Commit graph

576 commits

Author SHA1 Message Date
Paul N 96dd86d33b Set default values where sensible and remove unnecessary conditionals in .env.j2.
Check for empty string instead of Null to verify if an openid_server_name is pinned.
2023-02-06 15:26:08 +01:00
Paul N d67d8c07f5 Remove remnant comment. 2023-02-06 15:26:08 +01:00
jakicoll 6499b6536a Decoupling: Do not use variables user-verification-service role inside the jitsi role. 2023-02-06 15:18:25 +01:00
Paul N 1d99f17b4a Disable matrix-user-verification-service in group_vars and update docs accordingly. 2023-02-06 13:23:11 +01:00
Paul N 50c1e9d695 Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly. 2023-02-06 13:14:34 +01:00
Paul N 07d9ea5e87 Stick to port 3003 instead of changing the port based on the status of grafana. 2023-02-06 13:06:35 +01:00
jakicoll 0e0ae2f3e6 Assign default log level in role instead of matrix_servers file. 2023-02-06 13:04:06 +01:00
jakicoll f53731756d Change comment
Applying the assumption, that synapse is always managed by this playbook.
2023-02-06 12:15:54 +01:00
Slavi Pantaleev 8155f780e5 Add support for reverse-proxying Matric (Client & Federation) via Traefik 2023-02-06 13:08:11 +02:00
jakicoll 94830b582b Wording: change collection -> playbook 2023-02-06 11:58:50 +01:00
Slavi Pantaleev f983604695 Initial work on Traefik support
This gets us started on adding a Traefik role and hooking Traefik:

- directly to services which support Traefik - we only have a few of
  these right now, but the list will grow

- to matrix-nginx-proxy for most services that integrate with
  matrix-nginx-proxy right now

Traefik usage should be disabled by default for now and nothing should
change for people just yet.

Enabling these experiments requires additional configuration like this:

```yaml
devture_traefik_ssl_email_address: '.....'

matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true

matrix_ssl_retrieval_method: none

matrix_nginx_proxy_https_enabled: false

matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''

matrix_nginx_proxy_trust_forwarded_proto: true

matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'

matrix_coturn_enabled: false
```

What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2023-02-06 10:34:51 +02:00
Slavi Pantaleev be78b74fbd Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role 2023-02-05 10:32:09 +02:00
Slavi Pantaleev d7c0239e40 Enable metrics endpoint for mautrix bridges by default when Prometheus is enabled
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427

This just enables the endpoint, which is somewhat helpful, but not
really enough to scrape them. Ideally, we'd be injecting these targets
into the Prometheus scrape config too.
For now, registering targets with Prometheus is very manual
(`matrix_prometheus_scraper_postgres_enabled`, `matrix_prometheus_scraper_hookshot_enabled`, ..).
This should be redone - e.g. a new `matrix_prometheus_scrape_config_jobs_auto` variable,
which is dynamically built in `group_vars/matrix_servers`.
2023-01-30 08:53:28 +02:00
Slavi Pantaleev 9ed2e04d80 Switch from matrix-prometheus-node-exporter to an external prometheus_node_exporter role 2023-01-21 11:07:04 +02:00
Slavi Pantaleev 4e40ac5ad8
Merge pull request #2227 from xangelix/add-matrix-mautrix-slack-role
Add matrix-bridge-mautrix-slack role
2023-01-11 10:35:45 +02:00
Slavi Pantaleev ddfab60427 Enable self-building for chatgpt for arm32 2023-01-10 17:20:50 +02:00
Slavi Pantaleev 8d3ce50d1b Disable chatgpt from group_vars/matrix_servers by default 2023-01-10 17:20:33 +02:00
bertybuttface 0ec1868b95 Add matrix-bot-chatgpt.
Co-Authored-By: Slavi Pantaleev <slavi@devture.com>
2023-01-10 13:57:38 +00:00
Thomas Baer c86720eeae
convert to list from generator
selectattr() returns a generator object, an iterator. This leads to an exception later, lists can't concated to iterators, only to other lists. So '| list' converts the iterator to a list and the script runs happily.
2023-01-05 14:10:06 +01:00
jakicoll 42e4e50f5b Matrix Authentication Support for Jitsi
This extends the collection with support for seamless authentication at the Jitsi server using Matrix OpenID.

1. New role for installing the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)
2. Changes to Jitsi role: Installing Jitsi Prosody Mods and configuring Jitsi Auth
3. Changes to Jitsi and nginx-proxy roles: Serving .well-known/element/jitsi from jitsi.DOMAIN
4. We updated the Jitsi documentation on authentication and added documentation for the user verification service.
2023-01-04 14:27:16 +01:00
Cody Wyatt Neiman 2e0dfb2dc1
Update slack bridge implementation 2023-01-02 20:07:04 -05:00
Cody Wyatt Neiman 784e5492d5
Add matrix-bridge-mautrix-slack role 2023-01-02 19:13:17 -05:00
Samuel Meenzen 0179b0f165
Remove conduit workaround
Conduit update 0.5.0 fixed the issue, so this is no longer needed.
2022-12-21 18:28:34 +01:00
Matthew Cengia 3453fff901
Use upstream Docker image for amd64 rather than self-build 2022-12-11 21:25:43 +11:00
Slavi Pantaleev da82c3bd4f
Merge pull request #2327 from ikkemaniac/fix-nginxlog-prometheus
fix: nginxlog prometheus config port
2022-12-08 13:15:34 +02:00
ikkemaniac e6fc6b7a86 fix: nginxlog prometheus config port 2022-12-08 01:10:05 +01:00
ikkemaniac 8ef6341fd7 fix: systemd entry 2022-12-08 00:02:54 +01:00
ikkemaniac 8ebf18a885
add prometheus-nginxlog-exporter role (#2315)
* add prometheus-nginxlog-exporter role

* Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname

* avoid referencing variables from other roles, handover info using group_vars/matrix_servers

* fix: stop service when uninstalling

fix: typo

move available arch's into a var

fix: text

* fix: prometheus enabled condition

Co-authored-by: ikkemaniac <ikkemaniac@localhost>
2022-12-07 16:58:36 +02:00
Slavi Pantaleev 0a018ac22b Add internal Postgres instance (if enabled) to postgres-backup dependencies 2022-11-30 11:22:00 +02:00
Slavi Pantaleev d5ea17d66f Make postgres-backup priority start later 2022-11-30 11:18:39 +02:00
Slavi Pantaleev 4eed49f931 Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
2022-11-30 11:01:19 +02:00
Slavi Pantaleev de979bc6a2 Upgrade com.devture.ansible.role.postgres 2022-11-30 09:42:06 +02:00
Slavi Pantaleev 4b2d30a474 Fix matrix_dendrite_client_api_turn_shared_secret not being defined
Regression since https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2290
2022-11-28 18:33:18 +02:00
Slavi Pantaleev 81054bb19c Upgrade com.devture.ansible.role.postgres 2022-11-28 09:05:22 +02:00
Slavi Pantaleev 7b43ef34b7 Remove more hardcoded matrix-postgres references 2022-11-27 09:16:18 +02:00
Slavi Pantaleev 3d5d843418 Replace some devture_postgres_identifier instances with devture_postgres_connection_hostname 2022-11-27 08:31:54 +02:00
Slavi Pantaleev eedf5ad94d Remove some hardcoded matrix-postgres references 2022-11-27 08:23:43 +02:00
Slavi Pantaleev 04b9483f0d Switch from matrix-postgres to com.devture.ansible.role.postgres 2022-11-27 08:04:31 +02:00
Slavi Pantaleev 018a609e47 Simplify matrix_postgres_backup_databases definition
Related to 71de7cd8cd
2022-11-26 18:57:45 +02:00
Slavi Pantaleev 71de7cd8cd Simplify matrix_backup_borg_postgresql_databases definition
There was no need to add `synapse` to the list manually
and then add all other additional databases.

When the `synapse` database was the main database, this made sense.
Since a long time ago already, ALL databases are "additional" databases,
so the `synapse` database is part of that list.

We could additional add the main (`matrix`) database to this list,
but there's probably no point in backing that one up.
2022-11-26 18:53:54 +02:00
Array in a Matrix 504d4a4134
Add dendrite captcha config to doc and hCaptcha (#2290)
* added dendrite captcha options

* added hcaptcha doc

* proper url

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update main.yml

* renamed captcha vars to new naming scheme

* change vars to new format

* Rename back some incorrect renamed variables

These variables are either not just part of the `client_api` subsection,
or are not even part of that section at all. They shouldn't have been
renamed in baaef2ed616e2645550d9

* Fix up naming inconsistencies

Some of these variables had been renamed in one place,
but not in other places, so it couldn't have worked that way.

* Add validation/deprecation for renamed Dendrite variables

Related to 4097898f885cf4c73, baaef2ed616e2645550, 68f4418092fa8ad
and a0b4a0ae6b2f1f18

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-11-26 09:27:43 +02:00
Slavi Pantaleev 34c01da9d2 Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.

After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.

These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.

The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).

Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):

> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
Slavi Pantaleev 4d881477a3 Add matrix_homeserver_enabled variable
We need this to control whether `('matrix-' + matrix_homeserver_implementation + '.service')`
would get injected into `devture_systemd_service_manager_services_list_auto`
2022-11-23 16:56:39 +02:00
Slavi Pantaleev 1bd3a27acd Do not try to enable non-enableable matrix_ssl_renewal_systemd_units_list 2022-11-23 13:00:15 +02:00
Slavi Pantaleev f696928b7d Fix variable typos 2022-11-23 12:18:35 +02:00
Slavi Pantaleev ccfaefa4d2 Add service groups 2022-11-23 11:45:47 +02:00
Slavi Pantaleev 93d4f8d425 Replace matrix-common-after systemd service management with com.devture.ansible.role.systemd_service_manager 2022-11-23 11:45:46 +02:00
Slavi Pantaleev 360e643f84 Add service priorities - try to stop/start them in an optimal order 2022-11-23 11:45:46 +02:00
Slavi Pantaleev 0ea7cb5d18 Remove various init.yml files - initialize systemd services, etc., statically (not at runtime) 2022-11-23 11:45:46 +02:00
Aine b8b5acdb16
fix user creator role 2022-11-22 15:46:00 +02:00
Slavi Pantaleev d8f2141eb0 Install Docker via geerlingguy.docker Galaxy role 2022-11-22 09:01:26 +02:00
Slavi Pantaleev e9e84341a9 Reverse-proxy to Synapse via matrix-synapse-reverse-proxy-companion
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090
2022-11-20 16:43:33 +02:00
Slavi Pantaleev 424de93f82 Remove useless matrix_nginx_proxy_synapse_presence_disabled variable definition 2022-11-20 11:13:23 +02:00
Aine eec7970689
update postmoogle 0.9.8 -> 0.9.9 2022-11-19 00:55:03 +02:00
Aine 06eb186729
add matrix_etherpad_mode 2022-11-05 09:17:47 +02:00
Aine 9b97957022
Merge branch 'master' into make-etherpad-great-again 2022-11-04 17:36:15 +02:00
Aine a86cb2336a
etherpad - do not request ssl cert for subdomain if dimension is installed 2022-11-04 17:16:29 +02:00
Slavi Pantaleev 04c6c11561 Install ntpd/systemd-timesync via com.devture.ansible.role.timesync 2022-11-04 16:34:23 +02:00
Slavi Pantaleev c3a7237de7 Initial work on using externally defined roles 2022-11-04 14:58:28 +02:00
Aine 83c40fce15
standalone etherpad 2022-11-04 11:36:10 +02:00
Samuel Meenzen 752d2ba8d0
Update matrix_servers 2022-11-02 20:39:14 +01:00
Samuel Meenzen c330b85de3
Merge branch 'spantaleev:master' into mautrix-discord-restricted-rooms-config 2022-11-02 20:36:04 +01:00
Slavi Pantaleev eaa9b7cfc4 Add automatic user account creation support to Buscarron
Continuation of c3dc64b1d5
2022-11-01 17:03:53 +02:00
Slavi Pantaleev c3dc64b1d5 Add matrix-user-creator role - automatic user account creation support
We no longer ask users to create Matrix user accounts for these bots:

- Postmoogle
- Honoroit
- Reminder Bot

Other bots and services (matrix-registration-bot, maubot, mjolnir,
Dimension, etc.) require an Access Token to run (not a password),
so this new role doesn't help for them.

It does help for the above bots though, and for defining your own
"initial user accounts" in the `matrix_user_creator_users_additional`
variable.
2022-11-01 16:22:58 +02:00
Slavi Pantaleev cada3ef48b Use pre-built image for Hookshot on arm64 2022-10-31 12:47:10 +02:00
Slavi Pantaleev 7fb45a507d Make --tags=run-postgres-vacuum and --tags=upgrade-postgres not assume Synapse
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2211
2022-10-28 17:40:12 +03:00
Slavi Pantaleev 3694bf1d18
Merge pull request #2198 from etkecc/buscarron-130
update buscarron 1.2.1 -> 1.3.0
2022-10-25 22:05:22 +03:00
Slavi Pantaleev 06d4ca0f4e
Merge pull request #2197 from etkecc/postmoogle-098
update postmoogle 0.9.7 -> 0.9.8
2022-10-25 22:03:59 +03:00
Aine 12fe1f417c
update buscarron 1.2.1 -> 1.3.0 2022-10-25 18:39:39 +03:00
Aine a22d5b1726
update postmoogle 0.9.7 -> 0.9.8 2022-10-25 18:26:57 +03:00
Aine 145a57a7b8
update honoroit 0.9.15 -> 0.9.16 2022-10-25 18:25:07 +03:00
Slavi Pantaleev 0b44ec19b4 Do not override matrix_postgres_import_roles_to_ignore/matrix_postgres_import_databases_to_ignore in group_vars
These values that we were setting also make sense in the context of the
`matrix-postgres` role even when not used within the playbook.
2022-10-21 10:01:22 +03:00
Jim Myhrberg a47ce70cd2
fix(goofys): fix synapse systemd unit file to correctly require goofys
On Debian 10 (buster) at least, while the Synapse systemd service unit
was referring to Goofys as "matrix-goofys" without a ".service" suffix,
systemd was ignoring the goofys dependency, starting Synapse before
Goofys. All other dependant units which work are using the ".service"
suffix.

This generally leads to the mount path goofys using having been
populated by Synapse before Goofys starts, causing it to fail due to the
mount target not being empty.

The fix seems to be to ensure that the Synapse service unit refers to
Goofys as "matrix-goofys.service".

This change causes the following two lines in
"/etc/systemd/system/matrix-synapse.service":

    Requires=matrix-goofys
    After=matrix-goofys

To be changed to:

    Requires=matrix-goofys.service
    After=matrix-goofys.service
2022-10-11 00:43:22 +01:00
Samuel Meenzen 1d024975d6 Automatically set restricted_rooms to false on conduit 2022-10-10 07:10:15 +00:00
Slavi Pantaleev aff7ca2426 Upgrade appservice-slack (1.11.0 -> 2.0.1)
This also disables self-building on arm64, since it's no longer
necessary: https://github.com/matrix-org/matrix-appservice-slack/pull/656
2022-10-06 16:39:07 +03:00
Slavi Pantaleev b67ba669e8
Merge pull request #2038 from TheOneWithTheBraid/braid/matrix-ldap-registration-proxy
Draft: feat: include matrix_ldap_registration_proxy
2022-10-02 09:23:25 +03:00
Julian-Samuel Gebühr 41e1da2ff4
Make registration proxy independent of other roles, document (#7)
* Make registration proxy independent of other roles, document

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Fix yml issues

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Remove undefined variable (as service HAS to be exposed

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Add registration endpint

Defines the registration endpoint that should be intercepted/forwarded to the proxy

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Add image name

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
2022-09-29 18:00:14 +02:00
Slavi Pantaleev f623cf3550 Only download Grafana dashboard URLs for enabled services
If someone is using Dendrite and enabling Grafana, we'll no longer
download Synapse dashboards.

If someone is not using node-exporter, we'll no longer download node
exporter dashboards.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2133
2022-09-26 08:46:10 +03:00
Slavi Pantaleev 6c928d87ca Configure Grafana's default_home_dashboard_path properly
Using `matrix_synapse_*` variables within the `matrix-grafana` role
is not a good practice.

We now have a `matrix_grafana_default_home_dashboard_path` variable
with a good universal default value and we override it via
`group_vars/matrix_servers` based on enabled components, etc.

This is a better fix for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2133
2022-09-26 08:23:54 +03:00
Slavi Pantaleev 3d2547329e Add missing else clause to inline if
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2103

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2104
2022-09-15 13:14:31 +03:00
Slavi Pantaleev 5f3f460cda Restore support for appservice and user_dir workers 2022-09-15 10:06:56 +03:00
Slavi Pantaleev 226c550ffa Add support for stream writer Synapse workers
As stream writer workers are also powered by the `generic_worker`
Synapse app, this necessitated that we provide means for distinguishing
between them and regular `generic_workers`.

I've also taken the time to optimize nginx configuration generation
(more Jinja2 macro usage, less duplication).

Worker names have also changed.
Workers are now named sequentially like this:
- `matrix-synapse-worker-0-generic`
- `matrix-synapse-worker-1-stream-writer-typing`
- `matrix-synapse-worker-2-pusher`

instead of `matrix-synapse-worker_generic_worker-18111` (indexed with a
port number).

People who modify `matrix_synapse_workers_enabled_list` directly will
need to adjust their configuration.
2022-09-15 08:10:04 +03:00
Julian-Samuel Gebühr b6fee92f0e Avoid cross-referencing of variables in role, move to group vars 2022-09-13 16:39:15 +00:00
Julian-Samuel Gebühr 42230b6765 Make role enabled in role but turn it off in group vars 2022-09-13 16:39:15 +00:00
Slavi Pantaleev f12206676f Upgrade Synapse (v1.66.0 -> 1.67.0) and remove frontend_proxy workers
`frontend_proxy` workers have been superseded by `generic_worker` workers.
Related to https://github.com/matrix-org/synapse/pull/13645
2022-09-13 15:45:50 +03:00
Slavi Pantaleev d6bd39c79d Add missing quotes
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089
2022-09-09 15:18:57 +03:00
Julian-Samuel Gebühr 5825a0c919
Cactus comments (#2089)
* Add construct for cactus comments role

* Adjust config files

* Add docker self build to defaults

* Adjust tasks

* Fix smaller syntax errors

* Fix env argument

* Add tmp path to allow container writing there

Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir

* Change port back to 5000 as not configurable in container

* Try to add appservice config file for synapse to use

* Inject appservice file

* Correct copied variable name

* Comment out unused app service file injection

would need mounting the appservice file to the synapse container i guess

* Move role before synapse to be able to inject during runtime

* Remove unused parts

* Change default user id to mirror official docs

* Add docs

* Update roles/matrix-cactus-comments/tasks/setup_install.yml

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Generate secrets if necessary, adjust docs

* Rename cactusbot userid

* Shorten salt strings

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Use tmpfs instead of persistent mount

* Remove proxy option as it is nonsense

* Add download and serving of cc-client files

* Add documentation on client

* Clarify docs a bit

* Add nginx proxy to required services

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Use container address

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Correct comment of user id

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Use releases or local distributed client

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Move homeserver url to defaults

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Correct truth value

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Add documentation of variables

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Tabs vs. spaces

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Make nginx root configurable

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Complete ake nginx root configurable

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Fix file permission

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Fix lint errors

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-09-09 14:37:52 +03:00
Aine 692a7af36a
postmoogle feedback 2022-09-09 13:19:25 +03:00
Aine b92ff748e4
Update Postmoogle 0.9.0 -> 0.9.1 2022-09-09 10:47:00 +03:00
Shaleen Jain 0300c0e96e Update dendrite 0.9.5 -> 0.9.6
Remove appservice database setup/config as the latest update no longer requires it.
2022-09-02 09:31:17 +05:30
Slavi Pantaleev 8e0e9fa878 Deprecate matrix_synapse_account_threepid_delegates_email before Synapse v1.66.0
This is done in anticipation of this option's removal in the
upcoming Synapse v1.66.0 release (likely tomorrow).

See: https://matrix-org.github.io/synapse/v1.66/upgrade.html#delegation-of-email-validation-no-longer-supported
2022-08-30 18:51:35 +03:00
Shaleen Jain f674afe5e8
appservice: add and use homeserver_container_* vars (#2045)
* appservice: add and use matrix_homeserver_* vars

* appservice: use the new vars

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-08-24 08:38:12 +03:00
Slavi Pantaleev 447b9313d7
Merge pull request #2043 from etkecc/add-postmoogle
add postmoogle
2022-08-23 13:58:39 +03:00
Aine e764ab165f
Update group_vars/matrix_servers
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-08-23 10:25:32 +00:00
Aine 9c2a8addee
add postmoogle 2022-08-22 20:10:35 +03:00
Slavi Pantaleev 04f224e634
Merge branch 'master' into conduit 2022-08-09 10:46:03 +03:00
ganyuke 5023660f3a
Use arm64 images for Cinny
Cinny now builds arm64 docker images since [v2.0.4](https://hub.docker.com/layers/cinny/ajbura/cinny/v2.0.4/images/sha256-a7202136f8568eb0397a3d644725a8fb7dca230e08bcfc42040238bda0382057?context=explore).
2022-08-08 03:20:13 +00:00
Julian-Samuel Gebühr 32430de812
Fix bug that prevented user with external nginx from launch (#2003)
* Fix bug that prevented user with external nginx from launch

The backslash was missing and prevented users from starting the bot

* Add necessary config for ext nginx to docs

* Add automatic config for ext nginx, adjust docs

* Remove unneeded and possibly puzzeling documentation
2022-08-05 20:02:01 +03:00
Charles Wright dffa91ec8e
Suggested fix from spantaleev
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-08-05 09:01:59 -05:00
Charles Wright 20767b5149 Fixes to enable Conduit in setup-all 2022-08-04 14:35:41 -05:00
krassle 4461fdfc39
Use prebuilt ARM images for Element
* element-web arm64 builds available since 2022-08-03 v.1.11.2 [vectorim/element-web:v1.11.2](https://hub.docker.com/layers/element-web/vectorim/element-web/v1.11.2/images/sha256-776f82281936226d91cc1b3b587f4aa28fd46934b8045427ced7c72668eda223?context=explore)
2022-08-03 23:30:00 +02:00
Slavi Pantaleev cf6e38a586 Use pre-built image for go-skype-bridge on amd64 and arm64
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1992
- https://github.com/kelaresg/go-skype-bridge/pull/17
2022-08-02 07:48:19 +03:00
Slavi Pantaleev 429d0b323b
Merge pull request #1974 from MdotAmaan/master
Add Mautrix Discord Bridge
2022-07-29 08:05:52 +03:00
MdotAmaan 6fb961eb12 Make changes according to feedback
Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Update group_vars/matrix_servers

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Remove old data migration tasks

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Update roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Redo bridge permissions
2022-07-29 00:28:44 +04:00
Slavi Pantaleev e46ba5deba Add matrix-appservice-kakaotalk support
Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk

This is pretty similar to
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977
which just appeared, but has mostly been done independently.

I've taken some inspiration and did some fixups based on that PR.
Thanks to https://github.com/hnarjis for taking the time to contribute!

Notable differences between this branch compared to that PR:

- better naming and documentation around the "configuration" variables
- no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service`
- stores configuration in `config/`, not in `data/`
- passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it
- starts containers more securely - with `matrix:matrix` user:group (not `root`) and
  reduced capabilities (`--cap-drop=ALL`)
- uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets)
- `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.)
- `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`)
- less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well.
- configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`)
- logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`)
- somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`)
- removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 16:01:15 +03:00
MdotAmaan 8621ff1379 Add Mautrix Discord Bridge 2022-07-22 18:55:44 +04:00
Slavi Pantaleev 1f2d100d91
Merge pull request #1894 from moan0s/maubot_moanos
Maubot moanos
2022-07-20 10:10:14 +03:00
Slavi Pantaleev d073c7ecb3 More ansible-lint fixes 2022-07-18 13:01:19 +03:00
Slavi Pantaleev e94ec75e1a Remove matrix-bridge-mx-puppet-skype role 2022-07-14 18:09:19 +03:00
Julian-Samuel Gebühr 135096e53a Add defaults 2022-07-09 11:55:49 +02:00
Julian-Samuel Gebühr 9ee5785704 Add postgres to service dependencies 2022-07-09 11:44:11 +02:00
Julian Foad 25b343c8c8 matrix-ntfy: without nginx, bind to 127.0.0.1:2586 2022-07-08 12:02:06 +01:00
Julian Foad ec9f8e2931 Add a role to install 'ntfy' push-notification server.
This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with
simple configuration, and plumbing to add the role to the playbook.

TODO: documentation, self-check, database persistence.
2022-07-04 15:31:29 +01:00
Slavi Pantaleev 2e4fad6194 Use 127.0.0.1 instead of localhost for federation API when nginx disabled
`localhost` may resolve to `::1` on some IPv6-enabled systems, which will
not work, because we only potentially expose container ports on
`127.0.0.1` when nginx is disabled (`matrix_nginx_proxy_enabled: false`),
not on `::1`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1914
2022-07-02 15:02:35 +03:00
Julian-Samuel Gebühr 90447a2839 Use correct registration secret 2022-06-24 18:19:23 +02:00
Julian-Samuel Gebühr 8e9d165787 Another rename to matrix-bot-maubot
No functionality changed
2022-06-24 18:06:06 +02:00
Julian-Samuel Gebühr 1316656998 Rename to bot_maubot and fix permission error 2022-06-23 21:58:03 +02:00
Julian-Samuel Gebühr eb25d54246 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into node_postgres_reverse_proxy 2022-06-23 20:45:13 +02:00
Julian-Samuel Gebühr d24cb7db6f Initial maubot commit 2022-06-23 20:24:52 +02:00
Slavi Pantaleev ba51997f7b (BC Break) Redo how metrics are exposed to external Prometheus servers 2022-06-23 17:55:07 +03:00
krassle fff4b9116c
Use prebuilt ARM images for coturn / synapse-admin
* synapse-admin arm64 builds available since 2021-12-17 v.0.8.4 [awesometechnologies/synapse-admin:0.8.5](https://hub.docker.com/layers/synapse-admin/awesometechnologies/synapse-admin/0.8.5/images/sha256-eb54b8660c4641641b8acd08fd2dfc94ecc3fc604860f9e8b286a38008e3f3b6?context=explore)

* coturn arm32/arm64 builds available since 2021-04-15 v.4.5.2-r0-alpine [coturn/coturn:4.5.2-r12](https://hub.docker.com/layers/coturn/coturn/coturn/4.5.2-r12/images/sha256-94887581bb1093085033be0494c3a651bd40034afba1867ddc78b8ba32dc2faf?context=explore)
2022-06-22 10:10:41 +02:00
Vladimir Panteleev a3d19ad318
Add Go Skype Bridge
Based on mautrix-whatsapp, as that's what the bridge software is based on.
2022-06-12 21:29:43 +00:00
Julian-Samuel Gebühr 8ecdfc3ed6
Automatically enable admin api access via nginx (#1830) 2022-05-16 10:26:15 +03:00
Devin Dooley cbb924dec7 Support ansible vault strings for homeserver secret key 2022-04-25 19:17:40 -07:00
Slavi Pantaleev 49da9c76ac
Merge pull request #1782 from etkecc/matrix-bot-buscarron
add matrix-bot-buscarron
2022-04-25 09:44:35 +03:00
Slavi Pantaleev 47e5bab784
Fix self-building if condition 2022-04-25 09:22:01 +03:00
Matthew Cengia c83c70ac35 Don't self-build signald image on arm64, as upstream image exists 2022-04-25 10:25:05 +10:00
Aine 290754371a
add matrix-bot-buscarron 2022-04-23 16:19:24 +03:00
Julian-Samuel Gebühr 90a142439a
Add matrix-registration-bot (#1771)
* Add matrix-registration-bot

This adds an install and uninstall task plus helpers. The bot is disabled by default.
This commit does not include documentation, yet. In short, the bot can be enabled by adding
matrix_bot_matrix_registration_bot_enabled: true
matrix_bot_matrix_registration_bot_matrix_user_password: "verysecret"
matrix_bot_matrix_registration_bot_matrix_admin_token: "supersecret"
to the host_vars

* Change bot username to bot.matrix-registration-bot following convention

* Address smaller remarks, fix local docker build

* Switch to an env file

* Add environment variables extension for additional config

* Add documentation for the matrix-registration-bot

* Add screenshot on how to obtain admin access token

* Use bot as admin to only have one access token (bot and admin api)

* Use cleaner setting of matrix_synapse_registration_requires_token

* Use config file for cleaner more secure usage

* Delete unneeded env

* Rename vars to make usage clear

* Fix typos/wording and add notice about logging out

* Convert configuration to use |to_json

* Reorder role includes

Nothing should be after `matrix-common-after`.

`matrix-bot-matrix-registration-bot` can probably be anywhere, but it makes sense to put it next to the other `matrix-bot-*` roles.

* Minor group_vars/matrix_servers touchups

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-04-21 11:07:47 +03:00
Aine d5f4c17146
matrix-backup-borg: integrate postgres backups, add extended borgmatic configuration 2022-04-14 18:06:54 +03:00
HarHarLinks a9e6538ef8 Upgrade Hookshot (1.3.0 -> 1.4.0)
https://github.com/matrix-org/matrix-hookshot/releases/tag/1.4.0
2022-04-11 18:55:02 +02:00
HarHarLinks ceb2f54970 Make hookshot hardcoded public URLs dynamic 2022-04-11 16:45:33 +02:00
Hefty Zauk 03d2dcc996
Move into coturn defaults 2022-04-11 11:20:09 +00:00
heftyzauk 268b079374
Revert Coturn Address Change, add new Addresses var (#2) 2022-04-11 11:50:41 +01:00
heftyzauk 29847627f1
Multi-IP coturn
Add support for multiple external turn IP addresses, this allows for better comptability with dualstack ipv4/ipv6 hosts, and is supported as per the documentation (point 6 here: https://matrix-org.github.io/synapse/latest/turn-howto.html#configuration)
2022-04-10 21:51:03 +01:00
PC-Admin ab3e02c7fd Remove matrix-awx sections 2022-04-09 08:48:02 +08:00
Slavi Pantaleev db4b6efb5d Force self-building of matrix-hookshot on arm64
The `halfshot/matrix-hookshot` container images published to Docker Hub
(as of 2022-04-05, at least) are only available for `amd64`, not for
`arm64`. Self-building on arm64 is necessary.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1728

It should be noted that a `roiarthurb/matrix-hookshot` container image is available,
which is available for the arm64 platform, but that's non-official and doesn't
contain an amd64 build, so it's of limited use.
2022-04-05 16:08:11 +03:00
Aine a5a3769ca9
add borg backup (#1727)
* add borg backup

* lint fix

* add exlclude patterns

* missed in the #1726 fix for honoroit

* feedback

* Fix indentation

* feedback

* feedback

* feedback

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-04-05 14:37:27 +03:00
Slavi Pantaleev b9d6f8b90f
Merge pull request #1728 from RoiArthurB/hookshot-arm64
Add hookshot self build for arm64 and amd64
2022-04-05 09:58:26 +03:00
SaltireSoul e7978dbdca Dendrite 0.7.0 2022-04-05 03:40:37 +01:00
Arthur Brugière 1ce891fc70
Revert group_var wrong part reindent 2022-04-03 23:42:29 +07:00
RoiArthurB b38c7371a9 [STEAM] Move docker source from icewind1991 to tilosp fixed repo 2022-04-03 17:34:27 +07:00
Arthur Brugière b3176957c3
Add hookshot self build for arm64 and amd64 2022-04-03 17:10:46 +07:00
Slavi Pantaleev 958d089b68 Do not install the ma1sd identity server by default
As mentioned in the changelog, this is a breaking change.
2022-03-17 18:00:09 +02:00
Slavi Pantaleev 1df3e2a967
Merge pull request #1694 from HarHarLinks/master
add default for matrix_prometheus_scraper_hookshot_enabled
2022-03-15 17:01:08 +02:00
Slavi Pantaleev 5eb514b08b
Use |default instead of merely casting to bool 2022-03-15 17:01:00 +02:00
Kim Brose 9c58f2a98a
default matrix_prometheus_scraper_hookshot_enabled 2022-03-14 14:07:06 +01:00
László Várady 9de677942d bridge-mautrix-facebook: add support for web-based login 2022-03-12 16:30:29 +01:00
Slavi Pantaleev 69d2da4d44 Fix whitespace inconsistency 2022-03-10 11:41:41 +02:00
Slavi Pantaleev 1895b01810 Move matrix_container_global_registry_prefix to matrix-base
Various roles depend on this. It makes sense to make it part
of the `matrix-base` role.
2022-03-10 11:28:25 +02:00