Commit graph

1645 commits

Author SHA1 Message Date
Slavi Pantaleev ed159cc742 Move matrix_architecture to matrix-base
We were only defining this in `group_vars/matrix_servers`, which is
inconsistent with how we normally do things.
2020-12-17 11:33:18 +02:00
Agustin Ferrario 2082242499 Add matrix_nginx_proxy_ssl_config
A new variable called `matrix_nginx_proxy_ssl_config` is created for
configuring how the nginx proxy configures SSL. Also a new configuration
validation option and other auxiliary variables are created.

A new variable configuration called `matrix_nginx_proxy_ssl_config` is
created. This allow to set the SSL configuration easily using the
default options proposed by Mozilla. The default configuration is set to
"Intermediate", removing the weak ciphers used in the old
configurations.

The new variable can also be set to "Custom" for a more granular control.
This allows to set another three variables called:

- `matrix_nginx_proxy_ssl_protocols`,
- `matrix_nginx_proxy_ssl_prefer_server_ciphers`
- `matrix_nginx_proxy_ssl_ciphers`

Also a new task is added to validate the SSL configuration variable.
2020-12-16 10:35:37 +01:00
Slavi Pantaleev 0f4649a45c Merge branch 'master' into postgres-per-default 2020-12-16 03:35:39 +02:00
Slavi Pantaleev a4b8baee49 Fix inability to send (Matrix -> Discord) messages via appservice-discord
Revert "Correct inabillity for appservice-discord to connect"
This reverts commit 673e19f830.

While certain things do work even with such a local URL, sending
messages leads to an error like this:

> [DiscordBot] verbose: DiscordAPIError: Invalid Form Body
> avatar_url: Not a well formed URL.

Fixes https://github.com/Half-Shot/matrix-appservice-discord/issues/649

The sample configuration file for appservice-discord
c29cfc72f5/config/config.sample.yaml (L8)
explicitly says that we need a public URL.
2020-12-16 03:35:13 +02:00
Slavi Pantaleev a197968b7f Make matrix-registration use Postgres by default
Now that 0.7.2 is out, the Docker image supports Postgres
and we can do the (SQLite -> Postgres) migration.

I've also found out that we needed to fix up the `tokens.ex_date` column
data type a bit to prevent matrix-registration from raising exceptions
when comparing `datetime.now()` with `ex_date` coming from the database.

Example:

> File "/usr/local/lib/python3.8/site-packages/matrix_registration/tokens.py", line 58, in valid
> expired = self.ex_date < datetime.now()
> TypeError: can't compare offset-naive and offset-aware datetimes
2020-12-15 23:19:56 +02:00
Slavi Pantaleev 1bd5c240e5 Add support for executing additional DB migration statements
In cases where pgloader is not enough and we need to do some additional
migration work after it, we can now use
`additional_psql_statements_list` and
`additional_psql_statements_db_name`.

This is to be used when migrating `matrix-registration`'s data at the
very least.
2020-12-15 23:18:29 +02:00
Slavi Pantaleev 3289298ac7 Merge branch 'master' into postgres-per-default 2020-12-15 22:02:52 +02:00
Slavi Pantaleev 69f71f48a6 Upgrade matrix-registration (v0.7.1 -> 0.7.2) and use official image
This switches us to a container image maintained by the
matrix-registration developer.

0.7.2 also supports a `base_url` configuration option we can use to
make it easier to reverse-proxy at a different base URL.

We still keep some workarounds, because of this issue:
https://github.com/ZerataX/matrix-registration/issues/47
2020-12-15 22:02:06 +02:00
Slavi Pantaleev e2ba46bf01 Fix Jinja2 syntax error (else if -> elif) 2020-12-14 22:40:37 +02:00
Slavi Pantaleev dd797ba6a7 Fix Postgres database importing/upgrading conflicts
We were running into conflicts, because having initialized
the roles (users) and databases, trying to import leads to
errors (role XXX already exists, etc.).

We were previously ignoring the Synapse database (`homeserver`)
when upgrading/importing, because that one gets created by default
whenever the container starts.

For our additional databases, it's a similar situation now.
It's not created by default as soon as Postgres starts with an empty
database, but rather we create it as part of running the playbook.

So we either need to skip those role/database creation statements
while upgrading/importing, or to avoid creating the additional database
and rely on the import for that. I've gone for the former, because
it's already similar to what we were doing and it's simpler
(it lets `setup_postgres.yml` be the same in all scenarios).
2020-12-14 22:28:20 +02:00
Slavi Pantaleev 2a502db239 Add (SQLite + Postgres) support and automatic migration to matrix-dimension 2020-12-14 21:01:47 +02:00
Slavi Pantaleev 0790a7b2a8 Add support for matrix_dimension_systemd_{required,wanted}_services_list
We were referencing them from `group_vars/matrix_servers` since
recently, but there were no such variables and they weren't being put to
use.
2020-12-14 20:31:07 +02:00
Slavi Pantaleev 374f43735a Separate matrix-dimension install/uninstall tasks 2020-12-14 20:05:31 +02:00
Slavi Pantaleev 8d74593878 Prepare matrix-registation for (SQLite + Postgres) support
Auto-migration and everything seems to work. It's just that
matrix-registration cannot load the Python modules required
for talking to a Postgres database.

Tracked here: https://github.com/ZerataX/matrix-registration/issues/44

Until this gets fixed, we'll continue default to 'sqlite'.
2020-12-14 18:58:37 +02:00
Slavi Pantaleev 516ccb2b2b Separate matrix-registration install/uninstall tasks 2020-12-14 18:12:14 +02:00
transcaffeine 13d8a9b39c
hint supported automatic migration nedb->postgres 2020-12-14 16:33:40 +01:00
Slavi Pantaleev af3ea67bba Add (SQLite + Postgres) support and automatic migration to matrix-ma1sd 2020-12-14 17:16:25 +02:00
Slavi Pantaleev 0ca48f3532 Separate matrix-ma1sd install/uninstall tasks 2020-12-14 16:57:51 +02:00
Slavi Pantaleev 7248eb3c11 Fix syntax error in roles/matrix-bridge-appservice-irc/defaults/main.yml 2020-12-14 16:25:44 +02:00
Slavi Pantaleev cba973d6b5 Enable automatic (SQLite -> Postgres) migration for matrix-appservice-discord 2020-12-14 16:25:22 +02:00
Slavi Pantaleev 13f84e2ad5 Enable automatic (SQLite -> Postgres) migration for matrix-mautrix-whatsapp 2020-12-14 16:21:01 +02:00
Slavi Pantaleev 86a8091768 Enable automatic (SQLite -> Postgres) migration for matrix-mautrix-telegram 2020-12-14 16:19:54 +02:00
Slavi Pantaleev 3ba8520266 Enable automatic (SQLite -> Postgres) migration for matrix-mautrix-hangouts 2020-12-14 16:18:38 +02:00
Slavi Pantaleev bbc08722c5 Enable automatic (SQLite -> Postgres) migration for matrix-mautrix-facebook 2020-12-14 16:14:23 +02:00
Slavi Pantaleev c1431b28f0 Make use of matrix_postgres_db_migration_request.caller 2020-12-14 16:13:57 +02:00
Slavi Pantaleev ac37091d01 Enable automatic (SQLite -> Postgres) migration for matrix-reminder-bot 2020-12-14 16:03:40 +02:00
Slavi Pantaleev dc7850e83c Fix wording and variable names a bit 2020-12-14 16:03:40 +02:00
Slavi Pantaleev bc376c2fb2 Add database migration utility to matrix-postgres role 2020-12-14 16:03:40 +02:00
transcaffeine 54da61f81b
add postgres support mx-appservice-[slack|irc] with fallback to nedb in role and migration notice 2020-12-14 14:08:35 +01:00
Slavi Pantaleev e3a0c9adda Add (Postgres + SQLite) support to matrix-reminder-bot
This has been tested and appears to work.
2020-12-14 15:02:11 +02:00
Slavi Pantaleev dde1c9f899 Fix indentation causing YAML syntax error 2020-12-14 14:53:35 +02:00
Slavi Pantaleev aa828ff9f6 Separate matrix-reminder-bot install/uninstall tasks 2020-12-14 14:50:04 +02:00
Slavi Pantaleev b9a04a7f95 Rename some remaining matrix_*_postgres_* vars back to matrix_*_database_*
Looks like there are some that I missed in 087dbe4ddc
2020-12-14 14:42:18 +02:00
transcaffeine 5d70bc1376
add postgres support for mx-puppet-* with fallback to sqlite in role and migration notice 2020-12-14 13:22:58 +01:00
Slavi Pantaleev 087dbe4ddc Rename matrix_*_postgres_* back to matrix_*_database_*
I was thinking that it makes sense to be more specific,
and using `_postgres_` also separated these variables
from the `_database_` variables that ended up in bridge configuration.

However, @jdreichmann makes a good point
(https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/740#discussion_r542281102)
that we don't need to be so specific and can allow for other engines (like MySQL) to use these variables.
2020-12-14 13:02:47 +02:00
Slavi Pantaleev ce21ea3640 Add (Postgres + SQLite) support to matrix-mautrix-hangouts bridge
I don't use this bridge, so this is completely untested.
2020-12-14 12:34:59 +02:00
Slavi Pantaleev 43d6ff2af8 Fix sqlite usage for mautrix-facebook/mautrix-telegram
Regression since 2d99ade72f and 9bf8ce878e, respectively.

When SQLite is to be used, these bridges expect an `sqlite://`
connection string, and not a plain file name (path), like Appservice
Discord and mautrix-whatsapp do.
2020-12-14 12:30:10 +02:00
Slavi Pantaleev 6c77eae969 Add (Postgres + SQLite) support to matrix-mautrix-whatsapp bridge
I don't use this bridge, so this is completely untested.
2020-12-14 12:24:37 +02:00
Slavi Pantaleev 9bf8ce878e Add (Postgres + SQLite) support to matrix-mautrix-telegram bridge
I don't use this bridge, so this is completely untested.
2020-12-14 12:06:28 +02:00
Slavi Pantaleev a3406a182b Move some things around 2020-12-14 12:04:47 +02:00
Slavi Pantaleev 2d99ade72f Add (Postgres + SQLite) support to matrix-mautrix-facebook bridge 2020-12-14 11:50:42 +02:00
Slavi Pantaleev 5dba0c038b Make --tags=import-generic-sqlite-db commands not pass a sensitive connection string around
Instead of passing the connection string, we can now pass a name of a
variable, which contains a connection string.

Both are supported for having extra flexibility.
2020-12-14 11:47:00 +02:00
Slavi Pantaleev d91aa5a060 Do not introduce sub-variables exposing implementation details 2020-12-14 10:52:07 +02:00
Slavi Pantaleev f1e85f7112 Don't mention Postgres roles, just say users 2020-12-14 10:04:37 +02:00
Slavi Pantaleev 4617984b9f Add (SQLite -> Postgres) migration instructions 2020-12-14 02:24:32 +02:00
Slavi Pantaleev cb969c6ca2 Add --tags=import-generic-sqlite-db (pgloader import)
This can be used by various bridges, etc., to import an SQLite
(or some other supported) database into Postgres.
2020-12-14 02:23:29 +02:00
Slavi Pantaleev c66c084027 Merge branch 'master' into postgres-per-default 2020-12-14 01:51:15 +02:00
Slavi Pantaleev 6e1dfb62f0 Rename some doc files and commands related to importing
Since we'll likely have generic SQLite database importing
via [pgloader](https://pgloader.io/) for migrating bridge
databases from SQLite to Postgres, we'd rather avoid
calling the "import Synapse SQLite database" command
as just `--tags=import-sqlite-db`.

Similarly, for the media store, we'd like to mention that it's
related to Synapse as well.

We'd like to be more explicit, so as to be less confusing,
especially in light of other homeserver implementations
coming in the future.
2020-12-14 01:51:00 +02:00
Slavi Pantaleev b87b754372 Fail if appservice-discord wants Postgres, but has leftover SQLite data 2020-12-14 01:36:15 +02:00
Slavi Pantaleev 183d2a10db Ensure matrix-postgres.service is started before creating additional users/databases 2020-12-14 00:59:59 +02:00
Slavi Pantaleev a374d309c8 Make appservice-discord support both SQLite and Postgres
People can toggle between them now. The playbook also defaults
to using SQLite if an external Postgres server is used.

Ideally, we'd be able to create databases/users in external Postgres
servers as well, but our initialization logic (and `docker run` command,
etc.) hardcode too many things right now.
2020-12-14 00:52:25 +02:00
Slavi Pantaleev 46a4034d3e Use "password" for additional Postgres databases, not "pass"
Being more explicit sounds better.
2020-12-14 00:43:03 +02:00
Slavi Pantaleev 3a037a5993 Ensure additional databases contain all the keys that we expect 2020-12-14 00:39:38 +02:00
Slavi Pantaleev da4cb2f639 Do not use the postgresql_user/postgresql_db modules
While these modules are really nice and helpful, we can't use them
for at least 2 reasons:

- for us, Postgres runs in a container on a private Docker network
(`--network=matrix`) without usually being exposed to the host.
These modules execute on the host so they won't be able to reach it.

- these modules require `psycopg2`, so we need to install it before
using it. This might or might not be its own can of worms.
2020-12-14 00:31:38 +02:00
Slavi Pantaleev bbc09d013b Do not execute additional databases creation code if not necessary
The tasks in `create_additional_databases.yml` will likely
ensure `matrix-postgres.service` is started, etc.

If no additional databases are defined, we'd rather not execute that
file and all these tasks that it may do in the future.
2020-12-13 23:46:05 +02:00
Slavi Pantaleev c765ceb270 Prevent weird loop error
> Invalid data passed to 'loop', it requires a list, got this instead: matrix_postgres_additional_databases. Hint: If you passed a list/dict of just one element, try adding wantlist=True to your lookup invocation or use q/query instead of lookup.

Well, or working around it, as I've done in this commit (which seems
more sane than `wantlist=True` stuff).
2020-12-13 22:56:56 +02:00
Slavi Pantaleev e2952f16f7 Determine matrix-postgres IP address without relying on jq
To avoid needing to have `jq` installed on the machine, we could:
- try to run jq in a Docker container using some small image providing
that
- better yet, avoid `jq` altogether
2020-12-13 22:45:48 +02:00
Slavi Pantaleev f47e8a97e6 Make use of matrix_host_command_docker instead of hardcoding 2020-12-13 22:38:35 +02:00
Slavi Pantaleev 0641106370 Allow username of additional Postgres databases to be different
We'll most likely use one that matches the database name, but
it's better to have it configurable.
2020-12-13 22:37:04 +02:00
Slavi Pantaleev 527d5f57d5 Relocate Postgres additional database creation logic
Moving it above the "uninstalling" set of tasks is better.
Extracting it out to another file at the same time, for readability,
especially given that it will probably have to become more complex in
the future (potentially installing `jq`, etc.)
2020-12-13 22:37:04 +02:00
Slavi Pantaleev dac0d3a682 Add default matrix_postgres_additional_databases 2020-12-13 21:07:16 +02:00
Slavi Pantaleev 77a5c7cf3c Merge branch 'master' into postgres-per-default 2020-12-13 21:04:15 +02:00
Slavi Pantaleev 47613e5a27 Remove synapse-janitor support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/746
2020-12-11 23:24:42 +02:00
Slavi Pantaleev 86988ae180 Switch matrix-registration to v0.7.1
Now that a new release has been made, we no longer need to use
`latest` / `master`.

Related to 0a9109771d and https://github.com/ZerataX/matrix-registration/issues/43
2020-12-11 22:52:42 +02:00
Slavi Pantaleev 0a9109771d Use latest/master version of matrix-registration
v0.7.0 is broken right now, because it calls
`/_matrix/client/r0/admin/register`, which is now at
`/_synapse/admin/v1/register`.

This has been fixed here: 6b26255fea

.. but it's not part of any release.

Switching to `master` (`docker.io/devture/zeratax-matrix-registration:latest`) until it gets resolved.

Reported upstream here: https://github.com/ZerataX/matrix-registration/issues/43
2020-12-11 22:22:07 +02:00
Aaron Raimist 3c2a644e5c
Upgrade synapse-admin (v0.5.0 -> 0.6.1) 2020-12-10 16:28:48 -06:00
Slavi Pantaleev 7593d969e3 Make matrix-mailer not occupy matrix_server_fqn_matrix
Starting with Docker 20.10, `--hostname` seems to have the side-effect
of making Docker's internal DNS server resolve said hostname to the IP
address of the container.

Because we were giving the mailer service a hostname of `matrix.DOMAIN`,
all requests destined for `matrix.DOMAIN` originating from other
services on the container network were resolving to `matrix-mailer`.
This is obviously wrong.

Initially reported here: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/748

We normally try to not use the public hostname (and IP address) on the
container network and try to make services talk to one another locally,
but it sometimes could happen.

With this, we use a `matrix-mailer` hostname for the matrix-mailer
container. My testing shows that it doesn't cause any trouble with
email deliverability.
2020-12-10 23:51:11 +02:00
transcaffeine d9f4914e0d
WIP: postgres: create databases for all services
If a service is enabled, a database for it is created in postgres with a uniqque password. The service can then use this database for data storage instead of relying on sqlite.
2020-12-10 18:26:22 +01:00
Slavi Pantaleev d08b27784f Fix systemd services autostart problem with Docker 20.10
The Docker 19.04 -> 20.10 upgrade contains the following change
in `/usr/lib/systemd/system/docker.service`:

```
-BindsTo=containerd.service
-After=network-online.target firewalld.service containerd.service
+After=network-online.target firewalld.service containerd.service multi-user.target
-Requires=docker.socket
+Requires=docker.socket containerd.service
Wants=network-online.target
```

The `multi-user.target` requirement in `After` seems to be in conflict
with our `WantedBy=multi-user.target` and `After=docker.service` /
`Requires=docker.service` definitions, causing the following error on
startup for all of our systemd services:

> Job matrix-synapse.service/start deleted to break ordering cycle starting with multi-user.target/start

A workaround which appears to work is to add `DefaultDependencies=no`
to all of our services.
2020-12-10 11:43:20 +02:00
John Goerzen 673e19f830
Correct inabillity for appservice-discord to connect
After recently updating my matrix-docker-ansible-deploy installation, matrix-appservice-discord would refuse to start, logging ECONNREFUSED to https://matrix.[mydomain]:443, which was resolving to 172.18.0.2 due to the `--hostname` in mailer grabbing that hostname.

Curious why the IRC bridge didn't have this issue, I looked into it, and it was connecting to `http://matrix-synapse:8008`.  Correcting this one to that URL resolved the issue.
2020-12-09 21:20:06 -06:00
Slavi Pantaleev 245b749946 Upgrade Synapse for ARM (v1.23.0 -> v1.24.0)
Continuation of aa86e0dac6, now that ARM images are out.
2020-12-09 20:54:18 +02:00
Slavi Pantaleev aa86e0dac6 Upgrade Synapse (v1.23.0 -> v1.24.0)
Because the ARM images are not pushed yet, we hold back to v1.23.0
for now.
2020-12-09 13:31:10 +02:00
benkuly ad92c61fdd updated matrix-sms-bridge 2020-12-09 09:45:44 +01:00
Slavi Pantaleev c07c927d9f Automatically enable openid listeners when ma1sd enabled
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)

If federation is disabled, we still need to expose these openid APIs on the
federation port.

Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).

Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.

With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
2020-12-08 16:59:20 +02:00
Slavi Pantaleev 8c02f7b79b Upgrade services 2020-12-07 15:18:03 +02:00
Slavi Pantaleev d556aa943f Update docker-ce.repo to not hardcode $releasever=7
This keeps it in line with https://download.docker.com/linux/centos/docker-ce.repo

Whether or not Docker works well on CentOS 8 for our purposes
hasn't been verified yet.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300
2020-12-07 07:20:47 +02:00
Slavi Pantaleev 7372480e95 Properly serialize some ma1sd configuration values
We've had a report of the `connection` value getting cut off,
supposedly because it contains something that breaks off the string.

Using `|to_json` takes care of it.
2020-12-06 23:59:58 +02:00
Hardy Erlinger ec2a9d4852 Remove the recording button from the Jitsi UI if recording is disabled. 2020-12-06 13:50:45 +01:00
Béla Becker 6f9b4bd9ac Drop workaround for old Ansible docker_network bug 2020-12-05 19:02:10 +01:00
Béla Becker 6921ec4b8a Revert "Work around buggy docker_network sometimes failing to work"
The docker_network bug was fixed two years ago
This reverts commit 36658addcd.
2020-12-05 19:02:10 +01:00
Slavi Pantaleev a5ae7e9ef0 Add self-building support to matrix-corporal 2020-12-04 01:48:08 +02:00
Slavi Pantaleev b3d91ed488 Fix passing of matrix_appservice_discord_auth_usePrivilegedIntents 2020-12-04 01:06:42 +02:00
Slavi Pantaleev 05cecb5261 Merge branch 'discord-v1.0'
This may be a bit premature, because the bridge didn't work for me
the last time I tried it (RC3).

Some bugs have been fixed to make our config compatible with v1.0.0
though, so it may work for some people (especially those starting
fresh).

I'm not for shipping potentially broken things, but given that we were
using `docker.io/halfshot/matrix-appservice-discord:latest` and that
points to v1.0.0 already (with no other tag we can use), our setup was
already broken in any case.

Now, at least it has some chance of running.
2020-12-03 15:17:30 +02:00
Slavi Pantaleev edd40811a5 Update matrix-appservice-discord to v1.0.0 final 2020-12-03 15:16:26 +02:00
Marcel Partap b6b95fe742 synapse workers-doc-to-yaml script: compatibility++ with non-gnu awk 2020-12-02 23:22:02 +01:00
Marcel Partap 3156d96619 synapse workers-doc-to-yaml.awk: escape slash for non-gnu awk versions 2020-12-02 00:29:20 +01:00
Marcel Partap e892ac464f synapse workers: untangle config template and specify bind address
.. to mitigate log noise - WARNING:
Failed to listen on 0.0.0.0, continuing because listening on [::]
2020-12-01 23:49:23 +01:00
Marcel Partap f201bca519 synapse workers: define and expose METRICS port for each worker
As seen on TV:
https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md#monitoring-workers
2020-12-01 22:49:15 +01:00
Marcel Partap af08f18779 synapse workers default config: disable user_dir worker for now
(until https://github.com/matrix-org/synapse/issues/8787 is resolved)
2020-12-01 22:22:04 +01:00
Marcel Partap 414b812a29 synapse role workers setup: make configs clean action remote compatible
Many people probably didn't even know this - that ansible can be
quite a bit picky about what it will be willing to work with remotely.

Thanks @maxklenk !
2020-12-01 22:20:27 +01:00
Marcel Partap d5932ca393 synapse role workers setup: execute the endpoint extraction locally
Thanks @maxklenk !
2020-12-01 22:18:42 +01:00
Marcel Partap 851c25c47f matrix-synapse nginx template: fix invalid jinja comment syntax 2020-12-01 21:55:07 +01:00
Marcel Partap b73ac965ac Merge remote-tracking branch 'origin/master' into synapse-workers 2020-12-01 21:24:26 +01:00
Slavi Pantaleev 04da1bddf7 Update matrix-mautrix-facebook config a bit
This also disables presence if it's disabled for Synapse.
2020-12-01 11:55:18 +02:00
Slavi Pantaleev 90078dd296 Add matrix_services_autostart_enabled variable for preventing services autostart
Some people requested that `--tags=start` not set up service autostart.

One can now do `--tags=start --extra-vars="matrix_services_autostart_enabled=false"`
to just start services ones and not set up autostarting.
2020-11-30 20:58:21 +02:00
Slavi Pantaleev e0d7d5f0ca Disable Jitsi recording/transcriptions by default
It's not like it worked anyway, because we don't have the necessary
services installed for transcription (Jigasi), nor recording (Jibri).

Disabling these, should hopefully disable their related elements
in the Jitsi Web UI.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/726
2020-11-28 22:31:00 +02:00
Slavi Pantaleev be5263f397 Move self-building git repository URLs to variables (stop hardcoding) 2020-11-28 21:34:14 +02:00
Slavi Pantaleev b354155d7c Make JVB websockets reverse-proxying work 2020-11-27 17:57:15 +02:00
Slavi Pantaleev fa76128fd8 Update Jitsi to build 5142
This supersedes/fixes-up this Pull Request:
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/719

The Jitsi Web and JVB containers now (in build 5142) always
start by bulding their own default configuration
(`config.js` and `sip-communicator.properties`, respectively).

The fact that we were generating these files ourselves was no longer of use,
because our configuration was thrown away in favor of the one created
by the containers on startup.

With this commit, we're completely redoing things. We no longer
generate these configuration files. We try to pass the proper
environment variables, so that Jitsi services can generate the
configuration files themselves.

Besides that, we try to use the "custom configuration" mechanism
provided by Jitsi Web and Jitsi JVB (`custom-config.js` and
`custom-sip-communicator.properties`, respectively), so that
we and our users can inject additional configuration.

Some configuration options we had are gone now. Others are no longer
controllable via variables and need to be injected using
the `_config_extension` variables that we provide.

The validation logic that is part of the role should take care
to inform people about how to upgrade (if they're using some custom
configuration, which needs special care now). Most users should not
have to do anything special though.
2020-11-27 17:57:15 +02:00
benkuly f93a4f6474 updated matrix-sms-bridge 2020-11-27 16:01:24 +01:00
Slavi Pantaleev d702e74079 Fix matrix-nginx-proxy static files mounting when SSL retrieval is none
Fixup for 12867e9f18.

This shouldn't have been caught in the `if`.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734
2020-11-26 18:40:15 +02:00
Slavi Pantaleev 12867e9f18 Do not try to mount /matrix/ssl when matrix_ssl_retrieval_method is 'none'
Since the switch from `-v` to `--mount` (in 1fca917ad1),
we've regressed when `matrix_ssl_retrieval_method == 'none'`.

In such a case, we don't create `/matrix/ssl` directories at all
and shouldn't be trying to mount them into the `matrix-nginx-proxy`
container.

Previously, with `-v`, Docker would auto-create them, effectively hiding
our mistake. Now that `--mount` doesn't do such auto-creation magic,
the `matrix-nginx-proxy` container was failing to start.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734
2020-11-26 09:55:26 +02:00
Slavi Pantaleev 796c752b60 Ensure Postgres passwords are not longer than 99 characters
Complements https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/732
2020-11-26 09:51:48 +02:00
Slavi Pantaleev 47db2d5363
Merge pull request #730 from benkuly/master
updates matrix-sms-bridge (changed SMS provider)
2020-11-25 16:36:11 +02:00
Slavi Pantaleev 75f9fde7a4 Remove some more -v usage
Continuation of 1fca917ad1.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/722
2020-11-25 10:49:59 +02:00
Slavi Pantaleev 1fca917ad1 Replace some -v instances with --mount
`-v` magically creates the source destination as a directory,
if it doesn't exist already. We'd like to avoid this magic
and the potential breakage that it might cause.

We'd rather fail while Docker tries to find things to `--mount`
than have it automatically create directories and fail anyway,
while having contaminated the filesystem.

There's a lot more `-v` instances remaining to be fixed later on.
This is just some start.

Things like `matrix_synapse_container_additional_volumes` and
`matrix_nginx_proxy_container_additional_volumes` were not changed to
use `--mount`, as options for each one are passed differently
(`ro` is `ro`, but `rw` doesn't exist and `slave` is `bind-propagation=slave`).
To avoid breaking people's custom volume mounts, we keep it as it is for now.

A deficiency with `--mount` is that it lacks the `z` option (SELinux
ownership changes), and some of our `-v` instances use that. I'm not
sure how supported SELinux is for us right now, but it might be,
and breaking that would not be a good idea.
2020-11-24 10:26:05 +02:00
Slavi Pantaleev 27c9014cb8 Improve uninstallation instructions
Also switches to using `docker system prune -a` for a less invasive
cleanup of Docker images and related resources.
2020-11-24 09:38:17 +02:00
Slavi Pantaleev 3e2355282b Upgrade Postgres minor versions
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/727
2020-11-24 09:06:19 +02:00
Aaron Raimist c9d2ef7981
Upgrade Element (1.7.13 -> 1.7.14) 2020-11-23 23:05:54 -06:00
benkuly ff9a4e90c4 updated matrix-sms-bridge 2020-11-23 13:43:04 +01:00
benkuly 3a2e058f2e updated version of matrix-sms-bridge 2020-11-23 13:07:08 +01:00
benkuly f1ceb49ae2 fixed wrong path of truststore 2020-11-23 12:52:16 +01:00
benkuly ad1f0a01ce fixed systemd service typo 2020-11-23 12:49:28 +01:00
benkuly 76b0b9dc34 fixed application.yml loading 2020-11-23 12:48:08 +01:00
benkuly 2fb42dd7f1 fixed typo in truststore path 2020-11-23 12:38:17 +01:00
benkuly 75600aa357 Merge remote-tracking branch 'github/master' 2020-11-23 12:31:14 +01:00
benkuly 4713e5d5f7 updated matrix-sms-bridge to 0.5.0 2020-11-23 12:30:39 +01:00
Slavi Pantaleev 6c85b84c1e Fix self-building for synapse-admin 2020-11-18 18:36:03 +02:00
Slavi Pantaleev b627d93cdc Update homeserver.yaml to keep up with Synapse v1.23.0
Related to #724 (Github Pull Request)
2020-11-18 16:57:50 +02:00
transcaffeine c58a7e03c7
synapse: update to 1.23.0 2020-11-18 14:16:46 +01:00
Slavi Pantaleev 41fa00edb4 Revert "Update jitsi web to stable-5142"
This reverts commit 078592454c
due to reports of breakage both in the support chat room
and in here https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/719
2020-11-18 12:54:43 +02:00
transcaffeine f7d7190bd0
update mautrix-telegram to 0.9.0 2020-11-17 21:20:12 +01:00
benkuly 8153e25d2d updated matrix-sms-bridge image 2020-11-16 13:59:03 +01:00
benkuly 787a9ef8ad updated matrix-sms-bridge image 2020-11-16 11:51:11 +01:00
benkuly 775b1ca7af updated matrix-sms-bridge image version 2020-11-15 12:12:44 +01:00
Slavi Pantaleev ccabc82d4c Use more fully-qualified container images
This is both for consistency with 93cc71cb69976c
and for making things more obvious.
2020-11-14 23:01:11 +02:00
Slavi Pantaleev 5eed874199 Improve self-building experience (avoid conflict with pullable images)
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/716

This patch makes us use more fully-qualified container image names
(either prefixed with docker.io/ or with localhost/).

The latter happens when self-building is enabled.

We've recently had issues where if an image was removed manually
and the service was restarted (making `docker run` fetch it from Docker Hub, etc.),
we'd end up with a pulled image, even though we're aiming for a self-built one.
Re-running the playbook would then not do a rebuild, because:
- the image with that name already exists (even though it's something
else)
- we sometimes had conditional logic where we'd build only if the git
repo changed

By explicitly changing the name of the images (prefixing with localhost/),
we avoid such confusion and the possibility that we'd automatically pul something
which is not what we expect.

Also, I've removed that condition where building would happen on git
changes only. We now always build (unless an image with that name
already exists). We just force-build when the git repo changes.
2020-11-14 23:00:49 +02:00
João Marques 078592454c Update jitsi web to stable-5142
Changelog https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_5142
2020-11-13 18:13:45 +00:00
benkuly c985e17f18 updated matrix-sms-bridge 2020-11-13 08:44:21 +01:00
Slavi Pantaleev 6dbb90258e Mention and recommend enabling usePrivilegedIntents 2020-11-13 08:23:40 +02:00
Slavi Pantaleev fe7bed5df3 Upgrade appservice-discord 2020-11-12 08:21:02 +02:00
Marcel Partap 4678c5d7bd Merge remote-tracking branch 'origin/master' into synapse-workers
Also, replace vague FIXME by a proper NOTE on the complete
story of the user_dir endpoints..
2020-11-11 21:26:08 +01:00
Slavi Pantaleev 4dbec2470f Fix systemd_path being undefined breakage
Regression since #681 (Github Pull Request).

Fixes #715 (Github Issue).
2020-11-11 00:45:02 +02:00
Slavi Pantaleev 4d12a6f8e9
Merge pull request #681 from scottcrossen/slc/ddclient
Dynamic DNS
2020-11-10 23:54:21 +02:00
Slavi Pantaleev 1427286cec Integrate matrix-dynamic-dns with matrix-nginx-proxy without causing a dependency
We'd like the roles to be self-contained (as much as possible).

Thus, the `matrix-nginx-proxy` shouldn't reference any variables from
other roles. Instead, we rely on injection via
`group_vars/matrix_servers`.

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Slavi Pantaleev 8782919d85 Ensure matrix_dynamic_dns_domain_configurations contains configurations
If `matrix_dynamic_dns_enabled`, we'd like to ensure there's at least
one configuration defined.

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Slavi Pantaleev 97a7c8b0f0 Fix matrix_dynamic_dns_domain_configurations validation check
- `item` was undefined
- `'key' in configurations == ''` was doing the wrong thing

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Slavi Pantaleev fef44b93d3 Define the matrix_dynamic_dns_domain_configurations variable in the role
Having it unset in the role itself (while referencign it) is a little strange.

Now people can look at the `roles/matrix-dynamic-dns/defaults/main.yml`
file and figure out everything that's necessary to run the role.

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Marcel Partap f3d2797d9c synapse workers: make awk script invocation handle paths with spaces
(quoting ftw)
2020-11-10 22:40:48 +01:00
Marcel Partap b05d298ae4 synapse workers nginx rule: add client_max_body_size on media endpoints
so transfer limits are properly set in accord to the relevant setting
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456#issuecomment-719996778
2020-11-10 21:43:33 +01:00
Marcel Partap 1e971312e8 synapse workers: handle auth fallback endpoint on main process only
(allegedly breaks with SSO enabled)
2020-11-10 21:23:19 +01:00
Marcel Partap e5072c20d9 synapse workers/nginx: handle media_repository worker endpoints on federation port
to prevent "404 on the federation port for the path `/_matrix/media`,
if a remote server is trying to get the media object on federation
port, see https://github.com/matrix-org/synapse/issues/8695 "

https://github.com/matrix-org/synapse/pull/8701
2020-11-10 20:35:39 +01:00
Aaron Raimist 31619e0968
Upgrade Element (1.7.12 -> 1.7.13) 2020-11-10 11:27:15 -06:00
Slavi Pantaleev 235299939d Upgrade nginx (1.19.3 -> 1.19.4) 2020-11-10 09:30:00 +02:00
Scott Crossen 59bb6b2971 responded to reviewer comments 2020-11-09 13:32:58 -08:00
Scott Crossen e894befd87 Updates to reviewer comments 2020-11-07 17:53:13 -08:00
Slavi Pantaleev 350c39d745 Update comment 2020-11-02 11:13:25 +02:00
Slavi Pantaleev ef68d3d296 Add support for reverse-proxying /_synapse/oidc
This broke in 63a49bb2dc.

Proxying the OpenID Connect endpoints is now possible,
but needs to be enabled explicitly now.

Supersedes #702 (Github Pull Request).

This patch builds up on the idea from that Pull Request,
but does things in a cleaner way.
2020-11-02 11:10:03 +02:00
Slavi Pantaleev 5c91e56898 Upgrade Synapse (v1.22.0 -> v1.22.1) 2020-10-30 19:35:55 +02:00
Aaron Raimist c33d007306
Switch to the new vectorim/element-web Docker image 2020-10-29 11:46:58 -05:00
Marcel Partap cce90b187a synapse workers: fix undefined variable cases when removing workers 2020-10-28 23:09:21 +01:00
Sabine aabefe21f4 fixed yaml 2020-10-28 21:58:59 +01:00
Sabine 468cc39465 added a workaround for postgres's issue with initdb 2020-10-28 21:56:13 +01:00
Slavi Pantaleev c1c6eaefff Upgrade Element (1.7.10 -> 1.7.12) 2020-10-28 17:34:39 +02:00
Slavi Pantaleev 9a46647010 Make https://matrix.DOMAIN/ redirect to https://element.DOMAIN/
Fixes #696 (Github Issue)
2020-10-28 10:39:12 +02:00
Slavi Pantaleev 4700e80389 Raise standalone default Matrix Client API client_max_body_size
We do this to match Synapse's new default "max_upload_size" (50MB).

This `matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb`
default value only affects standalone usage of the `matrix-nginx-proxy`
role. When the role is used in the context of the playbook,
the value is dynamically assigned from `group_vars/matrix_servers`.

Somewhat related to #692 (Github Issue).
2020-10-28 10:02:47 +02:00
Marcel Partap e078e29ef8 synapse workers: fix self name in workers-doc-to-yaml.awk script 2020-10-28 08:39:31 +01:00
Slavi Pantaleev ef07aa8e5d Prevent certain nginx location blocks from being ignored
The regex introduced in 63a49bb2dc seems to take precedence
over the bare location blocks, causing a regression.

> It is important to understand that, by default, Nginx will serve regular expression matches in preference to prefix matches.
> However, it evaluates prefix locations first, allowing for the administer to override this tendency by specifying locations using the = and ^~ modifiers.

Source: https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
2020-10-28 09:38:04 +02:00
Marcel Partap 2d1b9f2dbf synapse workers: reworkings + get endpoints from upstream docs via awk
(yes, a bit awkward and brittle… xD)
2020-10-28 07:13:19 +01:00
Slavi Pantaleev 70f0b97a0a Upgrade Synapse (v1.21.2 -> v1.22.0) 2020-10-27 14:24:02 +02:00
Slavi Pantaleev 63a49bb2dc Do not expose /_synapse/admin publicly by default
Fixes #685 (Github Issue).
2020-10-26 10:36:38 +02:00
Sabine Laszakovits dd50ee19ab fixed bridge permissions 2020-10-25 21:42:40 +01:00
Sabine Laszakovits 2211e678f3 fixed comments that were copied over from mautrix-telegram role 2020-10-25 21:01:25 +01:00
Sabine Laszakovits e59aa07b86 more cleanup 2020-10-25 20:47:10 +01:00
Sabine Laszakovits c36e1355cf cleanup 2020-10-25 20:46:57 +01:00
Sabine Laszakovits 8ebc39dea0 fixed dependencies of bridge service (not ideal, but correct) 2020-10-25 20:46:32 +01:00
Sabine Laszakovits 9b890e9ced moved some settings from role to group_vars 2020-10-25 20:45:24 +01:00
Sabine Laszakovits ff1d7921a0 moved registration.yaml contents to template 2020-10-25 20:16:24 +01:00
Sabine 7a54e11090 started moving settings to group_vars 2020-10-24 12:15:03 +02:00
Marcel Partap 87bd64ce9e Merge remote-tracking branch 'origin/master' into synapse-workers 2020-10-23 23:45:07 +02:00
Marcel Partap a4125d5446 synapse workers: polishing, cleansing and installation of jq dependency 2020-10-23 20:49:53 +02:00
Sabine 69efcb5c21 added mautrix-signal role 2020-10-22 23:29:34 +02:00
Marcel Partap 501efee07e synapse workers: supply systemd with actual worker PIDs (requires jq)
also, worker.yaml.j2:
  - hone worker_name
  - remove worker_pid_file entry (would only be used if worker_daemonize
    set to true; also, synapse only knows about the container namespace
    and thus can not provide the required host-view PID)
2020-10-22 20:53:41 +02:00
Slavi Pantaleev 24c6d7e81f Upgrade Element (1.7.9 -> 1.7.10) 2020-10-20 19:06:16 +03:00
Scott Crossen 94dcceb7b9 removed intentional delay 2020-10-19 11:26:37 -07:00
Scott Crossen efeb651789 Removed typo 2020-10-19 11:25:01 -07:00
Scott Crossen e7d79a95dc removed platform-specific stuff 2020-10-19 10:46:02 -07:00
Scott Crossen 19721be8b1 removed dhcp option 2020-10-18 21:05:32 -07:00
Scott Crossen de1511b4bb Fixed valdiation 2020-10-16 21:31:07 -07:00
Scott Crossen 806f98447c Removed directory creation 2020-10-16 21:26:58 -07:00
Scott Crossen 51cca4c312 Added containerization 2020-10-16 21:21:58 -07:00
Tobias Küchel 1cf5b1d80f e2ee_backup: rename variables to be consistent with naming scheme 2020-10-16 09:24:50 +02:00
Tobias Küchel 5158fa4df9 e2ee_backup_methods: rather leave the default empty, so that the system default may apply 2020-10-16 08:50:16 +02:00
Tobias Küchel 8f7e21892d fix indentation, updated to proposed changes from Slavi: no more ifdef 2020-10-16 08:47:37 +02:00
Tobias Küchel 4cfa112755 update default backup_methods as proposed by the system anyway 2020-10-16 08:44:04 +02:00
Tobias Küchel 6599204334 fix commata not being set when secure_backup_required false 2020-10-16 08:20:22 +02:00
Tobias Küchel 48f929dc91 add variables for secure_backup_required and secure_backup_setup_methods 2020-10-16 00:32:00 +02:00
Slavi Pantaleev f7ecc7a2a5 Upgrade Synapse (v1.21.1 -> v1.21.2) 2020-10-15 17:42:52 +03:00
jgbresson 640166e4c3
Upgrade Element (1.7.8 -> 1.7.9) 2020-10-15 00:09:54 -04:00
Dan Arnfield b65bfc38ce Update nginx (1.19.2 -> 1.19.3) 2020-10-14 06:23:33 -05:00
Scott Crossen 53bc7a77e1 fixed EOF issues 2020-10-13 16:47:09 -07:00
Scott Crossen fa5d85426b Renamed systemd descriptions for all bridges 2020-10-13 16:40:30 -07:00
Scott Crossen 1f988969a5 Added role for dynamic dns 2020-10-13 16:26:57 -07:00
Slavi Pantaleev 5abd511368 Upgrade Synapse (v1.21.0 -> v1.21.1) 2020-10-13 13:08:25 +03:00
Slavi Pantaleev d250727e8b Upgrade certbot (1.7.0 -> 1.9.0) 2020-10-13 09:44:32 +03:00
Aaron Raimist 78529cbd47
Upgrade Synapse (v1.20.1 -> v1.21.0) 2020-10-12 23:59:34 -05:00
Marcel Partap d2e61af224 Add worker_name to synapse worker config template
& restrict federation listener; frontend_proxy / user_dir don't need it
2020-10-11 21:52:08 +02:00
Marcel Partap 36e9be6092 matrix_synapse_workers_{avail,enabled}_list: sort non-generic workers
.. alphabetically and put those not documented as multi-instance
capable on ports ending on zero.
2020-10-11 21:44:42 +02:00
Marcel Partap e9241f5fb9 Improve synapse-workers systemd service template
Is the PID magic gonna work? or will it need an ExecStartPost hack..
2020-10-11 21:09:19 +02:00
Marcel Partap 40024e9b81 Prevent workers failing if their config doesn't exist
- cherry-pick "Ensure worker config exists in systemd service (#7528)"
  from synapse d74cdc1a42e8b487d74c214b1d0ca575429d546a:
  "check that the worker config file exists instead of silently failing."
2020-10-11 21:09:19 +02:00
Marcel Partap 93a8ea7e4a Merge remote-tracking branch 'master' into feature/add-worker-support 2020-10-11 20:59:05 +02:00
Fanch 1a9cafa3a3 add run-docker-prune command 2020-10-10 04:11:26 +02:00
Slavi Pantaleev 6a72e3fa54 Try to make importing SQLite from older Synapse version work
If the SQLite database was from an older version of Synapse, it appears
that Synapse would try to run migrations on it first, before importing.
This was failing, because the file wasn't writable.

Hopefully, this fixes the problem.
2020-10-07 08:54:46 +03:00
Slavi Pantaleev 23daec748c Require Ansible v2.7 or newer (because of items2dict and dict2items)
Interestingly, no one has reported this failure before #662 (Github
Issue).

It doesn't make sense to keep saying that we support such old Ansible
versions, when we're not even testing on anything close to those.

Time is also passing and such versions are getting more and more
ancient. It's time we bumped our requirements to something that is more
likely to work.
2020-10-02 11:53:19 +03:00
Slavi Pantaleev 07fa8404bf Upgrade matrix-corporal (1.10.1 -> 1.11.0) 2020-10-01 18:30:30 +03:00
Slavi Pantaleev 9e8c14bf65
Merge pull request #660 from clemsos/master
Element web : update welcome page template
2020-10-01 09:44:48 +03:00
Dan Arnfield 3a3383fada Add support for postgres 13 2020-09-30 16:50:59 -05:00
Slavi Pantaleev 43c5f3ec6e Do not create /home/matrix when creating the matrix user 2020-09-29 18:14:37 +03:00
Clement Renaud ac3ba1d919 element web : update welcome page template 2020-09-29 12:33:47 +02:00
Slavi Pantaleev 7eb8192a51 Comlain about version requirement on Ansible v1
I don't believe Ansible v1 would even go as far as executing this
sanity check, but.. Adding an extra defensive check for completeness.
2020-09-29 12:37:39 +03:00
Slavi Pantaleev 3d702fe03b Avoid set_fact with error message to prevent confusion 2020-09-29 12:23:39 +03:00
Slavi Pantaleev 3818d82852 Upgrade Element (1.7.7 -> 1.7.8) 2020-09-28 22:20:36 +03:00
Slavi Pantaleev 263727095d
Merge pull request #657 from cnvandijk/feature-client-well-known
Client well known compatibility
2020-09-28 09:19:25 +03:00
Slavi Pantaleev 3e2f0a4240 Upgrade matrix-synapse-admin (0.4.1 -> 0.5.0)
Related to #658 (Github Issue).
2020-09-28 09:11:05 +03:00
Chris van Dijk b9c8d059d0 Support both the im.vector.riot and io.element variants in client .well-known
According to the docs, "e2ee" is already under "io.element":
  https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md#disabling-encryption-by-default
however "jitsi" is still under "im.vector.riot":
  https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server

For now let's just maintain backward and forward compatibility for both
settings since the client version is out of the control of this
playbook.
2020-09-26 16:57:02 +00:00
Chris van Dijk f6b0f0a477 Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element 2020-09-26 16:24:09 +00:00
Slavi Pantaleev 9fba46e694
Merge pull request #655 from aaronraimist/element-showLabs
Allow configuration of Element's bug_report_endpoint_url and showLabsSettings
2020-09-25 12:02:29 +03:00
Aaron Raimist dc2def914e
Allow configuration of Element's bug_report_endpoint_url and showLabsSettings
showLabsSettings is the new enableLabs I guess. enableLabs doesn't seem to do anything anymore. It had been deprecated for a while.

This PR also removes @riot-bot:matrix.org as the default welcome_user_id since it doesn't exist anymore.
2020-09-24 18:37:31 -05:00
Slavi Pantaleev e68450f094 Upgrade Synapse (v1.20.0 -> v1.20.1) 2020-09-24 18:43:54 +03:00
Slavi Pantaleev 329fef048f Upgrade matrix-corporal (1.10.0 -> 1.10.1) 2020-09-22 19:43:23 +03:00
Slavi Pantaleev 32ac4706cb Upgrade matrix-corporal (1.9.0 -> 1.10.0) 2020-09-22 19:28:27 +03:00
Slavi Pantaleev dd217137b6 Upgrade Synapse (v1.19.3 -> v1.20.0) 2020-09-22 19:28:07 +03:00
Slavi Pantaleev 65e22a6888 Upgrade Synapse (v1.19.2 -> v1.19.3) 2020-09-18 17:37:04 +03:00
Slavi Pantaleev 6db3a46f88
Merge pull request #650 from dwiegreffe/master
New docker image appservice-slack
2020-09-18 14:31:39 +03:00
Daniel Wiegreffe b3926e7cca
Update main.yml 2020-09-18 13:26:07 +02:00
Max Klenk fc2edcbecf
fix media routing 2020-09-18 10:45:01 +02:00
Max Klenk 132daba1af
fix worker routes 2020-09-18 10:18:32 +02:00
Slavi Pantaleev e10e3e354d Upgrade Synapse (v1.19.1 -> v1.19.2) 2020-09-16 16:35:17 +03:00
Dan Arnfield faa96ca0c3 Update element (1.7.5 -> 1.7.7) 2020-09-15 06:15:30 -05:00
Daniel Wiegreffe 8f41041f6d replacement of the docker image for appservice-slack to the officially maintained image 2020-09-15 09:11:56 +02:00
Scott Crossen b24333dd0f
Use the same naming convention as the other mx-puppet suite. 2020-09-14 11:11:30 -07:00
Slavi Pantaleev 6e8a39119b Update matrix-reminder-bot (0.1.0 -> 0.2.0) 2020-09-14 10:19:47 +03:00
0hlov3 c19abe4a76 Changes matrix_dimension_integrations_ui_url from /riot to /element https://dimension.t2bot.io/ 2020-09-13 04:19:19 +02:00
Max Klenk 1e68d8b2e5
allow to pass arguments to the postgres process 2020-09-11 14:29:10 +02:00
Max Klenk 880025324a
fix redis config if no password is set 2020-09-11 10:35:50 +02:00
Max Klenk 4fdfc0a34f
add missing ratelimiting options required for load testing 2020-09-11 09:46:20 +02:00
Max Klenk 9a3d84b931
Merge branch 'master' into feature/add-worker-support 2020-09-10 13:57:11 +02:00
Max Klenk a25a429a52
add redis support 2020-09-10 13:39:00 +02:00
Slavi Pantaleev 5bb2c43502 Add support for enabling Jitsi lobby
Related to #643 (Github Issue)
2020-09-10 09:08:45 +03:00
Slavi Pantaleev 2a1ec38e3a Stop using Ansible's cron module
This is mainly to address SSL renewal not working for us due to:
- https://github.com/ansible/ansible/issues/71213
- https://github.com/ansible/ansible/pull/71207

Using the cron module was hacky anyway. We shouldn't need an extra
level of buggy abstraction to manage a cronjob file.
2020-09-06 10:49:19 +03:00
Slavi Pantaleev bed16fd065 Upgrade Element (1.7.4 -> 1.7.5) 2020-09-01 20:51:51 +03:00
Slavi Pantaleev 6def66940f Fix broken cover photo for matrix-registration 2020-09-01 18:17:04 +03:00
Slavi Pantaleev da38a7869f Add matrix-registration support 2020-09-01 13:46:05 +03:00
Slavi Pantaleev a456e3a9e7 Surface certain messages at the end of playbook execution
Fixes #106 (Github Issue).
2020-09-01 13:12:35 +03:00
Slavi Pantaleev e3dca2f66f Try to avoid Docker logs growing too much for one-off containers
We recently had a report of the Postgres backup container's log file
growing the size of /var/lib/docker until it ran out of disk space.

Trying to prevent similar problems in the future.
2020-09-01 09:03:48 +03:00
Max Klenk 06bc430c7c
refactor to use new workers and routes they serve 2020-08-28 13:53:39 +02:00
Max Klenk 53ccc783b7
remove duplicated key 2020-08-27 15:26:46 +02:00
Max Klenk 59d1fb76b6
only apply worker redirects if workers are enabled 2020-08-27 15:25:32 +02:00
Max Klenk 567d0318b0
Merge branch 'synapse-workers' into feature/add-worker-support 2020-08-27 15:22:12 +02:00
Slavi Pantaleev 3c285bc6f5 Install lsb-release on Debian distros if unavailable
Certain more-minimal Debian installations may not have
lsb-release installed, which makes the playbook fail.

We need lsb-release on Debian, so that ansible_lsb
could tell us if this is Debian or Raspbian.
2020-08-27 13:58:35 +03:00
Slavi Pantaleev 6e9600ffec Upgrade Synapse (v1.19.0 -> v1.19.1) 2020-08-27 12:59:11 +03:00
Slavi Pantaleev daf13107a0 Add support for rust-synapse-compress-state 2020-08-21 13:53:39 +03:00
Slavi Pantaleev b4a549b772 Upgrade Element (1.7.3 -> 1.7.4) 2020-08-17 17:03:19 +03:00
Slavi Pantaleev 9952ec6c16 Upgrade Synapse (v1.18.0 -> v1.19.0) 2020-08-17 17:02:40 +03:00
Slavi Pantaleev fc1655cd4b
Merge pull request #633 from thedanbob/certbot-1.7.0
Update certbot (1.6.0 -> 1.7.0)
2020-08-17 16:47:12 +03:00
Slavi Pantaleev 5abbeb75c9
Merge pull request #632 from thedanbob/nginx-1.19.2
Update nginx (1.19.1 -> 1.19.2)
2020-08-17 16:44:37 +03:00
Dan Arnfield c8754f422a Update certbot (1.6.0 -> 1.7.0) 2020-08-16 15:01:13 -05:00
Dan Arnfield 8d373409b8 Update nginx (1.19.1 -> 1.19.2) 2020-08-16 14:59:48 -05:00
Dan Arnfield 20eea648a5 Update postgres versions (12.3 -> 12.4, etc) 2020-08-16 14:41:40 -05:00
Justin Croonenberghs 31e2a1f06b
Undo ill-advised change
In #628 I proposed a CORS change that turns out not to be the root of the issue. Caffeine-addled diagnosis leads to sloppy thinking, and this change should be reverted. In fact, if left it will cause problems for new installations.
2020-08-09 14:20:37 -05:00
Justin Croonenberghs c5d18733d2
Update CORS for ma1sd
Even with the v2 updates listed in #503 and partially addressed in #614, this is still needed to enable identity services to function with Element Desktop/Web. Testing on multiple clients with a clean config has confirmed this, at least for my installation.
2020-08-08 23:19:07 -05:00
Slavi Pantaleev e6dd0fbaee Upgrade Element (1.7.2 -> 1.7.3) 2020-08-06 19:25:52 +03:00
merklaw fa6d85636f Add note about installing 'docker' Python package if Docker installation is disabled 2020-08-05 17:35:25 +02:00
merklaw 87df15441c Add note about installilng 'docker' Python package if Docker installation is disabled 2020-08-05 17:31:16 +02:00
Slavi Pantaleev 4b0a462aef
Merge pull request #620 from NachvollCiba/synapse-admin_selfbuild
Allow self-build images for Synapse-Admin
2020-08-04 17:23:30 +03:00
Dennis Ciba b22b593d83 Changed setup of synapse-admin to allow for self-build images 2020-08-04 15:42:00 +02:00
Slavi Pantaleev 54195b22c7 Allow framing Jitsi
Hopefully fixes a regression caused by b106a9592e.

Related to #597 (Github Pull Request).
2020-08-04 16:08:11 +03:00
benkuly 7755e5efd4
Update sms-bridge (0.3.1 -> 0.3.2) 2020-07-30 16:25:07 +03:00
Slavi Pantaleev f78a5d4ee8 Upgrade Synapse (v1.17.0 -> v1.18.0) 2020-07-30 14:21:44 +03:00
Slavi Pantaleev a7382924fc
Merge pull request #614 from vractal/enable-ma1sd-hashing
Enable ma1sd hashing by default
2020-07-30 09:30:06 +03:00
Slavi Pantaleev 68b2f2c33c
Merge pull request #613 from vractal/fix-gpg-dep
Replace gpg dependency for gnupg for debian compatibility
2020-07-30 09:29:25 +03:00
vractal 627c225101 Enable ma1sd hashing by default 2020-07-29 12:38:07 -04:00
Benjamin Fichtner 6539f2a156 Make ansible check mode runs silent, for all tasks which can't be idempotent 2020-07-29 13:23:15 +02:00
vractal 9b61fef271 Replace gpg dependency for gnupg for better debian compatibility 2020-07-28 15:26:16 -04:00
Slavi Pantaleev 3dcef4faa9
Merge pull request #609 from jdreichmann/newTelegramBridgeVersion
Bump version of mautrix-telegram to 0.8.2
2020-07-28 20:59:51 +03:00
Slavi Pantaleev be5ca5258b Upgrade Element (1.7.1 -> 1.7.2) 2020-07-28 19:04:11 +03:00
Johanna Dorothea Reichmann 2004143f14
Bump version of mautrix-telegram to 0.8.2
fixes matrix users unable to delete messages
2020-07-27 15:53:33 +02:00
Slavi Pantaleev ae002d8ae4 Fix synapse-admin uninstallation 2020-07-26 18:09:29 +03:00
Slavi Pantaleev 3f8e5b4363 Allow framing Dimension
Fix regression since 2a50b8b6bb (#597).

Dimension is intended to be embedded in various clients,
be it the Element service that we host (at element.DOMAIN),
some other Element (element-desktop running locally), etc.
2020-07-25 07:08:32 +03:00
Tommy Kelly d76d91a33e Update jitsi-web version
Changelog here https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_4857
2020-07-24 13:23:29 +03:00
Slavi Pantaleev 2a50b8b6bb
Merge pull request #597 from TwoTwenty/nginx-proxy-headers
Nginx proxy headers
2020-07-24 12:53:50 +03:00
Dan Arnfield 7a3491a32a Fix capability names for synapse-admin 2020-07-22 21:18:15 -05:00
TwoTwenty b106a9592e
Update matrix-jitsi.conf.j2 2020-07-22 10:39:24 -07:00
TwoTwenty c97e7c5a3e
Update matrix-dimension.conf.j2 2020-07-22 10:39:07 -07:00
TwoTwenty 18ba885ca2
Update matrix-client-element.conf.j2 2020-07-22 10:38:50 -07:00
Slavi Pantaleev 31b79553e0 Make matrix-reminder-bot default to in-container networking 2020-07-22 16:37:14 +03:00
Slavi Pantaleev 46135fb30c Add trailing-slash redirect for /synapse-admin 2020-07-22 13:15:05 +03:00
Slavi Pantaleev b2ae669566 Add synapse-admin support
Fixes #562 (Github Issue)
2020-07-22 08:10:26 +03:00
Slavi Pantaleev 78b1ef9a5f Add support for matrix-reminder-bot 2020-07-20 14:13:08 +03:00
hungrymonkey d093b9b148 Added gpg as base dependency for Debian 10
AWS Debian marketplace image does not have gpg preinstalled

https://aws.amazon.com/marketplace/pp/B0859NK4HC?ref=cns_srchrow

TASK [matrix-base : Ensure Docker's APT key is trusted] *******************************************************************************************************************************************************
fatal: [matrix.domain.com]: FAILED! => {"changed": false, "msg": "Failed to find required executable gpg in paths: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"}

Closes #590
2020-07-18 07:56:30 -07:00
Slavi Pantaleev b872053a50
Merge pull request #588 from mattcen/fix-ma1sd-image-build
Fix issues building ma1sd Docker image
2020-07-17 11:48:50 +03:00
Slavi Pantaleev 28855d1bb4
Document matrix_ma1sd_docker_src_files_path naming 2020-07-17 11:47:15 +03:00
Slavi Pantaleev ab188018f3
Move when statement to block
The when statement is supposed to be on the block, not on the individual task.

It affects all tasks within the block (they're all to be executed when ma1sd is enabled and self-building is requested0.
2020-07-17 11:44:26 +03:00
Slavi Pantaleev c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00
Matt Cengia fede58fe96 Correctly tag self-built ma1sd Docker image 2020-07-17 17:12:16 +10:00
Slavi Pantaleev de0efe96e7 Fix incorrect when statement 2020-07-17 08:59:00 +03:00
Slavi Pantaleev 298d277c6c Upgrade riot-web (1.7.0 -> 1.7.1) 2020-07-17 08:56:08 +03:00
Matt Cengia b0e984136f Fix issues building ma1sd Docker image
The tag format used in the `ma1sd` repo have change. Versions no longer
start with 'v', and when building for non-amd64, we also need to strip
off the '-$arch' bit from the Docker image name.

Further, when building the .jar file, `ma1sd` currently names the .jar
based on the project's directory, which we call 'docker-src'. This means
other parts of the `ma1sd` build can't find the .jar file. Remedy this
by ensuring that the dir is called `docker-src/ma1sd`.
2020-07-17 13:57:47 +10:00
Dan Arnfield c47a55d170 Update nginx (1.19.0 -> 1.19.1) and certbot (1.5.0 -> 1.6.0) 2020-07-16 06:34:14 -05:00
Slavi Pantaleev 820dc6d7fa Fix translation issue (Riot.im -> Element) 2020-07-15 14:46:39 +03:00
Slavi Pantaleev 7c55e94cff Upgrade riot-web (1.6.7 -> 1.7.0) 2020-07-15 14:28:23 +03:00
benkuly a1e248e0e1
updated matrix-sms-bridge (#581)
* updated matrix sms bridge container

* remove force pull

* updated matrix-sms-bridge container

* updated matrix-sms-bridge container

* updated version of matrix-sms-bridge

* updates matrix-sms-bridge
2020-07-14 14:02:34 +03:00
Slavi Pantaleev b50cfe8d18 Upgrade mautrix-telegram (0.7.2 -> 0.8.1) 2020-07-14 10:37:07 +03:00
Slavi Pantaleev 200f912c04 Upgrade Synapse (v1.16.1 -> v1.17.0)
Fixes #579 (Github Issue).
2020-07-13 14:08:50 +03:00
shadow ddfc945fcf Remove unused validate_config.yml, since it causes ansible warnings 2020-07-11 00:40:12 +03:00
Slavi Pantaleev eff55e4d00 Upgrade Synapse (v1.16.0 -> v1.16.1) 2020-07-10 14:33:18 +03:00
benkuly 3553d3d513 updated version of matrix-sms-bridge 2020-07-08 18:15:18 +03:00
benkuly 8e1a418a45 updated matrix-sms-bridge container 2020-07-08 18:15:18 +03:00
benkuly bd3223cdd4 updated matrix-sms-bridge container 2020-07-08 18:15:18 +03:00
benkuly 226d5a9c64 remove force pull 2020-07-08 18:15:18 +03:00
benkuly c5f9e02103 updated matrix sms bridge container 2020-07-08 18:15:18 +03:00
Slavi Pantaleev 928982cffe Upgrade Synapse (v1.15.2 -> v1.16.0) 2020-07-08 14:08:46 +03:00
Slavi Pantaleev 18ab677a96 Remove useless file 2020-07-08 00:22:47 +03:00
Slavi Pantaleev 227f1a28e3 Allow matrix_user_uid/matrix_user_gid to be specified manually 2020-07-06 11:05:34 +03:00
Panagiotis Vasilopoulos baed917a13
Fixed repository link for mx-puppet-steam
- https://github.com/icewind1991/mx-puppet-steam is the link that's referenced by the documentation.
- The previous link, https://github.com/matrix-steam/mx-puppet-steam, is invalid/inaccessible to the public.
2020-07-05 23:28:03 +03:00
shadow 6293f1bdb0 Run all API self checks in check_mode 2020-07-04 15:24:33 +02:00
Slavi Pantaleev f758ee90cb
Add |to_json to some values 2020-07-04 09:31:52 +03:00
Justin Croonenberghs 35c2655fa4 Removed troublesome #s 2020-07-03 19:01:03 -05:00
Justin Croonenberghs 1f21f0c09a Add variables for reCAPTCHA validation 2020-07-03 18:33:25 -05:00
Slavi Pantaleev b08ee2f2fa Move Jitsi container image tag to a variable
Related to #554 (Github Pull Request).
2020-07-03 13:10:59 +03:00
Slavi Pantaleev 3710e04e10
Merge pull request #557 from izissise/mx-puppet-steam
Add mx-puppet-steam
2020-07-03 12:05:41 +03:00
Slavi Pantaleev d5eb7eb949
Merge pull request #560 from aaronraimist/synapse-1.15.2
Upgrade Synapse (1.15.1 -> 1.15.2)
2020-07-02 18:41:51 +03:00
Aaron Raimist 78382b0ce4
Upgrade Synapse (1.15.1 -> 1.15.2) 2020-07-02 10:38:25 -05:00
Hugues Morisset 57f498217a Add mx-puppet-steam 2020-07-01 21:01:00 +02:00
Hugues Morisset eb0df37247 Mx-puppet-discord Use official docker image
https://github.com/matrix-discord/mx-puppet-discord/issues/80

Thanks Sorunome for setting up the automated build
2020-07-01 13:33:01 +02:00
Hugues Morisset 42e7f5e9bc Add mx-puppet-discord 2020-07-01 13:31:31 +02:00
Slavi Pantaleev 744667b270 Merge branch 'master' into mx-puppet-twitter 2020-06-30 17:37:19 +03:00
Slavi Pantaleev 31f9e7bbea
Merge pull request #551 from jdreichmann/feat-mx-puppet-instagram
Add mx-puppet-instagram
2020-06-30 17:33:37 +03:00
Slavi Pantaleev 8b59402f79 Upgrade Coturn (4.5.1.2 -> 4.5.1.3)
4.5.1.3 fixes a security vulnerability:
https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
2020-06-30 14:28:41 +03:00
Slavi Pantaleev f41c5e89e5 Upgrade riot-web (1.6.6 -> 1.6.7) 2020-06-29 18:41:06 +03:00
Tulir Asokan 5b960bcfb5 Make sender_localpart configurable for mx-puppet-twitter 2020-06-29 18:04:40 +03:00
Tulir Asokan 13186a1ddc Add mx-puppet-twitter
Signed-off-by: Tulir Asokan <tulir@maunium.net>
2020-06-29 15:28:43 +03:00
Slavi Pantaleev de545f9c5f Update docs on self-building and remove useless variable
`matrix_container_images_self_build` was not really doing anything
anymore. It previously was influencing `matrix_*_self_build` variables,
but it's no longer the case since some time ago.

Individual `matrix_*_self_build` variables are still available.
People that would like to toggle self-building for a specific component
ought to use those.

These variables are also controlled automatically (via
`group_vars/matrix_servers`) depending on `matrix_architecture`.

In other words, self-building is being done automatically for
all components when they don't have a prebuilt image for the specified
architecture. Some components only support `amd64`, while others also
have images for other architectures.
2020-06-29 14:58:03 +03:00
Slavi Pantaleev 635f385971 Use pre-built arm64 image for ma1sd
ma1sd 2.4.0 announced experimental support for arm64.
We're making use of those arm64 images instead of self-building.
2020-06-29 14:53:23 +03:00
Slavi Pantaleev f30d5e0950
Merge pull request #554 from teutat3s/jitsi-update-4627-1
Update Jitsi to stable-4627-1
2020-06-29 09:12:47 +03:00
teutat3s 784cb3e325
Update Jitsi to stable-4627-1 2020-06-28 22:00:08 +02:00
teutat3s 4cf59098ad
Update ma1sd to v2.4.0 2020-06-28 21:47:19 +02:00
Slavi Pantaleev 19b9a1b16c Expose mautrix-hangouts port if matrix-nginx-proxy is disabled 2020-06-28 09:01:48 +03:00
jdreichmann 0fea35cdd2
mx-puppet-instagram: add role 2020-06-27 15:23:21 +02:00
Slavi Pantaleev a081979d39
Merge pull request #548 from pcorace/master
Add variables to fine tune jitsi
2020-06-27 08:01:54 +03:00
Pablo 69570de8a9 Rename variables 2020-06-25 11:20:40 -03:00
Slavi Pantaleev 5c5f1c6ab9 Add support for telling Riot to not default to E2EE
Related to https://github.com/vector-im/riot-web/pull/13914
2020-06-24 11:39:51 +03:00
Pablo c341608480 Add variables to fine tune jitsi 2020-06-23 19:22:52 -03:00
Slavi Pantaleev d2a0ec6aa9 Upgrade riot-web (1.6.5 -> 1.6.6) 2020-06-23 18:03:58 +03:00
Slavi Pantaleev 105b3524bb Upgrade riot-web (1.6.4 -> 1.6.5) 2020-06-16 19:22:45 +03:00
Slavi Pantaleev 10bc85962e Upgrade Synapse (1.15.0 -> 1.15.1) 2020-06-16 13:55:27 +03:00
Slavi Pantaleev 7729511a84 Make vars.yml snapshotting optional and more configurable
Certain people organize their inventory in a different way
and we'd like to accommodate them.

Related to #542 (Github Issue).
2020-06-14 10:01:22 +03:00
Slavi Pantaleev 67ab7e7a1b Preserve vars.yml on the server for easily restoring
Fixes #542 (Github Issues).
2020-06-13 07:52:01 +03:00
benkuly d49ee51035 remove force pull matrix-sms-bridge docker image 2020-06-12 10:23:51 +02:00
benkuly a0661a6012 updated sms bridge docker image 2020-06-12 08:37:08 +02:00