Commit graph

534 commits

Author SHA1 Message Date
Slavi Pantaleev 983bf819ef Explictly set Synapse's worker configuration's owner/permissions 2022-07-18 13:01:19 +03:00
Slavi Pantaleev ddf18eadc7 More ansible-lint fixes 2022-07-18 13:01:17 +03:00
Slavi Pantaleev 34cdaade08 Use fully-qualified module names for builtin Ansible modules
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1939
2022-07-18 12:58:41 +03:00
Aine e149f33140
add/unify 'Project source code URL' link across all roles 2022-07-16 23:59:21 +03:00
Aine fe347c85d9
Update Synapse 1.61.1 -> 1.62.0 2022-07-05 15:20:48 +00:00
Slavi Pantaleev bff35926dc Upgrade Synapse (v1.61.0 -> v1.61.1) 2022-06-28 17:13:19 +03:00
Slavi Pantaleev ba51997f7b (BC Break) Redo how metrics are exposed to external Prometheus servers 2022-06-23 17:55:07 +03:00
David Mehren f6a73231ab
Synapse workers should respect X-Forwarded headers
Currently, Synapse workers ignore the X-Forwarded headers, which leads to internal Docker IP addresses randomly appearing in the users' device list.

This adds the `x_forwarded: true` option to the worker config, fixing the issue.
2022-06-18 16:13:08 +02:00
Slavi Pantaleev 38027e72f6 Fix "object of type 'NoneType' has no len()" error
Fixup for 5eff67371d - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1884
2022-06-17 15:45:29 +03:00
Slavi Pantaleev 7440dd34fb
Merge pull request #1884 from etkecc/master
add synapse media_retention
2022-06-17 15:31:55 +03:00
Slavi Pantaleev 5987589436
Use |to_json 2022-06-17 15:30:22 +03:00
Slavi Pantaleev 323f5aa60d Synchronize homeserver.yaml config with the one from Synapse 1.61.0 2022-06-17 15:26:23 +03:00
Aine 5eff67371d
add synapse media_retention 2022-06-17 14:32:17 +03:00
Slavi Pantaleev 6a573399ae Upgrade Synapse (v1.60.0 -> v1.61.0) 2022-06-14 17:15:27 +03:00
Slavi Pantaleev 2c1da0ac2a Switch matrix_encryption_disabler back to upstream repository
Now that https://github.com/digitalentity/matrix_encryption_disabler/pull/9
has been merged, we can get the module from there.

Continuation of 246c43be1e
2022-05-31 17:35:22 +03:00
Slavi Pantaleev 246c43be1e Upgrade Synapse (v1.59.1 -> v1.60.0) 2022-05-31 17:24:38 +03:00
Slavi Pantaleev 78204619ea Stop using deprecated (in Synapse v1.59) user_dir and appservice workers
Source: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types

As an alternative, we should probably find a way to run one or a few
more generic workers (which will handle appservice and user_dir stuff) and
update `homeserver.yaml` so that it would point to the name of these workers using
`notify_appservices_from_worker` and `update_user_directory_from_worker` options.

For now, this solves the deprecation, so we can have a peace of mind
going forward.

We're force-setting these worker counts to 0, so that we can clean up
existing homeservers which use these worker types. In the future, these
options will either be removed or repurposed (so that they transparently
create more generic workers that handle user_dir/appservice loads).
2022-05-31 16:35:50 +03:00
Slavi Pantaleev 63c755b115
Merge pull request #1837 from Lyokovic/vicx/fix-ldap-simple-bind
Fix synapse LDAP simple bind config
2022-05-24 10:40:28 +03:00
Vicx a906fad12e Fix synapse LDAP simple bind config
When using LDAP simple bind, the `bind_dn` and `bind_password`
configuration values must not be present.
2022-05-20 19:09:16 +02:00
Slavi Pantaleev 677a2fc503 Fix compatibility with ansible=6 / ansible-core=2.13
Details here: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_6.html#id36

Basically:

```yaml
- name: Prior to 2.13
  debug:
    msg: '[1] + {{ [2] }}'

- name: 2.13 and forward
  debug:
    msg: '{{ [1] + [2] }}'
```

Interestingly, we had been using the new/safe syntax in lofs of places.

We were using the broken one in many others though. Hopefully all
instances were fixed by this patch.
2022-05-18 15:43:39 +03:00
Aine de8d6f8d6c
Update Synapse v1.59.0 -> v.1.59.1 2022-05-18 11:37:34 +00:00
Slavi Pantaleev f972a80224 Upgrade Synapse (1.58.1 -> 1.59.0) 2022-05-17 13:08:17 +03:00
Slavi Pantaleev 83b7fcee45 Do not proxy some endpoints to the generic Synapse worker
These endpoints should not be proxied to a generic Synapse worker
without other preparation (setting up stream writers, sending traffic
to a specific stream writer, etc.).

Disabling them for now. In the future, we'd like to fix up our awk
script to disable them automatically.

This is a fix up for 058fedff91
2022-05-07 09:39:19 +02:00
Slavi Pantaleev 058fedff91 Fix "endpoint seems conditional" determination in workers-doc-to-yaml.awk"
This prevented us from keeping our workers reverse-proxying definitions
updated since Synapse v1.54.0.

The last `workers.md` file we could parse is at commit
02632b3504ad4512c5f5a4f859b3fe326b19c788.
Parsing regressed at commit c56bfb08bc071368db23f3b1c593724eb4f205f0,
because the introduction message for `synapse.app.generic_worker` said
"If":

> If a worker is set up to handle a..

.. which made the AWK script think that definitions below were
conditional (which they're not in this case).

This patch fixes up the regex for determining if a line is conditional
or not, so that it doesn't trip up. Hopefully, it doesn't miss something
important.
2022-05-06 09:08:45 +02:00
Slavi Pantaleev 549e4418b9 Upgrade Synapse (1.58.0 -> 1.58.1) 2022-05-06 08:56:06 +02:00
Slavi Pantaleev 03674e1a36 Upgrade Synapse (1.57.1 -> 1.58.0) 2022-05-03 14:32:32 +03:00
Slavi Pantaleev e41fcf2746 Fix file name (vars.yaml -> vars.yml) to prevent confusion 2022-04-26 15:44:07 +03:00
Slavi Pantaleev d04767a9d6 Upgrade Synapse (1.57.0 -> 1.57.1) 2022-04-20 18:46:10 +03:00
Aine 502ea21fba
add retires to all get_url actions 2022-04-19 22:01:14 +03:00
Aine 949228eaf8
update synapse 1.56.0 -> 1.57.0 2022-04-19 14:41:31 +03:00
Lunar 471806e7bd
Increase default async time for rust-synapse-compress-state
Increase the async timeout value defaults, as larger Matrix servers need more time to complete.
2022-04-17 20:27:04 -05:00
Slavi Pantaleev 2df993977a Ensure git cloning when self-building is done with the matrix user, not root
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749
2022-04-14 08:52:37 +03:00
Yan Minagawa f6cb59116b This adds a variable for requiring MSC3231 token for registration 2022-04-12 14:31:49 +07:00
Slavi Pantaleev 0364c6c634 Suppress old container cleanup (kill/rm) failures
People often report and ask about these "failures".
More-so previously, when the `docker kill/rm` output was collected,
but it still happens now when people do `systemctl status
matrix-something` and notice that it says "FAILURE".

Suppressing to avoid further time being wasted on saying "this is
expected".
2022-04-11 09:05:33 +03:00
Aine 7559eb99a7
Update Synapse 1.55.2 -> 1.56.0 2022-04-05 20:48:15 +03:00
Slavi Pantaleev dac4df7384 Add arm64 support for rust-synapse-compress-state by switching container image
This switches the playbook from devture/rust-synapse-compress-state (a
container image which wraps the upstream-prebuilt amd64 binary of
rust-synapse-compress-state) to registry.gitlab.com/mb-saces/rust-synapse-compress-state
(https://gitlab.com/mb-saces/rust-synapse-compress-state), which builds
rust-synapse-compress-state from source and provides a multi-arch image
that currently works on amd64 and arm64.

Ideally, we'll stop using `:latest` and arm32 support will be made
available upstream as well at some point.
Discussed here: https://gitlab.com/mb-saces/rust-synapse-compress-state/-/issues/1
2022-03-26 10:31:05 +02:00
Slavi Pantaleev 85627b59ad Make synapse-compress-state in-container binary path configurable
This makes it easier to use another container image for
rust-synapse-compress-state, which may be storing the binary at another
path.
2022-03-26 10:04:21 +02:00
joecool1029 38f2dc4553
Synapse 1.55.0 -> Synapse 1.55.2
This is a minor hotfix, needs to be bumped though or new deploys will break (existing deploys not affected by bug).
2022-03-24 15:54:36 -04:00
pulmonarycosignerkindness 97865484bd
Update mjolnir antispam commit hash
Changed the commit hash in matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version to latest. Fixes a Synapse ImportError with mjolnir v1.4.1 leading to a Synapse crash-loop.
2022-03-23 19:17:54 +00:00
Slavi Pantaleev d04162b275 Upgrade Synapse (1.54.0 -> 1.55.0)
`roles/matrix-synapse/vars/workers.yml` has not been updated here,
because running `roles/matrix-synapse/files/workers-doc-to-yaml.awk`
seems to cause some trouble with the current `workers.md` file
available at https://github.com/matrix-org/synapse/raw/master/docs/workers.md,
namely lots of:

> FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually

lines and commented out regex lines.

This is something that remains to be investigated/fixed.
2022-03-22 19:41:30 +02:00
Aine 2da3768b20
Added retries to the docker pulls (#1701) 2022-03-17 17:37:11 +02:00
Jim Myhrberg eeca3c8dca
fix: avoid yaml being wrapped at column 80 via to_nice_yaml
The `to_nice_yaml` helper will by default wrap any string YAML values on
the first space after column 80. This can in worst case yield invalid
YAML syntax. More details in Ansible's documentation here:

https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#formatting-data-yaml-and-json

In short, you need to explicitly provide a custom width argument of a
high number of some kind to avoid the line wrapping.
2022-03-16 01:10:26 +00:00
László Várady ebfa511515 synapse: do not expose plain federation port when it's disabled
matrix_synapse_federation_port_enabled can be disabled by users, for
example, when one wants to use the same port for client and federation
requests (docs/configuring-playbook-federation.md).
2022-03-14 03:45:46 +01:00
Slavi Pantaleev a05bcc98b0 Upgrade Synapse (1.53.0 -> 1.54.0) 2022-03-08 16:58:51 +02:00
Wm Salt Hale 46f74c3ac0
Merge branch 'spantaleev:master' into default_room_version_9 2022-02-22 11:05:13 -08:00
Slavi Pantaleev ef7acce94b Upgrade Synapse (1.52.0 -> 1.53.0) 2022-02-22 15:34:10 +02:00
Slavi Pantaleev cfba9b2cf5 Update matrix_encryption_disabler (patch_power_levels feature)
Related to:

- https://github.com/digitalentity/matrix_encryption_disabler/pull/4
- https://github.com/digitalentity/matrix_encryption_disabler/issues/5
- https://github.com/digitalentity/matrix_encryption_disabler/pull/6
2022-02-14 10:39:14 +02:00
Slavi Pantaleev 5eeb0156b1 Bump matrix_encryption_disabler "version" 2022-02-12 09:55:59 +02:00
Slavi Pantaleev f44ca0c7c2 Add support for matrix_encryption_disabler
Related to https://github.com/matrix-org/synapse/issues/4401

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1621
2022-02-12 09:25:24 +02:00
Slavi Pantaleev 85c66a944f Remove useless cast 2022-02-11 20:05:32 +02:00
Slavi Pantaleev 5a69c899a3 Upgrade matrix-synapse-shared-secret-auth (1.0.2 -> 2.0.2)
For now, we disable the new `com.devture.shared_secret_auth` login type
by default, because it causes problems with Element:
https://github.com/vector-im/element-web/issues/19605

This also becomes the first module to use the new Synapse module system
that got introduced in Synapse v1.46.0.

Despite these upgrades, things should remain functionally identical
as far as bridges, matrix-corporal or other consumers are concerned.
2022-02-11 10:23:50 +02:00
Slavi Pantaleev e0df99a7de Fix typo 2022-02-09 14:03:06 +02:00
Slavi Pantaleev 94c9780f7a
Fix matrix_synapse_encryption_enabled_by_default_for_room_type
The value of `off` was taken to be a boolean, but it shouldn't be.

Synapse expects a string (currently one of: `all`, `invite`, `off`).
2022-02-09 10:38:28 +02:00
Marko Weltzer d27e623c71 fix: manually merge upstream 2022-02-09 09:01:56 +01:00
Slavi Pantaleev 5163aa643a Upgrade Synapse (1.51.0 -> 1.52.0)
This also removes the `matrix_synapse_version_arm64` variable we've
been dragging around for a long time.

Since https://github.com/matrix-org/synapse/pull/11810, a multiarch Synapse
container image (for AMD64 and ARM64) is released at the same time.
2022-02-08 15:13:41 +02:00
Marko Weltzer 819574b8ba
Merge branch 'spantaleev:master' into master 2022-02-05 21:37:53 +01:00
Marko Weltzer 7e5b88c3b7 fix: all praise the allmighty yamllinter 2022-02-05 21:32:54 +01:00
Slavi Pantaleev 86c36523df Replace ExecStopPost with ExecStop
Reverts b1b4ba501f, 90c9801c56, a3c84f78ca, ..

I haven't really traced it (yet), but on some servers, I'm observing
`ansible-playbook ... --tags=start` completing very slowly, waiting
to stop services. I can't reproduce this on all Matrix servers I manage.
I suspect that either the systemd version is to blame or that some
specific service is not responding well to some `docker kill/rm` command.

`ExecStop` seems to work great in all cases and it's what we've been
using for a very long time, so I'm reverting to that.
2022-02-05 12:13:36 +02:00
Slavi Pantaleev ad082b3b1b Fix self-building for Synapse v1.51.0 (requires BuildKit)
Synapse v1.51.0 requires to be built with BuildKit since
https://github.com/matrix-org/synapse/pull/11691

The `docker_image` Ansible module does not support BuildKit
(https://github.com/ansible-collections/community.general/issues/514),
so we had to switch to a `docker build` call.
2022-01-26 08:41:34 +02:00
Slavi Pantaleev cf46b7fed5 Upgrade Synapse (1.50.2 -> 1.51.0) 2022-01-25 14:19:40 +02:00
Catalan Lover f59f903c04
Update Synapse from 1.50.1 to 1.50.2
Fixes a issue with room version 1.

Merging has to wait until ARM images are built ofc.
2022-01-24 14:47:41 +01:00
Slavi Pantaleev bcfae766a1
Merge pull request #1567 from aaronraimist/antispam
Upgrade synapse-simple-antispam (0.0.3 -> 0.0.7)
2022-01-19 16:56:10 +02:00
Aaron Raimist ff94d815e1
Upgrade synapse-simple-antispam (0.0.3 -> 0.0.7) 2022-01-19 14:35:55 +00:00
Wm Salt Hale ad8d4740a7
Merge branch 'spantaleev:master' into default_room_version_9 2022-01-18 14:56:25 -08:00
Slavi Pantaleev 4cd44f117d Upgrade Synapse (1.50.0 -> 1.50.1)
v1.50.0 was found to be buggy for people using a `webclient` listener.
This is fixed in v1.50.1.

We don't use such a listener, so we weren't affected anyway.
2022-01-18 20:45:12 +02:00
Slavi Pantaleev 5f22371c23 Upgrade Synapse (1.49.2 -> 1.50.0) 2022-01-18 16:15:52 +02:00
Slavi Pantaleev 4e4fb98a65 Do not install fuse unless necessary
Discussed here: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1510
2022-01-08 14:14:46 +02:00
Slavi Pantaleev 2bd33e5cf2 Make --tags=register-user work for both Dendrite/Synapse
Also get rid of `--tags=update-user-password` in the
`matrix-dendrite` role, as what we had doesn't work.

We may be able to do it with some Ansible helper or something else.
For now, we'll omit this feature.
2022-01-07 15:59:35 +02:00
Slavi Pantaleev b1b4ba501f Replace ExecStop with ExecStopPost
ExecStopPost should allow us to clean up (docker kill + docker rm)
even if the ExecStart (docker run ..) command failed, and not just after
a graceful service stop was initiated.

Source: https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStopPost=
2022-01-04 17:27:25 +02:00
Slavi Pantaleev 280c6c5424
Add |to_json 2021-12-27 21:45:13 +02:00
Alejo Diaz 297ed9ce36 Add encryption_enabled_by_default_for_room_type
This commit simply add encryption_enabled_by_default_for_room_type
variable.

Signed-off-by: Alejo Diaz <xlejo@protonmail.com>
2021-12-27 14:20:23 -03:00
Catalan Lover eb0c332f80
Update Synapse Version from 1.49.1 to 1.49.2
This upgrade is technically not needed due to 1.49.1 and 1.49.2 being identical with a lone fix to Debian packaging being the only change. 

Still some might want us to be on the absolutely latest version even tho these 2 are practically identical.

ARM64 has yet to be built so this has to wait for that before merge.
2021-12-21 19:29:56 +01:00
Catalan Lover 6c9f6c28de
Update Synapse from 1.49.0 to 1.49.1
This update fixes a sync issue that would cause some users to experience sync issues that could cause initial sync to completely fail.
2021-12-21 14:15:13 +01:00
Slavi Pantaleev 01b6bba9d7 Make Synapse's url_preview_accept_language default to 'en-US, en'
Related to https://github.com/matrix-org/synapse/issues/11604

Getting an upstream fix is preferable. In any case, it's probably nice
to have this defined explicitly in our configuration. This way, people
can more easily discover that they can override the URL preview
language.
2021-12-18 15:17:14 +02:00
Slavi Pantaleev 4625b34acc Fix failure trying to stop orphaned systemd services
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461
2021-12-17 17:18:35 +02:00
Wm Salt Hale 3001b2d32d
Merge branch 'spantaleev:master' into default_room_version_9 2021-12-14 18:19:26 -08:00
Slavi Pantaleev 5be1310541 Upgrade Synapse (1.48.0 -> 1.49.0) 2021-12-14 16:54:35 +02:00
SkepticalWaves bbab82ee64
Fix email sending broken by #1406 2021-12-11 10:26:55 -05:00
Aaron Raimist 0071828503
Run workers-doc-to-yaml.sh
1472958e25 reverted some of the v3 changes. I'm not sure why. Running the `workers-doc-to-yaml.sh` script now puts them back 🤷‍♂️.
2021-12-08 08:37:55 +00:00
Slavi Pantaleev 1472958e25 Upgrade Synapse (1.47.1 -> 1.48.0) 2021-11-30 16:35:23 +02:00
Slavi Pantaleev 6b07ee3b58 Upgrade Synapse (1.47.0 -> 1.47.1) - security fixes
Learn more here: https://github.com/matrix-org/synapse/releases/tag/v1.47.1
2021-11-23 14:50:07 +02:00
Slavi Pantaleev 3b27ce2ff6
Merge pull request #1404 from aaronraimist/v3
Allow workers to serve new v3 APIs
2021-11-19 10:54:47 +02:00
rakshazi d41e9230da
expose smtp_user and smtp_pass to ansible configs (role: matrix-synapse) 2021-11-17 21:34:46 +02:00
Slavi Pantaleev e1a6d1e4b2 Upgrade Synapse (1.46.0 -> 1.47.0)
We had to remove UID/GID environment variables that we used to pass
to the Synapse container, because it was causing a problem after
https://github.com/matrix-org/synapse/pull/11209

We were using both `--user` and UID/GID environment variables until now.
2021-11-17 17:21:15 +02:00
Aaron Raimist f8fe68b385
Allow workers to serve new v3 APIs
1f196f59cb
2021-11-17 14:54:49 +00:00
boris runakov d3a9ec98de refactoring 2021-11-16 21:03:21 +02:00
boris runakov 1ec67f49b0 replaced 8008 where possible 2021-11-15 22:43:05 +02:00
Slavi Pantaleev c1bc7b9f93 Rename variables to prevent confusion
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1397
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1399
2021-11-15 14:56:11 +02:00
Slavi Pantaleev ba48aa70f7 Fix variable name typo
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1397
2021-11-15 14:52:08 +02:00
Slavi Pantaleev dc4452ac21
Merge branch 'master' into matrix-federation-api-port 2021-11-15 14:49:03 +02:00
Slavi Pantaleev edf63bfdd7
Add some to_json invocations 2021-11-15 14:48:25 +02:00
boris runakov 8c3e25de1b renamed var to matrix_synapse_container_federation_api_port 2021-11-15 13:01:22 +02:00
b 07496069c8 rellocating variables for consistency 2021-11-15 12:07:54 +02:00
b afccc2b11f make 8448 configurable instead of hard coded 2021-11-14 23:32:25 +02:00
b 7756cc4c8e replace port 8048 with matrix_synapse_container_default_federation_port 2021-11-14 20:30:13 +02:00
Slavi Pantaleev 735c966ab6 Disable systemd services when stopping to uninstall them
Until now, we were leaving services "enabled"
(symlinks in /etc/systemd/system/multi-user.target.wants/).

We clean these up now. Broken symlinks may still exist in older
installations that enabled/disabled services. We're not taking care
to fix these up. It's just a cosmetic defect anyway.
2021-11-10 17:39:21 +02:00
Slavi Pantaleev 7b8b595e81 Upgrade Synapse (1.45.1 -> 1.46.0) 2021-11-02 17:42:13 +02:00
Slavi Pantaleev 5dc2868269 Upgrade Synapse (1.45.0 -> 1.45.1) 2021-10-20 15:08:07 +03:00
Slavi Pantaleev 1dab178a44 Upgrade Synapse (1.44.0 -> 1.45.0) 2021-10-19 16:25:00 +03:00
Wm Salt Hale a1cbd5459c
Update Synapse default room version (6 -> 9)
From the [Synapse 1.43.0 release highlights](https://matrix.org/blog/2021/09/21/synapse-1-43-0-released):
> Asks clients to prefer [room version 9](https://github.com/matrix-org/matrix-doc/pull/3375) when creating restricted rooms ([#10772](https://github.com/matrix-org/synapse/issues/10772)), via the API defined in [MSC3244: room version capabilities](https://github.com/matrix-org/matrix-doc/pull/3244).
2021-10-12 09:49:16 -07:00