Slavi Pantaleev
1f0da1103a
Merge pull request #2485 from etkecc/patch-171
...
update postmoogle 0.9.13 -> 0.9.14
2023-02-14 22:48:51 +02:00
Slavi Pantaleev
c85d48c45c
Remove Traefik labels for Hydrogen & Cinny from matrix-nginx-proxy
...
Related to 6a52be7987
and 28e7ef9c71f02
2023-02-14 22:46:34 +02:00
Aine
4045d72e7b
update postmoogle 0.9.13 -> 0.9.14
...
* make banlist consistent
* proper multi-error message
* ignore "." MX hosts
* try recipient domain directly, even when MX records found, but failed
2023-02-14 20:04:27 +00:00
Slavi Pantaleev
4d24e9bb7f
Merge pull request #2484 from etkecc/patch-170
...
Update synapse 1.76.0 -> 1.77.0
2023-02-14 20:03:33 +02:00
Aine
3570808633
Update synapse 1.76.0 -> 1.77.0
2023-02-14 17:50:55 +00:00
Aine
c98f40c836
Update hydrogen 0.3.7 -> 0.3.8
2023-02-14 17:49:16 +00:00
Slavi Pantaleev
51cfd7b777
Merge pull request #2481 from moan0s/update
...
Bump element version
2023-02-14 15:29:34 +02:00
Julian-Samuel Gebühr
6727aa55ec
Bump element version
...
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
2023-02-14 13:36:04 +01:00
Slavi Pantaleev
f28e7ef9c7
Add (native) Traefik support to matrix-client-cinny
...
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
2023-02-14 11:29:53 +02:00
Slavi Pantaleev
3bace0c7b9
Add matrix_synapse_admin_hostname and rename matrix_synapse_admin_public_endpoint (to matrix_synapse_admin_path_prefix)
2023-02-14 11:05:39 +02:00
Slavi Pantaleev
2e74187050
Add matrix_client_element_hostname and matrix_client_element_path_prefix variables
2023-02-14 11:02:18 +02:00
Slavi Pantaleev
eb7292f274
Add matrix_client_hydrogen_hostname and fix Hydrogen serving at non-root-path
2023-02-14 10:57:13 +02:00
Slavi Pantaleev
6a52be7987
Add (native) Traefik support to matrix-client-hydrogen
...
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
Serving at a path other than `/` doesn't work well yet.
2023-02-14 09:58:35 +02:00
Slavi Pantaleev
64e2b26ed5
Fix Hydrogen failing to start
...
We were mounting our own configuration to
`/usr/share/nginx/html/config.json`, which is a symlink to
`/tmp/config.json`. So we effectively mount our file to
`/tmp/config.json`.
When starting:
- if Hydrogen sees a `CONFIG_OVERRIDE` environment variable,
it will try to save it into our read-only config file and fail.
- if Hydrogen doesn't see a `CONFIG_OVERRIDE` environment variable (the
path we go through, because we don't pass such a variable),
it will try to copy its bundled configuration (`/config.json.bundled`)
to `/tmp/config.json`. Because our configuration is mounted as read-only, it will
fail.
In both cases, it will fail with:
> cp: can't create '/tmp/config.json': File exists
Source: 3720de36bb/docker/dynamic-config.sh
We work around this by mounting our configuration on top of the bundled
one (`/config.json.bundled`). We then let Hydrogen's startup script copy
it to `/tmp/config.json` (a tmpfs we've mounted into the container) and use it from there.
2023-02-14 09:49:22 +02:00
Slavi Pantaleev
799cbb44fb
Add the ability to control (Traefik) routing priority for Element and synapse-admin
...
This may proof useful to someone in the future.
2023-02-14 09:04:50 +02:00
Slavi Pantaleev
5c7cd70684
Make use of the existing matrix_synapse_admin_public_endpoint variable
2023-02-14 08:51:20 +02:00
Slavi Pantaleev
c33ed94352
Add security headers to synapse-admin (on Traefik)
...
We've had it on `matrix-nginx-proxy` before, but
our initial support for Traefik did not include any of these security
headers.
2023-02-14 08:49:04 +02:00
Slavi Pantaleev
71597132e0
Move around some matrix-client-element variables
2023-02-14 08:45:32 +02:00
Slavi Pantaleev
5ab5f28d14
Add support for running synapse-admin (on Traefik) at the root path
...
Previously, we had to run it at a subpath, like `/synapse-admin`.
We can now dedicate a whole domain and the `/` path to it, should we
wish to do so.
2023-02-14 08:42:50 +02:00
Slavi Pantaleev
ff1338e003
Add support for hosting Element (on Traefik) at a subpath
2023-02-14 08:31:26 +02:00
Slavi Pantaleev
e34174b1b4
Add various security headers to matrix-client-element when behind Traefik
2023-02-13 19:03:20 +02:00
Slavi Pantaleev
e51e4eec09
Add (native) Traefik support to matrix-client-element
...
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
2023-02-13 19:03:20 +02:00
Slavi Pantaleev
f2ed5e4b04
Delete /matrix/nginx-proxy/conf.d/matrix-client-element.conf if matrix_nginx_proxy_proxy_element_enabled not enabled
2023-02-13 19:03:20 +02:00
Aine
9f820a506a
Update postmoogle 0.9.12 -> 0.9.13
...
* live SSL certificates reload on file changes (e.g., on automatic certs renewal)
* print all errors when trying connection to an SMTP server
2023-02-13 14:08:09 +00:00
Slavi Pantaleev
31aa87fdb6
Merge pull request #2475 from etkecc/patch-167
...
Update coturn 4.6.1-r1 -> 4.6.1-r2
2023-02-13 15:12:37 +02:00
Slavi Pantaleev
3d9aa8387e
Add (native) Traefik support to synapse-admin
...
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now.
2023-02-13 15:08:42 +02:00
Aine
f6f7bbd2a1
Update coturn 4.6.1-r1 -> 4.6.1-r2
2023-02-13 12:54:55 +00:00
Slavi Pantaleev
38904c08b0
Wire backup_borg_username
...
It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.
2023-02-13 11:01:54 +02:00
Slavi Pantaleev
78c35136b2
Replace matrix-backup-borg with an external role
2023-02-13 10:53:11 +02:00
td
af10d350bc
fix: missing endif in client well-known
2023-02-13 12:32:43 +05:30
Jayesh Nirve
6939a3d6d3
fix: only add element related entries to client well-known if element is enabled ( #2453 )
...
* fix: only add element related entries to client well-known if element is enabled
* Fix matrix-base/defaults/main.yml syntax
---------
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-02-13 08:36:20 +02:00
Array in a Matrix
79413e7717
updated dendrite
2023-02-12 13:09:53 -05:00
Slavi Pantaleev
f1a1ce8a91
Merge pull request #2464 from spantaleev/traefik
...
Reverse-proxy configuration changes and initial Traefik support
2023-02-12 16:05:56 +02:00
Catalan Lover
cba63bd4b9
Upgrade Drapunir from 1.8.0 Beta to 1.8.0 release.
2023-02-11 23:51:13 +01:00
Slavi Pantaleev
6b0650641b
Update matrix_playbook_reverse_proxy_type documentation
2023-02-11 08:58:53 +02:00
Slavi Pantaleev
8309a21303
Rename reverse proxy types and fix Hookshot http/https urlPrefix issue
2023-02-11 08:44:11 +02:00
Slavi Pantaleev
3f2cb840b9
Merge branch 'master' into traefik
2023-02-11 07:46:35 +02:00
Slavi Pantaleev
ad22bdb884
Do not run matrix-user-verification-service validation tasks unless the service is enabled
2023-02-10 19:40:03 +02:00
Slavi Pantaleev
7142ff422d
Ensure matrix_user_verification_service_uvs_access_token is always defined
...
The playbook tries to avoid such variables which are sometimes defined
and sometimes not. We'd rather not check for `is defined`.
2023-02-10 19:40:03 +02:00
Slavi Pantaleev
97f65e8dff
Minor fixes to allow for Traefik without SSL
2023-02-10 19:36:06 +02:00
Aine
a1ef28681a
Update Hydrogen 0.3.6 -> 0.3.7
2023-02-10 14:40:50 +00:00
Slavi Pantaleev
28d2eb593c
Add matrix_playbook_reverse_proxy_type variable which influences all other services
2023-02-10 16:04:34 +02:00
Slavi Pantaleev
06ccd71edc
Merge branch 'master' into traefik
2023-02-10 14:37:59 +02:00
Slavi Pantaleev
f6ab162fff
Remove systemd-reloading handler in matrix-user-verification-service
...
None of the other roles use handlers.
We rely on com.devture.ansible.role.systemd_service_manager to reload services when it's necessary to do so.
2023-02-10 14:22:37 +02:00
Slavi Pantaleev
e1bfa2a7d6
Fix ansible-lint-reported errors
2023-02-10 14:21:31 +02:00
Slavi Pantaleev
43a6a035a0
Skip removing /.well-known/element directory to suppress ansible-lint error
...
Leaving an orphan directory is okay and can be improved later on.
2023-02-10 14:16:00 +02:00
Slavi Pantaleev
01ccec2dbe
Merge branch 'master' into pr-jitsi-matrix-authentication
2023-02-10 14:12:47 +02:00
Slavi Pantaleev
7cdf59d79b
Merge pull request #2451 from FSG-Cat/draupnir
...
Add Draupnir support to the project.
2023-02-10 11:43:30 +02:00
Slavi Pantaleev
d6c8ea3742
Merge pull request #2452 from borisrunakov/update-matrix-chatgpt-bot
...
update matrix-chatgpt-bot
2023-02-10 08:29:00 +02:00
ntallasv
f71cd3a760
fix linting in validate_config.yml
2023-02-10 00:34:07 +02:00
ntallasv
b738486684
update validate_config.yml
2023-02-10 00:13:31 +02:00
Aine
d32f80bf29
Update postmoogle 0.9.11 -> 0.9.12
...
* fix uploads from incoming emails into matrix threads
* fix emails dequeue (account data cleanup)
* rewrite recipients handling (Cc, To, etc.)
2023-02-09 17:43:35 +00:00
ntallasv
9615855cfa
update matrix-chatgpt-bot
2023-02-09 14:53:56 +02:00
Catalan Lover
ddcb1735e2
Add draupnir as valid prefix to resolve a bug
...
Current draupnir does not listen to its name. This config change fixes this bug. This bodge is able to be removed once this is fixed upstream.
2023-02-08 20:05:47 +01:00
Catalan Lover
a717590aa5
Rename systemd service file from mjolnir to draupnir
2023-02-08 19:53:35 +01:00
Slavi Pantaleev
88a26758e1
Merge branch 'master' into traefik
2023-02-08 18:48:10 +02:00
Catalan Lover
9092d4bb6b
Push draupnir version from develop to v1.80.0-beta.0
2023-02-08 17:02:59 +01:00
Catalan Lover
78b1ebd5af
commit main.yml for draupnir and set target ver to develop
2023-02-08 16:44:30 +01:00
Catalan Lover
563cf1a4ba
Initial commit for draupnir.
...
main.yml is not included due to that its changed separately.
2023-02-08 16:44:12 +01:00
Slavi Pantaleev
49a1985750
Fix Postmoogle systemd service description
2023-02-08 16:45:58 +02:00
Slavi Pantaleev
d44d4b637f
Allow Coturn to work with SSL certificates extracted from Traefik
2023-02-08 16:06:46 +02:00
Aine
2eb2ad0ad7
Update heisenbridge 1.14.1 -> 1.14.2
2023-02-07 09:06:00 +00:00
Slavi Pantaleev
2b9061a5d3
Add support for reverse-proxying the base domain via Traefik
2023-02-07 11:02:02 +02:00
Slavi Pantaleev
6c17671abd
Upgrade synapse-admin (0.8.6 -> 0.8.7) and drop reverse-proxy workaround
...
Related to 6a31fba346
, 6a31fba346
.
Related to https://github.com/Awesome-Technologies/synapse-admin/issues/322
2023-02-07 10:45:19 +02:00
Slavi Pantaleev
66baef5bf6
Fix matrix-synapse-reverse-proxy-companion.service stopping during uninstallation
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2444
2023-02-07 08:48:50 +02:00
jakicoll
6a205a83f6
Change renamed variables matrix_systemd_path -> devture_systemd_docker_base_systemd_path
2023-02-06 17:20:13 +01:00
jakicoll
6cffec14ea
fixup! Remove the self-build stub, because self-build was not implemented
2023-02-06 16:36:49 +01:00
jakicoll
be634168ac
Make the linter happy.
2023-02-06 16:29:25 +01:00
jakicoll
f3ca4a0632
Remove unnecessary comment.
2023-02-06 16:28:57 +01:00
jakicoll
7848d865a5
Also define the vars to be overwritten in group vars within the role vars.
2023-02-06 16:28:56 +01:00
Paul N
70bea81df7
Introduced flags to (1) enable/disable Auth (2) enable/disable openid_server_name pinning. Updated validate_config.yml and added new checks to verify.
2023-02-06 15:59:32 +01:00
Paul N
96dd86d33b
Set default values where sensible and remove unnecessary conditionals in .env.j2.
...
Check for empty string instead of Null to verify if an openid_server_name is pinned.
2023-02-06 15:26:08 +01:00
jakicoll
6b206b3763
Move checks into validate_config.yml.
2023-02-06 15:21:10 +01:00
jakicoll
6499b6536a
Decoupling: Do not use variables user-verification-service role inside the jitsi role.
2023-02-06 15:18:25 +01:00
Paul N
50c1e9d695
Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly.
2023-02-06 13:14:34 +01:00
jakicoll
0e0ae2f3e6
Assign default log level in role instead of matrix_servers file.
2023-02-06 13:04:06 +01:00
jakicoll
bf5e633656
Remove the self-build stub, because self-build was not implemented
2023-02-06 12:57:20 +01:00
Paul N
b89f5b7ff5
Clarify task name and add user and group to templated env file
...
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-02-06 12:47:50 +01:00
Jakob S
6913d368c8
Consolidate conditionals into a block, keep image
...
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-02-06 12:38:01 +01:00
Slavi Pantaleev
8155f780e5
Add support for reverse-proxying Matric (Client & Federation) via Traefik
2023-02-06 13:08:11 +02:00
Slavi Pantaleev
f983604695
Initial work on Traefik support
...
This gets us started on adding a Traefik role and hooking Traefik:
- directly to services which support Traefik - we only have a few of
these right now, but the list will grow
- to matrix-nginx-proxy for most services that integrate with
matrix-nginx-proxy right now
Traefik usage should be disabled by default for now and nothing should
change for people just yet.
Enabling these experiments requires additional configuration like this:
```yaml
devture_traefik_ssl_email_address: '.....'
matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''
matrix_nginx_proxy_trust_forwarded_proto: true
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
matrix_coturn_enabled: false
```
What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2023-02-06 10:34:51 +02:00
Slavi Pantaleev
4d6a8d049d
Add matrix_nginx_proxy_container_network variable
2023-02-06 08:48:11 +02:00
Slavi Pantaleev
e018663ba4
Attach ma1sd/nginx-proxy/synapse-reverse-proxy-companion to additional networks in a better way
...
Switching from doing "post-start" loop hacks to running the container
in 3 steps: `create` + potentially connect to additional networks + `start`.
This way, the container would be connected to all its networks even at
the very beginning of its life.
2023-02-06 08:38:43 +02:00
Slavi Pantaleev
be78b74fbd
Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role
2023-02-05 10:32:09 +02:00
Slavi Pantaleev
2d7d5d4bab
Use new security-opt syntax (: -> =)
...
Related to https://docs.docker.com/engine/deprecated/#separator--of---security-opt-flag-on-docker-run
2023-02-03 20:36:24 +02:00
Catalan Lover
4d49f1f56e
Update Prometheus to v2.42.0 from v2.41.0
...
Docker images are released now so this change can now be pushed.
2023-02-02 16:00:07 +01:00
Aine
c11f772e78
Fix python packages path in synapse container
2023-01-31 21:34:25 +00:00
Slavi Pantaleev
7cb140b987
Downgrade Prometheus (v2.42.0 -> v2.41.0) until a container image gets published
...
Container image not published yet.
Reverts #2438
2023-01-31 23:24:20 +02:00
Slavi Pantaleev
d42ef7d243
Merge pull request #2439 from etkecc/patch-160
...
Update synapse 1.75.0 -> 1.76.0; default room version 9 -> 10
2023-01-31 22:44:04 +02:00
Slavi Pantaleev
c8ce83c725
Merge pull request #2438 from etkecc/patch-159
...
Update prometheus 2.41.0 -> 2.42.0
2023-01-31 22:43:34 +02:00
Aine
0f208ed053
Update synapse 1.75.0 -> 1.76.0; default room version 9 -> 10
2023-01-31 19:19:43 +00:00
Aine
82d870fddf
Update prometheus 2.41.0 -> 2.42.0
2023-01-31 19:16:52 +00:00
Aine
5300740f70
Update element 1.11.21 -> 1.11.22
2023-01-31 19:11:07 +00:00
Slavi Pantaleev
c7767e9bc8
Upgrade Coturn (4.6.1-r0 -> 4.6.1-r1)
2023-01-31 20:25:59 +02:00
Slavi Pantaleev
66bb2943b4
Merge pull request #2436 from etkecc/patch-157
...
Update jitsi stable-8218 -> stable-8252
2023-01-31 18:03:08 +02:00
Aine
68ca23d709
Update jitsi stable-8218 -> stable-8252
2023-01-31 14:02:50 +00:00
Aine
d70076c805
Update element 1.11.20 -> 1.11.21
2023-01-31 14:01:11 +00:00
Aine
8c2b77bf0c
Update cinny 2.2.3 -> 2.2.4
2023-01-30 07:07:09 +00:00
Slavi Pantaleev
611a74bde2
Use |to_json in mautrix metrics configuration
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427
2023-01-30 08:59:35 +02:00
Slavi Pantaleev
d82d0ad84b
Add _metrics_proxying_enabled variables to mautrix bridges
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427
`metrics_enabled` should only expose the metrics locally, on the
container network, so that a local Prometheus can consume them.
Exposing them publicly should be done via a separate toggle (`metrics_proxying_enabled`).
This is how all other roles work, so this makes these mautrix roles consistent with the rest.
2023-01-30 08:50:57 +02:00