Commit graph

1545 commits

Author SHA1 Message Date
Slavi Pantaleev 274f23f668 Make matrix-mautrix-signal-daemon.service depend on docker.service 2021-01-03 08:16:49 +02:00
Slavi Pantaleev da2a6682b3 Get rid of matrix_mautrix_signal_configuration_permissions
While it's kind of nice having it, it's also somewhat raw
and unnecessary.

Having a good default and not even mentioning it seems better
for most users.

People who need a more exposed bridge (rare) can use
override the default configuration using
`matrix_mautrix_signal_configuration_extension_yaml`.
2021-01-03 08:06:32 +02:00
Slavi Pantaleev df8d9cfd34 Remove some TODOs
The answer to these is: it's good to have them in both places.
The role defines the obvious things it depends on (not knowing
what setup it will find itself into), and then
`group_vars/matrix_servers` "extends" it based on everything else it
knows (the homeserver being Synapse, whether or not the internal
Postgres server is being used, etc.)
2021-01-03 07:46:55 +02:00
Slavi Pantaleev 4805637181 Add support for custom ma1sd view sesion templates 2021-01-03 07:36:09 +02:00
Slavi Pantaleev f84c69c164 Relocate custom ma1sd threepid email templates to config/
We used to store them in data/, but that seems inappropriate,
since it's just static configuration that the playbook can recreate.
2021-01-03 07:35:13 +02:00
Slavi Pantaleev b5812b539b Rename ma1sd custom email template variable
Keeps up with a1f64f5159 (diff-0ccf69eb4d59a7645eb4d0a0b077e693948edb33ad06df043bba3fb30122879b)
2021-01-03 00:58:31 +02:00
Slavi Pantaleev fb83eccf99 Relocate SQL template file 2021-01-03 00:58:31 +02:00
Sabine Laszakovits 84cac25c11 added config data_dir (else in ~, which isn't set) 2021-01-02 19:01:21 +01:00
Sabine Laszakovits 56af2b1a8c small fixes 2021-01-02 00:56:45 +01:00
Sabine Laszakovits 89f7f3c3b8 added log level configuration 2021-01-02 00:55:55 +01:00
Sabine Laszakovits ffb837d4bc made the bridge use the default postgres db 2021-01-02 00:39:11 +01:00
Sabine Laszakovits a06c58c753 Merge branch 'master' into signal 2021-01-01 21:05:00 +01:00
Slavi Pantaleev 1ed991e25c
Merge pull request #769 from aaronraimist/check-for-buggy-ansible
Check for buggy version of Ansible that Ubuntu 20.04 provides
2020-12-29 11:19:37 +02:00
Slavi Pantaleev 86da489b9b Never fail when stopping systemd service during (SQLite -> Postgres) migration
We need to suppress systemd service-stopping requests in certain rare
cases like https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/771

That issue seems to describe a case, where a migration from mxisd to
ma1sd was happening (DB files had just been moved), and then we were
attemping to stop `matrix-ma1sd.service` so we could import that database into
Postgres. However, there's neither `matrix-mxisd.service`, nor
`matrix-ma1sd.service` after `migrate_mxisd.yml` had just run, so
stopping `matrix-ma1sd.service` was failing.
2020-12-29 10:31:20 +02:00
Aaron Raimist 8827a49e21
Check equality properly 2020-12-26 20:20:00 -06:00
Aaron Raimist 3dd0517f04
Check for buggy version of Ansible that Ubuntu 20.04 provides 2020-12-26 20:13:49 -06:00
Slavi Pantaleev a2a4218e95 Make mautrix-python-based bridges E2EE happier
Fixes a problem like this:
> File "/usr/lib/python3.8/site-packages/mautrix/bridge/e2ee.py", line 79, in __init__
> raise RuntimeError("Unsupported database scheme")

mautrix-python's e2ee.py module expects to find `postgres://` instead of
`postgresql://`.
2020-12-23 15:39:12 +02:00
Slavi Pantaleev 80c72615c7 Fixup all Dimension boolean fields after pgloader import
This is 8b6174786b done right. There were many more fields
that we had to account for.
2020-12-23 14:12:11 +02:00
Slavi Pantaleev 21662af3be Archive database only after additional_psql_statements_list had executed 2020-12-23 14:12:11 +02:00
Stuart Mumford 019a4d7dcd Use role relative paths for things 2020-12-23 11:34:48 +00:00
Slavi Pantaleev be0c599565 Feed more slashes to mautrix bridges when using SQLite
This makes the `sqlite://` URI match what we were using before
and what the config expects.
2020-12-23 13:33:25 +02:00
Slavi Pantaleev 8b6174786b Fixup Dimension database schema a bit after pgloader import 2020-12-23 12:57:43 +02:00
Slavi Pantaleev c5f8b1f61b Fix mautrix-whatsapp Postgres connection string to not use SSL by default 2020-12-23 11:40:22 +02:00
Slavi Pantaleev f19b29846d
Merge pull request #740 from jdreichmann/postgres-per-default
postgres: create databases for all services
2020-12-23 11:00:41 +02:00
Slavi Pantaleev ad1425eee4 Add pgloader self-building support (for ARM) 2020-12-23 09:08:54 +02:00
Slavi Pantaleev 8675dedbdb Add support for automatic (nedb -> Postgres) migration to matrix-appservice-slack 2020-12-22 19:56:52 +02:00
Slavi Pantaleev 9b95e1937c Auto-restart matrix-appservice-irc after (nedb -> Postgres) migration 2020-12-22 19:34:08 +02:00
Slavi Pantaleev 715bdf2c64 Add support for automatic (nedb -> Postgres) migration to mx-appservice-irc 2020-12-22 19:32:43 +02:00
Slavi Pantaleev 15f4cc924d Rename variables (_database_db_name -> _database_name) 2020-12-22 17:10:02 +02:00
Slavi Pantaleev ab6563ce4e Add support for automatic (Postgres -> SQLite) migration to mx-puppet-twitter 2020-12-22 17:09:08 +02:00
Slavi Pantaleev 69cc2145d2 Add support for automatic (Postgres -> SQLite) migration to mx-puppet-steam 2020-12-22 16:51:59 +02:00
Slavi Pantaleev 262a25f997 Add support for automatic (Postgres -> SQLite) migration to mx-puppet-slack 2020-12-22 16:39:21 +02:00
Slavi Pantaleev e49eb078a2 Add support for automatic (Postgres -> SQLite) migration to mx-puppet-skype 2020-12-22 16:29:47 +02:00
Dan Arnfield c3b63c6c97 Update element-web (1.7.15 -> 1.7.16) 2020-12-22 08:29:37 -06:00
Dan Arnfield 10e0fa17ad Update nginx (1.19.5 -> 1.19.6) 2020-12-22 08:23:37 -06:00
Slavi Pantaleev d135cd9cd3 Ensure mx-puppet-discord directories are created before attempting migration
Our old (base-path -> data-path) SQLite migration can't work otherwise.

It's probably not necessary to keep it anymore, but since we still do,
at least we should take care to ensure it works.
2020-12-22 13:44:36 +02:00
Slavi Pantaleev 44c9f4daca Add support for automatic (Postgres -> SQLite) migration to mx-puppet-instagram 2020-12-22 13:30:52 +02:00
Slavi Pantaleev e64758c119 Add missing restart task
Should have been part of 149872e00c
2020-12-22 13:24:53 +02:00
Slavi Pantaleev 149872e00c Add support for automatic (Postgres -> SQLite) migration to mx-puppet-discord 2020-12-22 11:10:10 +02:00
Slavi Pantaleev 9b4bf73587 Fix undefined variable reference 2020-12-22 11:08:07 +02:00
Slavi Pantaleev 6488e11d69 Relocate some tasks 2020-12-22 10:52:36 +02:00
Slavi Pantaleev ca066217d1
Merge pull request #757 from 0x46616c6b/disable-nginx-logging-option
add option to disable nginx access log
2020-12-21 22:30:25 +02:00
louis dcd4716636 add option to disable nginx access log 2020-12-21 21:26:49 +01:00
Slavi Pantaleev d0ee86e0a5 Fix matrix_corporal_docker_image_name_prefix referencing matrix_synapse_ stuff 2020-12-21 15:44:14 +02:00
Agustin Ferrario a06feba281 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2020-12-18 10:22:43 +01:00
Slavi Pantaleev 8748f3d443 Move python{,3}-docker installation to another task
This also adds support for installing python3-docker (not python-docker)
in systems that run Python 3.
2020-12-17 11:49:56 +02:00
Slavi Pantaleev 349fbb6434 Do not hardcode armhf for Raspbian
Raspbian doesn't seem to support arm64, so this is somewhat pointless
right now.

However, they might in the future. Doing this should also unify us
some more with `setup_debian.yml` with the ultimate goal of
eliminating `setup_raspbian.yml`.
2020-12-17 11:47:34 +02:00
Slavi Pantaleev a09ed58892 Ensure gnupg installed on Raspbian
It's likely installed by default, but it doesn't hurt to specify it.
It also makes us more the same with `setup_debian.yml`.
2020-12-17 11:45:32 +02:00
Slavi Pantaleev f545de53f7 Do not hardcode "ubuntu" for the Docker APT key URL
Well, `ubuntu` or `debian`, the same key is served right now,
so it doesn't really matter.

This seems cleaner and less prone to breakage though.
2020-12-17 11:39:18 +02:00
Slavi Pantaleev 55f252a6ed Do not hardcode amd64 in setup_debian.yml
Until now, we've only supported non-amd64 on Raspbian.

Seems like there are now people running Debian/Ubuntu on ARM,
so we were forcing them into amd64 Docker packages.

I've gotten a report that this change fixes support
for Ubuntu Server 20.04 on RPi 4B.
2020-12-17 11:37:30 +02:00
Slavi Pantaleev ed159cc742 Move matrix_architecture to matrix-base
We were only defining this in `group_vars/matrix_servers`, which is
inconsistent with how we normally do things.
2020-12-17 11:33:18 +02:00
Agustin Ferrario 2082242499 Add matrix_nginx_proxy_ssl_config
A new variable called `matrix_nginx_proxy_ssl_config` is created for
configuring how the nginx proxy configures SSL. Also a new configuration
validation option and other auxiliary variables are created.

A new variable configuration called `matrix_nginx_proxy_ssl_config` is
created. This allow to set the SSL configuration easily using the
default options proposed by Mozilla. The default configuration is set to
"Intermediate", removing the weak ciphers used in the old
configurations.

The new variable can also be set to "Custom" for a more granular control.
This allows to set another three variables called:

- `matrix_nginx_proxy_ssl_protocols`,
- `matrix_nginx_proxy_ssl_prefer_server_ciphers`
- `matrix_nginx_proxy_ssl_ciphers`

Also a new task is added to validate the SSL configuration variable.
2020-12-16 10:35:37 +01:00
Slavi Pantaleev 0f4649a45c Merge branch 'master' into postgres-per-default 2020-12-16 03:35:39 +02:00
Slavi Pantaleev a4b8baee49 Fix inability to send (Matrix -> Discord) messages via appservice-discord
Revert "Correct inabillity for appservice-discord to connect"
This reverts commit 673e19f830.

While certain things do work even with such a local URL, sending
messages leads to an error like this:

> [DiscordBot] verbose: DiscordAPIError: Invalid Form Body
> avatar_url: Not a well formed URL.

Fixes https://github.com/Half-Shot/matrix-appservice-discord/issues/649

The sample configuration file for appservice-discord
c29cfc72f5/config/config.sample.yaml (L8)
explicitly says that we need a public URL.
2020-12-16 03:35:13 +02:00
Slavi Pantaleev a197968b7f Make matrix-registration use Postgres by default
Now that 0.7.2 is out, the Docker image supports Postgres
and we can do the (SQLite -> Postgres) migration.

I've also found out that we needed to fix up the `tokens.ex_date` column
data type a bit to prevent matrix-registration from raising exceptions
when comparing `datetime.now()` with `ex_date` coming from the database.

Example:

> File "/usr/local/lib/python3.8/site-packages/matrix_registration/tokens.py", line 58, in valid
> expired = self.ex_date < datetime.now()
> TypeError: can't compare offset-naive and offset-aware datetimes
2020-12-15 23:19:56 +02:00
Slavi Pantaleev 1bd5c240e5 Add support for executing additional DB migration statements
In cases where pgloader is not enough and we need to do some additional
migration work after it, we can now use
`additional_psql_statements_list` and
`additional_psql_statements_db_name`.

This is to be used when migrating `matrix-registration`'s data at the
very least.
2020-12-15 23:18:29 +02:00
Slavi Pantaleev 3289298ac7 Merge branch 'master' into postgres-per-default 2020-12-15 22:02:52 +02:00
Slavi Pantaleev 69f71f48a6 Upgrade matrix-registration (v0.7.1 -> 0.7.2) and use official image
This switches us to a container image maintained by the
matrix-registration developer.

0.7.2 also supports a `base_url` configuration option we can use to
make it easier to reverse-proxy at a different base URL.

We still keep some workarounds, because of this issue:
https://github.com/ZerataX/matrix-registration/issues/47
2020-12-15 22:02:06 +02:00
Slavi Pantaleev e2ba46bf01 Fix Jinja2 syntax error (else if -> elif) 2020-12-14 22:40:37 +02:00
Slavi Pantaleev dd797ba6a7 Fix Postgres database importing/upgrading conflicts
We were running into conflicts, because having initialized
the roles (users) and databases, trying to import leads to
errors (role XXX already exists, etc.).

We were previously ignoring the Synapse database (`homeserver`)
when upgrading/importing, because that one gets created by default
whenever the container starts.

For our additional databases, it's a similar situation now.
It's not created by default as soon as Postgres starts with an empty
database, but rather we create it as part of running the playbook.

So we either need to skip those role/database creation statements
while upgrading/importing, or to avoid creating the additional database
and rely on the import for that. I've gone for the former, because
it's already similar to what we were doing and it's simpler
(it lets `setup_postgres.yml` be the same in all scenarios).
2020-12-14 22:28:20 +02:00
Slavi Pantaleev 2a502db239 Add (SQLite + Postgres) support and automatic migration to matrix-dimension 2020-12-14 21:01:47 +02:00
Slavi Pantaleev 0790a7b2a8 Add support for matrix_dimension_systemd_{required,wanted}_services_list
We were referencing them from `group_vars/matrix_servers` since
recently, but there were no such variables and they weren't being put to
use.
2020-12-14 20:31:07 +02:00
Slavi Pantaleev 374f43735a Separate matrix-dimension install/uninstall tasks 2020-12-14 20:05:31 +02:00
Slavi Pantaleev 8d74593878 Prepare matrix-registation for (SQLite + Postgres) support
Auto-migration and everything seems to work. It's just that
matrix-registration cannot load the Python modules required
for talking to a Postgres database.

Tracked here: https://github.com/ZerataX/matrix-registration/issues/44

Until this gets fixed, we'll continue default to 'sqlite'.
2020-12-14 18:58:37 +02:00
Slavi Pantaleev 516ccb2b2b Separate matrix-registration install/uninstall tasks 2020-12-14 18:12:14 +02:00
transcaffeine 13d8a9b39c
hint supported automatic migration nedb->postgres 2020-12-14 16:33:40 +01:00
Slavi Pantaleev af3ea67bba Add (SQLite + Postgres) support and automatic migration to matrix-ma1sd 2020-12-14 17:16:25 +02:00
Slavi Pantaleev 0ca48f3532 Separate matrix-ma1sd install/uninstall tasks 2020-12-14 16:57:51 +02:00
Slavi Pantaleev 7248eb3c11 Fix syntax error in roles/matrix-bridge-appservice-irc/defaults/main.yml 2020-12-14 16:25:44 +02:00
Slavi Pantaleev cba973d6b5 Enable automatic (SQLite -> Postgres) migration for matrix-appservice-discord 2020-12-14 16:25:22 +02:00
Slavi Pantaleev 13f84e2ad5 Enable automatic (SQLite -> Postgres) migration for matrix-mautrix-whatsapp 2020-12-14 16:21:01 +02:00
Slavi Pantaleev 86a8091768 Enable automatic (SQLite -> Postgres) migration for matrix-mautrix-telegram 2020-12-14 16:19:54 +02:00
Slavi Pantaleev 3ba8520266 Enable automatic (SQLite -> Postgres) migration for matrix-mautrix-hangouts 2020-12-14 16:18:38 +02:00
Slavi Pantaleev bbc08722c5 Enable automatic (SQLite -> Postgres) migration for matrix-mautrix-facebook 2020-12-14 16:14:23 +02:00
Slavi Pantaleev c1431b28f0 Make use of matrix_postgres_db_migration_request.caller 2020-12-14 16:13:57 +02:00
Slavi Pantaleev ac37091d01 Enable automatic (SQLite -> Postgres) migration for matrix-reminder-bot 2020-12-14 16:03:40 +02:00
Slavi Pantaleev dc7850e83c Fix wording and variable names a bit 2020-12-14 16:03:40 +02:00
Slavi Pantaleev bc376c2fb2 Add database migration utility to matrix-postgres role 2020-12-14 16:03:40 +02:00
transcaffeine 54da61f81b
add postgres support mx-appservice-[slack|irc] with fallback to nedb in role and migration notice 2020-12-14 14:08:35 +01:00
Slavi Pantaleev e3a0c9adda Add (Postgres + SQLite) support to matrix-reminder-bot
This has been tested and appears to work.
2020-12-14 15:02:11 +02:00
Slavi Pantaleev dde1c9f899 Fix indentation causing YAML syntax error 2020-12-14 14:53:35 +02:00
Slavi Pantaleev aa828ff9f6 Separate matrix-reminder-bot install/uninstall tasks 2020-12-14 14:50:04 +02:00
Slavi Pantaleev b9a04a7f95 Rename some remaining matrix_*_postgres_* vars back to matrix_*_database_*
Looks like there are some that I missed in 087dbe4ddc
2020-12-14 14:42:18 +02:00
transcaffeine 5d70bc1376
add postgres support for mx-puppet-* with fallback to sqlite in role and migration notice 2020-12-14 13:22:58 +01:00
Slavi Pantaleev 087dbe4ddc Rename matrix_*_postgres_* back to matrix_*_database_*
I was thinking that it makes sense to be more specific,
and using `_postgres_` also separated these variables
from the `_database_` variables that ended up in bridge configuration.

However, @jdreichmann makes a good point
(https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/740#discussion_r542281102)
that we don't need to be so specific and can allow for other engines (like MySQL) to use these variables.
2020-12-14 13:02:47 +02:00
Slavi Pantaleev ce21ea3640 Add (Postgres + SQLite) support to matrix-mautrix-hangouts bridge
I don't use this bridge, so this is completely untested.
2020-12-14 12:34:59 +02:00
Slavi Pantaleev 43d6ff2af8 Fix sqlite usage for mautrix-facebook/mautrix-telegram
Regression since 2d99ade72f and 9bf8ce878e, respectively.

When SQLite is to be used, these bridges expect an `sqlite://`
connection string, and not a plain file name (path), like Appservice
Discord and mautrix-whatsapp do.
2020-12-14 12:30:10 +02:00
Slavi Pantaleev 6c77eae969 Add (Postgres + SQLite) support to matrix-mautrix-whatsapp bridge
I don't use this bridge, so this is completely untested.
2020-12-14 12:24:37 +02:00
Slavi Pantaleev 9bf8ce878e Add (Postgres + SQLite) support to matrix-mautrix-telegram bridge
I don't use this bridge, so this is completely untested.
2020-12-14 12:06:28 +02:00
Slavi Pantaleev a3406a182b Move some things around 2020-12-14 12:04:47 +02:00
Slavi Pantaleev 2d99ade72f Add (Postgres + SQLite) support to matrix-mautrix-facebook bridge 2020-12-14 11:50:42 +02:00
Slavi Pantaleev 5dba0c038b Make --tags=import-generic-sqlite-db commands not pass a sensitive connection string around
Instead of passing the connection string, we can now pass a name of a
variable, which contains a connection string.

Both are supported for having extra flexibility.
2020-12-14 11:47:00 +02:00
Slavi Pantaleev d91aa5a060 Do not introduce sub-variables exposing implementation details 2020-12-14 10:52:07 +02:00
Slavi Pantaleev f1e85f7112 Don't mention Postgres roles, just say users 2020-12-14 10:04:37 +02:00
Slavi Pantaleev 4617984b9f Add (SQLite -> Postgres) migration instructions 2020-12-14 02:24:32 +02:00
Slavi Pantaleev cb969c6ca2 Add --tags=import-generic-sqlite-db (pgloader import)
This can be used by various bridges, etc., to import an SQLite
(or some other supported) database into Postgres.
2020-12-14 02:23:29 +02:00
Slavi Pantaleev c66c084027 Merge branch 'master' into postgres-per-default 2020-12-14 01:51:15 +02:00
Slavi Pantaleev 6e1dfb62f0 Rename some doc files and commands related to importing
Since we'll likely have generic SQLite database importing
via [pgloader](https://pgloader.io/) for migrating bridge
databases from SQLite to Postgres, we'd rather avoid
calling the "import Synapse SQLite database" command
as just `--tags=import-sqlite-db`.

Similarly, for the media store, we'd like to mention that it's
related to Synapse as well.

We'd like to be more explicit, so as to be less confusing,
especially in light of other homeserver implementations
coming in the future.
2020-12-14 01:51:00 +02:00
Slavi Pantaleev b87b754372 Fail if appservice-discord wants Postgres, but has leftover SQLite data 2020-12-14 01:36:15 +02:00
Slavi Pantaleev 183d2a10db Ensure matrix-postgres.service is started before creating additional users/databases 2020-12-14 00:59:59 +02:00
Slavi Pantaleev a374d309c8 Make appservice-discord support both SQLite and Postgres
People can toggle between them now. The playbook also defaults
to using SQLite if an external Postgres server is used.

Ideally, we'd be able to create databases/users in external Postgres
servers as well, but our initialization logic (and `docker run` command,
etc.) hardcode too many things right now.
2020-12-14 00:52:25 +02:00
Slavi Pantaleev 46a4034d3e Use "password" for additional Postgres databases, not "pass"
Being more explicit sounds better.
2020-12-14 00:43:03 +02:00
Slavi Pantaleev 3a037a5993 Ensure additional databases contain all the keys that we expect 2020-12-14 00:39:38 +02:00
Slavi Pantaleev da4cb2f639 Do not use the postgresql_user/postgresql_db modules
While these modules are really nice and helpful, we can't use them
for at least 2 reasons:

- for us, Postgres runs in a container on a private Docker network
(`--network=matrix`) without usually being exposed to the host.
These modules execute on the host so they won't be able to reach it.

- these modules require `psycopg2`, so we need to install it before
using it. This might or might not be its own can of worms.
2020-12-14 00:31:38 +02:00
Slavi Pantaleev bbc09d013b Do not execute additional databases creation code if not necessary
The tasks in `create_additional_databases.yml` will likely
ensure `matrix-postgres.service` is started, etc.

If no additional databases are defined, we'd rather not execute that
file and all these tasks that it may do in the future.
2020-12-13 23:46:05 +02:00
Slavi Pantaleev c765ceb270 Prevent weird loop error
> Invalid data passed to 'loop', it requires a list, got this instead: matrix_postgres_additional_databases. Hint: If you passed a list/dict of just one element, try adding wantlist=True to your lookup invocation or use q/query instead of lookup.

Well, or working around it, as I've done in this commit (which seems
more sane than `wantlist=True` stuff).
2020-12-13 22:56:56 +02:00
Slavi Pantaleev e2952f16f7 Determine matrix-postgres IP address without relying on jq
To avoid needing to have `jq` installed on the machine, we could:
- try to run jq in a Docker container using some small image providing
that
- better yet, avoid `jq` altogether
2020-12-13 22:45:48 +02:00
Slavi Pantaleev f47e8a97e6 Make use of matrix_host_command_docker instead of hardcoding 2020-12-13 22:38:35 +02:00
Slavi Pantaleev 0641106370 Allow username of additional Postgres databases to be different
We'll most likely use one that matches the database name, but
it's better to have it configurable.
2020-12-13 22:37:04 +02:00
Slavi Pantaleev 527d5f57d5 Relocate Postgres additional database creation logic
Moving it above the "uninstalling" set of tasks is better.
Extracting it out to another file at the same time, for readability,
especially given that it will probably have to become more complex in
the future (potentially installing `jq`, etc.)
2020-12-13 22:37:04 +02:00
Slavi Pantaleev dac0d3a682 Add default matrix_postgres_additional_databases 2020-12-13 21:07:16 +02:00
Slavi Pantaleev 77a5c7cf3c Merge branch 'master' into postgres-per-default 2020-12-13 21:04:15 +02:00
Slavi Pantaleev 47613e5a27 Remove synapse-janitor support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/746
2020-12-11 23:24:42 +02:00
Slavi Pantaleev 86988ae180 Switch matrix-registration to v0.7.1
Now that a new release has been made, we no longer need to use
`latest` / `master`.

Related to 0a9109771d and https://github.com/ZerataX/matrix-registration/issues/43
2020-12-11 22:52:42 +02:00
Slavi Pantaleev 0a9109771d Use latest/master version of matrix-registration
v0.7.0 is broken right now, because it calls
`/_matrix/client/r0/admin/register`, which is now at
`/_synapse/admin/v1/register`.

This has been fixed here: 6b26255fea

.. but it's not part of any release.

Switching to `master` (`docker.io/devture/zeratax-matrix-registration:latest`) until it gets resolved.

Reported upstream here: https://github.com/ZerataX/matrix-registration/issues/43
2020-12-11 22:22:07 +02:00
Aaron Raimist 3c2a644e5c
Upgrade synapse-admin (v0.5.0 -> 0.6.1) 2020-12-10 16:28:48 -06:00
Slavi Pantaleev 7593d969e3 Make matrix-mailer not occupy matrix_server_fqn_matrix
Starting with Docker 20.10, `--hostname` seems to have the side-effect
of making Docker's internal DNS server resolve said hostname to the IP
address of the container.

Because we were giving the mailer service a hostname of `matrix.DOMAIN`,
all requests destined for `matrix.DOMAIN` originating from other
services on the container network were resolving to `matrix-mailer`.
This is obviously wrong.

Initially reported here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/748

We normally try to not use the public hostname (and IP address) on the
container network and try to make services talk to one another locally,
but it sometimes could happen.

With this, we use a `matrix-mailer` hostname for the matrix-mailer
container. My testing shows that it doesn't cause any trouble with
email deliverability.
2020-12-10 23:51:11 +02:00
transcaffeine d9f4914e0d
WIP: postgres: create databases for all services
If a service is enabled, a database for it is created in postgres with a uniqque password. The service can then use this database for data storage instead of relying on sqlite.
2020-12-10 18:26:22 +01:00
Slavi Pantaleev d08b27784f Fix systemd services autostart problem with Docker 20.10
The Docker 19.04 -> 20.10 upgrade contains the following change
in `/usr/lib/systemd/system/docker.service`:

```
-BindsTo=containerd.service
-After=network-online.target firewalld.service containerd.service
+After=network-online.target firewalld.service containerd.service multi-user.target
-Requires=docker.socket
+Requires=docker.socket containerd.service
Wants=network-online.target
```

The `multi-user.target` requirement in `After` seems to be in conflict
with our `WantedBy=multi-user.target` and `After=docker.service` /
`Requires=docker.service` definitions, causing the following error on
startup for all of our systemd services:

> Job matrix-synapse.service/start deleted to break ordering cycle starting with multi-user.target/start

A workaround which appears to work is to add `DefaultDependencies=no`
to all of our services.
2020-12-10 11:43:20 +02:00
John Goerzen 673e19f830
Correct inabillity for appservice-discord to connect
After recently updating my matrix-docker-ansible-deploy installation, matrix-appservice-discord would refuse to start, logging ECONNREFUSED to https://matrix.[mydomain]:443, which was resolving to 172.18.0.2 due to the `--hostname` in mailer grabbing that hostname.

Curious why the IRC bridge didn't have this issue, I looked into it, and it was connecting to `http://matrix-synapse:8008`.  Correcting this one to that URL resolved the issue.
2020-12-09 21:20:06 -06:00
Slavi Pantaleev 245b749946 Upgrade Synapse for ARM (v1.23.0 -> v1.24.0)
Continuation of aa86e0dac6, now that ARM images are out.
2020-12-09 20:54:18 +02:00
Slavi Pantaleev aa86e0dac6 Upgrade Synapse (v1.23.0 -> v1.24.0)
Because the ARM images are not pushed yet, we hold back to v1.23.0
for now.
2020-12-09 13:31:10 +02:00
benkuly ad92c61fdd updated matrix-sms-bridge 2020-12-09 09:45:44 +01:00
Slavi Pantaleev c07c927d9f Automatically enable openid listeners when ma1sd enabled
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)

If federation is disabled, we still need to expose these openid APIs on the
federation port.

Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).

Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.

With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
2020-12-08 16:59:20 +02:00
Slavi Pantaleev 8c02f7b79b Upgrade services 2020-12-07 15:18:03 +02:00
Slavi Pantaleev d556aa943f Update docker-ce.repo to not hardcode $releasever=7
This keeps it in line with https://download.docker.com/linux/centos/docker-ce.repo

Whether or not Docker works well on CentOS 8 for our purposes
hasn't been verified yet.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300
2020-12-07 07:20:47 +02:00
Slavi Pantaleev 7372480e95 Properly serialize some ma1sd configuration values
We've had a report of the `connection` value getting cut off,
supposedly because it contains something that breaks off the string.

Using `|to_json` takes care of it.
2020-12-06 23:59:58 +02:00
Hardy Erlinger ec2a9d4852 Remove the recording button from the Jitsi UI if recording is disabled. 2020-12-06 13:50:45 +01:00
Béla Becker 6f9b4bd9ac Drop workaround for old Ansible docker_network bug 2020-12-05 19:02:10 +01:00
Béla Becker 6921ec4b8a Revert "Work around buggy docker_network sometimes failing to work"
The docker_network bug was fixed two years ago
This reverts commit 36658addcd.
2020-12-05 19:02:10 +01:00
Slavi Pantaleev a5ae7e9ef0 Add self-building support to matrix-corporal 2020-12-04 01:48:08 +02:00
Slavi Pantaleev b3d91ed488 Fix passing of matrix_appservice_discord_auth_usePrivilegedIntents 2020-12-04 01:06:42 +02:00
Slavi Pantaleev 05cecb5261 Merge branch 'discord-v1.0'
This may be a bit premature, because the bridge didn't work for me
the last time I tried it (RC3).

Some bugs have been fixed to make our config compatible with v1.0.0
though, so it may work for some people (especially those starting
fresh).

I'm not for shipping potentially broken things, but given that we were
using `docker.io/halfshot/matrix-appservice-discord:latest` and that
points to v1.0.0 already (with no other tag we can use), our setup was
already broken in any case.

Now, at least it has some chance of running.
2020-12-03 15:17:30 +02:00
Slavi Pantaleev edd40811a5 Update matrix-appservice-discord to v1.0.0 final 2020-12-03 15:16:26 +02:00
Marcel Partap b6b95fe742 synapse workers-doc-to-yaml script: compatibility++ with non-gnu awk 2020-12-02 23:22:02 +01:00
Marcel Partap 3156d96619 synapse workers-doc-to-yaml.awk: escape slash for non-gnu awk versions 2020-12-02 00:29:20 +01:00
Marcel Partap e892ac464f synapse workers: untangle config template and specify bind address
.. to mitigate log noise - WARNING:
Failed to listen on 0.0.0.0, continuing because listening on [::]
2020-12-01 23:49:23 +01:00
Marcel Partap f201bca519 synapse workers: define and expose METRICS port for each worker
As seen on TV:
https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md#monitoring-workers
2020-12-01 22:49:15 +01:00
Marcel Partap af08f18779 synapse workers default config: disable user_dir worker for now
(until https://github.com/matrix-org/synapse/issues/8787 is resolved)
2020-12-01 22:22:04 +01:00
Marcel Partap 414b812a29 synapse role workers setup: make configs clean action remote compatible
Many people probably didn't even know this - that ansible can be
quite a bit picky about what it will be willing to work with remotely.

Thanks @maxklenk !
2020-12-01 22:20:27 +01:00
Marcel Partap d5932ca393 synapse role workers setup: execute the endpoint extraction locally
Thanks @maxklenk !
2020-12-01 22:18:42 +01:00
Marcel Partap 851c25c47f matrix-synapse nginx template: fix invalid jinja comment syntax 2020-12-01 21:55:07 +01:00
Marcel Partap b73ac965ac Merge remote-tracking branch 'origin/master' into synapse-workers 2020-12-01 21:24:26 +01:00
Slavi Pantaleev 04da1bddf7 Update matrix-mautrix-facebook config a bit
This also disables presence if it's disabled for Synapse.
2020-12-01 11:55:18 +02:00
Slavi Pantaleev 90078dd296 Add matrix_services_autostart_enabled variable for preventing services autostart
Some people requested that `--tags=start` not set up service autostart.

One can now do `--tags=start --extra-vars="matrix_services_autostart_enabled=false"`
to just start services ones and not set up autostarting.
2020-11-30 20:58:21 +02:00
Slavi Pantaleev e0d7d5f0ca Disable Jitsi recording/transcriptions by default
It's not like it worked anyway, because we don't have the necessary
services installed for transcription (Jigasi), nor recording (Jibri).

Disabling these, should hopefully disable their related elements
in the Jitsi Web UI.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/726
2020-11-28 22:31:00 +02:00
Slavi Pantaleev be5263f397 Move self-building git repository URLs to variables (stop hardcoding) 2020-11-28 21:34:14 +02:00
Slavi Pantaleev b354155d7c Make JVB websockets reverse-proxying work 2020-11-27 17:57:15 +02:00
Slavi Pantaleev fa76128fd8 Update Jitsi to build 5142
This supersedes/fixes-up this Pull Request:
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/719

The Jitsi Web and JVB containers now (in build 5142) always
start by bulding their own default configuration
(`config.js` and `sip-communicator.properties`, respectively).

The fact that we were generating these files ourselves was no longer of use,
because our configuration was thrown away in favor of the one created
by the containers on startup.

With this commit, we're completely redoing things. We no longer
generate these configuration files. We try to pass the proper
environment variables, so that Jitsi services can generate the
configuration files themselves.

Besides that, we try to use the "custom configuration" mechanism
provided by Jitsi Web and Jitsi JVB (`custom-config.js` and
`custom-sip-communicator.properties`, respectively), so that
we and our users can inject additional configuration.

Some configuration options we had are gone now. Others are no longer
controllable via variables and need to be injected using
the `_config_extension` variables that we provide.

The validation logic that is part of the role should take care
to inform people about how to upgrade (if they're using some custom
configuration, which needs special care now). Most users should not
have to do anything special though.
2020-11-27 17:57:15 +02:00
benkuly f93a4f6474 updated matrix-sms-bridge 2020-11-27 16:01:24 +01:00
Slavi Pantaleev d702e74079 Fix matrix-nginx-proxy static files mounting when SSL retrieval is none
Fixup for 12867e9f18.

This shouldn't have been caught in the `if`.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734
2020-11-26 18:40:15 +02:00
Slavi Pantaleev 12867e9f18 Do not try to mount /matrix/ssl when matrix_ssl_retrieval_method is 'none'
Since the switch from `-v` to `--mount` (in 1fca917ad1),
we've regressed when `matrix_ssl_retrieval_method == 'none'`.

In such a case, we don't create `/matrix/ssl` directories at all
and shouldn't be trying to mount them into the `matrix-nginx-proxy`
container.

Previously, with `-v`, Docker would auto-create them, effectively hiding
our mistake. Now that `--mount` doesn't do such auto-creation magic,
the `matrix-nginx-proxy` container was failing to start.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734
2020-11-26 09:55:26 +02:00
Slavi Pantaleev 796c752b60 Ensure Postgres passwords are not longer than 99 characters
Complements https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/732
2020-11-26 09:51:48 +02:00
Slavi Pantaleev 47db2d5363
Merge pull request #730 from benkuly/master
updates matrix-sms-bridge (changed SMS provider)
2020-11-25 16:36:11 +02:00
Slavi Pantaleev 75f9fde7a4 Remove some more -v usage
Continuation of 1fca917ad1.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/722
2020-11-25 10:49:59 +02:00
Slavi Pantaleev 1fca917ad1 Replace some -v instances with --mount
`-v` magically creates the source destination as a directory,
if it doesn't exist already. We'd like to avoid this magic
and the potential breakage that it might cause.

We'd rather fail while Docker tries to find things to `--mount`
than have it automatically create directories and fail anyway,
while having contaminated the filesystem.

There's a lot more `-v` instances remaining to be fixed later on.
This is just some start.

Things like `matrix_synapse_container_additional_volumes` and
`matrix_nginx_proxy_container_additional_volumes` were not changed to
use `--mount`, as options for each one are passed differently
(`ro` is `ro`, but `rw` doesn't exist and `slave` is `bind-propagation=slave`).
To avoid breaking people's custom volume mounts, we keep it as it is for now.

A deficiency with `--mount` is that it lacks the `z` option (SELinux
ownership changes), and some of our `-v` instances use that. I'm not
sure how supported SELinux is for us right now, but it might be,
and breaking that would not be a good idea.
2020-11-24 10:26:05 +02:00
Slavi Pantaleev 27c9014cb8 Improve uninstallation instructions
Also switches to using `docker system prune -a` for a less invasive
cleanup of Docker images and related resources.
2020-11-24 09:38:17 +02:00
Slavi Pantaleev 3e2355282b Upgrade Postgres minor versions
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/727
2020-11-24 09:06:19 +02:00
Aaron Raimist c9d2ef7981
Upgrade Element (1.7.13 -> 1.7.14) 2020-11-23 23:05:54 -06:00
benkuly ff9a4e90c4 updated matrix-sms-bridge 2020-11-23 13:43:04 +01:00
benkuly 3a2e058f2e updated version of matrix-sms-bridge 2020-11-23 13:07:08 +01:00
benkuly f1ceb49ae2 fixed wrong path of truststore 2020-11-23 12:52:16 +01:00
benkuly ad1f0a01ce fixed systemd service typo 2020-11-23 12:49:28 +01:00
benkuly 76b0b9dc34 fixed application.yml loading 2020-11-23 12:48:08 +01:00
benkuly 2fb42dd7f1 fixed typo in truststore path 2020-11-23 12:38:17 +01:00
benkuly 75600aa357 Merge remote-tracking branch 'github/master' 2020-11-23 12:31:14 +01:00
benkuly 4713e5d5f7 updated matrix-sms-bridge to 0.5.0 2020-11-23 12:30:39 +01:00
Slavi Pantaleev 6c85b84c1e Fix self-building for synapse-admin 2020-11-18 18:36:03 +02:00
Slavi Pantaleev b627d93cdc Update homeserver.yaml to keep up with Synapse v1.23.0
Related to #724 (Github Pull Request)
2020-11-18 16:57:50 +02:00
transcaffeine c58a7e03c7
synapse: update to 1.23.0 2020-11-18 14:16:46 +01:00
Slavi Pantaleev 41fa00edb4 Revert "Update jitsi web to stable-5142"
This reverts commit 078592454c
due to reports of breakage both in the support chat room
and in here https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/719
2020-11-18 12:54:43 +02:00
transcaffeine f7d7190bd0
update mautrix-telegram to 0.9.0 2020-11-17 21:20:12 +01:00
benkuly 8153e25d2d updated matrix-sms-bridge image 2020-11-16 13:59:03 +01:00
benkuly 787a9ef8ad updated matrix-sms-bridge image 2020-11-16 11:51:11 +01:00
benkuly 775b1ca7af updated matrix-sms-bridge image version 2020-11-15 12:12:44 +01:00
Slavi Pantaleev ccabc82d4c Use more fully-qualified container images
This is both for consistency with 93cc71cb69976c
and for making things more obvious.
2020-11-14 23:01:11 +02:00
Slavi Pantaleev 5eed874199 Improve self-building experience (avoid conflict with pullable images)
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/716

This patch makes us use more fully-qualified container image names
(either prefixed with docker.io/ or with localhost/).

The latter happens when self-building is enabled.

We've recently had issues where if an image was removed manually
and the service was restarted (making `docker run` fetch it from Docker Hub, etc.),
we'd end up with a pulled image, even though we're aiming for a self-built one.
Re-running the playbook would then not do a rebuild, because:
- the image with that name already exists (even though it's something
else)
- we sometimes had conditional logic where we'd build only if the git
repo changed

By explicitly changing the name of the images (prefixing with localhost/),
we avoid such confusion and the possibility that we'd automatically pul something
which is not what we expect.

Also, I've removed that condition where building would happen on git
changes only. We now always build (unless an image with that name
already exists). We just force-build when the git repo changes.
2020-11-14 23:00:49 +02:00
João Marques 078592454c Update jitsi web to stable-5142
Changelog https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_5142
2020-11-13 18:13:45 +00:00
benkuly c985e17f18 updated matrix-sms-bridge 2020-11-13 08:44:21 +01:00
Slavi Pantaleev 6dbb90258e Mention and recommend enabling usePrivilegedIntents 2020-11-13 08:23:40 +02:00
Slavi Pantaleev fe7bed5df3 Upgrade appservice-discord 2020-11-12 08:21:02 +02:00
Marcel Partap 4678c5d7bd Merge remote-tracking branch 'origin/master' into synapse-workers
Also, replace vague FIXME by a proper NOTE on the complete
story of the user_dir endpoints..
2020-11-11 21:26:08 +01:00
Slavi Pantaleev 4dbec2470f Fix systemd_path being undefined breakage
Regression since #681 (Github Pull Request).

Fixes #715 (Github Issue).
2020-11-11 00:45:02 +02:00
Slavi Pantaleev 4d12a6f8e9
Merge pull request #681 from scottcrossen/slc/ddclient
Dynamic DNS
2020-11-10 23:54:21 +02:00
Slavi Pantaleev 1427286cec Integrate matrix-dynamic-dns with matrix-nginx-proxy without causing a dependency
We'd like the roles to be self-contained (as much as possible).

Thus, the `matrix-nginx-proxy` shouldn't reference any variables from
other roles. Instead, we rely on injection via
`group_vars/matrix_servers`.

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Slavi Pantaleev 8782919d85 Ensure matrix_dynamic_dns_domain_configurations contains configurations
If `matrix_dynamic_dns_enabled`, we'd like to ensure there's at least
one configuration defined.

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Slavi Pantaleev 97a7c8b0f0 Fix matrix_dynamic_dns_domain_configurations validation check
- `item` was undefined
- `'key' in configurations == ''` was doing the wrong thing

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Slavi Pantaleev fef44b93d3 Define the matrix_dynamic_dns_domain_configurations variable in the role
Having it unset in the role itself (while referencign it) is a little strange.

Now people can look at the `roles/matrix-dynamic-dns/defaults/main.yml`
file and figure out everything that's necessary to run the role.

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Marcel Partap f3d2797d9c synapse workers: make awk script invocation handle paths with spaces
(quoting ftw)
2020-11-10 22:40:48 +01:00
Marcel Partap b05d298ae4 synapse workers nginx rule: add client_max_body_size on media endpoints
so transfer limits are properly set in accord to the relevant setting
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456#issuecomment-719996778
2020-11-10 21:43:33 +01:00
Marcel Partap 1e971312e8 synapse workers: handle auth fallback endpoint on main process only
(allegedly breaks with SSO enabled)
2020-11-10 21:23:19 +01:00
Marcel Partap e5072c20d9 synapse workers/nginx: handle media_repository worker endpoints on federation port
to prevent "404 on the federation port for the path `/_matrix/media`,
if a remote server is trying to get the media object on federation
port, see https://github.com/matrix-org/synapse/issues/8695 "

https://github.com/matrix-org/synapse/pull/8701
2020-11-10 20:35:39 +01:00
Aaron Raimist 31619e0968
Upgrade Element (1.7.12 -> 1.7.13) 2020-11-10 11:27:15 -06:00
Slavi Pantaleev 235299939d Upgrade nginx (1.19.3 -> 1.19.4) 2020-11-10 09:30:00 +02:00
Scott Crossen 59bb6b2971 responded to reviewer comments 2020-11-09 13:32:58 -08:00
Scott Crossen e894befd87 Updates to reviewer comments 2020-11-07 17:53:13 -08:00
Slavi Pantaleev 350c39d745 Update comment 2020-11-02 11:13:25 +02:00
Slavi Pantaleev ef68d3d296 Add support for reverse-proxying /_synapse/oidc
This broke in 63a49bb2dc.

Proxying the OpenID Connect endpoints is now possible,
but needs to be enabled explicitly now.

Supersedes #702 (Github Pull Request).

This patch builds up on the idea from that Pull Request,
but does things in a cleaner way.
2020-11-02 11:10:03 +02:00
Slavi Pantaleev 5c91e56898 Upgrade Synapse (v1.22.0 -> v1.22.1) 2020-10-30 19:35:55 +02:00
Aaron Raimist c33d007306
Switch to the new vectorim/element-web Docker image 2020-10-29 11:46:58 -05:00