Commit graph

5451 commits

Author SHA1 Message Date
Slavi Pantaleev 735e7355a5 Rename variable (matrix_synapse_ext_s3_storage_provider_path -> matrix_synapse_ext_s3_storage_provider_base_path) 2022-11-27 09:28:29 +02:00
Slavi Pantaleev 72744f9db9 /usr/local/bin/matrix-synapse-register-user -> /matrix/synapse/bin/register-user 2022-11-27 09:26:18 +02:00
Slavi Pantaleev 7b43ef34b7 Remove more hardcoded matrix-postgres references 2022-11-27 09:16:18 +02:00
Slavi Pantaleev 3d5d843418 Replace some devture_postgres_identifier instances with devture_postgres_connection_hostname 2022-11-27 08:31:54 +02:00
Slavi Pantaleev eedf5ad94d Remove some hardcoded matrix-postgres references 2022-11-27 08:23:43 +02:00
Slavi Pantaleev 04b9483f0d Switch from matrix-postgres to com.devture.ansible.role.postgres 2022-11-27 08:04:31 +02:00
Slavi Pantaleev dd9ae0d25c Fix accidentally swapped tags (rust-synapse-compress-state and update-user-password) 2022-11-27 07:24:39 +02:00
Slavi Pantaleev 1688983436
Merge pull request #2299 from etkecc/patch-127
update mautrix-telegram 0.12.1 -> 0.12.2
2022-11-26 20:51:02 +02:00
Aine ea0c9ed71d
update mautrix-telegram 0.12.1 -> 0.12.2 2022-11-26 18:48:04 +00:00
Slavi Pantaleev 018a609e47 Simplify matrix_postgres_backup_databases definition
Related to 71de7cd8cd
2022-11-26 18:57:45 +02:00
Slavi Pantaleev 71de7cd8cd Simplify matrix_backup_borg_postgresql_databases definition
There was no need to add `synapse` to the list manually
and then add all other additional databases.

When the `synapse` database was the main database, this made sense.
Since a long time ago already, ALL databases are "additional" databases,
so the `synapse` database is part of that list.

We could additional add the main (`matrix`) database to this list,
but there's probably no point in backing that one up.
2022-11-26 18:53:54 +02:00
Slavi Pantaleev 9427f9408d
Merge pull request #2298 from pub-solar/docs/synapse-oidc-keycloak
Update docs on how to use synapse & keycloak OIDC
2022-11-26 17:23:31 +02:00
teutat3s e9765ae4a5
Update docs on how to use synapse & keycloak OIDC
Use up-to-date example from synapse docs

Add link to keycloak website

Add link to synapse docs on OIDC
2022-11-26 16:16:56 +01:00
Slavi Pantaleev fe4c2d73f4 Update Ansible version requirements
Tests were carried out like this:

- `virtualenv3 env`
- `./env/bin/pip install ansible==4.10.0 ansible-core==2.11.7`
- `./env/bin/ansible-playbook .....`

The lowest version of `ansible-core` available on PyPI right now is
2.11.0. That version has trouble with `ansible==4.0.0` though.
The errors we were hitting seemed to be resolved by others online by
using `ansible==4.10.0` instead, which has a minimum `ansible-core`
requirement of `2.11.7`, so that's what we went with.

Older versions of Ansible may work, but.. I'm having trouble
installing them and don't want to spend too much time on digging through
ancient versions and testing them out. People should just learn to run
up-to-date software.
2022-11-26 16:45:07 +02:00
Array in a Matrix 504d4a4134
Add dendrite captcha config to doc and hCaptcha (#2290)
* added dendrite captcha options

* added hcaptcha doc

* proper url

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update main.yml

* renamed captcha vars to new naming scheme

* change vars to new format

* Rename back some incorrect renamed variables

These variables are either not just part of the `client_api` subsection,
or are not even part of that section at all. They shouldn't have been
renamed in baaef2ed616e2645550d9

* Fix up naming inconsistencies

Some of these variables had been renamed in one place,
but not in other places, so it couldn't have worked that way.

* Add validation/deprecation for renamed Dendrite variables

Related to 4097898f885cf4c73, baaef2ed616e2645550, 68f4418092fa8ad
and a0b4a0ae6b2f1f18

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-11-26 09:27:43 +02:00
Slavi Pantaleev 16c18b0344 Upgrade Hydrogen (v0.3.4 -> v0.3.5) 2022-11-25 18:59:01 +02:00
Slavi Pantaleev fa523c6472 Remove blank lines 2022-11-25 17:36:42 +02:00
Slavi Pantaleev a04f6f4e3d Optimize uninstall tasks a bit
- forego removing Docker images - it's not effective anyway, because it
  only removes the last version.. which is a drop in the bucket, usually

- do not reload systemd - it's none of our business. `--tags=start`,
  etc., handle this

- combine all uninstall tasks under a single block, which only runs if
  we detect traces (a leftover systemd .service file) of the component.
  If no such .service is detected, we skip them all. This may lead to
  incorect cleanup in rare cases, but is good enough for the most part.
2022-11-25 17:28:57 +02:00
Slavi Pantaleev 8456657f21 Announce install-* tags 2022-11-25 16:15:19 +02:00
Slavi Pantaleev 61f67d8f0a Add install-* tags for quicker runs 2022-11-25 16:02:51 +02:00
Slavi Pantaleev 34c01da9d2 Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.

After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.

These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.

The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).

Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):

> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
Slavi Pantaleev 42f3c3cbf6 Improve command for connecting to additional container networks 2022-11-25 10:22:25 +02:00
Slavi Pantaleev b59981f03c Remove incorrectly places task
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2297
2022-11-25 06:17:14 +02:00
Karmanyaah Malhotra 140acfcc5f
Exempt Matrix server from ntfy rate limit (#2135)
* Exempt Matrix server from ntfy rate limit

Add the matrix fqdn and localhost to ntfy's exemption list.
Also allow all ntfy rate limits to be configured through Ansible
variables.

* Fix names and formatting

* fixes

* tabs not spaces

* Lint

* Use raw tags instead of bracket soup
2022-11-24 21:12:43 +02:00
Slavi Pantaleev 9c0cf5481a Try to be more helpful when matrix_homeserver_generic_secret_key appears to be undefined 2022-11-24 18:42:01 +02:00
Slavi Pantaleev 663a17ea10 Fix ansible-lint-reported errors 2022-11-24 17:39:34 +02:00
Slavi Pantaleev c37cf42427 Do not delete and re-create Synapse worker configs needlessly
We had checks to avoid stopping/deleting systemd services for workers
that used to exist and will continue to exist, but we were deleting
config files for workers each time.. Only to recreate them again later.

This lead to:

- too many misleading "changed" tasks
- too much unnecessary work
- potential failures during playbook execution possibly leaving the
  system in a bad state (no worker config files)
2022-11-24 17:06:31 +02:00
Slavi Pantaleev 2e7b5c7b02 Untangle the setup import/include mess in matrix-synapse 2022-11-24 16:27:11 +02:00
Slavi Pantaleev d29b0aeddb Replace even more import_tasks calls with include_tasks 2022-11-24 15:19:42 +02:00
Slavi Pantaleev 7c2a7a8eb6 Replace most import_tasks calls with include_tasks for improved performance 2022-11-24 11:33:45 +02:00
Slavi Pantaleev 5c3df22c35
Merge pull request #2293 from jpdown/update-traefik-example
Add service declaration to sample traefik config
2022-11-24 08:11:34 +02:00
Jaden Down 86f495f461
Add service declaration to sample traefik config 2022-11-23 19:08:52 -06:00
Slavi Pantaleev d9ab60fbf2
Merge pull request #2289 from etkecc/patch-126
Update grafana 9.2.5 -> 9.2.6
2022-11-23 18:06:55 +02:00
Aine e05b4c78c7
Update grafana 9.2.5 -> 9.2.6 2022-11-23 16:02:28 +00:00
Slavi Pantaleev 787a82d6e8 Combine matrix user/group set_fact calls into one 2022-11-23 17:07:52 +02:00
Slavi Pantaleev 4d881477a3 Add matrix_homeserver_enabled variable
We need this to control whether `('matrix-' + matrix_homeserver_implementation + '.service')`
would get injected into `devture_systemd_service_manager_services_list_auto`
2022-11-23 16:56:39 +02:00
Slavi Pantaleev dd4f8df905 Remove unnecessary matrix_dendrite_role_executed 2022-11-23 16:15:33 +02:00
Slavi Pantaleev 8c180306ab Remove unnecessary matrix_conduit_role_executed 2022-11-23 16:14:59 +02:00
Slavi Pantaleev 07c23b7cb0 Remove matrix_synapse_role_executed and various tasks that check it
This was useful when the order of these roles in relation to Synapse
mattered (when we were injecting stuff into Synapse variables during
runtime). This is no longer the case since 0ea7cb5d18, so all of
this can be removed.
2022-11-23 16:13:07 +02:00
Slavi Pantaleev 735bacca89 Do not run matrix-nginx-proxy config injection tasks unless necessary
These `init.yml` (now `inject_into_nginx_proxy.yml`) tasks do not need
to `always` run. They only need to run for `setup-all` and
`setup-nginx-proxy`. Unless we're dealing with these 2 tags, we can
spare ourselves a lot of work.

This patch also moves the `when` statement from `init.yml` into
`main.yml` in an effort to further optimize things by potentially
avoiding the extra file include.
2022-11-23 15:52:58 +02:00
Slavi Pantaleev d829884642 Remove some old checks 2022-11-23 14:59:05 +02:00
Slavi Pantaleev 54cacc927e Upgrade com.devture.ansible.role.docker_sdk_for_python 2022-11-23 14:33:07 +02:00
Slavi Pantaleev 1bd3a27acd Do not try to enable non-enableable matrix_ssl_renewal_systemd_units_list 2022-11-23 13:00:15 +02:00
Slavi Pantaleev f696928b7d Fix variable typos 2022-11-23 12:18:35 +02:00
Slavi Pantaleev ccfaefa4d2 Add service groups 2022-11-23 11:45:47 +02:00
Slavi Pantaleev 93d4f8d425 Replace matrix-common-after systemd service management with com.devture.ansible.role.systemd_service_manager 2022-11-23 11:45:46 +02:00
Slavi Pantaleev eec5de7aba Remove old systemd service checks
These are not even caused by Archlinux, but by running buggy Ansible on old Ubuntu
while targeting modern servers (like Archlinux, but also others, ..).

We shouldn't employ ugly workarounds like this. We should tell people to
avoid running buggy Ansible or bad distros like Ubuntu, even.
2022-11-23 11:45:46 +02:00
Slavi Pantaleev 360e643f84 Add service priorities - try to stop/start them in an optimal order 2022-11-23 11:45:46 +02:00
Slavi Pantaleev 0ea7cb5d18 Remove various init.yml files - initialize systemd services, etc., statically (not at runtime) 2022-11-23 11:45:46 +02:00
Slavi Pantaleev 97ee2230a9
Merge pull request #2287 from etkecc/patch-125
Update element 1.11.14 -> 1.11.15
2022-11-23 07:07:13 +02:00