Commit graph

1763 commits

Author SHA1 Message Date
sakkiii 897c982517
prometheus security update 2.27.1 2021-05-30 14:32:51 +05:30
pushytoxin bee14550ab Fix local/bin scripts autocompletion by adding rx perms to everyone
It's mildly annoying when trying to execute these scripts while logged
in as a regular user, as the missing execute permissions will hinder
autocompletion even when trying to use with sudo.

These shell scripts don't contain secrets, but may fail when ran by a
regular user. The failure is due to the lack of access to the /matrix
directory, and does not result in any damage.
2021-05-28 10:39:27 +02:00
Slavi Pantaleev 4880dcceb0 Fix OCSP-stapling-related errors due to missing resolver
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-28 11:14:33 +03:00
Raymond Coetzee 4e2780ff88 Add support for a prometheus postgres exporter
This commit introduces a new role that downloads and installs the
prometheus community postgres exporter  https://github.com/prometheus-community/postgres_exporter.
A new credential is added to matrix_postgres_additional_databases that
allows the exporter access to the database to gather statistics.
A new dashboard was added to the grafana role, with some refactoring
to enable the dashboard only if the new role is enabled.
I've included some basic instructions for how to enable the role in
the Docs section.

In terms of testing, I've tested enabling the role, and disabling
it to make sure it cleans up the container and systemd role.
2021-05-27 20:13:29 +01:00
Jez Cope a8dbd93f61 Check irc service is present before stopping it 2021-05-26 20:41:52 +01:00
Thom Wiggers af4bd50c2a
Update IRC appservice 2021-05-26 11:04:47 +02:00
Slavi Pantaleev b3351d2a53
Merge pull request #1083 from haghighi-ahmad/active-directory-support-for-ldap_auth_provider
Synapse LDAP auth: add support for Active Directory
2021-05-26 10:53:27 +03:00
Slavi Pantaleev 661bf89223
Merge pull request #1086 from hidraulicChicken/mjolnir_antispam
Mjolnir antispam
2021-05-26 10:52:27 +03:00
Slavi Pantaleev d61fe94bae
Fix incorrect path in Mjolnir uninstallation tasks 2021-05-26 10:52:15 +03:00
rakshazi 4ddd8bbb84
Updated nginx-proxy (1.20.0 -> 1.21.0) 2021-05-25 17:06:39 +00:00
BG 763952395b Adding mjolnir antispam synapse modul. 2021-05-25 16:43:30 +02:00
Slavi Pantaleev bca37aba1e
Merge pull request #1085 from GoMatrixHosting/master
GoMatrixHosting v0.4.7
2021-05-25 16:28:40 +03:00
Michael-GMH 6f40d78353 fix random edits to upstream 2021-05-25 21:25:40 +08:00
Slavi Pantaleev 36910348cf Switch synapse-admin to tagged release (0.8.1)
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1084
2021-05-25 16:21:11 +03:00
Michael-GMH ea6e344d05 merge upstream 2021-05-25 21:10:34 +08:00
Michael-GMH 85777e8f96 merge with upstream 2021-05-25 21:08:00 +08:00
Ahmad Haghighi 209d59070e Avoiding if(s), fix #1083
Conversation: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1083#discussion_r638671860

Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
2021-05-25 15:41:58 +04:30
Ahmad Haghighi ee088d5d46 Synapse LDAP auth: add support for Active Directory
Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
2021-05-25 15:36:41 +04:30
Slavi Pantaleev 1ed0857019 Fix syntax error
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024
2021-05-25 11:45:17 +03:00
sakkiii 4a4a7f136e changes added to hydrogen client 2021-05-25 11:42:51 +05:30
sakkiii 25e67b51d1 Merge branch 'spantaleev:master' into master 2021-05-25 11:40:56 +05:30
sakkiii 3436f9c10a rename to matrix_nginx_proxy_hsts_preload_enabled 2021-05-25 00:56:59 +05:30
Slavi Pantaleev 0648b1b618 Upgrade Element (1.7.28 -> 1.7.29) 2021-05-24 20:38:48 +03:00
sakkiii 7cc5328ede Comments & Ref 2021-05-24 17:20:54 +05:30
sakkiii df2d91970d matrix_nginx_proxy_xss_protection 2021-05-24 17:02:47 +05:30
Slavi Pantaleev d4c7a90b5c
Merge pull request #1076 from Eagle-251/Jitsi-Prosody-OwnNginxCompatibility
Allow Jitsi XMPP websocket support for users using own webserver.
2021-05-24 11:07:05 +03:00
ewang 409cd2b9a3 Source port binding from group vars in line other components 2021-05-23 14:06:18 +02:00
Eagle-251 ef6a7e051c
Fix missing port binding. 2021-05-22 15:55:50 +02:00
ewang 1bb6ed97ae Make port bindings default for those disabling nginx proxy
I changed the conditional statement in prosody systemd template to bind the localhost port by default if people have set ```matrix_nginx_proxy_enabled == false ```.
Hopefully that should make it the default behaviour now.
2021-05-22 15:53:42 +02:00
Aaron Raimist 3c0452ff5a
Remove unnecessary bind for config.json, use proper nginx.conf 2021-05-21 17:22:40 -05:00
ewang 4a772e50f4 Allow Jitsi XMPP webscoket support for users using own webserver.
Added:
 - Conditional localhost Port bindings for Jitsi Prosody systemd template
- Added variable to main.yml to allow overriding from vars.yml
2021-05-21 15:26:06 +02:00
Slavi Pantaleev 6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-21 13:40:37 +03:00
Slavi Pantaleev d0de21ab34
Delete Hydrogen nginx configuration file when disabled 2021-05-21 12:58:32 +03:00
Aaron Raimist ac4ede20af
Add docs 2021-05-21 04:43:04 -05:00
Aaron Raimist 1633f61018
Only install config.json when self building 2021-05-21 04:23:06 -05:00
Aaron Raimist 04548f8df2
Merge branch 'master' into hydrogen 2021-05-21 04:09:18 -05:00
Aaron Raimist 9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53 2021-05-21 03:45:21 -05:00
Slavi Pantaleev 47b4608b96 Fail in a friendlier way when trying to self-build on Ansible <= 2.8
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070

Related discussion here: 1ab507349c (commitcomment-51108407)
2021-05-21 11:15:05 +03:00
Slavi Pantaleev 1ab507349c Fix self-building for various components on Ansible < 2.8
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
2021-05-20 08:43:20 +03:00
Slavi Pantaleev 66615c43a3
Merge pull request #1065 from sakkiii/patch-1
Update grafana (7.5.6->7.5.7)
2021-05-19 22:07:59 +03:00
Tobias K 3dcbed6353
roles/matrix-grafana: Set root_url in granafa.ini 2021-05-19 19:52:58 +02:00
sakkiii 8529ca4c17
Update grafana (7.5.6->7.5.7) 2021-05-19 22:30:03 +05:30
Slavi Pantaleev 073d920a62
Merge pull request #1061 from sakkiii/ssl_enhancement
Optimize SSL session
2021-05-19 17:14:52 +03:00
Toni Spets 544915ff76 Add Heisenbridge 2021-05-19 10:42:21 +03:00
Slavi Pantaleev 21eb39f986 Mention matrix_common_after_systemd_service_start_wait_for_timeout_seconds in failure message
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1062
2021-05-19 08:46:13 +03:00
Slavi Pantaleev ee46fabdca Make waiting time for --tags=start configurable
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1062
2021-05-19 08:39:55 +03:00
sakkiii e9b878b9e9 Optimize SSL session 2021-05-18 19:39:43 +05:30
Slavi Pantaleev e6afa05f7b Enable OCSP stapling for the federation port
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057

Not sure if this is beneficial though.
2021-05-18 08:15:42 +03:00
Slavi Pantaleev 57a6a98a50 Fix incorrect SSL certificate path
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-18 07:58:47 +03:00
Slavi Pantaleev b9c4e8ce16
Merge pull request #1057 from sakkiii/ssl_staple
Enable OCSP Stapling
2021-05-18 07:50:35 +03:00