Slavi Pantaleev
7eda6a3c12
Merge pull request #1009 from thedanbob/coturn-official
...
Switch to official coturn image
2021-04-19 18:41:17 +03:00
Slavi Pantaleev
adcecaffaf
Fix connectivity between prometheus and prometheus-node-exporter
...
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008
This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)
A better patch is certainly welcome.
2021-04-19 18:29:03 +03:00
Dan Arnfield
b2ca1f2829
Add capability required by new image
2021-04-19 10:16:26 -05:00
Slavi Pantaleev
398b9f5d66
Merge pull request #1008 from sakkiii/master
...
security** node-exporter data & port publicly exposed
2021-04-19 17:31:00 +03:00
Dan Arnfield
29177d4922
Switch to official coturn docker image
2021-04-19 09:04:08 -05:00
sak
88a30fb5ed
security** node-exporter data & port publicly exposed
2021-04-19 15:35:23 +05:30
sak
0f9a455719
Revert "security** node-exporter data & port publicly exposed"
...
This reverts commit d0cd709c08
.
2021-04-19 15:24:36 +05:30
sak
d0cd709c08
security** node-exporter data & port publicly exposed
2021-04-19 15:15:59 +05:30
Slavi Pantaleev
4a1739f604
Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version
...
Don't expose nginx version with each response
2021-04-18 21:33:11 +03:00
teutat3s
2bf7c26cfa
Don't expose nginx version with each response
2021-04-18 16:24:13 +02:00
Slavi Pantaleev
c565e72f0d
Merge pull request #1003 from sakkiii/patch-2
...
updated matrix_grafana_docker_image to v7.5.4
2021-04-18 09:56:12 +03:00
Slavi Pantaleev
51b46697c5
Merge pull request #1005 from sakkiii/master
...
Improve security for grafana
2021-04-18 09:50:59 +03:00
Dan Arnfield
f04614a993
Fix prometheus network for ansible < 2.8
2021-04-17 20:15:26 -05:00
Slavi Pantaleev
badd81e0ec
Revert "Attempt to fix docker_network result discrepancy between Ansible versions"
...
This reverts commit 68ca81c8c2
.
2021-04-17 19:31:20 +03:00
sakkiii
1958d0792d
Update matrix-client-element.conf.j2
2021-04-17 21:33:07 +05:30
sakkiii
b6d45c5fd8
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
2021-04-17 21:03:26 +05:30
sakkiii
05042f5ff1
Improve security grafana
...
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy )
2021-04-17 21:03:05 +05:30
sakkiii
27377e099d
updated matrix_grafana_docker_image to v7.5.4
...
Latest stable grafana version is [7.5.4 (2021-04-14)](https://github.com/grafana/grafana/releases/tag/v7.5.4 )
2021-04-17 17:31:14 +05:30
Slavi Pantaleev
68ca81c8c2
Attempt to fix docker_network result discrepancy between Ansible versions
...
Supposedly fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/907
2021-04-17 11:42:06 +03:00
Slavi Pantaleev
9c1f41eadf
Merge pull request #1002 from thedanbob/node-exporter-1.1.2
...
Update prometheus node exporter (1.1.0->1.1.2)
2021-04-17 11:15:13 +03:00
Dan Arnfield
8a550ce67c
Update prometheus (2.24.1->2.26.0)
2021-04-16 09:25:45 -05:00
Dan Arnfield
83cc5c9e6a
Update prometheus node exporter (1.1.0 -> 1.1.2)
2021-04-16 09:17:04 -05:00
sakkiii
5dc642ace1
Nginx element web: XSS protection & nosniff header
...
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
2021-04-16 14:45:04 +05:30
Slavi Pantaleev
fcb9e9618a
Make Coturn TLSv1/v1.1 configurable
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
2021-04-16 09:29:32 +03:00
sakkiii
540416e32d
Disable support for TLS 1.0 and TLS 1.1
...
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
2021-04-15 19:25:23 +05:30
Michael-GMH
89cb5a3d7a
GMH v0.4.2 update
2021-04-15 17:07:03 +08:00
Michael
f41bfb69d2
update survey template formatting
2021-04-04 12:01:53 +08:00
Michael
814bdf5a88
update spelling
2021-04-04 11:52:26 +08:00
Michael
fbe22289bd
merge with upstream and testing branch
2021-04-04 11:41:06 +08:00
Slavi Pantaleev
995c483856
Merge pull request #962 from aaronraimist/mjolnir
...
Add mjolnir
2021-04-03 10:45:29 +03:00
Slavi Pantaleev
f183add44d
Merge pull request #977 from aaronraimist/simple-antispam
...
Upgrade synapse-simple-antispam (0.0.1 -> 0.0.3)
2021-04-03 08:45:14 +03:00
Aaron Raimist
81dddd2e25
Upgrade Element (1.7.24 -> 1.7.24.1)
2021-04-02 18:43:30 -05:00
Aaron Raimist
c43bd412dd
Upgrade synapse-simple-antispam (0.0.1 -> 0.0.3)
2021-04-02 18:08:08 -05:00
Aaron Raimist
1ecee625d5
Depend on more services, add a delay
2021-04-02 17:07:24 -05:00
Slavi Pantaleev
a88391edf5
Merge pull request #972 from JohannesKleine/nginx-config
...
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2
2021-03-31 10:30:57 +03:00
teutat3s
0b5e903693
Updates to mautrix-signal config
...
See these last commits:
tulir/mautrix-signal@4fc34330c1
tulir/mautrix-signal@64bc5c36a5
tulir/mautrix-signal@ddda1666d4
2021-03-31 02:51:23 +02:00
Christoph Johannes Kleine
fcd66b2889
rename variables
2021-03-30 16:41:32 +02:00
Christoph Johannes Kleine
8ba1105010
rename variable
2021-03-30 15:59:10 +02:00
Christoph Johannes Kleine
3a772f2f65
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2
2021-03-30 14:11:20 +02:00
Slavi Pantaleev
93960b70be
Do not fail if _matrix-identity
DNS SRV record missing
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/963
This also simplifies Prerequisites, which is great.
It'd be nice if we were doing these checks in some optional manner
and reporting them as helpful messages (using
`matrix_playbook_runtime_results`), but that's more complicated.
I'd rather drop these checks completely.
2021-03-30 11:24:04 +03:00
Slavi Pantaleev
5e1cf7f8b9
Upgrade Element (1.7.23 -> 1.7.24)
2021-03-29 17:58:02 +03:00
Slavi Pantaleev
9409588513
Fix variable name typo (take 2)
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/970
2021-03-29 10:59:57 +03:00
Slavi Pantaleev
179b416ed5
Fix variable name typo
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/970
2021-03-29 09:24:35 +03:00
Slavi Pantaleev
77d598b315
Fix Go-NEB variable definitions using the wrong type
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/969
2021-03-28 12:10:22 +03:00
Slavi Pantaleev
49868db3de
Upgrade Synapse for ARM64 (1.30.0 -> 1.30.1)
2021-03-26 16:48:15 +02:00
Slavi Pantaleev
94487dc6a7
Upgrade Synapse for amd64 (1.30.0 -> 1.30.1)
2021-03-26 15:37:11 +02:00
transcaffeine
dbae18fd6a
feat: push ephemeral events to appservices
...
This adds https://github.com/matrix-org/matrix-doc/pull/2409 to the
appservice registrations, enabling synapse to push EDUs to appservices.
2021-03-25 18:49:54 +01:00
Dan Arnfield
97d8527e00
Update nginx (1.19.6 -> 1.19.8)
2021-03-24 09:42:08 -05:00
Slavi Pantaleev
5a4ea5f866
Make AWX enabling/disabling consistent with other playbook roles
...
That is:
- enabled in the role by default
- disabled in the compilation (playbook), if considered an optional
component
2021-03-24 14:02:53 +02:00
Aaron Raimist
bab8b950ca
Add mjolnir
2021-03-23 22:46:08 -05:00
Slavi Pantaleev
06c74728eb
Move matrix_nginx_proxy_proxy_synapse_federation_api_enabled definition to the role
...
This variable was previously undefined in the role and was only getting
defined via `group_vars/matrix_servers`.
We now properly initialize it (and its good default value) in the role
itself.
2021-03-23 10:28:32 +02:00
Slavi Pantaleev
d09609daa8
Fix Jinja2 syntax error
...
Fixes a regression introduced in ffe649a240
2021-03-22 17:13:10 +02:00
Slavi Pantaleev
6a3433fbad
Update Synapse for ARM64 (1.29.0 -> 1.30.0)
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/958
2021-03-22 16:43:23 +02:00
Slavi Pantaleev
ffe649a240
Update homeserver.yaml to keep up with Synapse v1.30.0
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/958
2021-03-22 16:43:10 +02:00
rakshazi
74106f2a80
Updated synapse 1.29.0 -> 1.30.0
2021-03-22 14:03:42 +00:00
Thom Wiggers
54fe59f05c
Update IRC appservice
2021-03-22 12:37:35 +01:00
Slavi Pantaleev
2737ebc290
Complain if people try to use matrix-sygnal on non-amd64
2021-03-20 13:38:27 +02:00
Slavi Pantaleev
b824522b33
Remove unnecessary with_items statement
2021-03-20 13:34:22 +02:00
Slavi Pantaleev
9a0222fa47
Add Sygnal support
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
2021-03-20 13:32:22 +02:00
Michael
af240aef37
remove sections from task list that arent needed
2021-03-20 17:35:30 +08:00
Michael
85127bacba
Merge remote-tracking branch 'upstream/master'
2021-03-20 17:21:27 +08:00
Michael
1e54b1d1a5
merge upstream
2021-03-20 17:21:02 +08:00
Slavi Pantaleev
f99dcd611f
Pass proper UID/GID to Synapse
...
Fixes a regression caused by a5ee39266c
.
If the user id and group id were different than 991:991
(which used to be a hardcoded default for us long ago),
there was a mismatch between what Synapse was trying to use (991:991)
and what it was actually started with (in `--user=..`). It was then
trying to change ownership, which was failing.
This was mostly affecting newer installations which were not using the
991:991 defaults we had long ago (since a1c5a197a9
).
2021-03-19 16:44:10 +02:00
Slavi Pantaleev
a5ee39266c
Go through start.py when launching Synapse
...
This allows us to benefit from helpful things it does for us,
like enabling jemalloc: https://github.com/matrix-org/synapse/pull/8553
We weren't going through `start.py` before, because it was causing some
conflict with our `docker run --user=...` stuff, but it doesn't seem
to be a problem anymore.
Having done this, we won't need to do things like
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/941
anymore.
2021-03-19 08:16:59 +02:00
Aaron Raimist
32b3650c12
Set X-Forwarded-Proto on federation requests
2021-03-17 18:51:10 -05:00
Béla Becker
2d7e7680e5
matrix.{{ matrix_domain }} -> {{ matrix_server_fqn_matrix }}
2021-03-17 12:36:45 +01:00
Aaron Raimist
466827139a
Also check if matrix_ssl_lets_encrypt_support_email is blank
2021-03-17 00:54:05 -05:00
Slavi Pantaleev
97c0bf1a73
Merge pull request #942 from pushytoxin/etherpad1_8_12
...
Upgrade Etherpad (1.8.7 -> 1.8.12)
2021-03-16 20:07:34 +02:00
Béla Becker
60aa40845f
Upgrade Etherpad (1.8.7 -> 1.8.12)
2021-03-16 18:55:58 +01:00
Yannick Goossens
27416607d9
Another field with 'invalid input syntax for type smallint'
2021-03-16 16:38:59 +01:00
Michael
5a6bdb0c3d
merge upstream
2021-03-16 21:52:26 +08:00
Michael
571b70a1f4
fix for running outside of AWX
2021-03-16 21:37:19 +08:00
Michael
5a1f3b7d67
GMH v0.3.0
2021-03-14 14:35:38 +08:00
Michael
33ec5710d9
0.2.1 revision
2021-02-28 22:21:40 +08:00
Michael
4c882c513b
initial PR
2021-02-20 17:19:17 +08:00
Marcus Proest
2ca8211184
Merge remote-tracking branch 'upstream/master'
2021-02-19 19:02:48 +01:00
Marcus Proest
b99372a3c5
initial commit of mautrix-instagram role
2021-02-19 17:20:26 +01:00
Slavi Pantaleev
108aed53be
Fix invalid matrix-postgres.service when matrix_postgres_process_extra_arguments is empty
...
This only seems to be affecting some people badly enough to cause
matrix-postgres not to start. Certain systemd versions probably handle
it better or something.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/889
(hopefully)
2021-02-19 16:33:23 +02:00
Slavi Pantaleev
1dbdfeec07
Fix matrix-postgres stopping for consistency with other services
...
This probably got lost somehow in all the work that happened in
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456
2021-02-19 15:53:30 +02:00
Slavi Pantaleev
9f91eaa54b
Fix incorrect service name
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/887
2021-02-19 12:12:21 +02:00
Slavi Pantaleev
91c987ca7d
Merge pull request #872 from xangelix/add-mx-puppet-groupme-gh
...
Add mx-puppet-groupme support
2021-02-19 11:42:41 +02:00
Slavi Pantaleev
d94d0e2ca5
Merge pull request #456 from eMPee584/synapse-workers
...
Synapse workers
2021-02-19 11:40:36 +02:00
Slavi Pantaleev
9dc87bb948
Add Synapse worker presets for easier configuration
...
Adding more presets in the future would be nice.
2021-02-19 11:38:47 +02:00
Slavi Pantaleev
eaea215282
Allow Synapse workers to be used with an external nginx webserver
...
We're talking about a webserver running on the same machine, which
imports the configuration files generated by the `matrix-nginx-proxy`
in the `/matrix/nginx-proxy/conf.d` directory.
Users who run an nginx webserver on some other machine will need to do
something different.
2021-02-19 11:36:48 +02:00
Slavi Pantaleev
2f732e4234
Update Synapse worker endpoints
2021-02-19 11:36:14 +02:00
Slavi Pantaleev
217b4a8808
Release Synapse v1.27.0 to ARM32 via self-building
...
Related to: https://matrix.org/blog/2021/02/18/synapse-1-27-0-released#dropping-armv7-docker-images
2021-02-19 09:10:16 +02:00
Béla Becker
65eab14a64
Make sure Etherpad has a database to write to
2021-02-18 17:43:14 +01:00
Béla Becker
005f4d57f9
Remove mention of sqlite3 support for Etherpad
...
The official Etherpad Docker image has no support for sqlite3 databases.
2021-02-18 17:39:36 +01:00
Slavi Pantaleev
1789620901
Merge branch 'master' into synapse-workers
2021-02-18 18:24:43 +02:00
Slavi Pantaleev
d6c4d41c2b
Define instanceId property on workers
...
This give us the possibility to run multiple instances of
workers that that don't expose a port.
Right now, we don't support that, but in the future we could
run multiple `federation_sender` or `pusher` workers, without
them fighting over naming (previously, they'd all be named
something like `matrix-synapse-worker-pusher-0`, because
they'd all define `port` as `0`).
2021-02-18 18:19:51 +02:00
rakshazi
996f732f98
Update synapse-admin (0.6.1 -> 0.7.0)
2021-02-18 12:05:21 +00:00
Cody Neiman
c4e1209452
Merge branch 'master' into add-mx-puppet-groupme-gh
2021-02-17 13:52:37 -05:00
Slavi Pantaleev
d33483b8ce
Document that Synapse pusher worker instances are shardable
...
Related to:
- https://github.com/matrix-org/synapse/pull/9407
- https://github.com/matrix-org/synapse/pull/7855
2021-02-16 17:45:41 +02:00
Slavi Pantaleev
daae74b074
Merge branch 'master' into synapse-workers
2021-02-16 17:31:40 +02:00
Slavi Pantaleev
521160c12f
Upgrade Synapse (v1.26.0 -> v1.27.0)
2021-02-16 17:30:48 +02:00
Slavi Pantaleev
865d71e35a
Upgrade Element (1.7.20 -> 1.7.21)
2021-02-16 13:44:28 +02:00
Marc Leuser
fd3d48bb6d
trust the reverse proxy by default
2021-02-15 10:50:45 +01:00
Marc Leuser
1434c371bd
safer port binding of etherpad docker container
...
don't bind to any host port if nginx_proxy is used
only bind to localhost if it's not used
2021-02-15 10:46:23 +01:00
Slavi Pantaleev
61e427d690
Do not let people enable more than 1 federation_sender worker
2021-02-15 11:37:03 +02:00
Slavi Pantaleev
85a05f38e8
Allow Synapse worker list to be generated dynamically
...
This leads to much easier management and potential safety
features (validation). In the future, we could try to avoid port
conflicts as well, but it didn't seem worth the effort to do it now.
Our port ranges seem large enough.
This can also pave the way for a "presets" feature
(similar to `matrix_nginx_proxy_ssl_presets`) which makes it even easier
for people to configure worker counts.
2021-02-15 11:25:35 +02:00