when: true}
- "matrix_appservice_slack_homeserver_url" - {'name': 'matrix_appservice_slack_homeserver_url', when: true}
- "matrix_appservice_slack_homeserver_token" - {'name': 'matrix_appservice_slack_homeserver_token', when: true}
- "matrix_appservice_slack_id_token" - {'name': 'matrix_appservice_slack_id_token', when: true}
- {'name': 'matrix_appservice_slack_database_hostname', when: "{{ matrix_appservice_slack_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed settings - name: (Deprecation) Catch and report renamed settings
ansible.builtin.fail: ansible.builtin.fail:

View file

@ -86,9 +86,3 @@
src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2" src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-webhooks.service"
mode: 0644 mode: 0644
register: matrix_appservice_webhooks_systemd_service_result
- name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_webhooks_systemd_service_result.changed"

View file

@ -55,8 +55,8 @@ matrix_beeper_linkedin_appservice_bot_username: linkedinbot
matrix_beeper_linkedin_database_engine: "postgres" matrix_beeper_linkedin_database_engine: "postgres"
matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin' matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin'
matrix_beeper_linkedin_database_password: "" matrix_beeper_linkedin_database_password: 'some-password'
matrix_beeper_linkedin_database_hostname: 'matrix-postgres' matrix_beeper_linkedin_database_hostname: ''
matrix_beeper_linkedin_database_port: 5432 matrix_beeper_linkedin_database_port: 5432
matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin'

View file

@ -88,9 +88,3 @@
src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
mode: 0644 mode: 0644
register: matrix_beeper_linkedin_systemd_service_result
- name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_beeper_linkedin_systemd_service_result.changed"

View file

@ -1,10 +1,11 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required beeper-linkedin settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_beeper_linkedin_appservice_token" - {'name': 'matrix_beeper_linkedin_appservice_token', when: true}
- "matrix_beeper_linkedin_homeserver_token" - {'name': 'matrix_beeper_linkedin_homeserver_token', when: true}
- {'name': 'matrix_beeper_linkedin_database_hostname', when: "{{ matrix_beeper_linkedin_database_engine == 'postgres' }}"}

View file

@ -56,7 +56,7 @@ matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge
matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge' matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge'
matrix_go_skype_bridge_database_password: 'some-password' matrix_go_skype_bridge_database_password: 'some-password'
matrix_go_skype_bridge_database_hostname: 'matrix-postgres' matrix_go_skype_bridge_database_hostname: ''
matrix_go_skype_bridge_database_port: 5432 matrix_go_skype_bridge_database_port: 5432
matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge' matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge'

View file

@ -12,8 +12,11 @@
- when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}" src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
dst: "{{ matrix_go_skype_bridge_database_connection_string }}" dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -22,10 +25,6 @@
systemd_services_to_stop: ['matrix-go-skype-bridge.service'] systemd_services_to_stop: ['matrix-go-skype-bridge.service']
pgloader_options: ['--with "quote identifiers"'] pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_go_skype_bridge_requires_restart: true matrix_go_skype_bridge_requires_restart: true
@ -128,13 +127,9 @@
mode: 0644 mode: 0644
register: matrix_go_skype_bridge_systemd_service_result register: matrix_go_skype_bridge_systemd_service_result
- name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_go_skype_bridge_systemd_service_result.changed"
- name: Ensure matrix-go-skype-bridge.service restarted, if necessary - name: Ensure matrix-go-skype-bridge.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-go-skype-bridge.service" name: "matrix-go-skype-bridge.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_go_skype_bridge_requires_restart | bool" when: "matrix_go_skype_bridge_requires_restart | bool"

View file

@ -1,10 +1,11 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required go-skype-bridge settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_go_skype_bridge_appservice_token" - {'name': 'matrix_go_skype_bridge_appservice_token', when: true}
- "matrix_go_skype_bridge_homeserver_token" - {'name': 'matrix_go_skype_bridge_homeserver_token', when: true}
- {'name': 'matrix_go_skype_bridge_database_hostname', when: "{{ matrix_go_skype_bridge_database_engine == 'postgres' }}"}

View file

@ -34,9 +34,3 @@
src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2" src: "{{ role_path }}/templates/systemd/matrix-heisenbridge.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-heisenbridge.service"
mode: 0644 mode: 0644
register: matrix_heisenbridge_systemd_service_result
- name: Ensure systemd reloaded after matrix-heisenbridge.service installation
ansible.builtin.service:
daemon_reload: true
when: matrix_heisenbridge_systemd_service_result.changed

View file

@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 2.4.0 matrix_hookshot_version: 2.5.0
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
@ -52,7 +52,7 @@ matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhook
# You need to create a GitHub app to enable this and fill in the empty variables below # You need to create a GitHub app to enable this and fill in the empty variables below
# https://matrix-org.github.io/matrix-hookshot/setup/github.html # https://matrix-org.github.io/matrix-hookshot/setup/github.html
matrix_hookshot_github_enabled: false matrix_hookshot_github_enabled: false
matrix_hookshot_github_appid: '' matrix_hookshot_github_auth_id: ''
# Set this variable to the contents of the generated and downloaded GitHub private key: # Set this variable to the contents of the generated and downloaded GitHub private key:
# matrix_hookshot_github_private_key: | # matrix_hookshot_github_private_key: |
# -----BEGIN RSA PRIVATE KEY----- # -----BEGIN RSA PRIVATE KEY-----
@ -61,22 +61,25 @@ matrix_hookshot_github_appid: ''
# Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info. # Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info.
matrix_hookshot_github_private_key: '' matrix_hookshot_github_private_key: ''
matrix_hookshot_github_private_key_file: 'private-key.pem' matrix_hookshot_github_private_key_file: 'private-key.pem'
matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page matrix_hookshot_github_webhook_secret: '' # "Webhook secret" on the GitHub App page
matrix_hookshot_github_oauth_enabled: false matrix_hookshot_github_oauth_enabled: false
# You need to configure oauth settings only when you have enabled oauth (optional) # You need to configure oauth settings only when you have enabled oauth (optional)
matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page matrix_hookshot_github_oauth_client_id: '' # "Client ID" on the GitHub App page
matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page matrix_hookshot_github_oauth_client_secret: '' # "Client Secret" on the GitHub App page
# Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth"
matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth"
matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}" matrix_hookshot_github_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
# These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration
matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_defaultOptions_ignoreHooks: {} # noqa var-naming
matrix_hookshot_github_command_prefix: '!gh' matrix_hookshot_github_defaultOptions_commandPrefix: '!gh' # noqa var-naming
matrix_hookshot_github_showIssueRoomLink: false # noqa var-naming matrix_hookshot_github_defaultOptions_showIssueRoomLink: false # noqa var-naming
matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" matrix_hookshot_github_defaultOptions_prDiff: # noqa var-naming
matrix_hookshot_github_including_labels: '' enabled: false
matrix_hookshot_github_excluding_labels: '' maxLines: 5
matrix_hookshot_github_hotlink_prefix: "#" matrix_hookshot_github_defaultOptions_includingLabels: '' # noqa var-naming
matrix_hookshot_github_defaultOptions_excludingLabels: '' # noqa var-naming
matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix: "#" # noqa var-naming
matrix_hookshot_gitlab_enabled: true matrix_hookshot_gitlab_enabled: true
@ -91,7 +94,7 @@ matrix_hookshot_gitlab_instances:
url: https://gitlab.com url: https://gitlab.com
# This will be the "Secret token" you have to enter into all GitLab instances for authentication # This will be the "Secret token" you have to enter into all GitLab instances for authentication
matrix_hookshot_gitlab_secret: '' matrix_hookshot_gitlab_webhook_secret: ''
matrix_hookshot_figma_enabled: false matrix_hookshot_figma_enabled: false
@ -104,33 +107,35 @@ matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hooks
# teamId: your-team-id # teamId: your-team-id
# accessToken: your-personal-access-token # accessToken: your-personal-access-token
# passcode: your-webhook-passcode # passcode: your-webhook-passcode
matrix_hookshot_figma_instances: {}
matrix_hookshot_jira_enabled: false matrix_hookshot_jira_enabled: false
# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth # Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth
matrix_hookshot_jira_secret: '' matrix_hookshot_jira_webhook_secret: ''
matrix_hookshot_jira_oauth_enabled: false matrix_hookshot_jira_oauth_enabled: false
matrix_hookshot_jira_oauth_id: '' matrix_hookshot_jira_oauth_client_id: ''
matrix_hookshot_jira_oauth_secret: '' matrix_hookshot_jira_oauth_client_secret: ''
# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" # Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth"
matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth"
matrix_hookshot_jira_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}" matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}"
# No need to change these # No need to change these
matrix_hookshot_generic_enabled: true matrix_hookshot_generic_enabled: true
matrix_hookshot_generic_enableHttpGet: false
# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" # Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}"
# urlprefix gets updated with protocol & port in group_vars/matrix_servers # urlprefix gets updated with protocol & port in group_vars/matrix_servers
matrix_hookshot_generic_urlprefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}" matrix_hookshot_generic_urlPrefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}"
matrix_hookshot_generic_allow_js_transformation_functions: false
# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap # If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap
matrix_hookshot_generic_user_id_prefix: '_webhooks_' matrix_hookshot_generic_userIdPrefix: '_webhooks_'
matrix_hookshot_generic_allowJsTransformationFunctions: false
matrix_hookshot_generic_waitForComplete: false
matrix_hookshot_feeds_enabled: true matrix_hookshot_feeds_enabled: true
matrix_hookshot_feeds_pollIntervalSeconds: 600 # noqa var-naming matrix_hookshot_feeds_pollIntervalSeconds: 600 # noqa var-naming
matrix_hookshot_feeds_pollTimeoutSeconds: 10 # noqa var-naming matrix_hookshot_feeds_pollTimeoutSeconds: 30 # noqa var-naming
# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
@ -141,6 +146,8 @@ matrix_hookshot_provisioning_enabled: false
matrix_hookshot_provisioning_internal: "/v1" matrix_hookshot_provisioning_internal: "/v1"
matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}"
# Valid logging levels are: debug, info, warn, error
matrix_hookshot_logging_level: warn
matrix_hookshot_widgets_enabled: true matrix_hookshot_widgets_enabled: true
matrix_hookshot_widgets_port: 9003 matrix_hookshot_widgets_port: 9003

View file

@ -1,6 +1,6 @@
--- ---
- ansible.builtin.import_role: - ansible.builtin.include_role:
name: custom/matrix-base name: custom/matrix-base
tasks_from: ensure_openssl_installed tasks_from: ensure_openssl_installed
@ -110,9 +110,3 @@
src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2" src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-hookshot.service"
mode: 0644 mode: 0644
register: matrix_hookshot_systemd_service_result
- name: Ensure systemd reloaded after matrix-hookshot.service installation
ansible.builtin.service:
daemon_reload: true
when: matrix_hookshot_systemd_service_result.changed

View file

@ -1,5 +1,34 @@
--- ---
- name: (Deprecation) Catch and report renamed Hookshot variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'}
- {'old': 'matrix_hookshot_generic_urlprefix', 'new': 'matrix_hookshot_generic_urlPrefix'}
- {'old': 'matrix_hookshot_generic_allow_js_transformation_functions', 'new': 'matrix_hookshot_generic_allowJsTransformationFunctions'}
- {'old': 'matrix_hookshot_generic_user_id_prefix', 'new': 'matrix_hookshot_generic_userIdPrefix'}
- {'old': 'matrix_hookshot_github_secret', 'new': 'matrix_hookshot_github_webhook_secret'}
- {'old': 'matrix_hookshot_github_appid', 'new': 'matrix_hookshot_github_auth_id'}
- {'old': 'matrix_hookshot_github_oauth_id', 'new': 'matrix_hookshot_github_oauth_client_id'}
- {'old': 'matrix_hookshot_github_oauth_secret', 'new': 'matrix_hookshot_github_oauth_client_secret'}
- {'old': 'matrix_hookshot_github_oauth_uri', 'new': 'matrix_hookshot_github_oauth_redirect_uri'}
- {'old': 'matrix_hookshot_github_ignore_hooks', 'new': 'matrix_hookshot_github_defaultOptions_ignoreHooks'}
- {'old': 'matrix_hookshot_github_command_prefix', 'new': 'matrix_hookshot_github_defaultOptions_commandPrefix'}
- {'old': 'matrix_hookshot_github_showIssueRoomLink', 'new': 'matrix_hookshot_github_defaultOptions_showIssueRoomLink'}
- {'old': 'matrix_hookshot_github_pr_diff', 'new': 'matrix_hookshot_github_defaultOptions_prDiff'}
- {'old': 'matrix_hookshot_github_including_labels', 'new': 'matrix_hookshot_github_defaultOptions_includingLabels'}
- {'old': 'matrix_hookshot_github_excluding_labels', 'new': 'matrix_hookshot_github_defaultOptions_excludingLabels'}
- {'old': 'matrix_hookshot_github_hotlink_prefix', 'new': 'matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix'}
- {'old': 'matrix_hookshot_jira_secret', 'new': 'matrix_hookshot_jira_webhook_secret'}
- {'old': 'matrix_hookshot_jira_oauth_id', 'new': 'matrix_hookshot_jira_oauth_client_id'}
- {'old': 'matrix_hookshot_jira_oauth_secret', 'new': 'matrix_hookshot_jira_oauth_client_secret'}
- {'old': 'matrix_hookshot_jira_oauth_uri', 'new': 'matrix_hookshot_jira_oauth_client_secret'}
- {'old': 'matrix_hookshot_gitlab_secret', 'new': 'matrix_hookshot_gitlab_webhook_secret'}
- name: Fail if required settings not defined - name: Fail if required settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
@ -15,8 +44,8 @@
You need to define a required configuration setting (`{{ item }}`) to enable GitHub. You need to define a required configuration setting (`{{ item }}`) to enable GitHub.
when: "matrix_hookshot_github_enabled and vars[item] == ''" when: "matrix_hookshot_github_enabled and vars[item] == ''"
with_items: with_items:
- "matrix_hookshot_github_appid" - "matrix_hookshot_github_auth_id"
- "matrix_hookshot_github_secret" - "matrix_hookshot_github_webhook_secret"
- name: Fail if required GitHub OAuth settings not defined - name: Fail if required GitHub OAuth settings not defined
ansible.builtin.fail: ansible.builtin.fail:
@ -24,8 +53,8 @@
You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth. You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth.
when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''" when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''"
with_items: with_items:
- "matrix_hookshot_github_oauth_id" - "matrix_hookshot_github_oauth_client_id"
- "matrix_hookshot_github_oauth_secret" - "matrix_hookshot_github_oauth_client_secret"
- name: Fail if required Jira settings not defined - name: Fail if required Jira settings not defined
ansible.builtin.fail: ansible.builtin.fail:
@ -33,7 +62,7 @@
You need to define a required configuration setting (`{{ item }}`) to enable Jira. You need to define a required configuration setting (`{{ item }}`) to enable Jira.
when: "matrix_hookshot_jira_enabled and vars[item] == ''" when: "matrix_hookshot_jira_enabled and vars[item] == ''"
with_items: with_items:
- "matrix_hookshot_jira_secret" - "matrix_hookshot_jira_webhook_secret"
- name: Fail if required Jira OAuth settings not defined - name: Fail if required Jira OAuth settings not defined
ansible.builtin.fail: ansible.builtin.fail:
@ -41,14 +70,14 @@
You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth. You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth.
when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''" when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''"
with_items: with_items:
- "matrix_hookshot_jira_oauth_id" - "matrix_hookshot_jira_oauth_client_id"
- "matrix_hookshot_jira_oauth_secret" - "matrix_hookshot_jira_oauth_client_secret"
- name: Fail if required Figma settings not defined - name: Fail if required Figma settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define at least one Figma instance to enable Figma. You need to define at least one Figma instance in `matrix_hookshot_figma_instances` to enable Figma.
when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances is undefined" when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances | length == 0"
- name: Fail if required provisioning settings not defined - name: Fail if required provisioning settings not defined
ansible.builtin.fail: ansible.builtin.fail:
@ -58,15 +87,6 @@
with_items: with_items:
- "matrix_hookshot_provisioning_secret" - "matrix_hookshot_provisioning_secret"
- name: (Deprecation) Catch and report renamed Hookshot variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'}
- name: (Deprecation) Catch and report old metrics usage - name: (Deprecation) Catch and report old metrics usage
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-

View file

@ -14,69 +14,70 @@ github:
auth: auth:
# Authentication for the GitHub App. # Authentication for the GitHub App.
# #
id: {{ matrix_hookshot_github_appid }} id: {{ matrix_hookshot_github_auth_id | to_json }}
privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }} privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }}
webhook: webhook:
# Webhook settings for the GitHub app. # Webhook settings for the GitHub app.
# #
secret: {{ matrix_hookshot_github_secret|to_json }} secret: {{ matrix_hookshot_github_webhook_secret | to_json }}
{% if matrix_hookshot_github_oauth_enabled %} {% if matrix_hookshot_github_oauth_enabled %}
oauth: oauth:
# (Optional) Settings for allowing users to sign in via OAuth. # (Optional) Settings for allowing users to sign in via OAuth.
# #
client_id: {{ matrix_hookshot_github_oauth_id }} client_id: {{ matrix_hookshot_github_oauth_client_id | to_json }}
client_secret: {{ matrix_hookshot_github_oauth_secret|to_json }} client_secret: {{ matrix_hookshot_github_oauth_client_secret | to_json }}
redirect_uri: {{ matrix_hookshot_github_oauth_uri }} redirect_uri: {{ matrix_hookshot_github_oauth_redirect_uri | to_json }}
{% endif %} {% endif %}
defaultOptions: defaultOptions:
# (Optional) Default options for GitHub connections. # (Optional) Default options for GitHub connections.
# #
ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} ignoreHooks: {{ matrix_hookshot_github_defaultOptions_ignoreHooks | to_json }}
commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" commandPrefix: {{ matrix_hookshot_github_defaultOptions_commandPrefix | to_json }}
showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }} showIssueRoomLink: {{ matrix_hookshot_github_defaultOptions_showIssueRoomLink | to_json }}
prDiff: {{ matrix_hookshot_github_pr_diff }} prDiff: {{ matrix_hookshot_github_defaultOptions_prDiff | to_json }}
includingLabels:{{ matrix_hookshot_github_including_labels }} includingLabels: {{ matrix_hookshot_github_defaultOptions_includingLabels | to_json }}
excludingLabels: {{ matrix_hookshot_github_excluding_labels }} excludingLabels: {{ matrix_hookshot_github_defaultOptions_excludingLabels | to_json }}
hotlinkIssues: hotlinkIssues:
prefix: "{{ matrix_hookshot_github_hotlink_prefix }}" prefix: {{ matrix_hookshot_github_defaultOptions_hotlinkIssues_prefix | to_json }}
{% endif %} {% endif %}
{% if matrix_hookshot_gitlab_enabled %} {% if matrix_hookshot_gitlab_enabled %}
gitlab: gitlab:
# (Optional) Configure this to enable GitLab support # (Optional) Configure this to enable GitLab support
# #
instances: instances: {{ matrix_hookshot_gitlab_instances | to_json }}
{{ matrix_hookshot_gitlab_instances }}
webhook: webhook:
secret: {{ matrix_hookshot_gitlab_secret|to_json }} secret: {{ matrix_hookshot_gitlab_webhook_secret | to_json }}
{% endif %} {% endif %}
{% if matrix_hookshot_figma_enabled %} {% if matrix_hookshot_figma_enabled %}
figma: figma:
# (Optional) Configure this to enable Figma support # (Optional) Configure this to enable Figma support
# #
publicUrl: {{ matrix_hookshot_figma_publicUrl }} publicUrl: {{ matrix_hookshot_figma_publicUrl | to_json }}
instances: {{ matrix_hookshot_figma_instances }} instances: {{ matrix_hookshot_figma_instances | to_json }}
{% endif %} {% endif %}
{% if matrix_hookshot_jira_enabled %} {% if matrix_hookshot_jira_enabled %}
jira: jira:
# (Optional) Configure this to enable Jira support # (Optional) Configure this to enable Jira support
# #
webhook: webhook:
secret: {{ matrix_hookshot_jira_secret|to_json }} secret: {{ matrix_hookshot_jira_webhook_secret | to_json }}
{% if matrix_hookshot_jira_oauth_enabled %} {% if matrix_hookshot_jira_oauth_enabled %}
oauth: oauth:
client_id: {{ matrix_hookshot_jira_oauth_id|to_json }} client_id: {{ matrix_hookshot_jira_oauth_client_id | to_json }}
client_secret: {{ matrix_hookshot_jira_oauth_secret|to_json }} client_secret: {{ matrix_hookshot_jira_oauth_client_secret | to_json }}
redirect_uri: {{ matrix_hookshot_jira_oauth_uri }} redirect_uri: {{ matrix_hookshot_jira_oauth_redirect_uri | to_json }}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if matrix_hookshot_generic_enabled %} {% if matrix_hookshot_generic_enabled %}
generic: generic:
# (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
# #
enabled: {{ matrix_hookshot_generic_enabled }} enabled: {{ matrix_hookshot_generic_enabled | to_json }}
urlPrefix: {{ matrix_hookshot_generic_urlprefix }} enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }}
allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }}
userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}
allowJsTransformationFunctions: {{ matrix_hookshot_generic_allowJsTransformationFunctions | to_json }}
waitForComplete: {{ matrix_hookshot_generic_waitForComplete | to_json }}
{% endif %} {% endif %}
{% if matrix_hookshot_feeds_enabled %} {% if matrix_hookshot_feeds_enabled %}
feeds: feeds:
@ -100,34 +101,34 @@ passFile:
bot: bot:
# (Optional) Define profile information for the bot user # (Optional) Define profile information for the bot user
# #
displayname: {{ matrix_hookshot_bot_displayname }} displayname: {{ matrix_hookshot_bot_displayname | to_json }}
avatar: {{ matrix_hookshot_bot_avatar }} avatar: {{ matrix_hookshot_bot_avatar | to_json }}
metrics: metrics:
# (Optional) Prometheus metrics support # (Optional) Prometheus metrics support
# #
enabled: {{ matrix_hookshot_metrics_enabled }} enabled: {{ matrix_hookshot_metrics_enabled | to_json }}
logging: logging:
# (Optional) Logging settings. You can have a severity debug,info,warn,error # (Optional) Logging settings. You can have a severity debug,info,warn,error
# #
level: warn level: {{ matrix_hookshot_logging_level | to_json }}
{% if matrix_hookshot_widgets_enabled %} {% if matrix_hookshot_widgets_enabled %}
widgets: widgets:
# (Optional) EXPERIMENTAL support for complimentary widgets # (Optional) EXPERIMENTAL support for complimentary widgets
# #
addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }} addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms | to_json }}
{% if matrix_hookshot_widgets_roomSetupWidget_enabled %} {% if matrix_hookshot_widgets_roomSetupWidget_enabled %}
roomSetupWidget: roomSetupWidget:
addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }} addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite | to_json }}
{% endif %} {% endif %}
{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %} {% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %}
disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }} disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges | to_json }}
{% endif %} {% endif %}
publicUrl: {{ matrix_hookshot_widgets_publicUrl }} publicUrl: {{ matrix_hookshot_widgets_publicUrl | to_json }}
branding: branding:
widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }} widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle | to_json }}
{% endif %} {% endif %}
{% if matrix_hookshot_permissions %} {% if matrix_hookshot_permissions %}
permissions: {{ matrix_hookshot_permissions }} permissions: {{ matrix_hookshot_permissions | to_json }}
{% endif %} {% endif %}
listeners: listeners:
# (Optional) HTTP Listener configuration. # (Optional) HTTP Listener configuration.

View file

@ -18,7 +18,7 @@ namespaces:
exclusive: true exclusive: true
{% endif %} {% endif %}
{% if matrix_hookshot_generic_enabled %} {% if matrix_hookshot_generic_enabled %}
- regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf - regex: "@{{ matrix_hookshot_generic_userIdPrefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf
exclusive: true exclusive: true
{% endif %} {% endif %}
aliases: aliases:

View file

@ -67,7 +67,7 @@ matrix_mautrix_discord_sqlite_database_path_in_container: "/data/mautrix-discord
matrix_mautrix_discord_database_username: 'matrix_mautrix_discord' matrix_mautrix_discord_database_username: 'matrix_mautrix_discord'
matrix_mautrix_discord_database_password: 'some-password' matrix_mautrix_discord_database_password: 'some-password'
matrix_mautrix_discord_database_hostname: 'matrix-postgres' matrix_mautrix_discord_database_hostname: ''
matrix_mautrix_discord_database_port: 5432 matrix_mautrix_discord_database_port: 5432
matrix_mautrix_discord_database_name: 'matrix_mautrix_discord' matrix_mautrix_discord_database_name: 'matrix_mautrix_discord'

View file

@ -12,8 +12,11 @@
- when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_discord_database_connection_string }}" dst: "{{ matrix_mautrix_discord_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -22,10 +25,6 @@
systemd_services_to_stop: ['matrix-mautrix-discord.service'] systemd_services_to_stop: ['matrix-mautrix-discord.service']
pgloader_options: ['--with "quote identifiers"'] pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_mautrix_discord_requires_restart: true matrix_mautrix_discord_requires_restart: true
@ -101,13 +100,9 @@
mode: 0644 mode: 0644
register: matrix_mautrix_discord_systemd_service_result register: matrix_mautrix_discord_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-discord.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_discord_systemd_service_result.changed"
- name: Ensure matrix-mautrix-discord.service restarted, if necessary - name: Ensure matrix-mautrix-discord.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-mautrix-discord.service" name: "matrix-mautrix-discord.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_mautrix_discord_requires_restart | bool" when: "matrix_mautrix_discord_requires_restart | bool"

View file

@ -1,10 +1,11 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required mautrix-discord settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_mautrix_discord_appservice_token" - {'name': 'matrix_mautrix_discord_appservice_token', when: true}
- "matrix_mautrix_discord_homeserver_token" - {'name': 'matrix_mautrix_discord_homeserver_token', when: true}
- {'name': 'matrix_mautrix_discord_database_hostname', when: "{{ matrix_mautrix_discord_database_engine == 'postgres' }}"}

View file

@ -74,7 +74,7 @@ matrix_mautrix_facebook_sqlite_database_path_in_container: "/data/mautrix-facebo
matrix_mautrix_facebook_database_username: 'matrix_mautrix_facebook' matrix_mautrix_facebook_database_username: 'matrix_mautrix_facebook'
matrix_mautrix_facebook_database_password: 'some-password' matrix_mautrix_facebook_database_password: 'some-password'
matrix_mautrix_facebook_database_hostname: 'matrix-postgres' matrix_mautrix_facebook_database_hostname: ''
matrix_mautrix_facebook_database_port: 5432 matrix_mautrix_facebook_database_port: 5432
matrix_mautrix_facebook_database_name: 'matrix_mautrix_facebook' matrix_mautrix_facebook_database_name: 'matrix_mautrix_facebook'

View file

@ -12,8 +12,11 @@
- when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}" src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_facebook_database_connection_string }}" dst: "{{ matrix_mautrix_facebook_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -21,10 +24,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-facebook.service'] systemd_services_to_stop: ['matrix-mautrix-facebook.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_mautrix_facebook_requires_restart: true matrix_mautrix_facebook_requires_restart: true
@ -116,15 +115,10 @@
src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-facebook.service"
mode: 0644 mode: 0644
register: matrix_mautrix_facebook_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_facebook_systemd_service_result.changed"
- name: Ensure matrix-mautrix-facebook.service restarted, if necessary - name: Ensure matrix-mautrix-facebook.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-mautrix-facebook.service" name: "matrix-mautrix-facebook.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_mautrix_facebook_requires_restart | bool" when: "matrix_mautrix_facebook_requires_restart | bool"

View file

@ -1,14 +1,15 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required mautrix-facebook settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_mautrix_facebook_public_endpoint" - {'name': 'matrix_mautrix_facebook_public_endpoint', when: true}
- "matrix_mautrix_facebook_appservice_token" - {'name': 'matrix_mautrix_facebook_appservice_token', when: true}
- "matrix_mautrix_facebook_homeserver_token" - {'name': 'matrix_mautrix_facebook_homeserver_token', when: true}
- {'name': 'matrix_mautrix_facebook_database_hostname', when: "{{ matrix_mautrix_facebook_database_engine == 'postgres' }}"}
- when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')" - when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"
block: block:

View file

@ -68,7 +68,7 @@ matrix_mautrix_googlechat_sqlite_database_path_in_container: "/data/mautrix-goog
matrix_mautrix_googlechat_database_username: 'matrix_mautrix_googlechat' matrix_mautrix_googlechat_database_username: 'matrix_mautrix_googlechat'
matrix_mautrix_googlechat_database_password: 'some-password' matrix_mautrix_googlechat_database_password: 'some-password'
matrix_mautrix_googlechat_database_hostname: 'matrix-postgres' matrix_mautrix_googlechat_database_hostname: ''
matrix_mautrix_googlechat_database_port: 5432 matrix_mautrix_googlechat_database_port: 5432
matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat' matrix_mautrix_googlechat_database_name: 'matrix_mautrix_googlechat'

View file

@ -12,8 +12,11 @@
- when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}" src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_googlechat_database_connection_string }}" dst: "{{ matrix_mautrix_googlechat_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -21,10 +24,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-googlechat.service'] systemd_services_to_stop: ['matrix-mautrix-googlechat.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_mautrix_googlechat_requires_restart: true matrix_mautrix_googlechat_requires_restart: true
@ -116,15 +115,10 @@
src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2" src: "{{ role_path }}/templates/systemd/matrix-mautrix-googlechat.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-googlechat.service"
mode: 0644 mode: 0644
register: matrix_mautrix_googlechat_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-googlechat.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_googlechat_systemd_service_result.changed"
- name: Ensure matrix-mautrix-googlechat.service restarted, if necessary - name: Ensure matrix-mautrix-googlechat.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-mautrix-googlechat.service" name: "matrix-mautrix-googlechat.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_mautrix_googlechat_requires_restart | bool" when: "matrix_mautrix_googlechat_requires_restart | bool"

View file

@ -1,14 +1,12 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required mautrix-googlechat settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_mautrix_googlechat_public_endpoint" - {'name': 'matrix_mautrix_googlechat_public_endpoint', when: true}
- "matrix_mautrix_googlechat_appservice_token" - {'name': 'matrix_mautrix_googlechat_appservice_token', when: true}
- "matrix_mautrix_googlechat_homeserver_token" - {'name': 'matrix_mautrix_googlechat_homeserver_token', when: true}
- ansible.builtin.debug: - {'name': 'matrix_mautrix_googlechat_database_hostname', when: "{{ matrix_mautrix_googlechat_database_engine == 'postgres' }}"}
msg:
- '`matrix_mautrix_googlechat_homeserver_domain` == {{ matrix_mautrix_googlechat_homeserver_domain }}'

View file

@ -65,7 +65,7 @@ matrix_mautrix_hangouts_sqlite_database_path_in_container: "/data/mautrix-hangou
matrix_mautrix_hangouts_database_username: 'matrix_mautrix_hangouts' matrix_mautrix_hangouts_database_username: 'matrix_mautrix_hangouts'
matrix_mautrix_hangouts_database_password: 'some-password' matrix_mautrix_hangouts_database_password: 'some-password'
matrix_mautrix_hangouts_database_hostname: 'matrix-postgres' matrix_mautrix_hangouts_database_hostname: ''
matrix_mautrix_hangouts_database_port: 5432 matrix_mautrix_hangouts_database_port: 5432
matrix_mautrix_hangouts_database_name: 'matrix_mautrix_hangouts' matrix_mautrix_hangouts_database_name: 'matrix_mautrix_hangouts'

View file

@ -12,8 +12,11 @@
- when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}" src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_hangouts_database_connection_string }}" dst: "{{ matrix_mautrix_hangouts_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -21,10 +24,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-hangouts.service'] systemd_services_to_stop: ['matrix-mautrix-hangouts.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_mautrix_hangouts_requires_restart: true matrix_mautrix_hangouts_requires_restart: true
@ -116,15 +115,10 @@
src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-hangouts.service"
mode: 0644 mode: 0644
register: matrix_mautrix_hangouts_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_hangouts_systemd_service_result.changed"
- name: Ensure matrix-mautrix-hangouts.service restarted, if necessary - name: Ensure matrix-mautrix-hangouts.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-mautrix-hangouts.service" name: "matrix-mautrix-hangouts.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_mautrix_hangouts_requires_restart | bool" when: "matrix_mautrix_hangouts_requires_restart | bool"

View file

@ -1,14 +1,12 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required mautrix-hangouts settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_mautrix_hangouts_public_endpoint" - {'name': 'matrix_mautrix_hangouts_public_endpoint', when: true}
- "matrix_mautrix_hangouts_appservice_token" - {'name': 'matrix_mautrix_hangouts_appservice_token', when: true}
- "matrix_mautrix_hangouts_homeserver_token" - {'name': 'matrix_mautrix_hangouts_homeserver_token', when: true}
- ansible.builtin.debug: - {'name': 'matrix_mautrix_hangouts_database_hostname', when: "{{ matrix_mautrix_hangouts_database_engine == 'postgres' }}"}
msg:
- '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}'

View file

@ -55,7 +55,7 @@ matrix_mautrix_instagram_database_engine: 'postgres'
matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram' matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram'
matrix_mautrix_instagram_database_password: 'some-password' matrix_mautrix_instagram_database_password: 'some-password'
matrix_mautrix_instagram_database_hostname: 'matrix-postgres' matrix_mautrix_instagram_database_hostname: ''
matrix_mautrix_instagram_database_port: 5432 matrix_mautrix_instagram_database_port: 5432
matrix_mautrix_instagram_database_name: 'matrix_mautrix_instagram' matrix_mautrix_instagram_database_name: 'matrix_mautrix_instagram'

View file

@ -70,9 +70,3 @@
src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2" src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-instagram.service"
mode: 0644 mode: 0644
register: matrix_mautrix_instagram_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_instagram_systemd_service_result.changed"

View file

@ -1,9 +1,10 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required mautrix-instagram settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_mautrix_instagram_appservice_token" - {'name': 'matrix_mautrix_instagram_appservice_token', when: true}
- "matrix_mautrix_instagram_homeserver_token" - {'name': 'matrix_mautrix_instagram_homeserver_token', when: true}
- {'name': 'matrix_mautrix_instagram_database_hostname', when: "{{ matrix_mautrix_instagram_database_engine == 'postgres' }}"}

View file

@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
matrix_mautrix_signal_version: v0.4.1 matrix_mautrix_signal_version: v0.4.2
matrix_mautrix_signal_daemon_version: 0.23.0 matrix_mautrix_signal_daemon_version: 0.23.0
# See: https://mau.dev/mautrix/signal/container_registry # See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
@ -76,7 +76,7 @@ matrix_mautrix_signal_database_engine: 'postgres'
matrix_mautrix_signal_database_username: 'matrix_mautrix_signal' matrix_mautrix_signal_database_username: 'matrix_mautrix_signal'
matrix_mautrix_signal_database_password: 'some-password' matrix_mautrix_signal_database_password: 'some-password'
matrix_mautrix_signal_database_hostname: 'matrix-postgres' matrix_mautrix_signal_database_hostname: ''
matrix_mautrix_signal_database_port: 5432 matrix_mautrix_signal_database_port: 5432
matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' matrix_mautrix_signal_database_name: 'matrix_mautrix_signal'

View file

@ -121,9 +121,3 @@
src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2" src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service"
mode: 0644 mode: 0644
register: matrix_mautrix_signal_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-signal.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_signal_systemd_service_result.changed or matrix_mautrix_signal_daemon_systemd_service_result.changed"

View file

@ -1,15 +1,16 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required mautrix-signal settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_mautrix_signal_homeserver_domain" - {'name': 'matrix_mautrix_signal_homeserver_domain', when: true}
- "matrix_mautrix_signal_homeserver_address" - {'name': 'matrix_mautrix_signal_homeserver_address', when: true}
- "matrix_mautrix_signal_homeserver_token" - {'name': 'matrix_mautrix_signal_homeserver_token', when: true}
- "matrix_mautrix_signal_appservice_token" - {'name': 'matrix_mautrix_signal_appservice_token', when: true}
- {'name': 'matrix_mautrix_signal_database_hostname', when: "{{ matrix_mautrix_signal_database_engine == 'postgres' }}"}
- name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary - name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary
ansible.builtin.fail: ansible.builtin.fail:

View file

@ -16,7 +16,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
matrix_mautrix_telegram_version: v0.12.1 matrix_mautrix_telegram_version: v0.12.2
# See: https://mau.dev/mautrix/telegram/container_registry # See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
@ -95,7 +95,7 @@ matrix_mautrix_telegram_sqlite_database_path_in_container: "/data/mautrix-telegr
matrix_mautrix_telegram_database_username: 'matrix_mautrix_telegram' matrix_mautrix_telegram_database_username: 'matrix_mautrix_telegram'
matrix_mautrix_telegram_database_password: 'some-password' matrix_mautrix_telegram_database_password: 'some-password'
matrix_mautrix_telegram_database_hostname: 'matrix-postgres' matrix_mautrix_telegram_database_hostname: ''
matrix_mautrix_telegram_database_port: 5432 matrix_mautrix_telegram_database_port: 5432
matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram' matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram'

View file

@ -12,8 +12,11 @@
- when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool" - when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool"
block: block:
- ansible.builtin.set_fact: - ansible.builtin.include_role:
matrix_postgres_db_migration_request: name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}" src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_telegram_database_connection_string }}" dst: "{{ matrix_mautrix_telegram_database_connection_string }}"
caller: "{{ role_path | basename }}" caller: "{{ role_path | basename }}"
@ -21,10 +24,6 @@
engine_old: 'sqlite' engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-telegram.service'] systemd_services_to_stop: ['matrix-mautrix-telegram.service']
- ansible.builtin.import_role:
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact: - ansible.builtin.set_fact:
matrix_mautrix_telegram_requires_restart: true matrix_mautrix_telegram_requires_restart: true
@ -141,15 +140,10 @@
src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-telegram.service"
mode: 0644 mode: 0644
register: matrix_mautrix_telegram_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_telegram_systemd_service_result.changed"
- name: Ensure matrix-mautrix-telegram.service restarted, if necessary - name: Ensure matrix-mautrix-telegram.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-mautrix-telegram.service" name: "matrix-mautrix-telegram.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_mautrix_telegram_requires_restart | bool" when: "matrix_mautrix_telegram_requires_restart | bool"

View file

@ -1,16 +1,17 @@
--- ---
- name: Fail if required settings not defined - name: Fail if required mautrix-telegram settings not defined
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
You need to define a required configuration setting (`{{ item }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- "matrix_mautrix_telegram_api_id" - {'name': 'matrix_mautrix_telegram_api_id', when: true}
- "matrix_mautrix_telegram_api_hash" - {'name': 'matrix_mautrix_telegram_api_hash', when: true}
- "matrix_mautrix_telegram_public_endpoint" - {'name': 'matrix_mautrix_telegram_public_endpoint', when: true}
- "matrix_mautrix_telegram_appservice_token" - {'name': 'matrix_mautrix_telegram_appservice_token', when: true}
- "matrix_mautrix_telegram_homeserver_token" - {'name': 'matrix_mautrix_telegram_homeserver_token', when: true}
- {'name': 'matrix_mautrix_telegram_database_hostname', when: "{{ matrix_mautrix_telegram_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed Telegram variables - name: (Deprecation) Catch and report renamed Telegram variables
ansible.builtin.fail: ansible.builtin.fail:

View file

@ -54,7 +54,7 @@ matrix_mautrix_twitter_federate_rooms: true
matrix_mautrix_twitter_database_engine: 'postgres' matrix_mautrix_twitter_database_engine: 'postgres'
matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter' matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter'
matrix_mautrix_twitter_database_password: '' matrix_mautrix_twitter_database_password: 'some-password'
matrix_mautrix_twitter_database_hostname: '' matrix_mautrix_twitter_database_hostname: ''
matrix_mautrix_twitter_database_port: 5432 matrix_mautrix_twitter_database_port: 5432
matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter' matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter'

View file

@ -72,15 +72,10 @@
src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2" src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-twitter.service"
mode: 0644 mode: 0644
register: matrix_mautrix_twitter_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_twitter_systemd_service_result.changed"
- name: Ensure matrix-mautrix-twitter.service restarted, if necessary - name: Ensure matrix-mautrix-twitter.service restarted, if necessary
ansible.builtin.service: ansible.builtin.service:
name: "matrix-mautrix-twitter.service" name: "matrix-mautrix-twitter.service"
state: restarted state: restarted
daemon_reload: true
when: "matrix_mautrix_twitter_requires_restart | bool" when: "matrix_mautrix_twitter_requires_restart | bool"

Some files were not shown because too many files have changed in this diff Show more