Merge branch 'master' into pub.solar

This commit is contained in:
teutat3s 2022-11-09 18:02:47 +01:00
commit ea0cfb9f85
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
752 changed files with 2151 additions and 2163 deletions

View file

@ -13,7 +13,7 @@ jobs:
- name: Check out
uses: actions/checkout@v3
- name: Run yamllint
uses: frenck/action-yamllint@v1.3.0
uses: frenck/action-yamllint@v1.3.1
ansible-lint:
name: ansible-lint
runs-on: ubuntu-latest

6
.gitignore vendored
View file

@ -2,6 +2,10 @@
!/inventory/.gitkeep
!/inventory/host_vars/.gitkeep
!/inventory/scripts
/roles/*/files/scratchpad
/roles/**/files/scratchpad
.DS_Store
.python-version
# ignore roles pulled by ansible-galaxy
/roles/galaxy/*
!/roles/galaxy/.gitkeep

View file

@ -1,8 +1,5 @@
---
extends: default
ignore: |
roles/matrix-synapse/vars/workers.yml
rules:
line-length: disable

View file

@ -1,3 +1,39 @@
# 2022-11-05
## (Backward Compatibility Break) A new default standalone mode for Etherpad
Until now, [Etherpad](https://etherpad.org/) (which [the playbook could install for you](docs/configuring-playbook-etherpad.md)) required the [Dimension integration manager](docs/configuring-playbook-dimension.md) to also be installed, because Etherpad was hosted on the Dimension domain (at `dimension.DOMAIN/etherpad`).
From now on, Etherpad can be installed in `standalone` mode on `etherpad.DOMAIN` and used even without Dimension. This is much more versatile, so the playbook now defaults to this new mode (`matrix_etherpad_mode: standalone`).
If you've already got both Etherpad and Dimension in use you could:
- **either** keep hosting Etherpad under the Dimension domain by adding `matrix_etherpad_mode: dimension` to your `vars.yml` file. All your existing room widgets will continue working at the same URLs and no other changes will be necessary.
- **or**, you could change to hosting Etherpad separately on `etherpad.DOMAIN`. You will need to [configure a DNS record](docs/configuring-dns.md) for this new domain. You will also need to reconfigure Dimension to use the new pad URLs (`https://etherpad.DOMAIN/...`) going forward (refer to our [configuring Etherpad documentation](docs/configuring-playbook-etherpad.md)). All your existing room widgets (which still use `https://dimension.DOMAIN/etherpad/...`) will break as Etherpad is not hosted there anymore. You will need to re-add them or to consider not using `standalone` mode
# 2022-11-04
## The playbook now uses external roles for some things
**TLDR**: when updating the playbook and before running it, you'll need to run `make roles` to make [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) download dependency roles (see the [`requirements.yml` file](requirements.yml)) to the `roles/galaxy` directory. Without this, the playbook won't work.
We're in the process of trimming the playbook and making it reuse Ansible roles.
Starting now, the playbook is composed of 2 types of Ansible roles:
- those that live within the playbook itself (`roles/custom/*`)
- those downloaded from other sources (using [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to `roles/galaxy`, based on the [`requirements.yml` file](requirements.yml)). These roles are maintained by us or by other people from the Ansible community.
We're doing this for greater code-reuse (across Ansible playbooks, including our own related playbooks [gitea-docker-ansible-deploy](https://github.com/spantaleev/gitea-docker-ansible-deploy) and [nextcloud-docker-ansible-deploy](https://github.com/spantaleev/nextcloud-docker-ansible-deploy)) and decreased maintenance burden. Until now, certain features were copy-pasted across playbooks or were maintained separately in each one, with improvements often falling behind. We've also tended to do too much by ourselves - installing Docker on the server from our `matrix-base` role, etc. - something that we'd rather not do anymore by switching to the [geerlingguy.docker](https://galaxy.ansible.com/geerlingguy/docker) role.
Some variable names will change during the transition to having more and more external (galaxy) roles. There's a new `custom/matrix_playbook_migration` role added to the playbook which will tell you about these changes each time you run the playbook.
**From now on**, every time you update the playbook (well, every time the `requirements.yml` file changes), it's best to run `make roles` to update the roles downloaded from other sources. `make roles` is a shortcut (a `roles` target defined in [`Makefile`](Makefile) and executed by the [`make`](https://www.gnu.org/software/make/) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `make`, you can also manually run the commands seen in the `Makefile`.
# 2022-10-14
## synapse-s3-storage-provider support
@ -130,7 +166,7 @@ Below we'll discuss **potential backward incompatibilities**.
- **Metric endpoints have also changed** (`/metrics/synapse/worker/generic_worker-18111` -> `/metrics/synapse/worker/generic-worker-0`). If you're [collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server), consider revisiting our [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server) docs and updating your Prometheus configuration. **If you're collecting metrics to the integrated Prometheus server** (not enabled by default), **your Prometheus configuration will be updated automatically**. Old data (from before this change) may stick around though.
- **the format of `matrix_synapse_workers_enabled_list` has changed**. You were never advised to use this variable for directly creating workers (we advise people to control workers using `matrix_synapse_workers_preset` or by tweaking `matrix_synapse_workers_*_workers_count` variables only), but some people may have started using the `matrix_synapse_workers_enabled_list` variable to gain more control over workers. If you're one of them, you'll need to adjust its value. See `roles/matrix-synapse/defaults/main.yml` for more information on the new format. The playbook will also do basic validation and complain if you got something wrong.
- **the format of `matrix_synapse_workers_enabled_list` has changed**. You were never advised to use this variable for directly creating workers (we advise people to control workers using `matrix_synapse_workers_preset` or by tweaking `matrix_synapse_workers_*_workers_count` variables only), but some people may have started using the `matrix_synapse_workers_enabled_list` variable to gain more control over workers. If you're one of them, you'll need to adjust its value. See `roles/custom/matrix-synapse/defaults/main.yml` for more information on the new format. The playbook will also do basic validation and complain if you got something wrong.
# 2022-09-09
@ -411,7 +447,7 @@ matrix_ma1sd_enabled: true
We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401).
To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`.
To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/custom/matrix-synapse/defaults/main.yml`.
# 2022-02-01
@ -798,7 +834,7 @@ You have 3 ways to proceed:
- stop the bridge (`systemctl stop matrix-mautrix-facebook`)
- create a new `matrix_mautrix_facebook` Postgres database for it
- run [pgloader](https://pgloader.io/) manually (we import this bridge's data using default settings and it works well)
- define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/matrix-mautrix-facebook/defaults/main.yml`
- define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/custom/matrix-mautrix-facebook/defaults/main.yml`
- switch the bridge to Postgres (`matrix_mautrix_facebook_database_engine: 'postgres'` in your `vars.yml` file)
- re-run the playbook (`--tags=setup-all,start`) and ensure the bridge works (`systemctl status matrix-mautrix-facebook` and `journalctl -fu matrix-mautrix-facebook`)
- send a `login` message to the Facebook bridge bot again
@ -1676,7 +1712,7 @@ Having Synapse not be a required component potentially opens the door for instal
## Bridges are now separate from the Synapse role
Bridges are no longer part of the `matrix-synapse` role.
Each bridge now lives in its own separate role (`roles/matrix-bridge-*`).
Each bridge now lives in its own separate role (`roles/custom/matrix-bridge-*`).
These bridge roles are independent of the `matrix-synapse` role, so it should be possible to use them with a Synapse instance installed another way (not through the playbook).
@ -1970,7 +2006,7 @@ The following variables are no longer supported by this playbook:
- `matrix_mxisd_template_config`
You are encouraged to use the `matrix_mxisd_configuration_extension_yaml` variable to define your own mxisd configuration additions and overrides.
Refer to the [default variables file](roles/matrix-mxisd/defaults/main.yml) for more information.
Refer to the [default variables file](roles/custom/matrix-mxisd/defaults/main.yml) for more information.
This new way of configuring mxisd is beneficial because:
@ -2032,14 +2068,14 @@ Based on feedback from others, running Synapse on Python 3 is supposed to decrea
## Riot homepage customization
You can now customize some parts of the Riot homepage (or even completely replace it with your own custom page).
See the `matrix_riot_web_homepage_` variables in `roles/matrix-riot-web/defaults/main.yml`.
See the `matrix_riot_web_homepage_` variables in `roles/custom/matrix-riot-web/defaults/main.yml`.
# 2018-12-04
## mxisd extensibility
The [LDAP identity store for mxisd](https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md) can now be configured easily using playbook variables (see the `matrix_mxisd_ldap_` variables in `roles/matrix-server/defaults/main.yml`).
The [LDAP identity store for mxisd](https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md) can now be configured easily using playbook variables (see the `matrix_mxisd_ldap_` variables in `roles/custom/matrix-server/defaults/main.yml`).
# 2018-11-28

View file

@ -1,7 +1,11 @@
.PHONY: lint
.PHONY: roles lint
help: ## Show this help.
@grep -F -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -e 's/\\$$//' | sed -e 's/##//'
roles: ## Pull roles
rm -rf roles/galaxy
ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
lint: ## Runs ansible-lint against all roles in the playbook
ansible-lint

View file

@ -45,10 +45,7 @@ Alternatively, you can run Ansible inside a Docker container (powered by the [de
This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook.
There are 2 ways to go about it:
- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself)
- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)
You can either [run Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself) or [run Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server).
### Running Ansible in a container on the Matrix server itself
@ -73,13 +70,15 @@ docker run -it --rm \
-w /work \
-v `pwd`:/work \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.13.0-r0
docker.io/devture/ansible:2.13.6-r0
```
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
The `/work` directory contains the playbook's code.
You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now.
First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues).
Finally, you can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now.
### Running Ansible in a container on another computer (not the Matrix server)
@ -92,7 +91,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.13.0-r0
docker.io/devture/ansible:2.13.6-r0
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
@ -101,7 +100,10 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
The `/work` directory contains the playbook's code.
You can execute `ansible-playbook ...` commands as per normal now.
First, consider running `git config --global --add safe.directory /work` to [resolve directory ownership issues](#resolve-directory-ownership-issues).
Finally, you execute `ansible-playbook ...` commands as per normal now.
#### If you don't use SSH keys for authentication
@ -112,3 +114,13 @@ apk add sshpass
```
Then, to be asked for the password whenever running an `ansible-playbook` command add `--ask-pass` to the arguments of the command.
#### Resolve directory ownership issues
Because you're `root` in the container running Ansible and this likely differs fom the owner (your regular user account) of the playbook directory outside of the container, certain playbook features which use `git` locally may report warnings such as:
> fatal: unsafe repository ('/work' is owned by someone else)
> To add an exception for this directory, call:
> git config --global --add safe.directory /work
These errors can be resolved by making `git` trust the playbook directory by running `git config --global --add safe.directory /work`

View file

@ -39,6 +39,7 @@ When you're done configuring DNS, proceed to [Configuring the playbook](configur
| [Go-NEB](configuring-playbook-bot-go-neb.md) bot | CNAME | `goneb` | - | - | - | `matrix.<your-domain>` |
| [Sygnal](configuring-playbook-sygnal.md) push notification gateway | CNAME | `sygnal` | - | - | - | `matrix.<your-domain>` |
| [ntfy](configuring-playbook-ntfy.md) push notifications server | CNAME | `ntfy` | - | - | - | `matrix.<your-domain>` |
| [Etherpad](configuring-playbook-etherpad.md) collaborative text editor | CNAME | `etherpad` | - | - | - | `matrix.<your-domain>` |
| [Hydrogen](configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.<your-domain>` |
| [Cinny](configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.<your-domain>` |
| [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.<your-domain>` |
@ -68,6 +69,8 @@ The `sygnal.<your-domain>` subdomain may be necessary, because this playbook cou
The `ntfy.<your-domain>` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.<your-domain>` DNS record.
The `etherpad.<your-domain>` subdomain may be necessary, because this playbook could install the [Etherpad](https://etherpad.org/) a highly customizable open source online editor providing collaborative editing in really real-time. The installation of etherpad is disabled by default, it is not a core required component. To learn how to install it, see our [configuring etherpad guide](configuring-playbook-etherpad.md). If you do not wish to set up etherpad, feel free to skip the `etherpad.<your-domain>` DNS record.
The `hydrogen.<your-domain>` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.<your-domain>` DNS record.
The `cinny.<your-domain>` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.<your-domain>` DNS record.

View file

@ -64,7 +64,7 @@ To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to you
`matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable.
Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options.
Check the `roles/custom/matrix-backup-borg/defaults/main.yml` file for the full list of available options.
## Installing

View file

@ -5,20 +5,6 @@ The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/bu
It's a bot you can use to setup **your own helpdesk on matrix**
It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`.
(to use a different username, adjust the `matrix_bot_buscarron_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
@ -27,7 +13,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
```yaml
matrix_bot_buscarron_enabled: true
# Adjust this to whatever password you chose when registering the bot user
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_buscarron_login: bot.buscarron
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT
# Adjust accepted forms
@ -57,9 +46,15 @@ matrix_server_fqn_buscarron: "form.{{ matrix_domain }}"
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account
- if you change the bot password (`matrix_bot_buscarron_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_buscarron_password` to let the bot know its new password
## Usage

View file

@ -7,21 +7,6 @@ It's a bot you can use to setup **your own helpdesk on matrix**
See the project's [documentation](https://gitlab.com/etke.cc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you.
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@honoroit:DOMAIN`.
(to use a different username, adjust the `matrix_bot_honoroit_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=honoroit password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
```yaml
matrix_bot_honoroit_enabled: true
# Adjust this to whatever password you chose when registering the bot user
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_honoroit_login: honoroit
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_honoroit_password: PASSWORD_FOR_THE_BOT
# Adjust this to your room ID
@ -41,9 +29,15 @@ matrix_bot_honoroit_roomid: "!yourRoomID:DOMAIN"
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account
- if you change the bot password (`matrix_bot_honoroit_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_honoroit_password` to let the bot know its new password
## Usage

View file

@ -16,7 +16,7 @@ By default, the playbook will set use the bot with a username like this: `@bot.m
(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user

View file

@ -7,21 +7,6 @@ It's a bot you can use to **schedule one-off & recurring reminders and alarms**.
See the project's [documentation](https://github.com/anoadragon453/matrix-reminder-bot#usage) to learn what it does and why it might be useful to you.
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@bot.matrix-reminder-bot:DOMAIN`.
(to use a different username, adjust the `matrix_bot_matrix_reminder_bot_matrix_user_id_localpart` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-reminder-bot password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@ -29,7 +14,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
```yaml
matrix_bot_matrix_reminder_bot_enabled: true
# Adjust this to whatever password you chose when registering the bot user
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_matrix_reminder_bot_matrix_user_id_localpart: bot.matrix-reminder-bot
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_matrix_reminder_bot_matrix_user_password: PASSWORD_FOR_THE_BOT
# Adjust this to your timezone
@ -41,9 +29,15 @@ matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/London
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account
- if you change the bot password (`matrix_bot_matrix_reminder_bot_matrix_user_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_matrix_reminder_bot_matrix_user_password` to let the bot know its new password
## Usage

View file

@ -9,21 +9,6 @@ It's a bot/bridge you can use to forward emails to Matrix rooms
See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you.
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@postmoogle:DOMAIN`.
(to use a different username, adjust the `matrix_bot_postmoogle_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=postmoogle password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
@ -31,7 +16,10 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.
```yaml
matrix_bot_postmoogle_enabled: true
# Adjust this to whatever password you chose when registering the bot user
# Uncomment and adjust this part if you'd like to use a username different than the default
# matrix_bot_postmoogle_login: postmoogle
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
```
@ -43,9 +31,15 @@ See [Configuring DNS](configuring-dns.md).
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
**Notes**:
- the `ensure-matrix-users-created` playbook tag makes the playbook automatically create the bot's user account
- if you change the bot password (`matrix_bot_postmoogle_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_postmoogle_password` to let the bot know its new password
## Usage

View file

@ -28,8 +28,8 @@ There are some additional things you may wish to configure about the bridge.
Take a look at:
- `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable
- `roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable
### Set up Double Puppeting

View file

@ -27,7 +27,7 @@ matrix_beeper_linkedin_configuration_extension_yaml: |
'@YOUR_USERNAME:YOUR_DOMAIN': admin
```
You may wish to look at `roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure.
You may wish to look at `roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure.
## Set up Double Puppeting

View file

@ -8,7 +8,7 @@ See the project's [README](https://github.com/hifi/heisenbridge/blob/master/READ
## Configuration
Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/matrix-bridge-heisenbridge/defaults/main.yml).
Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/custom/matrix-bridge-heisenbridge/defaults/main.yml).
At a minimum, you only need to enable the bridge to get it up and running (`inventory/host_vars/matrix.DOMAIN/vars.yml`):

View file

@ -13,12 +13,15 @@ Note: the playbook also supports [matrix-appservice-webhooks](configuring-playbo
Refer to the [official instructions](https://matrix-org.github.io/matrix-hookshot/latest/setup.html) to learn what the individual options do.
1. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) as required.
2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file
2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required.
3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma).
4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below.
5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`.
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them.
Finally, run the playbook (see [installing](installing.md)).
## Usage
@ -51,14 +54,14 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri
| widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets |
| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus |
See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml).
See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/init.yml).
The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.
The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info.
### Manage GitHub Private Key with matrix-aux role
The GitHub bridge requires you to install a private key file. This can be done in multiple ways:
- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml)).
- copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)).
- somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually.
- use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server.
@ -71,7 +74,7 @@ matrix_aux_file_definitions:
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
```
For more info see the documentation in the [matrix-aux base configuration file](/roles/matrix-aux/defaults/main.yml).
For more info see the documentation in the [matrix-aux base configuration file](/roles/custom/matrix-aux/defaults/main.yml).
### Provisioning API

View file

@ -1,9 +1,8 @@
# Setting up Mautrix Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend.
The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you.
@ -12,13 +11,10 @@ See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.h
## Prerequisites
For using this bridge, you would need to authenticate by **scanning a QR code** with the Discord app on your phone **or** by using **discord account token**.
You can delete the Discord app after the authentication process.
There are 2 ways to login to discord using this bridge, either by [scanning a QR code](#method-1-login-using-qr-code-recommended) using the Discord mobile app **or** by using a [Discord token](#method-2-login-using-discord-token-not-recommended).
If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you proceed with this one if possible.
## Installing
To enable the bridge, add this to your `vars.yml` file:
@ -40,8 +36,8 @@ There are some additional things you may wish to configure about the bridge.
Take a look at:
- `roles/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable
- `roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable
### Set up Double Puppeting
@ -69,6 +65,20 @@ When using this method, **each user** that wishes to enable Double Puppeting nee
## Usage
### Logging in
#### Method 1: Login using QR code (recommended)
For using this bridge, you would need to authenticate by **scanning a QR code** with the Discord app on your phone.
You can delete the Discord app after the authentication process.
#### Method 2: Login using Discord token (not recommended)
To acquire the token, open Discord in a private browser window. Then open the developer settings (keyboard shortcut might be "ctrl+shift+i" or by pressing "F12"). Navigate to the "Network" tab then reload the page. In the URL filter or search bar type "/api" and find the response with the file name of "library". Under the request headers you should find a variable called "Authorization", this is the token to your Discord account. After copying the token, you can close the browser window.
### Bridging
1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. If you would like to login to Discord using a token, send `login-token` command, otherwise, send `login-qr` command.
3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app.

View file

@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: |
default: true
```
You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure.
You may wish to look at `roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure.
## Set up Double Puppeting

View file

@ -31,7 +31,7 @@ matrix_mautrix_instagram_configuration_extension_yaml: |
'@YOUR_USERNAME:YOUR_DOMAIN': admin
```
You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure.
You may wish to look at `roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure.
## Usage

View file

@ -55,7 +55,7 @@ matrix_mautrix_signal_bridge_permissions: |
'@USER:YOUR_DOMAIN' : user
```
You may wish to look at `roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure.
You may wish to look at `roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure.
## Set up Double Puppeting

View file

@ -17,7 +17,7 @@ matrix_client_element_enabled: false
The playbook provides some customization variables you could use to change Element's settings.
Their defaults are defined in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/matrix-client-element/templates/config.json.j2`](../roles/matrix-client-element/templates/config.json.j2) template.
Their defaults are defined in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml) and they ultimately end up in the generated `/matrix/element/config.json` file (on the server). This file is generated from the [`roles/custom/matrix-client-element/templates/config.json.j2`](../roles/custom/matrix-client-element/templates/config.json.j2) template.
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
@ -25,9 +25,9 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Element's various settings that rarely get used.
- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/custom/matrix-client-element/templates/config.json.j2)) by making use of the `matrix_client_element_configuration_extension_json_` variable. You can find information about this in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml).
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/matrix-client-element/defaults/main.yml`](../roles/matrix-client-element/defaults/main.yml).
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_element_configuration_default` (or `matrix_client_element_configuration`). You can find information about this in [`roles/custom/matrix-client-element/defaults/main.yml`](../roles/custom/matrix-client-element/defaults/main.yml).
## Themes

View file

@ -22,7 +22,7 @@ matrix_dimension_enabled: true
## Define admin users
These users can modify the integrations this Dimension supports.
These users can modify the integrations this Dimension supports.
Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
@ -73,6 +73,6 @@ In the interim until the above limitation is resolved, an admin user needs to co
## Additional features
To use a more custom configuration, you can define a `matrix_dimension_configuration_extension_yaml` string variable and put your configuration in it.
To learn more about how to do this, refer to the information about `matrix_dimension_configuration_extension_yaml` in the [default variables file](../roles/matrix-dimension/defaults/main.yml) of the Dimension component.
To learn more about how to do this, refer to the information about `matrix_dimension_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-dimension/defaults/main.yml) of the Dimension component.
You can find all configuration options on [GitHub page of Dimension project](https://github.com/turt2live/matrix-dimension/blob/master/config/default.yaml).

View file

@ -1,12 +1,20 @@
# Setting up Etherpad (optional)
[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io)
[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io) or used as standalone web app.
When enabled together with the Jitsi audio/video conferencing system (see [our docs on Jitsi](configuring-playbook-jitsi.md)), it will be made available as an option during the conferences.
## Prerequisites
For the self-hosted Etherpad instance to be available to your users, you must first enable and configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md)
Etherpad can be installed in 2 modes:
- (default) `standalone` mode (`matrix_etherpad_mode: standalone`) - Etherpad will be hosted on `etherpad.<your-domain>` (`matrix_server_fqn_etherpad`), so the DNS record for this domian must be created. See [Configuring your DNS server](configuring-dns.md) on how to set up the `etherpad` DNS record correctly
- `dimension` mode (`matrix_etherpad_mode: dimension`) - Etherpad will be hosted on `dimension.<your-domain>/etherpad` (`matrix_server_fqn_dimension`). This requires that you **first** configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md)
We recomend that you go with the default (`standalone`) mode, which makes Etherpad independent and allows it to be used with or without Dimension.
## Installing
@ -14,35 +22,40 @@ For the self-hosted Etherpad instance to be available to your users, you must fi
```yaml
matrix_etherpad_enabled: true
# Uncomment below if you'd like to install Etherpad on the Dimension domain (not recommended)
# matrix_etherpad_mode: dimension
# Uncomment below to enable the admin web UI
# matrix_etherpad_admin_username: admin
# matrix_etherpad_admin_password: some-password
```
## Set Dimension default to the self-hosted Etherpad
If enabled, the admin web-UI should then be available on `https://etherpad.<your-domain>/admin` (or `https://dimension.<your-domain>/etherpad/admin`, if `matrix_etherpad_mode: dimension`)
The Dimension administrator users can configure the default URL template. The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab. Replace `scalar.vector.im` with your own Dimension domain.
### Removing the integrated Etherpad chat
If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template.
Example: `https://dimension.<your-domain>/etherpad/p/$roomId_$padName?showChat=false`
### Etherpad Admin access (optional)
Etherpad comes with a admin web-UI which is disabled by default. You can enable it by setting a username and password in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_etherpad_admin_username: admin
matrix_etherpad_admin_password: some-password
```
The admin web-UI should then be available on: `https://dimension.<your-domain>/etherpad/admin`
### Managing / Deleting old pads
## Managing / Deleting old pads
If you want to manage and remove old unused pads from Etherpad, you will first need to able Admin access as described above.
Then from the plugin manager page (`https://dimension.<your-domain>/etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
Then from the plugin manager page (`https://etherpad.<your-domain>/admin/plugins` or `https://dimension.<your-domain>/etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
## Known issues
## Set Dimension default to the self-hosted Etherpad (optional)
If you decided to install [Dimension integration manager](configuring-playbook-dimension.md) alongside Etherpad, the Dimension administrator users can configure the default URL template.
The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab.
### Removing the integrated Etherpad chat
If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template. Examples:
- `https://etherpad.<your-domain>/p/$roomId_$padName?showChat=false` (for the default - `matrix_etherpad_mode: standalone`)
- `https://dimension.<your-domain>/etherpad/p/$roomId_$padName?showChat=false` (for `matrix_etherpad_mode: dimension`)
### Known issues
If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.
`$roomId_$padName` can end up being longer than 50 characters. You can avoid having this problem by altering the template so it only contains the three word random identifier `$padName`.

View file

@ -20,7 +20,7 @@ matrix_synapse_database_database: "your-postgres-server-database-name"
# Rewire any other service (each `matrix-*` role) you may wish to use to use your external Postgres server.
# Each service expects to have its own dedicated database on the Postgres server
# and uses its own variable names (see `roles/matrix-*/defaults/main.yml) for configuring Postgres connectivity.
# and uses its own variable names (see `roles/custom/matrix-*/defaults/main.yml) for configuring Postgres connectivity.
```
The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials.

View file

@ -14,7 +14,7 @@ Before installing Jitsi, make sure you've created the `jitsi.DOMAIN` DNS record.
You may also need to open the following ports to your server:
- `4443/tcp` - RTP media fallback over TCP
- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).
- `10000/udp` - RTP media over UDP. Depending on your firewall/NAT setup, incoming RTP packets on port `10000` may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/custom/matrix-jitsi/defaults/main.yml)).
## Installation

View file

@ -33,7 +33,7 @@ matrix_ma1sd_matrixorg_forwarding_enabled: true
## Customizing email templates
If you'd like to change the default email templates used by ma1sd, take a look at the `matrix_ma1sd_threepid_medium_email_custom_` variables
(in the `roles/matrix-ma1sd/defaults/main.yml` file.
(in the `roles/custom/matrix-ma1sd/defaults/main.yml` file.
## ma1sd-controlled Registration
@ -86,7 +86,7 @@ You can refer to the [ma1sd website](https://github.com/ma1uta/ma1sd) for more d
To use a more custom configuration, you can define a `matrix_ma1sd_configuration_extension_yaml` string variable
and put your configuration in it.
To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component.
To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/custom/matrix-ma1sd/defaults/main.yml) of the ma1sd component.
## Example: SMS verification

View file

@ -64,7 +64,7 @@ Can be used to set the username for the bridge.
## Discovering additional configuration options
You may wish to look at `roles/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure.
You may wish to look at `roles/custom/matrix-bridge-mautrix-SERVICENAME/templates/config.yaml.j2` and `roles/custom/matrix-bridge-mautrix-SERVICENAME/defaults/main.yml` to find other things you would like to configure.
## Set up Double Puppeting
@ -97,7 +97,7 @@ If you have issues with a service, and are requesting support, the higher levels
## Usage
You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
You then need to start a chat with `@SERVICENAMEbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
Send `login ` to the bridge bot to get started You can learn more here about authentication from the bridge's official documentation on Authentication https://docs.mau.fi/bridges/python/SERVICENAME/authentication.html .

View file

@ -42,7 +42,7 @@ Besides changing the preset (`matrix_nginx_proxy_ssl_preset`), you can also dire
- `matrix_nginx_proxy_ssl_prefer_server_ciphers`: for specifying if the server or the client choice when negotiating the cipher. It can set to `on` or `off`.
- `matrix_nginx_proxy_ssl_ciphers`: for specifying the SSL Cipher suites used by nginx.
For more information about these variables, check the `roles/matrix-nginx-proxy/defaults/main.yml` file.
For more information about these variables, check the `roles/custom/matrix-nginx-proxy/defaults/main.yml` file.
## Synapse + OpenID Connect for Single-Sign-On
@ -80,5 +80,5 @@ matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks:
# These lines will be included in the nginx configuration.
# This is at the top level of the file, so you will need to define all of the `server { ... }` blocks.
- |
# For advanced use, have a look at the template files in `roles/matrix-nginx-proxy/templates/nginx/conf.d`
# For advanced use, have a look at the template files in `roles/custom/matrix-nginx-proxy/templates/nginx/conf.d`
```

View file

@ -23,7 +23,7 @@ matrix_ntfy_configuration_extension_yaml: |
log_level: DEBUG
```
For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`.
For a more complete list of variables that you could override, see `roles/custom/matrix-ntfy/defaults/main.yml`.
For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options).

View file

@ -34,7 +34,7 @@ No matter which external webserver you decide to go with, you'll need to:
matrix_nginx_proxy_enabled: false
```
- if using an external server on another host, add the `<service>_http_host_bind_port` or `<service>_http_bind_port` variables for the services that will be exposed by the external server on the other host. The actual name of the variable is listed in the `roles/<service>/defaults/vars.yml` file for each service. Most variables follow the `<service>_http_host_bind_port` format.
These variables will make Docker expose the ports on all network interfaces instead of localhost only.
[Keep in mind that there are some security concerns if you simply proxy everything.](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints)
@ -84,7 +84,7 @@ After following the [Preparation](#preparation) guide above, you can take a loo
### Using another external webserver
Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/matrix-nginx-proxy/templates/nginx/conf.d/).
Feel free to look at the [examples/apache](../examples/apache) directory, or the [template files in the matrix-nginx-proxy role](../roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/).
## Method 2: Fronting the integrated nginx reverse-proxy webserver with another reverse-proxy

View file

@ -41,14 +41,14 @@ matrix_aux_file_definitions:
group: "{{ matrix_user_groupname }}"
```
For a more complete example of available fields and values they can take, see `roles/matrix-sygnal/templates/sygnal.yaml.j2` (or the [upstream `sygnal.yaml.sample` configuration file](https://github.com/matrix-org/sygnal/blob/master/sygnal.yaml.sample)).
For a more complete example of available fields and values they can take, see `roles/custom/matrix-sygnal/templates/sygnal.yaml.j2` (or the [upstream `sygnal.yaml.sample` configuration file](https://github.com/matrix-org/sygnal/blob/master/sygnal.yaml.sample)).
Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values.
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
To do that, the above example configuration:
- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/custom/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)

View file

@ -39,7 +39,7 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here
matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc.
# For additional advanced settings, take a look at `roles/matrix-synapse/defaults/main.yml`
# For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml`
```
If you have existing files in Synapse's media repository (`/matrix/synapse/media-store/..`):

View file

@ -5,7 +5,7 @@ If that's enough for you, you can skip this document.
The playbook provides lots of customization variables you could use to change Synapse's settings.
Their defaults are defined in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml) and they ultimately end up in the generated `/matrix/synapse/config/homeserver.yaml` file (on the server). This file is generated from the [`roles/matrix-synapse/templates/synapse/homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2) template.
Their defaults are defined in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml) and they ultimately end up in the generated `/matrix/synapse/config/homeserver.yaml` file (on the server). This file is generated from the [`roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2`](../roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2) template.
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
@ -13,9 +13,9 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of Synapse's various settings that rarely get used.
- or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
- or, you can **extend and override the default configuration** ([`homeserver.yaml.j2`](../roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2)) by making use of the `matrix_synapse_configuration_extension_yaml` variable. You can find information about this in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml).
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/custom/matrix-synapse/defaults/main.yml`](../roles/custom/matrix-synapse/defaults/main.yml).
## Load balancing with workers

View file

@ -1,25 +1,67 @@
# Installing
## 1. Installing the Matrix services
If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure.
Run this command to install the Matrix services:
**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `make roles`. `make roles` is a shortcut (a `roles` target defined in [`Makefile`](Makefile) and executed by the [`make`](https://www.gnu.org/software/make/) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `make`, you can also manually run the `roles` commands seen in the `Makefile`.
```bash
## Playbook tags introduction
The Ansible playbook's tasks are tagged, so that certain parts of the Ansible playbook can be run without running all other tasks.
The general command syntax is: `ansible-playbook -i inventory/hosts setup.yml --tags=COMMA_SEPARATED_TAGS_GO_HERE`
Here are some playbook tags that you should be familiar with:
- `setup-all` - runs all setup tasks for all components, but does not start/restart services
- `setup-SERVICE` (e.g. `setup-bot-postmoogle`) - runs the setup tasks only for a given role, but does not start/restart services. You can discover these additional tags in each role (`roles/*/main.yml`). Running per-component setup tasks is **not recommended**, as components sometimes depend on each other and running just the setup tasks for a given component may not be enough. For example, setting up the [mautrix-telegram bridge](configuring-playbook-bridge-mautrix-telegram.md), in addition to the `setup-mautrix-telegram` tag, requires database changes (the `setup-postgres` tag) as well as reverse-proxy changes (the `setup-nginx-proxy` tag).
- `start` - starts all systemd services and makes them start automatically in the future
- `stop` - stops all systemd services
- `ensure-matrix-users-created` - a special tag which ensures that all special users needed by the playbook (for bots, etc.) are created
`setup-*` tags **do not start services** automatically, because you may wish to do things before starting services, such as importing a database dump, restoring data from another server, etc.
## 1. Installing Matrix
If you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the all Ansible commands
If you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to all Ansible commands
There 2 ways to start the installation process - depending on whether you're [Installing a brand new server (without importing data)](#installing-a-brand-new-server-without-importing-data) or [Installing a server into which you'll import old data](#installing-a-server-into-which-youll-import-old-data).
### Installing a brand new server (without importing data)
If this is **a brand new** Matrix server and you **won't be importing old data into it**, run all these tags:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start
```
This will do a full installation and start all Matrix services.
Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation)
### Installing a server into which you'll import old data
If you will be importing data into your newly created Matrix server, install it, but **do not** start its services just yet.
Starting its services or messing with its database now will affect your data import later on.
To do the installation **without** starting services, run only the `setup-all` tag:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
```
The above command **doesn't start any services just yet** (another step does this later - below). Feel free to **re-run this setup command any time** you think something is off with the server configuration.
When this command completes, services won't be running yet.
**Notes**:
- if you **don't** use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.
- if you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to the above (and all other) Ansible commands.
## 2. Things you might want to do after installing
**Before starting the services**, you may want to do additional things like:
You can now:
- [Importing an existing SQLite database (from another Synapse installation)](importing-synapse-sqlite.md) (optional)
@ -27,21 +69,26 @@ The above command **doesn't start any services just yet** (another step does thi
- [Importing `media_store` data files from an existing Synapse installation](importing-synapse-media-store.md) (optional)
.. and then proceed to starting all services:
## 3. Starting the services
When you're ready to start the Matrix services (and set them up to auto-start in the future), run this command:
```bash
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=start
```
## 4. Finalize the installation
Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-the-future) and [Finalize the installation](#3-finalize-the-installation)
## 2. Maintaining your setup in the future
Feel free to **re-run the setup command any time** you think something is off with the server configuration. Ansible will take your configuration and update your server to match.
## 3. Finalize the installation
Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md).
## 5. Things to do next
## 4. Things to do next
After you have started the services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can:

View file

@ -10,8 +10,8 @@ To upgrade services:
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
- download the upstream Ansible roles used by the playbook by running `make roles`
- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
- re-run the [playbook setup](installing.md) and restart all serivces: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start`
**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).

View file

@ -22,6 +22,8 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.
- [`make`](https://www.gnu.org/software/make/) for running `make roles`, etc. (see [`Makefile`](../Makefile)), although you can also run these commands manually (without `make`)
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).

View file

@ -13,7 +13,7 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# The Matrix homeserver software to install.
# See:
# - `roles/matrix-base/defaults/main.yml` for valid options
# - `roles/custom/matrix-base/defaults/main.yml` for valid options
# - the `docs/configuring-playbook-IMPLEMENTATION_NAME.md` documentation page, if one is available for your implementation choice
matrix_homeserver_implementation: synapse

View file

@ -9,6 +9,46 @@
# You can also override ANY variable (seen here or in any given role),
# by re-defining it in your own configuration file (`inventory/host_vars/matrix.<your-domain>`).
########################################################################
# #
# com.devture.ansible.role.timesync #
# #
########################################################################
# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.
########################################################################
# #
# /com.devture.ansible.role.timesync #
# #
########################################################################
######################################################################
#
# com.devture.ansible.role.playbook_state_preserver
#
######################################################################
# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.
devture_playbook_state_preserver_uid: "{{ matrix_user_uid }}"
devture_playbook_state_preserver_gid: "{{ matrix_user_gid }}"
devture_playbook_state_preserver_vars_preservation_dst: "{{ matrix_base_data_path }}/vars.yml"
devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ matrix_base_data_path }}/git_hash.yml"
######################################################################
#
# /com.devture.ansible.role.playbook_state_preserver
#
######################################################################
######################################################################
#
# matrix-base
@ -695,6 +735,10 @@ matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_prov
matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}"
# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
# This will be fixed in the upcoming `0.5.0` release of conduit.
matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}"
######################################################################
#
# /matrix-bridge-mautrix-discord
@ -765,7 +809,7 @@ matrix_heisenbridge_systemd_wanted_services_list: |
# We don't enable bridges by default.
matrix_hookshot_enabled: false
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}"
@ -1482,6 +1526,8 @@ matrix_etherpad_enabled: false
matrix_etherpad_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9001' }}"
matrix_etherpad_base_url: "{{ 'https://'+ matrix_server_fqn_dimension + matrix_etherpad_public_endpoint if matrix_etherpad_mode == 'dimension' else 'https://' + matrix_server_fqn_etherpad + '/' }}"
matrix_etherpad_systemd_required_services_list: |
{{
['docker.service']
@ -1706,6 +1752,7 @@ matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}
matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}"
matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_proxy_etherpad_enabled: "{{ matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone' }}"
matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
@ -1812,7 +1859,7 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
+
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
+
(['matrix-etherpad.service'] if matrix_etherpad_enabled and matrix_dimension_enabled else [])
(['matrix-etherpad.service'] if matrix_etherpad_enabled else [])
+
(['matrix-hookshot.service'] if matrix_hookshot_enabled else [])
}}
@ -1833,6 +1880,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+
([matrix_server_fqn_dimension] if matrix_dimension_enabled else [])
+
([matrix_server_fqn_etherpad] if (matrix_etherpad_enabled and matrix_etherpad_mode == 'standalone') else [])
+
([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else [])
+
([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else [])
@ -2677,3 +2726,43 @@ matrix_conduit_systemd_required_services_list: |
# /matrix-conduit
#
######################################################################
######################################################################
#
# matrix-user-creator
#
######################################################################
matrix_user_creator_users_auto: |
{{
[{
'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
'initial_type': 'bot',
}] if matrix_bot_matrix_reminder_bot_enabled else []
+
[{
'username': matrix_bot_honoroit_login,
'initial_password': matrix_bot_honoroit_password,
'initial_type': 'bot',
}] if matrix_bot_honoroit_enabled else []
+
[{
'username': matrix_bot_postmoogle_login,
'initial_password': matrix_bot_postmoogle_password,
'initial_type': 'bot',
}] if matrix_bot_postmoogle_enabled else []
+
[{
'username': matrix_bot_buscarron_login,
'initial_password': matrix_bot_buscarron_password,
'initial_type': 'bot',
}] if matrix_bot_buscarron_enabled else []
}}
######################################################################
#
# /matrix-user-creator
#
######################################################################

16
requirements.yml Normal file
View file

@ -0,0 +1,16 @@
---
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: 461ace97fcf0e36c76747b36fcad8587d9b072f5
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
version: f1c78d4e85e875129790c58335d0e44385683f6b

View file

@ -10,7 +10,7 @@
when: not matrix_postgres_enabled
- ansible.builtin.import_role:
name: matrix-postgres
name: custom/matrix-postgres
tasks_from: detect_existing_postgres_version
- name: Fail if detected Postgres version is unsupported
@ -66,8 +66,8 @@
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}"
when: "not matrix_backup_borg_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure borg repository is present on self-build
@ -96,14 +96,14 @@
- name: Ensure matrix-backup-borg.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
mode: 0644
register: matrix_backup_borg_systemd_service_result
- name: Ensure matrix-backup-borg.timer installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2"
dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
mode: 0644
register: matrix_backup_borg_systemd_timer_result

View file

@ -1,7 +1,7 @@
---
- name: Check existence of matrix-backup-borg service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
register: matrix_backup_borg_service_stat
- name: Ensure matrix-backup-borg is stopped
@ -15,13 +15,13 @@
- name: Ensure matrix-backup-borg.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.service"
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.service"
state: absent
when: "matrix_backup_borg_service_stat.stat.exists | bool"
- name: Ensure matrix-backup-borg.timer doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer"
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-backup-borg.timer"
state: absent
when: "matrix_backup_borg_service_stat.stat.exists | bool"

View file

@ -12,10 +12,10 @@ DefaultDependencies=no
[Service]
Type=oneshot
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
--log-driver=none \
--cap-drop=ALL \
--read-only \
@ -33,7 +33,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-bor
{{ matrix_backup_borg_docker_image }} \
sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}"
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-backup-borg \
--log-driver=none \
--cap-drop=ALL \
--read-only \
@ -50,8 +50,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \
{% endfor %}
{{ matrix_backup_borg_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true'
SyslogIdentifier=matrix-backup-borg
[Install]

View file

@ -62,6 +62,9 @@ matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
# This is where you access the Dimension.
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
# This is where you access the etherpad (if enabled via matrix_etherpad_enabled; disabled by default).
matrix_server_fqn_etherpad: "etherpad.{{ matrix_domain }}"
# For use with Go-NEB! (github callback url for example)
matrix_server_fqn_bot_go_neb: "goneb.{{ matrix_domain }}"
@ -92,14 +95,6 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar
matrix_container_global_registry_prefix: "docker.io/"
# Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt.
matrix_container_retries_count: 10
matrix_container_retries_delay: 10
# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt.
matrix_geturl_retries_count: 10
matrix_geturl_retries_delay: 10
matrix_user_username: "matrix"
matrix_user_groupname: "matrix"
@ -113,12 +108,6 @@ matrix_base_data_path: "/matrix"
matrix_base_data_path_mode: "750"
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
matrix_systemd_path: "/etc/systemd/system"
# Specifies the path to use for the `HOME` environment variable for systemd unit files.
# Docker 20.10 complains with `WARNING: Error loading config file: .dockercfg: $HOME is not defined`
# if `$HOME` is not defined, so we define something to make it happy.
matrix_systemd_unit_home_path: /root
# This is now unused. We keep it so that cleanup tasks can use it.
# To be removed in the future.
@ -126,16 +115,10 @@ matrix_cron_path: "/etc/cron.d"
matrix_local_bin_path: "/usr/local/bin"
matrix_host_command_docker: "/usr/bin/env docker"
matrix_host_command_sleep: "/usr/bin/env sleep"
matrix_host_command_chown: "/usr/bin/env chown"
matrix_host_command_fusermount: "/usr/bin/env fusermount"
matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_host_command_sh: "/usr/bin/env sh"
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ('systemd' if ansible_os_family == 'Suse' else 'ntp') }}"
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
@ -255,12 +238,6 @@ matrix_well_known_matrix_support_configuration: "{{ matrix_well_known_matrix_sup
# The Docker network that all services would be put into
matrix_docker_network: "matrix"
# Controls whether we'll preserve the vars.yml file on the Matrix server.
# If you have a differently organized inventory, you may wish to disable this feature,
# or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve.
matrix_vars_yml_snapshotting_enabled: true
matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}/vars.yml"
# Controls whether a `/.well-known/matrix/server` file is generated and used at all.
#
# If you wish to rely on DNS SRV records only, you can disable this.

View file

@ -0,0 +1,12 @@
---
# This is for both RedHat 7 and 8
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_redhat.yml"
when: ansible_os_family == 'RedHat'
# This is for both Debian and Raspbian
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_debian.yml"
when: ansible_os_family == 'Debian'
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ensure_fuse_installed_archlinux.yml"
when: ansible_os_family == 'Archlinux'

View file

@ -0,0 +1,6 @@
---
- name: Ensure fuse installed (Archlinux)
community.general.pacman:
name: fuse3
state: present

View file

@ -0,0 +1,6 @@
---
- name: Ensure fuse installed (Debian/Raspbian)
ansible.builtin.apt:
name: fuse
state: present

View file

@ -0,0 +1,6 @@
---
- name: Ensure fuse installed (RedHat)
ansible.builtin.yum:
name: fuse
state: present

View file

@ -0,0 +1,6 @@
---
- name: Ensure openssl installed
ansible.builtin.package:
name: openssl
state: present

View file

@ -39,9 +39,3 @@
name: docker
state: started
enabled: true
- name: "Ensure ntpd is started and autoruns"
ansible.builtin.service:
name: "{{ matrix_ntpd_service }}"
state: started
enabled: true

View file

@ -25,13 +25,6 @@
update_cache: true
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure APT packages are installed
ansible.builtin.apt:
name:
- "{{ matrix_ntpd_package }}"
state: present
update_cache: true
- name: Ensure Docker is installed
ansible.builtin.apt:
name:

View file

@ -17,13 +17,6 @@
key: https://download.docker.com/linux/fedora/gpg
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure yum packages are installed
ansible.builtin.yum:
name:
- "{{ matrix_ntpd_package }}"
state: present
update_cache: true
- name: Ensure Docker is installed
ansible.builtin.yum:
name:

View file

@ -25,13 +25,6 @@
update_cache: true
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure APT packages are installed
ansible.builtin.apt:
name:
- "{{ matrix_ntpd_package }}"
state: present
update_cache: true
- name: Ensure Docker is installed
ansible.builtin.apt:
name:

View file

@ -15,13 +15,6 @@
key: https://download.docker.com/linux/centos/gpg
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure yum packages are installed
ansible.builtin.yum:
name:
- "{{ matrix_ntpd_package }}"
state: present
update_cache: true
- name: Ensure Docker is installed
ansible.builtin.yum:
name:

View file

@ -22,13 +22,6 @@
state: present
update_cache: true
- name: Ensure yum packages are installed
ansible.builtin.yum:
name:
- "{{ matrix_ntpd_package }}"
state: present
update_cache: true
- name: Ensure Docker is installed
ansible.builtin.yum:
name:

View file

@ -10,15 +10,6 @@
with_items:
- "{{ matrix_base_data_path }}"
- name: Preserve vars.yml on the server for easily restoring if it gets lost later on
ansible.builtin.copy:
src: "{{ matrix_vars_yml_snapshotting_src }}"
dest: "{{ matrix_base_data_path }}/vars.yml"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: '0660'
when: "matrix_vars_yml_snapshotting_enabled | bool"
- name: Ensure Matrix network is created in Docker
community.docker.docker_network:
name: "{{ matrix_docker_network }}"

View file

@ -16,9 +16,9 @@ if [ "$sure" != "Yes, I really want to remove everything!" ]; then
else
echo "Stop and remove matrix services"
for s in $(find {{ matrix_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do
for s in $(find {{ devture_systemd_docker_base_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do
systemctl disable --now $s
rm -f {{ matrix_systemd_path }}/$s
rm -f {{ devture_systemd_docker_base_systemd_path }}/$s
done
systemctl daemon-reload

View file

@ -21,7 +21,7 @@
systemd_services_to_stop: ['matrix-bot-buscarron.service']
- ansible.builtin.import_role:
name: matrix-postgres
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact:
@ -57,8 +57,8 @@
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}"
when: "not matrix_bot_buscarron_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure buscarron repository is present on self-build
@ -87,7 +87,7 @@
- name: Ensure matrix-bot-buscarron.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
mode: 0644
register: matrix_bot_buscarron_systemd_service_result

View file

@ -2,7 +2,7 @@
- name: Check existence of matrix-buscarron service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
register: matrix_bot_buscarron_service_stat
- name: Ensure matrix-buscarron is stopped
@ -16,7 +16,7 @@
- name: Ensure matrix-bot-buscarron.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service"
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
state: absent
when: "matrix_bot_buscarron_service_stat.stat.exists | bool"

View file

@ -12,11 +12,11 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-buscarron \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron
{% endfor %}
{{ matrix_bot_buscarron_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-buscarron

View file

@ -23,8 +23,8 @@
force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure go-neb config installed
@ -38,7 +38,7 @@
- name: Ensure matrix-bot-go-neb.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
mode: 0644
register: matrix_bot_go_neb_systemd_service_result

View file

@ -2,7 +2,7 @@
- name: Check existence of matrix-go-neb service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
register: matrix_bot_go_neb_service_stat
- name: Ensure matrix-go-neb is stopped
@ -16,7 +16,7 @@
- name: Ensure matrix-bot-go-neb.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
state: absent
when: "matrix_bot_go_neb_service_stat.stat.exists | bool"

View file

@ -12,11 +12,11 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-go-neb \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
{{ matrix_bot_go_neb_docker_image }} \
-c "go-neb /config/config.yaml"
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-go-neb

View file

@ -21,7 +21,7 @@
systemd_services_to_stop: ['matrix-bot-honoroit.service']
- ansible.builtin.import_role:
name: matrix-postgres
name: custom/matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact:
@ -57,8 +57,8 @@
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
when: "not matrix_bot_honoroit_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure honoroit repository is present on self-build
@ -87,7 +87,7 @@
- name: Ensure matrix-bot-honoroit.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
mode: 0644
register: matrix_bot_honoroit_systemd_service_result

Some files were not shown because too many files have changed in this diff Show more