Commit graph

105 commits

Author SHA1 Message Date
Slavi Pantaleev 512f42aa76 Do not report docker kill/rm attempts as errors
These are just defensive cleanup tasks that we run.
In the good case, there's nothing to kill or remove, so they trigger an
error like this:

> Error response from daemon: Cannot kill container: something: No such container: something

and:

> Error: No such container: something

People often ask us if this is a problem, so instead of always having to
answer with "no, this is to be expected", we'd rather eliminate it now
and make logs cleaner.

In the event that:
- a container is really stuck and needs cleanup using kill/rm
- and cleanup fails, and we fail to report it because of error
suppression (`2>/dev/null`)

.. we'd still get an error when launching ("container name already in use .."),
so it shouldn't be too hard to investigate.
2021-01-27 10:22:46 +02:00
Slavi Pantaleev d3ecc6f017 Fix bridges failing to upload media when Synapse workers are enabled 2021-01-25 13:55:08 +02:00
Slavi Pantaleev 1692a28fe4 Work around annoying Docker warning about undefined $HOME
> WARNING: Error loading config file: .dockercfg: $HOME is not defined

.. which appeared in Docker 20.10.
2021-01-15 00:23:01 +02:00
Slavi Pantaleev e1690722f7 Replace cronjobs with systemd timers
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/756

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/737

I feel like timers are somewhat more complicated and dirty (compared to
cronjobs), but they come with these benefits:

- log output goes to journald
- on newer systemd distros, you can see when the timer fired, when it
will fire, etc.
- we don't need to rely on cron (reducing our dependencies to just
systemd + Docker)

Cronjobs work well, but it's one more dependency that needs to be
installed. We were even asking people to install it manually
(in `docs/prerequisites.md`), which could have gone unnoticed.

Once in a while someone says "my SSL certificates didn't renew"
and it's likely because they forgot to install a cron daemon.

Switching to systemd timers means that installation is simpler
and more unified.
2021-01-14 23:35:50 +02:00
Slavi Pantaleev 55f252a6ed Do not hardcode amd64 in setup_debian.yml
Until now, we've only supported non-amd64 on Raspbian.

Seems like there are now people running Debian/Ubuntu on ARM,
so we were forcing them into amd64 Docker packages.

I've gotten a report that this change fixes support
for Ubuntu Server 20.04 on RPi 4B.
2020-12-17 11:37:30 +02:00
Slavi Pantaleev ed159cc742 Move matrix_architecture to matrix-base
We were only defining this in `group_vars/matrix_servers`, which is
inconsistent with how we normally do things.
2020-12-17 11:33:18 +02:00
Slavi Pantaleev 47613e5a27 Remove synapse-janitor support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/746
2020-12-11 23:24:42 +02:00
Tobias Küchel 1cf5b1d80f e2ee_backup: rename variables to be consistent with naming scheme 2020-10-16 09:24:50 +02:00
Tobias Küchel 5158fa4df9 e2ee_backup_methods: rather leave the default empty, so that the system default may apply 2020-10-16 08:50:16 +02:00
Tobias Küchel 4cfa112755 update default backup_methods as proposed by the system anyway 2020-10-16 08:44:04 +02:00
Tobias Küchel 48f929dc91 add variables for secure_backup_required and secure_backup_setup_methods 2020-10-16 00:32:00 +02:00
Chris van Dijk f6b0f0a477 Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element 2020-09-26 16:24:09 +00:00
Slavi Pantaleev daf13107a0 Add support for rust-synapse-compress-state 2020-08-21 13:53:39 +03:00
merklaw fa6d85636f Add note about installing 'docker' Python package if Docker installation is disabled 2020-08-05 17:35:25 +02:00
merklaw 87df15441c Add note about installilng 'docker' Python package if Docker installation is disabled 2020-08-05 17:31:16 +02:00
Slavi Pantaleev c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00
Slavi Pantaleev 227f1a28e3 Allow matrix_user_uid/matrix_user_gid to be specified manually 2020-07-06 11:05:34 +03:00
Slavi Pantaleev de545f9c5f Update docs on self-building and remove useless variable
`matrix_container_images_self_build` was not really doing anything
anymore. It previously was influencing `matrix_*_self_build` variables,
but it's no longer the case since some time ago.

Individual `matrix_*_self_build` variables are still available.
People that would like to toggle self-building for a specific component
ought to use those.

These variables are also controlled automatically (via
`group_vars/matrix_servers`) depending on `matrix_architecture`.

In other words, self-building is being done automatically for
all components when they don't have a prebuilt image for the specified
architecture. Some components only support `amd64`, while others also
have images for other architectures.
2020-06-29 14:58:03 +03:00
Slavi Pantaleev 5c5f1c6ab9 Add support for telling Riot to not default to E2EE
Related to https://github.com/vector-im/riot-web/pull/13914
2020-06-24 11:39:51 +03:00
Slavi Pantaleev 7729511a84 Make vars.yml snapshotting optional and more configurable
Certain people organize their inventory in a different way
and we'd like to accommodate them.

Related to #542 (Github Issue).
2020-06-14 10:01:22 +03:00
Slavi Pantaleev 10b3ceff72 Make Matrix federation port configurable
Fixes #523 (Github Issue).
2020-06-09 08:29:03 +03:00
Chris van Dijk 74df10633a Remove hardcoded command paths in playbook cron usage 2020-05-27 23:14:58 +02:00
Chris van Dijk 6e3b877dc2 Remove hardcoded command paths in playbook shell usage 2020-05-27 23:14:56 +02:00
Chris van Dijk 6334f6c1ea Remove hardcoded command paths in systemd unit files
Depending on the distro, common commands like sleep and chown may either
be located in /bin or /usr/bin.

Systemd added path lookup to ExecStart in v239, allowing only the
command name to be put in unit files and not the full path as
historically required. At least Ubuntu 18.04 LTS is however still on
v237 so we should maintain portability for a while longer.
2020-05-27 23:14:54 +02:00
Slavi Pantaleev 36c61b5b4e Introduce a separate group variable (matrix_user_groupname)
Related to #485 (Github Pull Request).
2020-05-06 10:02:47 +03:00
Fanch a1c5a197a9 remove default UID/GID 2020-05-04 21:43:54 +02:00
Chris van Dijk 7585bcc4ac Allow the matrix user username and groupname to be configured separately
No migration steps should be required.
2020-05-01 19:59:32 +02:00
Slavi Pantaleev 7035af87d8 Add support for Jitsi discovery for Riot via /.well-known/matrix/client
This will not work yet, as no version of Riot currently supports it.
It's expected to land in riot-web v1.5.16 via matrix-org/matrix-react-sdk#4348.
2020-04-09 09:58:35 +03:00
Alin Trăistaru 604e581a97 add ntpd defaults 2020-04-05 10:00:09 +03:00
mooomooo eebc6e13f8 Made directory variables for /etc/systemd/system , /etc/cron.d , /usr/local/bin 2020-03-24 11:27:58 -07:00
Slavi Pantaleev cdd9ee1962 Add Jitsi support 2020-03-23 17:19:15 +02:00
Horvath Gergely 2d537484d5 introduce variable 2020-03-14 19:16:29 +01:00
Horvath Gergely 6232a81caf check if target distro is Raspbian and install docker accordingly 2020-03-08 19:04:41 +01:00
Horvath Gergely 310aa685f9 refactor based on Slavi's requests 2020-03-08 00:24:00 +01:00
Horvath Gergely 610c98d6ab add riot-web support for raspberry pi 2020-02-21 18:51:56 +01:00
Horvath Gergely 40d0fea06c add mautrix-hangouts support for raspberry pi 2020-02-21 18:27:26 +01:00
Horvath Gergely f28c7b71d2 build mxisd for rapsberry pi 2020-02-21 18:08:24 +01:00
Horvath Gergely 8c1e00a6cd add mautrix-facebook support for raspberry pi 2020-02-21 07:56:28 +01:00
Horvath Gergely 7c4a86bc6b add coturn support for raspberry pi 2020-02-19 22:18:17 +01:00
Horvath Gergely a096eafb45 add possibility to install synapse on raspberry pi 2020-02-17 21:48:48 +01:00
Aaron Raimist 2ea507e2ea
Don't make it Dimension specific 2019-12-09 22:23:56 -06:00
Dan Arnfield 960088752c Add matrix_docker_package_name 2019-11-18 11:29:14 -06:00
Dan Arnfield 80cfb2a93e Add matrix_docker_installation_enabled 2019-11-18 11:20:01 -06:00
Slavi Pantaleev 0ca21d80d7 Add Synapse Maintenance docs and synapse-janitor integration 2019-07-08 09:38:36 +03:00
Slavi Pantaleev 631a14bf0c Rename run control variables for consistency 2019-07-08 09:38:36 +03:00
Stuart Mumford a4bcd7ce8f
Add a variable to control the stop tasks 2019-05-20 17:03:05 +01:00
Lyubomir Popov 134faa3139 Add the ability to update user passwords with ansible (when using the matrix-postgres container). 2019-04-30 16:30:26 +03:00
Slavi Pantaleev 6c5cc173b0 Fix permission mode for some files 2019-03-09 21:15:16 +02:00
Edgars Voroboks 9735a2f600 Implement self-hosted Dimension server 2019-03-07 07:22:08 +02:00
Slavi Pantaleev a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
Slavi Pantaleev eb08e20418 Upgrade Synapse (0.99.0 -> 0.99.1) and sync config
`matrix_synapse_no_tls` is now implicit, so we've gotten rid of it.

The `homeserver.yaml.j2` template has been synchronized with the
configuration generated by Synapse v0.99.1 (some new options
are present, etc.)
2019-02-14 18:40:55 +02:00
Slavi Pantaleev 764a040a90 Make /.well-known/matrix/server optional
People who wish to rely on SRV records can prevent
the `/.well-known/matrix/server` file from being generated
(and thus, served.. which causes trouble).
2019-02-05 12:09:46 +02:00
Slavi Pantaleev c10182e5a6 Make roles more independent of one another
With this change, the following roles are now only dependent
on the minimal `matrix-base` role:
- `matrix-corporal`
- `matrix-coturn`
- `matrix-mailer`
- `matrix-mxisd`
- `matrix-postgres`
- `matrix-riot-web`
- `matrix-synapse`

The `matrix-nginx-proxy` role still does too much and remains
dependent on the others.

Wiring up the various (now-independent) roles happens
via a glue variables file (`group_vars/matrix-servers`).
It's triggered for all hosts in the `matrix-servers` group.

According to Ansible's rules of priority, we have the following
chain of inclusion/overriding now:
- role defaults (mostly empty or good for independent usage)
- playbook glue variables (`group_vars/matrix-servers`)
- inventory host variables (`inventory/host_vars/matrix.<your-domain>`)

All roles default to enabling their main component
(e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`).
Reasoning: if a role is included in a playbook (especially separately,
in another playbook), it should "work" by default.

Our playbook disables some of those if they are not generally useful
(e.g. `matrix_corporal_enabled: false`).
2019-01-16 18:05:48 +02:00
Stuart Mumford f8ebd94d08
Make the mode of the base path configurable 2019-01-14 14:40:11 +00:00
Slavi Pantaleev 51312b8250 Split playbook into multiple roles
As suggested in #63 (Github issue), splitting the
playbook's logic into multiple roles will be beneficial for
maintainability.

This patch realizes this split. Still, some components
affect others, so the roles are not really independent of one
another. For example:
- disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse
and riot-web to reconfigure themselves with other (public)
Identity servers.

- enabling matrix-corporal (`matrix_corporal_enabled: true`) affects
how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to
put matrix-corporal's gateway server in front of Synapse

We may be able to move away from such dependencies in the future,
at the expense of a more complicated manual configuration, but
it's probably not worth sacrificing the convenience we have now.

As part of this work, the way we do "start components" has been
redone now to use a loop, as suggested in #65 (Github issue).
This should make restarting faster and more reliable.
2019-01-12 18:01:10 +02:00