From 2bd94a52bb657c738aeddb4a53e585e9266f7254 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Sun, 7 May 2023 17:07:37 -0700 Subject: [PATCH 01/13] Adds self build option for dendrite --- .../custom/matrix-dendrite/defaults/main.yml | 16 ++++++--- .../matrix-dendrite/tasks/setup_install.yml | 33 +++++++++++++++---- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 41cd35ed..3c083b99 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -4,8 +4,12 @@ matrix_dendrite_enabled: true -matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" -matrix_dendrite_docker_image_name_prefix: "docker.io/" +matrix_dendrite_container_image_self_build: false +matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/dendrite.git" + +matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" +matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" +matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_dendrite_docker_image_tag: "v0.12.0" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" @@ -17,6 +21,8 @@ matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats" matrix_dendrite_bin_path: "{{ matrix_dendrite_base_path }}/bin" matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" +matrix_dendrite_docker_src_files_path: "{{ matrix_dendrite_base_path }}/docker-src" + # By default, we make Dendrite only serve HTTP (not HTTPS). # HTTPS is usually served at the reverse-proxy side (usually via `matrix-nginx-proxy`). # @@ -85,14 +91,14 @@ matrix_dendrite_systemd_wanted_services_list: [] # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars//dendrite.yaml.j2" matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2" -matrix_dendrite_client_api_registration_shared_secret: '' +matrix_dendrite_client_api_registration_shared_secret: "" matrix_dendrite_allow_guest_access: false matrix_dendrite_max_file_size_bytes: 10485760 # Controls which HTTP header (e.g. 'X-Forwarded-For', 'X-Real-IP') to inspect to find the real remote IP address of the client. # This is likely required if Dendrite is running behind a reverse proxy server. -matrix_dendrite_sync_api_real_ip_header: 'X-Forwarded-For' +matrix_dendrite_sync_api_real_ip_header: "X-Forwarded-For" # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_dendrite_tmp_directory_size_mb: 500 @@ -147,7 +153,7 @@ matrix_dendrite_metrics_password: "metrics" # Postgres database information matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}:{{ matrix_dendrite_database_password }}@{{ matrix_dendrite_database_hostname }}" -matrix_dendrite_database_hostname: '' +matrix_dendrite_database_hostname: "" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" matrix_dendrite_federation_api_database: "dendrite_federationapi" diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 283e8b01..d96ddaeb 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -1,17 +1,21 @@ --- - - name: Ensure Dendrite paths exist ansible.builtin.file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - "{{ matrix_dendrite_config_dir_path }}" - - "{{ matrix_dendrite_bin_path }}" - - "{{ matrix_dendrite_ext_path }}" - - "{{ matrix_dendrite_nats_storage_path }}" + - { path: "{{ matrix_dendrite_config_dir_path }}", when: true } + - { path: "{{ matrix_dendrite_bin_path }}", when: true } + - { path: "{{ matrix_dendrite_ext_path }}", when: true } + - { path: "{{ matrix_dendrite_nats_storage_path }}", when: true } + - { + path: "{{ matrix_dendrite_docker_src_files_path }}", + when: "{{ matrix_dendrite_container_image_self_build }}", + } + when: "item.when | bool" # This will throw a Permission Denied error if already mounted using fuse - name: Check Dendrite media store path @@ -37,11 +41,23 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" + when: "not matrix_dendrite_container_image_self_build | bool" register: result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed +- name: Ensure Dendrite repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_dendrite_container_image_self_build_repo }}" + dest: "{{ matrix_dendrite_docker_src_files_path }}" + version: "{{ matrix_dendrite_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_dendrite_git_pull_results + when: "matrix_dendrite_container_image_self_build | bool" + # We do this so that the signing key would get generated. # We don't use the `docker_container` module, because using it with `cap_drop` requires # a very recent version, which is not available for a lot of people yet. @@ -72,6 +88,11 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" +- name: Ensure Dendrite Docker image is built + ansible.builtin.command: + cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" + when: "matrix_dendrite_container_image_self_build | bool" + - name: Ensure Dendrite container network is created community.general.docker_network: name: "{{ matrix_dendrite_container_network }}" From c1462c627728967a77ab1dc0ff03da22b3ca1654 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 May 2023 20:59:24 +0300 Subject: [PATCH 02/13] Upgrade Synapse (v1.82.0 -> v1.83.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index b7858fde..a1719461 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.82.0 +matrix_synapse_version: v1.83.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 8c0def5dfef589043e58d034cabd5d01c8a7a294 Mon Sep 17 00:00:00 2001 From: darsh12 Date: Tue, 9 May 2023 14:20:27 -0700 Subject: [PATCH 03/13] Update main.yml update matrix_bot_chatgpt_version to 3.1.0 --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 16ad8588..36cc60c0 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_chatgpt_enabled: true -matrix_bot_chatgpt_version: 3.0.0 +matrix_bot_chatgpt_version: 3.1.0 matrix_bot_chatgpt_container_image_self_build: false matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot" From 20a04a026139e0c78ce6173ba49413130adb7896 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 10 May 2023 13:54:51 +0000 Subject: [PATCH 04/13] Update element v1.11.30 -> v1.11.31 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3d57b235..109b42e8 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.30 +matrix_client_element_version: v1.11.31 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From d448cade3ae98c8c231d046b3d083d7b5af06183 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Wed, 10 May 2023 09:36:11 -0700 Subject: [PATCH 05/13] Moves matrix_dendrite_container_image_self_build to a conditional block, similar to synapse. Also adds the DOCKER_BUILDKIT=1 explicitly to ensure buildkit is used. --- .../matrix-dendrite/tasks/setup_install.yml | 41 ++++++++++++------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index d96ddaeb..70ee45b9 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -47,17 +47,6 @@ delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed -- name: Ensure Dendrite repository is present on self-build - ansible.builtin.git: - repo: "{{ matrix_dendrite_container_image_self_build_repo }}" - dest: "{{ matrix_dendrite_docker_src_files_path }}" - version: "{{ matrix_dendrite_docker_image.split(':')[1] }}" - force: "yes" - become: true - become_user: "{{ matrix_user_username }}" - register: matrix_dendrite_git_pull_results - when: "matrix_dendrite_container_image_self_build | bool" - # We do this so that the signing key would get generated. # We don't use the `docker_container` module, because using it with `cap_drop` requires # a very recent version, which is not available for a lot of people yet. @@ -88,10 +77,32 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" -- name: Ensure Dendrite Docker image is built - ansible.builtin.command: - cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" - when: "matrix_dendrite_container_image_self_build | bool" +- when: "matrix_dendrite_container_image_self_build | bool" + block: + - name: Ensure Dendrite repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_dendrite_container_image_self_build_repo }}" + dest: "{{ matrix_dendrite_docker_src_files_path }}" + version: "{{ matrix_dendrite_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_dendrite_git_pull_results + + - name: Check if Dendrite Docker image exists + ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_dendrite_docker_image }}'" + register: matrix_dendrite_docker_image_check_result + changed_when: false + + # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module, + # because the latter does not support BuildKit. + # See: https://github.com/ansible-collections/community.general/issues/514 + - name: Ensure Dendrite Docker image is built + ansible.builtin.command: + cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" + environment: + DOCKER_BUILDKIT: 1 + when: "matrix_dendrite_git_pull_results.changed | bool or matrix_dendrite_docker_image_check_result.stdout == ''" - name: Ensure Dendrite container network is created community.general.docker_network: From f102d75e13f2c63f8a0f782d311b747c58e44817 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 May 2023 09:42:13 +0300 Subject: [PATCH 06/13] Upgrade backup-borg (v1.2.4-1.7.12-1 -> v1.2.4-1.7.12-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index fc06393f..330a9cd4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-0 name: aux - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.12-1 + version: v1.2.4-1.7.12-2 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 1b9a29fba60aede12d7db8fe0f90f6a0486f9add Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 May 2023 09:42:19 +0300 Subject: [PATCH 07/13] Upgrade Grafana (v9.5.1-0 -> v9.5.2-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 330a9cd4..20f286d8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.1.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v9.5.1-0 + version: v9.5.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 name: jitsi From 1649065a4d00b191a66b7ef16f0aa7675f03dfff Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 May 2023 09:54:22 +0300 Subject: [PATCH 08/13] Fix yamllint-reported errors in matrix-dendrite Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2674 --- .../matrix-dendrite/tasks/setup_install.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 70ee45b9..2606dfea 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -7,14 +7,16 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - { path: "{{ matrix_dendrite_config_dir_path }}", when: true } - - { path: "{{ matrix_dendrite_bin_path }}", when: true } - - { path: "{{ matrix_dendrite_ext_path }}", when: true } - - { path: "{{ matrix_dendrite_nats_storage_path }}", when: true } - - { - path: "{{ matrix_dendrite_docker_src_files_path }}", - when: "{{ matrix_dendrite_container_image_self_build }}", - } + - path: "{{ matrix_dendrite_config_dir_path }}" + when: true + - path: "{{ matrix_dendrite_bin_path }}" + when: true + - path: "{{ matrix_dendrite_ext_path }}" + when: true + - path: "{{ matrix_dendrite_nats_storage_path }}" + when: true + - path: "{{ matrix_dendrite_docker_src_files_path }}" + when: "{{ matrix_dendrite_container_image_self_build }}" when: "item.when | bool" # This will throw a Permission Denied error if already mounted using fuse From a6a32f24f72bea3b384a2b5046bf83469f1b9774 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 11 May 2023 11:23:09 +0300 Subject: [PATCH 09/13] Add changed_when to Dendrite self-building task to make ansible-lint happy Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2674 --- roles/custom/matrix-dendrite/tasks/setup_install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-dendrite/tasks/setup_install.yml b/roles/custom/matrix-dendrite/tasks/setup_install.yml index 2606dfea..64c047d1 100644 --- a/roles/custom/matrix-dendrite/tasks/setup_install.yml +++ b/roles/custom/matrix-dendrite/tasks/setup_install.yml @@ -104,6 +104,7 @@ cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_dendrite_docker_image }} {{ matrix_dendrite_docker_src_files_path }}" environment: DOCKER_BUILDKIT: 1 + changed_when: true when: "matrix_dendrite_git_pull_results.changed | bool or matrix_dendrite_docker_image_check_result.stdout == ''" - name: Ensure Dendrite container network is created From 18ab8dfdffeaf682ef0322f504145f56f1f51857 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Thu, 11 May 2023 18:54:43 +0200 Subject: [PATCH 10/13] Remove manual Database Access steps and replace with Admin API Guide --- docs/configuring-playbook-bot-draupnir.md | 24 +++------------------ docs/configuring-playbook-bot-mjolnir.md | 26 +++-------------------- 2 files changed, 6 insertions(+), 44 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 11960474..62e8c3d6 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -30,30 +30,12 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t ## 3. Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps. +You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. -1. Copy the statement below into a text editor. +If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. - ``` - INSERT INTO ratelimit_override VALUES ('@bot.draupnir:DOMAIN', 0, 0); - ``` +The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with your own MXID and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token. -1. Change the username (`@bot.draupnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain. - -1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal) - -1. Connect to Synapse's database by typing `\connect synapse` into the database terminal - -1. Paste in the `INSERT INTO` command that you edited and press enter. - -You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this: - -``` - user_id | messages_per_second | burst_count ------------------------+---------------------+------------- - @bot.draupnir:raim.ist | 0 | 0` -``` -then you did it correctly. ## 4. Create a management room diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 5fc6331e..0b7ce43d 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -29,31 +29,11 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t ## 3. Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps. +You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). Please ask for help if you are uncomfortable with these steps or run into issues. -1. Copy the statement below into a text editor. - - ``` - INSERT INTO ratelimit_override VALUES ('@bot.mjolnir:DOMAIN', 0, 0); - ``` - -1. Change the username (`@bot.mjolnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain. - -1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal) - -1. Connect to Synapse's database by typing `\connect synapse` into the database terminal - -1. Paste in the `INSERT INTO` command that you edited and press enter. - -You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this: - -``` - user_id | messages_per_second | burst_count ------------------------+---------------------+------------- - @bot.mjolnir:raim.ist | 0 | 0` -``` -then you did it correctly. +If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. +The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with your own MXID and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token. ## 4. Create a management room From 6b3ae35ef5e223b56764c12ca3cec1fa93238f07 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Thu, 11 May 2023 19:07:35 +0200 Subject: [PATCH 11/13] Fix Typo --- docs/configuring-playbook-bot-draupnir.md | 2 +- docs/configuring-playbook-bot-mjolnir.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 62e8c3d6..23fa644f 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -34,7 +34,7 @@ You will need to prevent Synapse from rate limiting the bot's account. This is n If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. -The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with your own MXID and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token. +The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Draupnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Draupnir it self. If you made Draupnir Admin you can just use the Draupnir token. diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 0b7ce43d..e69655aa 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -33,7 +33,7 @@ You will need to prevent Synapse from rate limiting the bot's account. This is n If your Synapse Admin API is exposed to the internet for some reason like running the Synapse Admin Role [Link](docs/configuring-playbook-synapse-admin.md) or running `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` in your playbook config. If your API is not externally exposed you should still be able to on the local host for your synapse run these commands. -The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with your own MXID and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token. +The following command works on semi up to date Windows 10 installs and All Windows 11 installations and other systems that ship curl. `curl --header "Authorization: Bearer " -X DELETE https://matrix.example.com/_synapse/admin/v1/users/@example:example.com/override_ratelimit` Replace `@example:example.com` with the MXID of your Mjolnir and example.com with your homeserver domain. You can easily obtain an access token for a homeserver admin account the same way you can obtain an access token for Mjolnir it self. If you made Mjolnir Admin you can just use the Mjolnir token. ## 4. Create a management room From 73209a0554911d8266b37c15752b993b97140696 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 12 May 2023 07:00:58 +0300 Subject: [PATCH 12/13] Update aux role documentation, removing old matrix-aux references --- docs/configuring-playbook-bridge-hookshot.md | 12 ++++++------ docs/configuring-playbook-matrix-corporal.md | 2 +- docs/configuring-playbook-ssl-certificates.md | 12 ++++++------ docs/configuring-playbook-sygnal.md | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 54f6636b..48a66a8e 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,7 +16,7 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 1. Enable the bridge by adding `matrix_hookshot_enabled: true` to your `vars.yml` file 2. For each of the services (GitHub, GitLab, Jira, Figma, generic webhooks) fill in the respective variables `matrix_hookshot_service_*` listed in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) as required. 3. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). -4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. +4. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-aux-role) explained below. 5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) for how to use them. @@ -58,23 +58,23 @@ See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. -### Manage GitHub Private Key with matrix-aux role +### Manage GitHub Private Key with aux role The GitHub bridge requires you to install a private key file. This can be done in multiple ways: - copy the *contents* of the downloaded file and set the variable `matrix_hookshot_github_private_key` to the contents (see example in [main.yml](/roles/custom/matrix-bridge-hookshot/defaults/main.yml)). - somehow copy the file to the path `{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}` (default: `/matrix/hookshot/private-key.pem`) on the server manually. -- use the `matrix-aux` role to copy the file from an arbitrary path on your ansible client to the correct path on the server. +- use the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux) to copy the file from an arbitrary path on your ansible client to the correct path on the server. -To use `matrix-aux`, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add to `matrix-aux` configuration like this: +To use the `aux` role, make sure the `matrix_hookshot_github_private_key` variable is empty. Then add the following additional configuration: ```yaml -matrix_aux_file_definitions: +aux_file_definitions: - dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}" content: "{{ lookup('file', '/path/to/your-github-private-key.pem') }}" mode: '0400' owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" ``` -For more info see the documentation in the [matrix-aux base configuration file](/roles/custom/matrix-aux/defaults/main.yml). +For more information, see the documentation in the [default configuration of the aux role](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml). ### Provisioning API diff --git a/docs/configuring-playbook-matrix-corporal.md b/docs/configuring-playbook-matrix-corporal.md index eb635c64..2000cfd9 100644 --- a/docs/configuring-playbook-matrix-corporal.md +++ b/docs/configuring-playbook-matrix-corporal.md @@ -91,7 +91,7 @@ matrix_corporal_policy_provider_config: | } # Modify the policy below as you see fit -matrix_aux_file_definitions: +aux_file_definitions: - dest: "{{ matrix_corporal_config_dir_path }}/policy.json" content: | { diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 9fa9f84b..6a215973 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -40,9 +40,9 @@ If you'd like to use your own SSL certificates, instead of the default (SSL cert To use your own SSL certificates with Traefik, you need to: - disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support -- put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually +- put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually - register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/) -- put the SSL files on the server, with the help of this Ansible playbook (via the `matrix-aux` role) or manually +- put the SSL files on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually ```yaml # Disable ACME / Let's Encrypt support. @@ -53,7 +53,7 @@ devture_traefik_config_certificatesResolvers_acme_enabled: false devture_traefik_ssl_dir_enabled: true # Tell Traefik to load our custom configuration file (certificates.yml). -# The file is created below, in `matrix_aux_file_definitions`. +# The file is created below, in `aux_file_definitions`. # The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it! devture_traefik_configuration_extension_yaml: | providers: @@ -61,9 +61,9 @@ devture_traefik_configuration_extension_yaml: | filename: /config/certificates.yml watch: true -# Use the matrix-aux role to create our custom files on the server. -# If you'd like to do this manually, you remove this `matrix_aux_file_definitions` variable. -matrix_aux_file_definitions: +# Use the aux role to create our custom files on the server. +# If you'd like to do this manually, you remove this `aux_file_definitions` variable. +aux_file_definitions: # Create the privkey.pem file on the server by # uploading a file from the computer where Ansible is running. - dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem" diff --git a/docs/configuring-playbook-sygnal.md b/docs/configuring-playbook-sygnal.md index 786498c6..2fbad04c 100644 --- a/docs/configuring-playbook-sygnal.md +++ b/docs/configuring-playbook-sygnal.md @@ -55,7 +55,7 @@ matrix_sygnal_apps: api_key: your_api_key_for_gcm # .. more configuration .. -matrix_aux_file_definitions: +aux_file_definitions: - dest: "{{ matrix_sygnal_data_path }}/my_key.p8" content: | some @@ -73,7 +73,7 @@ Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easi To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files. To do that, the above example configuration: -- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/custom/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`. +- makes use of the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux) (and its `aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See [`defaults/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-aux/blob/main/defaults/main.yml) of the `aux` role for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `aux`. - references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container) From 8c53cb6f4f404741096b230b56d75192e583a72c Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Sat, 13 May 2023 15:30:40 +0200 Subject: [PATCH 13/13] Add .direnv to gitignore, remove flake.lock --- .gitignore | 2 +- flake.lock | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 flake.lock diff --git a/.gitignore b/.gitignore index 42187739..efd902f6 100644 --- a/.gitignore +++ b/.gitignore @@ -5,7 +5,7 @@ /roles/**/files/scratchpad .DS_Store .python-version -flake.lock +.direnv # ignore roles pulled by ansible-galaxy /roles/galaxy/* diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..5204abc8 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1683777345, + "narHash": "sha256-V2p/A4RpEGqEZussOnHYMU6XglxBJGCODdzoyvcwig8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "635a306fc8ede2e34cb3dd0d6d0a5d49362150ed", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +}