pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
2793 commits 2 branches 0 tags 16 MiB
Commit graph

1798 commits

Author SHA1 Message Date
Slavi Pantaleev 72a7cb4145
Merge pull request #1018 from GoMatrixHosting/master 
GoMatrixHosting v0.4.3
 2021-04-22 14:23:30 +03:00
Slavi Pantaleev e3fa3e12bc Upgrade Synapse (1.31 -> 1.32.2) 2021-04-22 14:22:07 +03:00
Michael-GMH 50d7209c5b GMH v04.3 2021-04-22 11:45:59 +08:00
Slavi Pantaleev 378fabf177 Revert "Upgrade Synapse (1.31 -> 1.32.1)" 
This reverts commit 1fb54a37cb.

Seems like it's been pulled or something. It used to exist, but not
anymore. Not sure what's going on.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1017

Related to
https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-21 23:36:58 +03:00
Slavi Pantaleev 1fb54a37cb Upgrade Synapse (1.31 -> 1.32.1) 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-21 18:47:15 +03:00
Slavi Pantaleev d691cc0920 Move variable definition a bit 2021-04-21 13:59:20 +03:00
Slavi Pantaleev e00ef04b57 Add opt-out-of-FLoC headers by default 2021-04-21 13:58:24 +03:00
Slavi Pantaleev 42783972fd
Merge pull request #1011 from aaronraimist/synapse-admin 
Upgrade synapse-admin (0.7.0 -> 0.7.2)
 2021-04-21 09:24:30 +03:00
Slavi Pantaleev ca786cc343 Revert "Upgrade Synapse (1.31 -> 1.32)" 
This reverts commit f825c7c263.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-20 23:40:55 +03:00
Aaron Raimist bb64b80697
Upgrade synapse-admin (0.7.0 -> 0.7.2) 2021-04-20 15:14:08 -05:00
Slavi Pantaleev f825c7c263 Upgrade Synapse (1.31 -> 1.32) 2021-04-20 17:47:34 +03:00
Slavi Pantaleev 7eda6a3c12
Merge pull request #1009 from thedanbob/coturn-official 
Switch to official coturn image
 2021-04-19 18:41:17 +03:00
Slavi Pantaleev adcecaffaf Fix connectivity between prometheus and prometheus-node-exporter 
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008

This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)

A better patch is certainly welcome.
 2021-04-19 18:29:03 +03:00
Dan Arnfield b2ca1f2829 Add capability required by new image 2021-04-19 10:16:26 -05:00
Slavi Pantaleev 398b9f5d66
Merge pull request #1008 from sakkiii/master 
security** node-exporter data & port publicly exposed
 2021-04-19 17:31:00 +03:00
Dan Arnfield 29177d4922 Switch to official coturn docker image 2021-04-19 09:04:08 -05:00
sak 88a30fb5ed security** node-exporter data & port publicly exposed 2021-04-19 15:35:23 +05:30
sak 0f9a455719 Revert "security** node-exporter data & port publicly exposed" 
This reverts commit d0cd709c08.
 2021-04-19 15:24:36 +05:30
sak d0cd709c08 security** node-exporter data & port publicly exposed 2021-04-19 15:15:59 +05:30
Slavi Pantaleev 4a1739f604
Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version 
Don't expose nginx version with each response
 2021-04-18 21:33:11 +03:00
teutat3s 2bf7c26cfa
Don't expose nginx version with each response 2021-04-18 16:24:13 +02:00
Slavi Pantaleev c565e72f0d
Merge pull request #1003 from sakkiii/patch-2 
updated matrix_grafana_docker_image to v7.5.4
 2021-04-18 09:56:12 +03:00
Slavi Pantaleev 51b46697c5
Merge pull request #1005 from sakkiii/master 
Improve security for grafana
 2021-04-18 09:50:59 +03:00
Dan Arnfield f04614a993 Fix prometheus network for ansible < 2.8 2021-04-17 20:15:26 -05:00
Slavi Pantaleev badd81e0ec Revert "Attempt to fix docker_network result discrepancy between Ansible versions" 
This reverts commit 68ca81c8c2.
 2021-04-17 19:31:20 +03:00
sakkiii 1958d0792d Update matrix-client-element.conf.j2 2021-04-17 21:33:07 +05:30
sakkiii b6d45c5fd8 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-17 21:03:26 +05:30
sakkiii 05042f5ff1 Improve security grafana 
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
 2021-04-17 21:03:05 +05:30
sakkiii 27377e099d
updated matrix_grafana_docker_image to v7.5.4 
Latest stable grafana version is [7.5.4 (2021-04-14)](https://github.com/grafana/grafana/releases/tag/v7.5.4)
 2021-04-17 17:31:14 +05:30
Slavi Pantaleev 68ca81c8c2 Attempt to fix docker_network result discrepancy between Ansible versions 
Supposedly fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/907
 2021-04-17 11:42:06 +03:00
Slavi Pantaleev 9c1f41eadf
Merge pull request #1002 from thedanbob/node-exporter-1.1.2 
Update prometheus node exporter (1.1.0->1.1.2)
 2021-04-17 11:15:13 +03:00
Dan Arnfield 8a550ce67c Update prometheus (2.24.1->2.26.0) 2021-04-16 09:25:45 -05:00
Dan Arnfield 83cc5c9e6a Update prometheus node exporter (1.1.0 -> 1.1.2) 2021-04-16 09:17:04 -05:00
teutat3s 009623a26d
Merge branch 'master' into pub.solar 2021-04-16 13:07:43 +02:00
sakkiii 5dc642ace1
Nginx element web: XSS protection & nosniff header 
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
 2021-04-16 14:45:04 +05:30
Slavi Pantaleev fcb9e9618a Make Coturn TLSv1/v1.1 configurable 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
 2021-04-16 09:29:32 +03:00
teutat3s 44d8dd8c1a
Merge branch 'master' into pub.solar 2021-04-16 00:33:50 +02:00
sakkiii 540416e32d
Disable support for TLS 1.0 and TLS 1.1 
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
 2021-04-15 19:25:23 +05:30
Michael-GMH 89cb5a3d7a GMH v0.4.2 update 2021-04-15 17:07:03 +08:00
teutat3s 57d9f96cee
Merge branch 'master' into pub.solar 2021-04-14 16:04:15 +02:00
Slavi Pantaleev c7c137df74 Upgrade nginx and certbot 2021-04-14 13:24:41 +03:00
Slavi Pantaleev 931452bb06 Upgrade exim (4.93 -> 4.94) 2021-04-14 08:57:01 +03:00
rakshazi 4f8e1bd43a
Updated Element Web 1.7.24.1 -> 1.7.25 2021-04-12 18:04:56 +00:00
Ahmad Haghighi e335f3fc77 rename matrix_global_registry to matrix_container_global_registry_prefix related to #990 
Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
 2021-04-12 17:23:55 +04:30
Ahmad Haghighi f52a8b6484 use custom docker registry 2021-04-12 17:23:55 +04:30
Aaron Raimist 3d2142f88b
Add sanity check for server architecture 2021-04-10 16:14:32 -05:00
teutat3s 7ac348e705
Add mastodon .well-known redirect for pub.solar 2021-04-07 23:41:37 +02:00
teutat3s 9f45a11f84
Merge branch 'master' into pub.solar 2021-04-07 23:10:22 +02:00
Marcus 3e119e483e
Update init.yml 
fix nginx boot loop
 2021-04-07 21:34:16 +02:00
Slavi Pantaleev 4830b7d830 Upgrade Synapse for ARM64 (1.30.1 -> 1.31.0) 2021-04-06 17:22:25 +03:00
Slavi Pantaleev 3f426de599 Upgrade Synapse (1.30.1 -> 1.31.0) 2021-04-06 16:00:10 +03:00
Slavi Pantaleev c386e8e9db Use integers for some variables 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
 2021-04-05 11:38:23 +03:00
Slavi Pantaleev 832e191ab8 Fix incorrect variable usage in when statement 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
 2021-04-05 11:32:48 +03:00
Slavi Pantaleev 1b55766927 Do not redefine matrix-postgres role vars in matrix-postgres-backup 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
 2021-04-05 11:32:19 +03:00
Slavi Pantaleev 298556e02e Fix undefined matrix_postgres_backup_detected_version_corresponding_docker_image 
.. and prevent variable name overlap with `matrix-postgres` for the
other variables as well.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
 2021-04-05 11:23:12 +03:00
Slavi Pantaleev 0a107dc0ce
Merge pull request #868 from foxcris/postgres-backup 
- Added a postgres-backup role
 2021-04-05 10:53:04 +03:00
foxcris 2178f3612f - matrix_postgres_backup_databases now uses more simple structure 2021-04-05 09:05:41 +02:00
Slavi Pantaleev 560777cc16
Merge pull request #981 from aaronraimist/grafana 
Allow special characters in Grafana password and upgrade Grafana
 2021-04-04 10:04:07 +03:00
Michael f41bfb69d2 update survey template formatting 2021-04-04 12:01:53 +08:00
Michael 814bdf5a88 update spelling 2021-04-04 11:52:26 +08:00
Michael fbe22289bd merge with upstream and testing branch 2021-04-04 11:41:06 +08:00
Aaron Raimist 458c17b9d0
Upgrade Grafana (7.4.0 -> 7.5.2) 2021-04-03 16:41:30 -05:00
Aaron Raimist 504f1b6445
Allow special characters in Grafana password 2021-04-03 16:41:10 -05:00
Slavi Pantaleev 995c483856
Merge pull request #962 from aaronraimist/mjolnir 
Add mjolnir
 2021-04-03 10:45:29 +03:00
Slavi Pantaleev f183add44d
Merge pull request #977 from aaronraimist/simple-antispam 
Upgrade synapse-simple-antispam (0.0.1 -> 0.0.3)
 2021-04-03 08:45:14 +03:00
Aaron Raimist 81dddd2e25
Upgrade Element (1.7.24 -> 1.7.24.1) 2021-04-02 18:43:30 -05:00
Aaron Raimist c43bd412dd
Upgrade synapse-simple-antispam (0.0.1 -> 0.0.3) 2021-04-02 18:08:08 -05:00
Aaron Raimist 1ecee625d5
Depend on more services, add a delay 2021-04-02 17:07:24 -05:00
Slavi Pantaleev a88391edf5
Merge pull request #972 from JohannesKleine/nginx-config 
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2
 2021-03-31 10:30:57 +03:00
teutat3s 1e7c5abbf3
Merge branch 'mautrix-signal/update-config' into pub.solar 2021-03-31 03:10:46 +02:00
teutat3s 0b5e903693
Updates to mautrix-signal config 
See these last commits:

tulir/mautrix-signal@4fc34330c1

tulir/mautrix-signal@64bc5c36a5

tulir/mautrix-signal@ddda1666d4
 2021-03-31 02:51:23 +02:00
teutat3s 8c261b296b
Merge branch 'master' into pub.solar 2021-03-30 19:59:14 +02:00
Christoph Johannes Kleine fcd66b2889
rename variables 2021-03-30 16:41:32 +02:00
Christoph Johannes Kleine 8ba1105010
rename variable 2021-03-30 15:59:10 +02:00
Christoph Johannes Kleine 3a772f2f65
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2 2021-03-30 14:11:20 +02:00
Slavi Pantaleev 93960b70be Do not fail if _matrix-identity DNS SRV record missing 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/963

This also simplifies Prerequisites, which is great.

It'd be nice if we were doing these checks in some optional manner
and reporting them as helpful messages (using
`matrix_playbook_runtime_results`), but that's more complicated.
I'd rather drop these checks completely.
 2021-03-30 11:24:04 +03:00
Slavi Pantaleev 5e1cf7f8b9 Upgrade Element (1.7.23 -> 1.7.24) 2021-03-29 17:58:02 +03:00
Slavi Pantaleev 9409588513 Fix variable name typo (take 2) 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/970
 2021-03-29 10:59:57 +03:00
Slavi Pantaleev 179b416ed5 Fix variable name typo 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/970
 2021-03-29 09:24:35 +03:00
Slavi Pantaleev 77d598b315 Fix Go-NEB variable definitions using the wrong type 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/969
 2021-03-28 12:10:22 +03:00
Slavi Pantaleev 49868db3de Upgrade Synapse for ARM64 (1.30.0 -> 1.30.1) 2021-03-26 16:48:15 +02:00
Slavi Pantaleev 94487dc6a7 Upgrade Synapse for amd64 (1.30.0 -> 1.30.1) 2021-03-26 15:37:11 +02:00
transcaffeine dbae18fd6a
feat: push ephemeral events to appservices 
This adds https://github.com/matrix-org/matrix-doc/pull/2409 to the
appservice registrations, enabling synapse to push EDUs to appservices.
 2021-03-25 18:49:54 +01:00
Dan Arnfield 97d8527e00 Update nginx (1.19.6 -> 1.19.8) 2021-03-24 09:42:08 -05:00
Slavi Pantaleev 5a4ea5f866 Make AWX enabling/disabling consistent with other playbook roles 
That is:
- enabled in the role by default
- disabled in the compilation (playbook), if considered an optional
component
 2021-03-24 14:02:53 +02:00
Aaron Raimist bab8b950ca
Add mjolnir 2021-03-23 22:46:08 -05:00
Slavi Pantaleev 06c74728eb Move matrix_nginx_proxy_proxy_synapse_federation_api_enabled definition to the role 
This variable was previously undefined in the role and was only getting
defined via `group_vars/matrix_servers`.

We now properly initialize it (and its good default value) in the role
itself.
 2021-03-23 10:28:32 +02:00
Slavi Pantaleev d09609daa8 Fix Jinja2 syntax error 
Fixes a regression introduced in ffe649a240
 2021-03-22 17:13:10 +02:00
Slavi Pantaleev 6a3433fbad Update Synapse for ARM64 (1.29.0 -> 1.30.0) 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/958
 2021-03-22 16:43:23 +02:00
Slavi Pantaleev ffe649a240 Update homeserver.yaml to keep up with Synapse v1.30.0 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/958
 2021-03-22 16:43:10 +02:00
rakshazi 74106f2a80
Updated synapse 1.29.0 -> 1.30.0 2021-03-22 14:03:42 +00:00
Thom Wiggers 54fe59f05c
Update IRC appservice 2021-03-22 12:37:35 +01:00
Slavi Pantaleev 2737ebc290 Complain if people try to use matrix-sygnal on non-amd64 2021-03-20 13:38:27 +02:00
Slavi Pantaleev b824522b33 Remove unnecessary with_items statement 2021-03-20 13:34:22 +02:00
Slavi Pantaleev 9a0222fa47 Add Sygnal support 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
 2021-03-20 13:32:22 +02:00
Michael af240aef37 remove sections from task list that arent needed 2021-03-20 17:35:30 +08:00
Michael 85127bacba Merge remote-tracking branch 'upstream/master' 2021-03-20 17:21:27 +08:00
Michael 1e54b1d1a5 merge upstream 2021-03-20 17:21:02 +08:00
Slavi Pantaleev f99dcd611f Pass proper UID/GID to Synapse 
Fixes a regression caused by a5ee39266c.

If the user id and group id were different than 991:991
(which used to be a hardcoded default for us long ago),
there was a mismatch between what Synapse was trying to use (991:991)
and what it was actually started with (in `--user=..`). It was then
trying to change ownership, which was failing.

This was mostly affecting newer installations which were not using the
991:991 defaults we had long ago (since a1c5a197a9).
 2021-03-19 16:44:10 +02:00
Slavi Pantaleev a5ee39266c Go through start.py when launching Synapse 
This allows us to benefit from helpful things it does for us,
like enabling jemalloc: https://github.com/matrix-org/synapse/pull/8553

We weren't going through `start.py` before, because it was causing some
conflict with our `docker run --user=...` stuff, but it doesn't seem
to be a problem anymore.

Having done this, we won't need to do things like
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/941
anymore.
 2021-03-19 08:16:59 +02:00