Commit graph

315 commits

Author SHA1 Message Date
Slavi Pantaleev c6feb0b99e Upgrade Synapse (v1.25.0 -> v1.26.0) 2021-01-27 21:41:47 +02:00
Slavi Pantaleev 66cdc7bf5a Clean up worker.yaml generation a bit and make it more flexible 2021-01-25 13:02:01 +02:00
Slavi Pantaleev 63301b0ef1 Improvements around Synapse worker/metrics ports exposure
There was a `matrix_nginx_proxy_enabled|default(False)` check, but:
- it didn't seem to work reliably for some reason (hmm)
- referring to a `matrix_nginx_proxy_*` variable from within the
  `matrix-synapse` role is not ideal
- exposing always happened on `127.0.0.1`, which may not be good enough
  for some rarer setups (where the own webserver is external to the host)
2021-01-25 08:25:43 +02:00
Marcel Partap 183adec3d8 Merge remote-tracking branch 'origin/master' into synapse-workers 2021-01-23 15:04:11 +01:00
Slavi Pantaleev 95346f3117 Reorganize Postgres access (breaking change)
In short, this makes Synapse a 2nd class citizen,
preparing for a future where it's just one-of-many homeserver software
options.

We also no longer have a default Postgres superuser password,
which improves security.

The changelog explains more as to why this was done
and how to proceed from here.
2021-01-22 13:26:12 +02:00
Slavi Pantaleev b15da29ebb Bump Synapse to v1.25.0 for ARM 2021-01-14 10:41:47 +02:00
Slavi Pantaleev d5945c6e78 Upgrade Synapse (v1.24.0 -> v1.25.0) for amd64 2021-01-13 13:02:49 +02:00
Marcel Partap cd8100544b Merge remote-tracking branch 'origin/master' into synapse-workers
Sync with upstream
2021-01-08 20:58:50 +01:00
Slavi Pantaleev 245b749946 Upgrade Synapse for ARM (v1.23.0 -> v1.24.0)
Continuation of aa86e0dac6, now that ARM images are out.
2020-12-09 20:54:18 +02:00
Slavi Pantaleev aa86e0dac6 Upgrade Synapse (v1.23.0 -> v1.24.0)
Because the ARM images are not pushed yet, we hold back to v1.23.0
for now.
2020-12-09 13:31:10 +02:00
Slavi Pantaleev c07c927d9f Automatically enable openid listeners when ma1sd enabled
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)

If federation is disabled, we still need to expose these openid APIs on the
federation port.

Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).

Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.

With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
2020-12-08 16:59:20 +02:00
Marcel Partap f201bca519 synapse workers: define and expose METRICS port for each worker
As seen on TV:
https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md#monitoring-workers
2020-12-01 22:49:15 +01:00
Marcel Partap af08f18779 synapse workers default config: disable user_dir worker for now
(until https://github.com/matrix-org/synapse/issues/8787 is resolved)
2020-12-01 22:22:04 +01:00
Marcel Partap b73ac965ac Merge remote-tracking branch 'origin/master' into synapse-workers 2020-12-01 21:24:26 +01:00
Slavi Pantaleev be5263f397 Move self-building git repository URLs to variables (stop hardcoding) 2020-11-28 21:34:14 +02:00
transcaffeine c58a7e03c7
synapse: update to 1.23.0 2020-11-18 14:16:46 +01:00
Slavi Pantaleev 5eed874199 Improve self-building experience (avoid conflict with pullable images)
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/716

This patch makes us use more fully-qualified container image names
(either prefixed with docker.io/ or with localhost/).

The latter happens when self-building is enabled.

We've recently had issues where if an image was removed manually
and the service was restarted (making `docker run` fetch it from Docker Hub, etc.),
we'd end up with a pulled image, even though we're aiming for a self-built one.
Re-running the playbook would then not do a rebuild, because:
- the image with that name already exists (even though it's something
else)
- we sometimes had conditional logic where we'd build only if the git
repo changed

By explicitly changing the name of the images (prefixing with localhost/),
we avoid such confusion and the possibility that we'd automatically pul something
which is not what we expect.

Also, I've removed that condition where building would happen on git
changes only. We now always build (unless an image with that name
already exists). We just force-build when the git repo changes.
2020-11-14 23:00:49 +02:00
Marcel Partap 4678c5d7bd Merge remote-tracking branch 'origin/master' into synapse-workers
Also, replace vague FIXME by a proper NOTE on the complete
story of the user_dir endpoints..
2020-11-11 21:26:08 +01:00
Slavi Pantaleev 5c91e56898 Upgrade Synapse (v1.22.0 -> v1.22.1) 2020-10-30 19:35:55 +02:00
Marcel Partap 2d1b9f2dbf synapse workers: reworkings + get endpoints from upstream docs via awk
(yes, a bit awkward and brittle… xD)
2020-10-28 07:13:19 +01:00
Slavi Pantaleev 70f0b97a0a Upgrade Synapse (v1.21.2 -> v1.22.0) 2020-10-27 14:24:02 +02:00
Marcel Partap 87bd64ce9e Merge remote-tracking branch 'origin/master' into synapse-workers 2020-10-23 23:45:07 +02:00
Slavi Pantaleev f7ecc7a2a5 Upgrade Synapse (v1.21.1 -> v1.21.2) 2020-10-15 17:42:52 +03:00
Slavi Pantaleev 5abd511368 Upgrade Synapse (v1.21.0 -> v1.21.1) 2020-10-13 13:08:25 +03:00
Aaron Raimist 78529cbd47
Upgrade Synapse (v1.20.1 -> v1.21.0) 2020-10-12 23:59:34 -05:00
Marcel Partap 36e9be6092 matrix_synapse_workers_{avail,enabled}_list: sort non-generic workers
.. alphabetically and put those not documented as multi-instance
capable on ports ending on zero.
2020-10-11 21:44:42 +02:00
Marcel Partap 93a8ea7e4a Merge remote-tracking branch 'master' into feature/add-worker-support 2020-10-11 20:59:05 +02:00
Slavi Pantaleev e68450f094 Upgrade Synapse (v1.20.0 -> v1.20.1) 2020-09-24 18:43:54 +03:00
Slavi Pantaleev dd217137b6 Upgrade Synapse (v1.19.3 -> v1.20.0) 2020-09-22 19:28:07 +03:00
Slavi Pantaleev 65e22a6888 Upgrade Synapse (v1.19.2 -> v1.19.3) 2020-09-18 17:37:04 +03:00
Slavi Pantaleev e10e3e354d Upgrade Synapse (v1.19.1 -> v1.19.2) 2020-09-16 16:35:17 +03:00
Max Klenk 4fdfc0a34f
add missing ratelimiting options required for load testing 2020-09-11 09:46:20 +02:00
Max Klenk a25a429a52
add redis support 2020-09-10 13:39:00 +02:00
Max Klenk 06bc430c7c
refactor to use new workers and routes they serve 2020-08-28 13:53:39 +02:00
Max Klenk 53ccc783b7
remove duplicated key 2020-08-27 15:26:46 +02:00
Max Klenk 567d0318b0
Merge branch 'synapse-workers' into feature/add-worker-support 2020-08-27 15:22:12 +02:00
Slavi Pantaleev 6e9600ffec Upgrade Synapse (v1.19.0 -> v1.19.1) 2020-08-27 12:59:11 +03:00
Slavi Pantaleev daf13107a0 Add support for rust-synapse-compress-state 2020-08-21 13:53:39 +03:00
Slavi Pantaleev 9952ec6c16 Upgrade Synapse (v1.18.0 -> v1.19.0) 2020-08-17 17:02:40 +03:00
Slavi Pantaleev f78a5d4ee8 Upgrade Synapse (v1.17.0 -> v1.18.0) 2020-07-30 14:21:44 +03:00
Slavi Pantaleev c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00
Slavi Pantaleev 200f912c04 Upgrade Synapse (v1.16.1 -> v1.17.0)
Fixes #579 (Github Issue).
2020-07-13 14:08:50 +03:00
Slavi Pantaleev eff55e4d00 Upgrade Synapse (v1.16.0 -> v1.16.1) 2020-07-10 14:33:18 +03:00
Slavi Pantaleev 928982cffe Upgrade Synapse (v1.15.2 -> v1.16.0) 2020-07-08 14:08:46 +03:00
Justin Croonenberghs 1f21f0c09a Add variables for reCAPTCHA validation 2020-07-03 18:33:25 -05:00
Aaron Raimist 78382b0ce4
Upgrade Synapse (1.15.1 -> 1.15.2) 2020-07-02 10:38:25 -05:00
Slavi Pantaleev 10bc85962e Upgrade Synapse (1.15.0 -> 1.15.1) 2020-06-16 13:55:27 +03:00
Slavi Pantaleev 6538ae34f5 Upgrade Synapse (v1.14 -> v1.15)
Fixes #539 (Github Issue).
2020-06-11 16:02:01 +03:00
Slavi Pantaleev 0113852504 Upgrade matrix-synapse-shared-secret-auth (1.0.1 -> 1.0.2)
There's no change in the source code. Just a release bump for packaing
reasons. It doesn't matter much for us here, but let's be on the latest
tag anyway.
2020-06-08 09:29:55 +03:00
Slavi Pantaleev 8bae39050e Update settings for Synapse v1.14.0 2020-05-28 15:23:05 +03:00
tctovsli 45ba01510d
Synapse v.1.14.0 2020-05-28 14:04:37 +02:00
Slavi Pantaleev 8fb3ce6f6d Upgrade Synapse (v1.12.4 -> v1.13.0) 2020-05-19 21:35:32 +03:00
Aaron Raimist 23bfaa72ec
Upgrade Synapse (1.12.3 -> 1.12.4) 2020-04-23 13:30:50 -05:00
Chris van Dijk 3f4bc9b881 Move config supprt for unfederated dimension into group_vars 2020-04-22 19:23:56 +02:00
Marcel Partap 5f63d287b7 Move synapse worker ports up 10k 2020-04-19 19:05:03 +02:00
Marcel Partap 353bc7c362 Add initial support for synapse workers
· needs documentation; no checks yet for port clashes or typos in worker name
· according to https://github.com/matrix-org/synapse/wiki/Workers-setup-with-nginx#results
  about 90% of requests go to the synchrotron endpoint
· thus, the synchrotron worker is especially suited to be load-balanced
· most of the other workers are documented to support only a single instance
· https://github.com/matrix-org/synapse/blob/master/docs/workers.md
2020-04-19 19:05:03 +02:00
Tom e54428b160 Expose allowed local 3pids as a configurable option 2020-04-18 00:11:30 +01:00
Slavi Pantaleev f78fa3f328 Upgrade Synapse (1.12.0 -> 1.12.3) 2020-04-03 14:26:30 +03:00
Slavi Pantaleev 845f5f007b Make Synapse use ma1sd (if enabled) for threepid registration 2020-04-03 10:08:37 +03:00
tctovsli 949b5d7a46
Release synapse v.1.12.0 2020-03-23 15:03:40 +01:00
Slavi Pantaleev 2b85fde103 Rename some variables for consistency 2020-03-15 10:15:27 +02:00
Slavi Pantaleev 8fe97abe7d Wire matrix_container_images_self_build to self_build variables via group_vars/matrix_servers
This keeps the roles cleaner and more independent of matrix-base,
which may be important for people building their own playbook
out of the individual roles and not using the matrix-base role.
2020-03-15 10:10:41 +02:00
Horvath Gergely 2d537484d5 introduce variable 2020-03-14 19:16:29 +01:00
Horvath Gergely a5d94eec0b refactor variable names 2020-03-08 00:28:14 +01:00
Horvath Gergely 310aa685f9 refactor based on Slavi's requests 2020-03-08 00:24:00 +01:00
Slavi Pantaleev a727e7c497 Upgrade Synapse (v1.11.0 -> v1.11.1) 2020-03-03 17:32:22 +02:00
Slavi Pantaleev 5de8f27122 Upgrade Synapse (v1.10.1 -> v1.11.0) 2020-02-21 12:32:35 +02:00
orange 45e32bdad2 add synapse config enable_group_creation 2020-02-18 18:05:54 +01:00
Dan Arnfield 96557c6280 Update synapse (1.10.0 -> 1.10.1) 2020-02-17 13:27:05 -06:00
Dan Arnfield bac7685ce4 Update synapse (1.9.1 -> 1.10.0) 2020-02-12 06:46:52 -06:00
Slavi Pantaleev f9a67624e1 Upgrade Synapse (1.9.0 -> 1.9.1) 2020-01-28 16:02:09 +02:00
Slavi Pantaleev c9f2bf89b5 Fix incorrect REST Auth module URL
Regression since #362 (Github Pull Request).
2020-01-27 12:22:40 +02:00
Slavi Pantaleev c2135d1afe Switch from kamax-matrix/matrix-synapse-rest-password-provider to ma1uta/matrix-synapse-rest-password-provider
Synapse v1.9.0 changed some things which made the REST Auth Password
Provider break.

The ma1uta/matrix-synapse-rest-password-provider implements some
workarounds for now and will likely deliver a proper fix in the future.

Not much has changed between the 2 projects, so this should be a
painless transition.
2020-01-25 10:23:59 +02:00
Slavi Pantaleev 2c04384e8e Synchronize config with the one from Synapse 1.9.0
Related to #355.
2020-01-23 15:47:53 +02:00
Paul Tötterman e9761679eb
Upgrade Synapse to 1.9.0 2020-01-23 15:46:24 +02:00
Slavi Pantaleev fddd3f922f Upgrade Synapse to 1.8.0 2020-01-09 15:33:35 +02:00
Dan Arnfield 4f3f263420 Update synapse (1.7.2 -> 1.7.3) 2019-12-31 06:28:58 -06:00
Slavi Pantaleev 8b5b075fda Fix typo 2019-12-31 11:25:09 +02:00
Slavi Pantaleev 0e3e3cdf86 Upgrade Synapse (1.7.1 -> 1.7.2) 2019-12-20 13:20:54 +02:00
Slavi Pantaleev b09f5a783b Upgrade Synapse (1.7.0 -> 1.7.1) 2019-12-18 12:15:52 +02:00
Slavi Pantaleev d69ddcfdac Upgrade Synapse (1.6.1 -> 1.7.0) 2019-12-13 14:52:29 +02:00
Aaron Raimist 79d1576648
Allow Synapse manhole to be enabled
Can you double check that the way I have this set only exposes it locally? It is important that the manhole is not available to the outside world since it is quite powerful and the password is hard coded.
2019-12-05 00:07:15 -06:00
Slavi Pantaleev b8baf1356e Upgrade Synapse (1.6.0 -> 1.6.1) 2019-11-28 13:59:42 +02:00
Slavi Pantaleev 0c51440426 Update Synapse to v1.6.0 2019-11-26 16:28:17 +02:00
Slavi Pantaleev 2da40c729a Do not expose server room directory by default
Prompted by: https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers

This is a bit controversial, because.. the Synapse default remains open,
while the general advice (as per the blog post) is to make it more private.

I'm not sure exactly what kind of server people set up and whether they
want to make the room directory public. Our general goal is to favor
privacy and security when running personal (family & friends) and corporate
homeservers, both of which likely benefit from having a more secure default.
2019-11-10 08:55:46 +02:00
Slavi Pantaleev 50614f1bad Simplify Prerequisites a bit
Don't mention systemd-journald adjustment anymore, because
we've changed log levels to WARNING and Synapse is not chatty by default
anymore.

The "excessive log messages may get dropped on CentOS" issue no longer
applies to most users and we shouldn't bother them with it.
2019-11-10 08:35:17 +02:00
Slavi Pantaleev f0e80218b0 Upgrade Synapse (1.5.0 -> 1.5.1) 2019-11-06 12:28:48 +02:00
Dan Arnfield f0ce0db7dc Update synapse (1.4.1 -> 1.5.0) 2019-10-29 10:41:46 -05:00
Slavi Pantaleev e0ea708acc Upgrade Synapse (1.4.0 -> 1.4.1) 2019-10-18 13:31:40 +03:00
Slavi Pantaleev a37b96d829 Upgrade Synapse to 1.4.0 2019-10-03 19:26:38 +03:00
Aaron Raimist 413d9ec143
WIP: Upgrade Synapse (1.3.1 -> 1.4.0rc2) 2019-10-02 21:35:44 -05:00
Slavi Pantaleev 68ed2ebefa Add support for Synapse Simple Antispam
Fixes #255 (Github Issue).
2019-09-09 08:13:10 +03:00
Slavi Pantaleev 4b1e9a4827 Add support for configuring Synapse spam_checker setting 2019-09-09 08:11:32 +03:00
Slavi Pantaleev 10a9deba4a Make Synapse configuration extensible 2019-08-22 09:49:22 +03:00
Dan Arnfield 42ea3cb0e1 Update synapse (1.3.0 -> 1.3.1) 2019-08-19 06:45:51 -05:00
Dan Arnfield 7b5e633776 Update synapse (1.2.1 -> 1.3.0) 2019-08-15 06:59:37 -05:00
Slavi Pantaleev 99f5baa7bb Fix undefined variable error (matrix_synapse_id_servers_public)
This only gets triggered if:
- the Synapse role is used standalone and the default values are used
- the whole playbook is used, with `matrix_mxisd_enabled: false`
2019-08-08 18:30:54 +03:00
Oleg Fiksel f713bbe0f8 Added possibility to enable guest access on synapse 2019-08-08 11:57:35 +02:00
Slavi Pantaleev 6fe4bafc2a Decrease default Synapse logging level
Also discussed previously in #213 (Github Pull Request).

shared-secret-auth and rest-auth logging is still at `INFO`
intentionally, as user login events seem more important to keep.
Those modules typically don't spam as much.
2019-08-03 07:48:04 +03:00
Slavi Pantaleev bd99dd05b4 Upgrade Synapse (1.2.0 -> 1.2.1) 2019-07-26 14:17:31 +03:00
Dan Arnfield 0e54515c9d Update synapse (1.1.0 -> 1.2.0) 2019-07-25 08:42:33 -05:00
Slavi Pantaleev ef5e4ad061 Make Synapse not log to text files
Somewhat related to #213 (Github Pull Request).

We've been moving in the opposite direction for quite a long time.
All services should just leave logging to systemd's journald.
2019-07-04 17:46:31 +03:00
Slavi Pantaleev b84139088c Fix password providers not working on Synapse v1.1.0
Fixes a regression introduced during the upgrade to
Synapse v1.1.0 (in 2b3865ceea).

Since Synapse v1.1.0 upgraded to Python 3.7
(https://github.com/matrix-org/synapse/pull/5546),
we need to use a different modules directory when mounting
password provider modules.
2019-07-04 17:28:38 +03:00
Slavi Pantaleev 73158e6c2f Fix unintentionally inverted boolean
Fixes a problem introduced by da6edc9cba.

Related to #145 (Github Pull Request).
2019-07-04 17:27:42 +03:00
Slavi Pantaleev da6edc9cba Add support for disabling Synapse's local database for user auth
This is a new feature of Synapse v1.1.0.

Discussed in #145 (Github Pull Request).
2019-07-04 17:11:51 +03:00
Slavi Pantaleev 2b3865ceea Upgrade Synapse (1.0.0 -> 1.1.0) 2019-07-04 16:58:45 +03:00
Aaron Raimist 483bdd8c01
Allow default room version to be configured 2019-06-11 21:18:06 -05:00
Slavi Pantaleev e4068e55ee Upgrade Synapse (0.99.5.2 -> 1.0.0) 2019-06-11 20:30:18 +03:00
Slavi Pantaleev 7d3adc4512 Automatically force-pull :latest images
We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).
2019-06-10 14:30:28 +03:00
Aaron Raimist 79f4bcf5be
Enable sentry.io integration 2019-06-07 16:02:41 -05:00
Slavi Pantaleev 3bc8aa0a82 Upgrade Synapse (0.99.5.1 -> 0.99.5.2) 2019-05-30 20:50:09 +03:00
Slavi Pantaleev 70487061f4 Prefer --mount instead of -v for mounting volumes
This doesn't replace all usage of `-v`, but it's a start.

People sometimes troubleshoot by deleting files (especially bridge
config files). Restarting Synapse with a missing registration.yaml file
for a given bridge, causes the `-v
/something/registration.yaml:/something/registration.yaml:ro` option
to force-create `/something/registration.yaml` as a directory.

When a path that's provided to the `-v` option is missing, Docker
auto-creates that path as a directory.
This causes more breakage and confusion later on.

We'd rather fail, instead of magically creating directories.
Using `--mount`, instead of `-v` is the solution to this.

From Docker's documentation:

> When you use --mount with type=bind, the host-path must refer to an existing path on the host.
> The path will not be created for you and the service will fail with an error if the path does not exist.
2019-05-29 09:59:50 +03:00
Slavi Pantaleev ab59cc50bd Add support for more flexible container port exposing
Fixes #171 (Github Issue).
2019-05-25 07:41:08 +09:00
Slavi Pantaleev a8b633561d Upgrade Synapse (v0.99.4 -> v0.99.5.1) 2019-05-23 09:23:04 +09:00
Slavi Pantaleev affb99003c Improve Synapse variable naming consistency 2019-05-21 12:09:38 +09:00
Slavi Pantaleev a1e9818356 Update comment 2019-05-21 11:25:32 +09:00
Slavi Pantaleev 663d1add92 Move matrix-appservice-discord into a separate role 2019-05-18 01:14:12 +09:00
Slavi Pantaleev 13c4e7e5b6 Merge branch 'master' into separate-bridge-roles 2019-05-16 09:45:06 +09:00
Slavi Pantaleev cf3117011b Upgrade Synapse (0.99.3.2 -> 0.99.4) 2019-05-16 09:20:43 +09:00
Slavi Pantaleev 3339e37ce9 Move matrix-appservice-irc into a separate role 2019-05-16 09:07:40 +09:00
Slavi Pantaleev 43fd3cc274 Move mautrix-facebook into a separate role 2019-05-15 09:34:31 +09:00
Slavi Pantaleev bb816df557 Move mautrix telegram and whatsapp into separate roles
The goal is to move each bridge into its own separate role.
This commit starts off the work on this with 2 bridges:
- mautrix-telegram
- mautrix-whatsapp

Each bridge's role (including these 2) is meant to:

- depend only on the matrix-base role

- integrate nicely with the matrix-synapse role (if available)

- integrate nicely with the matrix-nginx-proxy role (if available and if
required). mautrix-telegram bridge benefits from integrating with
it.

- not break if matrix-synapse or matrix-nginx-proxy are not used at all

This has been provoked by #174 (Github Issue).
2019-05-14 23:47:22 +09:00
Slavi Pantaleev 873c291be6 Fix appservice-discord configuration-extension merging 2019-05-14 08:24:03 +09:00
Slavi Pantaleev 216cdf8c74
Merge pull request #166 from izissise/mautrix-facebook
Mautrix facebook
2019-05-09 10:05:14 +03:00
Dan Arnfield 958ad68078 Add registrations_require_3pid synapse option 2019-05-08 12:29:18 -05:00
Hugues Morisset a82d5ed281 Add tulir mautrix-facebook (https://github.com/tulir/mautrix-facebook) 2019-05-08 17:11:07 +02:00
Slavi Pantaleev 5f2f17cb1e
Merge pull request #160 from danbob/fix-matrix-mxisd-config
Fix template indentation
2019-05-08 08:01:00 +03:00
Dan Arnfield 3abed49764 Fix jinja config for indented code blocks 2019-05-07 06:02:38 -05:00
Slavi Pantaleev e0b7b4dc61
Merge pull request #159 from TheLastProject/feature/docker_add_hosts
Add the possibility to pass extra flags to the docker container
2019-05-05 10:22:59 +03:00
Slavi Pantaleev 6bea3237c9
Merge pull request #163 from aaronraimist/synapse-0.99.3.1
Update Synapse (0.99.3 -> 0.99.3.1)
2019-05-03 22:10:20 +03:00
Aaron Raimist 8051ea9ef9
Update Synapse (0.99.3.1 -> 0.99.3.2) 2019-05-03 13:34:45 -05:00
Aaron Raimist d1646bb497
Update Synapse (0.99.3 -> 0.99.3.1) 2019-05-03 12:07:58 -05:00
Sylvia van Os 75b1528d13 Add the possibility to pass extra flags to the docker container 2019-04-30 16:35:18 +02:00
Sylvia van Os bf77f776a2 Add variable to disable homeserver url preview 2019-04-30 13:58:48 +02:00
Slavi Pantaleev 892abdc700 Do not refer to Synapse as "Matrix Synapse" 2019-04-23 10:20:56 +03:00
Lyubomir Popov eab8f31eed Add additional room config options:
- matrix_enable_room_list_search - Controls whether searching the public room list is enabled.
 - matrix_alias_creation_rules - Controls who's allowed to create aliases on this server.
 - matrix_room_list_publication_rules - Controls who can publish and which rooms can be published in the public room list.
2019-04-16 12:40:38 +03:00
Alexander Acevedo b5fbec8d83
add goofys custom
Creates the configuration variable to toggle custom endpoint and the default custom endpoint.
2019-04-05 05:33:38 -04:00
Slavi Pantaleev 631b7cc6a6 Add support for adjusting Synapse rate-limiting configuration 2019-04-01 21:40:14 +03:00
Aaron Raimist c6f1f7aa23
Update Synapse (0.99.2 -> 0.99.3) 2019-04-01 11:26:46 -05:00
Slavi Pantaleev d9c6884b6a Update mautrix-telegram (0.4.0 -> 0.5.1) 2019-03-22 18:50:41 +02:00
Slavi Pantaleev 73af8f7bbb Make self-check not validate self-signed certificates
By default, `--tags=self-check` no longer validates certificates
when `matrix_ssl_retrieval_method` is set to `self-signed`.

Besides this default, people can also enable/disable validation using the
individual role variables manually.

Fixes #124 (Github Issue)
2019-03-22 09:41:08 +02:00
Lee Verberne 71c7c74b7b Allow configuring push content for matrix-synapse
This allows overriding the default value for `include_content`. Setting
this to false allows homeserver admins to ensure that message content
isn't sent in the clear through third party servers.
2019-03-16 07:16:20 +01:00
Slavi Pantaleev 62e2acada5
Merge pull request #104 from dangersalad/master
allow exposing mautrix_telegram port
2019-03-08 08:50:05 +02:00
paulbdavis 17e86ba817 implement requested changes 2019-03-07 12:45:58 -07:00
Lionstiger 2d78c5f89d made matrix_appservice_discord_client_id lowercase 2019-03-04 15:11:06 +01:00
Lionstiger 7aadd8bbe9 undo changed synapse version 2019-03-03 19:55:56 +01:00
Lionstiger 835c349275 Add matrix-appservice-discord bridge
Bridge is setup to work on the matrix side with this, but the discord invite link is not automatically generated.
2019-03-03 18:22:52 +01:00
Slavi Pantaleev 041a1947b3 Update Synapse (0.99.1.1 -> 0.99.2) 2019-03-02 10:03:09 +02:00
paulbdavis f2a2cad107 allow exposing mautrix_telegram port 2019-03-01 16:05:01 -07:00
Slavi Pantaleev a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
Slavi Pantaleev 8cac29a5d5 Update matrix-synapse-rest-auth (0.1.1 -> 0.1.2) 2019-02-28 11:15:26 +02:00
Slavi Pantaleev 0f55823c5f Update Synapse (0.99.1 -> 0.99.1.1)
It's not important for us, as it only contains
some ACME-related fix.
2019-02-14 19:43:13 +02:00
Slavi Pantaleev eb08e20418 Upgrade Synapse (0.99.0 -> 0.99.1) and sync config
`matrix_synapse_no_tls` is now implicit, so we've gotten rid of it.

The `homeserver.yaml.j2` template has been synchronized with the
configuration generated by Synapse v0.99.1 (some new options
are present, etc.)
2019-02-14 18:40:55 +02:00
Slavi Pantaleev df76ae707a Fix inaccurate comment 2019-02-13 14:07:16 +02:00
Slavi Pantaleev 40f3793af7 Upgrade Synapse to v0.99 and simplify dummy TLS cert logic 2019-02-06 09:17:55 +02:00
Slavi Pantaleev 738c592c27 Bump Synapse version (0.34.1.1 -> 0.99.0rc4) 2019-02-05 13:33:39 +02:00
Slavi Pantaleev f6ebd4ce62 Initial work on Synapse 0.99/1.0 preparation 2019-02-05 12:09:46 +02:00
dhose 87e3deebfd Enable exposure of Prometheus metrics. 2019-02-01 20:02:11 +01:00
Plailect 29b40b428a
Database files must be stored on permanent storage 2019-02-01 11:44:06 -05:00
Plailect 5e1d96c727
Add matrix_appservice_irc_container_expose_client_server_api_port 2019-01-31 11:20:45 -05:00
Plailect 0a2a8e118c
Update example configuration and documentation 2019-01-31 11:05:27 -05:00
Plailect 3a4a671dd7
Add support for matrix-appservice-irc 2019-01-31 00:37:23 -05:00
Slavi Pantaleev 0be7b25c64 Make (most) containers run with a read-only filesystem 2019-01-29 18:52:02 +02:00
Slavi Pantaleev c10182e5a6 Make roles more independent of one another
With this change, the following roles are now only dependent
on the minimal `matrix-base` role:
- `matrix-corporal`
- `matrix-coturn`
- `matrix-mailer`
- `matrix-mxisd`
- `matrix-postgres`
- `matrix-riot-web`
- `matrix-synapse`

The `matrix-nginx-proxy` role still does too much and remains
dependent on the others.

Wiring up the various (now-independent) roles happens
via a glue variables file (`group_vars/matrix-servers`).
It's triggered for all hosts in the `matrix-servers` group.

According to Ansible's rules of priority, we have the following
chain of inclusion/overriding now:
- role defaults (mostly empty or good for independent usage)
- playbook glue variables (`group_vars/matrix-servers`)
- inventory host variables (`inventory/host_vars/matrix.<your-domain>`)

All roles default to enabling their main component
(e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`).
Reasoning: if a role is included in a playbook (especially separately,
in another playbook), it should "work" by default.

Our playbook disables some of those if they are not generally useful
(e.g. `matrix_corporal_enabled: false`).
2019-01-16 18:05:48 +02:00
Slavi Pantaleev 51312b8250 Split playbook into multiple roles
As suggested in #63 (Github issue), splitting the
playbook's logic into multiple roles will be beneficial for
maintainability.

This patch realizes this split. Still, some components
affect others, so the roles are not really independent of one
another. For example:
- disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse
and riot-web to reconfigure themselves with other (public)
Identity servers.

- enabling matrix-corporal (`matrix_corporal_enabled: true`) affects
how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to
put matrix-corporal's gateway server in front of Synapse

We may be able to move away from such dependencies in the future,
at the expense of a more complicated manual configuration, but
it's probably not worth sacrificing the convenience we have now.

As part of this work, the way we do "start components" has been
redone now to use a loop, as suggested in #65 (Github issue).
This should make restarting faster and more reliable.
2019-01-12 18:01:10 +02:00