Commit graph

3631 commits

Author SHA1 Message Date
Slavi Pantaleev 1006b8d899 Replace matrix-grafana with an external role 2023-02-15 10:32:24 +02:00
Slavi Pantaleev 94124263a7 Add matrix_prometheus_container_network/matrix_prometheus_container_additional_networks 2023-02-15 08:56:11 +02:00
Slavi Pantaleev 0b9dc56edf Add type support to matrix_coturn_container_additional_volumes
.. and try to auto-switch between `bind` and `volume` depending on
whether there's a slash in the `src` path.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2482
2023-02-15 06:03:55 +02:00
Slavi Pantaleev 1f0da1103a
Merge pull request #2485 from etkecc/patch-171
update postmoogle 0.9.13 -> 0.9.14
2023-02-14 22:48:51 +02:00
Slavi Pantaleev c85d48c45c Remove Traefik labels for Hydrogen & Cinny from matrix-nginx-proxy
Related to 6a52be7987 and 28e7ef9c71f02
2023-02-14 22:46:34 +02:00
Aine 4045d72e7b
update postmoogle 0.9.13 -> 0.9.14
* make banlist consistent
* proper multi-error message
* ignore "." MX hosts
* try recipient domain directly, even when MX records found, but failed
2023-02-14 20:04:27 +00:00
Slavi Pantaleev 4d24e9bb7f
Merge pull request #2484 from etkecc/patch-170
Update synapse 1.76.0 -> 1.77.0
2023-02-14 20:03:33 +02:00
Aine 3570808633
Update synapse 1.76.0 -> 1.77.0 2023-02-14 17:50:55 +00:00
Aine c98f40c836
Update hydrogen 0.3.7 -> 0.3.8 2023-02-14 17:49:16 +00:00
Slavi Pantaleev 51cfd7b777
Merge pull request #2481 from moan0s/update
Bump element version
2023-02-14 15:29:34 +02:00
Julian-Samuel Gebühr 6727aa55ec Bump element version
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
2023-02-14 13:36:04 +01:00
Slavi Pantaleev f28e7ef9c7 Add (native) Traefik support to matrix-client-cinny
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
2023-02-14 11:29:53 +02:00
Slavi Pantaleev 3bace0c7b9 Add matrix_synapse_admin_hostname and rename matrix_synapse_admin_public_endpoint (to matrix_synapse_admin_path_prefix) 2023-02-14 11:05:39 +02:00
Slavi Pantaleev 2e74187050 Add matrix_client_element_hostname and matrix_client_element_path_prefix variables 2023-02-14 11:02:18 +02:00
Slavi Pantaleev eb7292f274 Add matrix_client_hydrogen_hostname and fix Hydrogen serving at non-root-path 2023-02-14 10:57:13 +02:00
Slavi Pantaleev 6a52be7987 Add (native) Traefik support to matrix-client-hydrogen
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Serving at a path other than `/` doesn't work well yet.
2023-02-14 09:58:35 +02:00
Slavi Pantaleev 64e2b26ed5 Fix Hydrogen failing to start
We were mounting our own configuration to
`/usr/share/nginx/html/config.json`, which is a symlink to
`/tmp/config.json`. So we effectively mount our file to
`/tmp/config.json`.

When starting:

- if Hydrogen sees a `CONFIG_OVERRIDE` environment variable,
  it will try to save it into our read-only config file and fail.

- if Hydrogen doesn't see a `CONFIG_OVERRIDE` environment variable (the
  path we go through, because we don't pass such a variable),
  it will try to copy its bundled configuration (`/config.json.bundled`)
  to `/tmp/config.json`. Because our configuration is mounted as read-only, it will
  fail.

In both cases, it will fail with:

> cp: can't create '/tmp/config.json': File exists

Source: 3720de36bb/docker/dynamic-config.sh

We work around this by mounting our configuration on top of the bundled
one (`/config.json.bundled`). We then let Hydrogen's startup script copy
it to `/tmp/config.json` (a tmpfs we've mounted into the container) and use it from there.
2023-02-14 09:49:22 +02:00
Slavi Pantaleev 799cbb44fb Add the ability to control (Traefik) routing priority for Element and synapse-admin
This may proof useful to someone in the future.
2023-02-14 09:04:50 +02:00
Slavi Pantaleev 5c7cd70684 Make use of the existing matrix_synapse_admin_public_endpoint variable 2023-02-14 08:51:20 +02:00
Slavi Pantaleev c33ed94352 Add security headers to synapse-admin (on Traefik)
We've had it on `matrix-nginx-proxy` before, but
our initial support for Traefik did not include any of these security
headers.
2023-02-14 08:49:04 +02:00
Slavi Pantaleev 71597132e0 Move around some matrix-client-element variables 2023-02-14 08:45:32 +02:00
Slavi Pantaleev 5ab5f28d14 Add support for running synapse-admin (on Traefik) at the root path
Previously, we had to run it at a subpath, like `/synapse-admin`.

We can now dedicate a whole domain and the `/` path to it, should we
wish to do so.
2023-02-14 08:42:50 +02:00
Slavi Pantaleev ff1338e003 Add support for hosting Element (on Traefik) at a subpath 2023-02-14 08:31:26 +02:00
Slavi Pantaleev e34174b1b4 Add various security headers to matrix-client-element when behind Traefik 2023-02-13 19:03:20 +02:00
Slavi Pantaleev e51e4eec09 Add (native) Traefik support to matrix-client-element
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
2023-02-13 19:03:20 +02:00
Slavi Pantaleev f2ed5e4b04 Delete /matrix/nginx-proxy/conf.d/matrix-client-element.conf if matrix_nginx_proxy_proxy_element_enabled not enabled 2023-02-13 19:03:20 +02:00
Aine 9f820a506a
Update postmoogle 0.9.12 -> 0.9.13
* live SSL certificates reload on file changes (e.g., on automatic certs renewal)
* print all errors when trying connection to an SMTP server
2023-02-13 14:08:09 +00:00
Slavi Pantaleev 31aa87fdb6
Merge pull request #2475 from etkecc/patch-167
Update coturn 4.6.1-r1 -> 4.6.1-r2
2023-02-13 15:12:37 +02:00
Slavi Pantaleev 3d9aa8387e Add (native) Traefik support to synapse-admin
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now.
2023-02-13 15:08:42 +02:00
Aine f6f7bbd2a1
Update coturn 4.6.1-r1 -> 4.6.1-r2 2023-02-13 12:54:55 +00:00
Slavi Pantaleev 38904c08b0 Wire backup_borg_username
It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.
2023-02-13 11:01:54 +02:00
Slavi Pantaleev 78c35136b2 Replace matrix-backup-borg with an external role 2023-02-13 10:53:11 +02:00
td af10d350bc fix: missing endif in client well-known 2023-02-13 12:32:43 +05:30
Jayesh Nirve 6939a3d6d3
fix: only add element related entries to client well-known if element is enabled (#2453)
* fix: only add element related entries to client well-known if element is enabled

* Fix matrix-base/defaults/main.yml syntax

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-02-13 08:36:20 +02:00
Array in a Matrix 79413e7717
updated dendrite 2023-02-12 13:09:53 -05:00
Slavi Pantaleev f1a1ce8a91
Merge pull request #2464 from spantaleev/traefik
Reverse-proxy configuration changes and initial Traefik support
2023-02-12 16:05:56 +02:00
Catalan Lover cba63bd4b9
Upgrade Drapunir from 1.8.0 Beta to 1.8.0 release. 2023-02-11 23:51:13 +01:00
Slavi Pantaleev 6b0650641b Update matrix_playbook_reverse_proxy_type documentation 2023-02-11 08:58:53 +02:00
Slavi Pantaleev 8309a21303 Rename reverse proxy types and fix Hookshot http/https urlPrefix issue 2023-02-11 08:44:11 +02:00
Slavi Pantaleev 3f2cb840b9 Merge branch 'master' into traefik 2023-02-11 07:46:35 +02:00
Slavi Pantaleev ad22bdb884 Do not run matrix-user-verification-service validation tasks unless the service is enabled 2023-02-10 19:40:03 +02:00
Slavi Pantaleev 7142ff422d Ensure matrix_user_verification_service_uvs_access_token is always defined
The playbook tries to avoid such variables which are sometimes defined
and sometimes not. We'd rather not check for `is defined`.
2023-02-10 19:40:03 +02:00
Slavi Pantaleev 97f65e8dff Minor fixes to allow for Traefik without SSL 2023-02-10 19:36:06 +02:00
Aine a1ef28681a
Update Hydrogen 0.3.6 -> 0.3.7 2023-02-10 14:40:50 +00:00
Slavi Pantaleev 28d2eb593c Add matrix_playbook_reverse_proxy_type variable which influences all other services 2023-02-10 16:04:34 +02:00
Slavi Pantaleev 06ccd71edc Merge branch 'master' into traefik 2023-02-10 14:37:59 +02:00
Slavi Pantaleev f6ab162fff Remove systemd-reloading handler in matrix-user-verification-service
None of the other roles use handlers.

We rely on com.devture.ansible.role.systemd_service_manager to reload services when it's necessary to do so.
2023-02-10 14:22:37 +02:00
Slavi Pantaleev e1bfa2a7d6 Fix ansible-lint-reported errors 2023-02-10 14:21:31 +02:00
Slavi Pantaleev 43a6a035a0 Skip removing /.well-known/element directory to suppress ansible-lint error
Leaving an orphan directory is okay and can be improved later on.
2023-02-10 14:16:00 +02:00
Slavi Pantaleev 01ccec2dbe Merge branch 'master' into pr-jitsi-matrix-authentication 2023-02-10 14:12:47 +02:00