Commit graph

6675 commits

Author SHA1 Message Date
Slavi Pantaleev 0d93ee8c46
Merge pull request #2548 from etkecc/patch-189
Update jitsi stable-8252 -> stable-8319
2023-03-07 22:45:30 +02:00
Aine cdb1452d17
Update jitsi stable-8252 -> stable-8319 2023-03-07 20:38:36 +00:00
Slavi Pantaleev dddfee16bc Fix all 300+ ansible-lint-reported errors 2023-03-07 17:28:15 +02:00
Slavi Pantaleev bf95204860 Mention Element X Android not being quite ready for testing yet 2023-03-07 14:44:30 +02:00
Slavi Pantaleev 6c1a39e6e9 Announce sliding-sync support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2515
2023-03-07 12:22:04 +02:00
Slavi Pantaleev 023fe3ea08 Add sliding-sync support
This allows people to try out the new Element X clients, which need to
run against the sliding-sync proxy (https://github.com/matrix-org/sliding-sync).

Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2515

The code is based on the existing PR (#2515), but heavily reworked. Major changes:

- lots of internal refactoring and variable renaming

- fixed self-building to support non-amd64 architectures

- changed to talk to the homeserver locally, over the container network (not
  publicly)

- no more matrix-nginx-proxy support due to complexity (see below)

- no more `matrix_server_fqn_sliding_sync_proxy` in favor of
  `matrix_sliding_sync_hostname` and `matrix_sliding_sync_path_prefix`

- runs on `matrix.DOMAIN/sliding-sync` by default, so it can tried
  easily without having to create new DNS records
2023-03-07 11:57:56 +02:00
Slavi Pantaleev 2a872e95fc Mention external roles in the FAQ 2023-03-06 13:52:22 +02:00
Slavi Pantaleev db4070fc75 Remove some nginx references 2023-03-06 13:48:31 +02:00
Slavi Pantaleev 6e3aab6594 Make devture-traefik to matrix-traefik migration code a little safer 2023-03-06 11:00:42 +02:00
Slavi Pantaleev 26fdae3797 Upgrade com.devture.ansible.role.container_socket_proxy 2023-03-06 10:29:58 +02:00
Slavi Pantaleev e21c44347f Add Traefik Dashboard warning 2023-03-06 10:28:44 +02:00
Slavi Pantaleev 30f1034767 Remove matrix_playbook_traefik_role_enabled variable and devture-traefik references
The variable was necessary when multiple playbooks could have
potentially tried to manage a shared `devture-traefik.serivce` systemd service
and shared `/devture-traefik` directory.

Since adcc6d9723, we use our own `/matrix/traefik`
(`matrix-traefik.service`) installation and no conflicts can arise.
It's safe to always enable the role, just like we do with all the other roles.
2023-03-06 09:51:14 +02:00
Slavi Pantaleev adcc6d9723 Relocate Traefik (to matrix-traefik.service && /matrix/traefik base path)
The migration is automatic. Existing users should experience a bit of
downtime until the playbook runs to completion, but don't need to do
anything manually.

This change is provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2535

While my statements there ("Traefik is a shared component among
sibling/related playbooks and should retain its global
non-matrix-prefixed name and path") do make sense, there's another point
of view as well.

With the addition of docker-socket-proxy support in bf2b540807,
we potentially introduced another non-`matrix-`-prefixed systemd service
and global path (`/devture-container-socket-proxy`). It would have
started to become messy.

Traefik always being called `devture-traefik.service` and using the `/devture-traefik` path
has the following downsides:

- different playbooks may write to the same place, unintentionally,
  before you disable the Traefik role in some of them.
  If each playbook manages its own installation, no such conflicts
  arise and you'll learn about the conflict when one of them starts its
  Traefik service and fails because the ports are already in use

- the data is scattered - backing up `/matrix` is no longer enough when
  some stuff lives in `/devture-traefik` or `/devture-container-socket-proxy` as well;
  similarly, deleting `/matrix` is no longer enough to clean up

For this reason, the Traefik instance managed by this playbook
will now be called `matrix-traefik` and live under `/matrix/traefik`.

This also makes it obvious to users running multiple playbooks, which
Traefik instance (powered by which playbook) is the active one.
Previously, you'd look at `devture-traefik.service` and wonder which
role was managing it.
2023-03-06 09:34:31 +02:00
Slavi Pantaleev bf2b540807 Harden Traefik security by accessing the Docker API through docker-socket-proxy
With these changes, we:

- install https://github.com/Tecnativa/docker-socket-proxy via the
  https://github.com/devture/com.devture.ansible.role.container_socket_proxy Ansible role

- make Traefik access the Docker API via TCP by connecting to this
  socket proxy

- .. which allows us to run the Traefik container with less privileges
  (non-`root`, dropped capabilities)
2023-03-06 09:11:02 +02:00
Slavi Pantaleev 449b51588e Remove usage of undefined matrix_bot_go_neb_identifier variable
This is a mistake made in 10b5350370.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2540
2023-03-06 08:52:32 +02:00
Slavi Pantaleev d9ce9064f6
Merge pull request #2542 from etkecc/patch-188
update honoroit 0.9.16 -> 0.9.17
2023-03-05 20:16:31 +02:00
Aine 493de7316c
update honoroit 0.9.16 -> 0.9.17
* healthchecks.io integration
* mutex on forwarding messages into thread
* fix in prefixes handling
* send error messages as thread reply when possible
2023-03-05 14:52:53 +00:00
Slavi Pantaleev 6724b60d88
Merge pull request #2541 from etkecc/patch-187
Update ntfy 2.1.1 -> 2.1.2
2023-03-05 12:29:25 +02:00
Aine 6a6761cb88
Update ntfy 2.1.1 -> 2.1.2 2023-03-05 10:17:07 +00:00
Slavi Pantaleev 10b5350370 Add Traefik support to Go-NEB bot
Completely untested.
2023-03-03 10:40:45 +02:00
Slavi Pantaleev 6085e3a816 Add validation tasks for Etherpad migration (matrix_etherpad -> etherpad) 2023-03-03 10:38:11 +02:00
Slavi Pantaleev 2457ac0f6a
Merge pull request #2538 from etkecc/patch-186
update grafana 9.4.2 -> 9.4.3
2023-03-03 09:56:35 +02:00
Aine e588f5eaec
update grafana 9.4.2 -> 9.4.3 2023-03-03 07:47:47 +00:00
Slavi Pantaleev f8966cd8da Default etherpad_hostname to matrix_server_fqn_etherpad for backward compatibility 2023-03-03 09:47:13 +02:00
Slavi Pantaleev 8acfcf8bf1
Merge pull request #2537 from etkecc/patch-185
update borgmatic 1.7.7 -> 1.7.8
2023-03-03 09:35:43 +02:00
Slavi Pantaleev 70b67b12bc Upgrade com.devture.ansible.role.postgres_backup 2023-03-03 09:04:13 +02:00
Slavi Pantaleev 0dcfc74fc8 Upgrade com.devture.ansible.role.traefik_certs_dumper 2023-03-03 09:00:30 +02:00
Slavi Pantaleev 49b7d805ee Upgrade com.devture.ansible.role.traefik 2023-03-03 09:00:30 +02:00
Slavi Pantaleev c49875e71c
Merge pull request #2536 from etkecc/patch-184
update grafana 9.4.1 -> 9.4.2
2023-03-03 08:27:00 +02:00
Aine bb19de4a5f
update borgmatic 1.7.7 -> 1.7.8 2023-03-03 06:21:26 +00:00
Aine 47cfec726f
update grafana 9.4.1 -> 9.4.2 2023-03-03 06:18:52 +00:00
Slavi Pantaleev 849248b165 Upgrade Etherpad role (v1.8.18-1 -> v1.8.18-2) 2023-03-02 23:00:18 +02:00
Slavi Pantaleev 795c335395 Upgrade Etherpad role (v1.8.18-0 -> v1.8.18-1) 2023-03-02 22:58:45 +02:00
Slavi Pantaleev 124fbeda04 Switch to using an external Etherpad role
This new role also adds native Traefik support and support for other
(non-`amd64`) architectures via self-building.
2023-03-02 22:50:13 +02:00
Slavi Pantaleev ae76db4d77 Upgrade com.devture.ansible.role.traefik_certs_dumper for wait time increase (60 -> 180 sec.) 2023-03-02 16:06:11 +02:00
Slavi Pantaleev 2e2691e96b
Merge pull request #2534 from FSG-Cat/draupnir
Resolve Draupnir regression caused in #2508
2023-03-02 10:35:29 +02:00
Slavi Pantaleev 4f74d21ba8 Upgrade devture/ansible (2.13.6-r0-1 -> 2.13.6-r0-2)
The new version includes the `passlib` Python module.
2023-03-02 10:31:50 +02:00
Catalan Lover 4ccd3f79de
Fix Draupnir config
Config was accidently changed when importing upstream changes.
2023-03-02 03:58:03 +01:00
Slavi Pantaleev 606c1907bb
Merge pull request #2533 from etkecc/patch-183
update ntfy 2.1.0 -> 2.1.1
2023-03-01 23:48:12 +02:00
Slavi Pantaleev 227d9d8209 Fix variable name typo 2023-03-01 23:14:40 +02:00
Aine 4cd9e65d6d
update ntfy 2.1.0 -> 2.1.1 2023-03-01 20:09:54 +00:00
Slavi Pantaleev adc18251a9 Upgrade com.devture.ansible.role.traefik (2.9.6 -> 2.9.8) 2023-03-01 12:47:55 +02:00
Slavi Pantaleev a4b401c4da Upgrade com.devture.ansible.role.traefik and improve front-Traefik-with-another-proxy docs
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2532
2023-03-01 12:32:30 +02:00
Slavi Pantaleev 8db2c0498a Upgrade Synapse (v1.77.0 -> v1.78.0) 2023-03-01 11:07:25 +02:00
Slavi Pantaleev d6371a0781 Upgrade ddclient (v3.10.0-ls110 -> v3.10.0-ls111) 2023-03-01 10:32:49 +02:00
Slavi Pantaleev 468bed653e Upgrade Redis (v7.0.7-0 -> v7.0.9-0) 2023-03-01 10:30:09 +02:00
Slavi Pantaleev ba2a3caaf3 Minor improvements to docs/configuring-playbook-ssl-certificates.md 2023-03-01 09:54:23 +02:00
Slavi Pantaleev d8c2e1a98c
Merge pull request #2530 from plui29989/master
Added doc for self-signed certificates
2023-03-01 09:47:07 +02:00
Slavi Pantaleev 7331d314c4
Improve wording 2023-03-01 09:45:54 +02:00
Slavi Pantaleev b0845984b3 Only enable Traefik certs dumper if the ACME certificate resolver for Traefik is enabled
If someone disables ACME, then they're using their own certificates
somehow. There's nothing to dump from an `acme.json` file.
2023-03-01 09:45:16 +02:00