Commit graph

3820 commits

Author SHA1 Message Date
Slavi Pantaleev ef5e4ad061 Make Synapse not log to text files
Somewhat related to #213 (Github Pull Request).

We've been moving in the opposite direction for quite a long time.
All services should just leave logging to systemd's journald.
2019-07-04 17:46:31 +03:00
Slavi Pantaleev b84139088c Fix password providers not working on Synapse v1.1.0
Fixes a regression introduced during the upgrade to
Synapse v1.1.0 (in 2b3865ceea).

Since Synapse v1.1.0 upgraded to Python 3.7
(https://github.com/matrix-org/synapse/pull/5546),
we need to use a different modules directory when mounting
password provider modules.
2019-07-04 17:28:38 +03:00
Slavi Pantaleev 73158e6c2f Fix unintentionally inverted boolean
Fixes a problem introduced by da6edc9cba.

Related to #145 (Github Pull Request).
2019-07-04 17:27:42 +03:00
Slavi Pantaleev da6edc9cba Add support for disabling Synapse's local database for user auth
This is a new feature of Synapse v1.1.0.

Discussed in #145 (Github Pull Request).
2019-07-04 17:11:51 +03:00
Slavi Pantaleev 2b3865ceea Upgrade Synapse (1.0.0 -> 1.1.0) 2019-07-04 16:58:45 +03:00
Slavi Pantaleev 810028c12b
Merge pull request #210 from spantaleev/discord-bridge-refactoring
Make Discord bridge configuration playbook-managed
2019-06-27 09:34:23 +03:00
Slavi Pantaleev 420b46ad2e
Update CHANGELOG.md 2019-06-27 09:34:08 +03:00
p5t2vspoqqw 9874c3df90 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-26 10:41:14 +02:00
Slavi Pantaleev bccfd13c7f Fix changelog entry typo 2019-06-26 10:48:19 +03:00
Slavi Pantaleev 8529efcd1c Make Discord bridge configuration playbook-managed
Well, `config.yaml` has been playbook-managed for a long time.
It's now extended to match the default sample config of the Discord
bridge.

With this patch, we also make `registration.yaml` playbook-managed,
which leads us to consistency with all other bridges.

Along with that, we introduce `./config` and `./data` separation,
like we do for the other bridges.
2019-06-26 10:35:00 +03:00
Slavi Pantaleev 782356d421 Use password_hash salts that obey passlib requirements
According to
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha512_crypt.html:

> salt (str) – Optional salt string. If not specified, one will be autogenerated (this is recommended).
> If specified, it must be 0-16 characters, drawn from the regexp range [./0-9A-Za-z].

Until now, we were using invalid characters (like `-`). We were also
going over the requested length limit of 16 characters.

This is most likely what was causing `ValueError` exceptions for some people,
as reported in #209 (Github Issue).
Ansible's source code (`lib/ansible/utils/encrypt.py`) shows that Ansible tries
to use passlib if available and falls back to Python's `crypt` module if not.
For Mac, `crypt.crypt` doesn't seem to work, so Ansible always requires passlib.

Looks like crypt is forgiving when length or character requirements are
not obeyed. It would auto-trim a salt string to make it work, which means
that we could end up with the same hash if we call it with salts which aer only
different after their 16th character.

For these reasons (crypt autotriming and passlib downright complaining),
we're now using shorter and more diverse salts.
2019-06-26 09:37:02 +03:00
Slavi Pantaleev 59b56fa504 Update Docker image of Ansible (2.7.0 -> 2.8.1) 2019-06-26 07:40:36 +03:00
Slavi Pantaleev 918526c5fe Update riot-web (1.2.1 -> 1.2.2) 2019-06-25 14:42:54 +03:00
Slavi Pantaleev 4ec3a5286a
Merge pull request #208 from danbob/update-images
Update nginx and postgres images to latest versions
2019-06-25 14:23:20 +03:00
Dan Arnfield 1eaa7b6967 Update postgres versions to latest 2019-06-24 13:11:23 -05:00
Dan Arnfield ae3a1bb148 Update nginx to 1.17.0 2019-06-24 13:10:58 -05:00
Slavi Pantaleev 37c8b96d06 Use stricter regex in bridges' registration.yaml
I've been thinking of doing before, but haven't.

Now that the Whatsapp bridge does it (since 4797469383),
it makes sense to do it for all other bridges as well.
(Except for the IRC bridge - that one manages most of registration.yaml by itself)
2019-06-24 07:50:51 +03:00
Slavi Pantaleev c876a7df1d Use |regex_escape in Whatsapp registration.yaml
Doesn't matter much, but it makes it consistent with the other bridges.
2019-06-24 07:49:19 +03:00
Slavi Pantaleev 3ff57ed74d Use container network for communication between homeserver and Whatsapp bridge 2019-06-24 07:48:56 +03:00
Slavi Pantaleev 6e26d286af
Merge pull request #207 from tommes0815/whatsapp-config-playbook-managed
Whatsapp config playbook managed
2019-06-24 07:44:26 +03:00
Slavi Pantaleev 62509e4849
Fix indentation consistency 2019-06-24 07:42:39 +03:00
Slavi Pantaleev e2d2302475
Merge pull request #206 from verb/appservice-irc-log
Disable appservice-irc log files
2019-06-24 07:40:26 +03:00
Thomas Kuehne 39b6e3ed26 Added a changelog for the new WhatsApp config style
- changelog entry for commit 4797469383
2019-06-24 00:22:02 +02:00
Thomas Kuehne 4797469383 Make WhatsApp bridge configuration playbook-managed
- following spantaleev transition of the telegram brigde
- adding a validate_config task
2019-06-24 00:16:04 +02:00
Lee Verberne 9195ef4c07 Disable appservice-irc log files
appservice-irc doesn't have permission to create files in its project
directory and the intention is to log to the console, anyway. By
commenting out the file names, appservice-irc won't attempt to open the
files.
2019-06-22 08:39:24 +02:00
Slavi Pantaleev e585f314b8
Merge pull request #204 from spantaleev/irc-bridge-refactoring
Make IRC bridge configuration entirely managed by the playbook
2019-06-20 17:00:16 +03:00
Slavi Pantaleev 764feb4d7b
Bump changelog entry date 2019-06-20 17:00:05 +03:00
Slavi Pantaleev c98eacdd70 Add BC Break label to old changelog entry 2019-06-20 16:59:16 +03:00
p5t2vspoqqw 466b35b1b6 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-19 16:56:29 +02:00
Slavi Pantaleev 174a6fcd1b Make IRC bridge configuration entirely managed by the playbook 2019-06-19 12:29:44 +03:00
Slavi Pantaleev 668f98a2d3 Escape domain in bridge registration regex 2019-06-19 10:40:59 +03:00
Slavi Pantaleev 5002c7edaa Fix broken docs link 2019-06-19 10:30:04 +03:00
Slavi Pantaleev 380714d290 Talk to Telegram bridge over container network 2019-06-19 10:10:17 +03:00
Slavi Pantaleev deeb5a96d5 Disable IRC bridge presence if Synapse presence is disabled 2019-06-19 09:31:09 +03:00
Slavi Pantaleev f994e40bb7 Extend IRC bridge configuration with some additional options 2019-06-19 09:28:41 +03:00
Slavi Pantaleev 6b023d09d4 Use container network address for communication between IRC bridge and homeserver
This means we need to explicitly specify a `media_url` now,
because without it, `url` would be used for building public URLs to
files/images. That doesn't work when `url` is not a public URL.
2019-06-19 09:21:13 +03:00
Slavi Pantaleev 9b97a42ffb Add a note about DNS SRV records not being obsolete 2019-06-15 16:14:14 +03:00
Slavi Pantaleev 169b09f0ed Fix token mismatch error for the Telegram bridge
Regression since 4e8543ce21
2019-06-15 12:01:52 +03:00
Slavi Pantaleev 2a2e7a7f6c Minor changelog clarification 2019-06-15 09:53:01 +03:00
Slavi Pantaleev 4e8543ce21 Make Telegram bridge configuration playbook-managed 2019-06-15 09:43:43 +03:00
Slavi Pantaleev 2902b53267 Minor fixes for consistency 2019-06-15 09:42:40 +03:00
Slavi Pantaleev 00383a73ac Make running --tags=setup-synapse only not fail to register bridges
Until now, if `--tags=setup-synapse` was used, bridge tasks would not
run and bridges would fail to register with the `matrix-synapse` role.
This means that Synapse's configuration would be generated with an empty
list of appservices (`app_service_config_files: []`).

.. and then bridges would fail, because Synapse would not be aware of
there being any bridges.

From now on, bridges always run their init tasks and always register
with Synapse.

For the Telegram bridge, the same applies to registering with
matrix-nginx-proxy. Previously, running `--tags=setup-nginx-proxy` would
get rid of the Telegram endpoint configuration for the same reason.
Not anymore.
2019-06-14 10:19:52 +03:00
Slavi Pantaleev d8a4007220 Upgrade exim (4.91 -> 4.92)
Note: https://www.us-cert.gov/ncas/current-activity/2019/06/13/Exim-Releases-Security-Patches

That said, I don't believe we've been affected.
Not in a bad way at least, because:
- we run exim as non-root and capabilities dropped
- we run exim in a private Docker network with known trusted relayers
(Synapse and mxisd)
2019-06-14 08:07:54 +03:00
Slavi Pantaleev 3956b300ed Disable riot-web's welcome bot
I've not found this welcome bot to work at all in my previous attempts.
It would simply not reply, even though federation works.

It seems like this is also a potential privacy issue, as per
https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
2019-06-14 07:49:46 +03:00
Slavi Pantaleev 2e16257e50 Do not ask for _matrix._tcp SRV records anymore
With most people on Synapse v0.99+ and Synapse v1.0 now available,
we should no longer try to be backward compatible with Synapse 0.34,
because this just complicates the instructions for no good reason.
2019-06-12 14:51:10 +03:00
p5t2vspoqqw 8fcdac3738 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-12 10:10:52 +02:00
Slavi Pantaleev e39985b04a
Merge pull request #199 from wabuMike/master
Added a basic guide on migrating to another server
2019-06-12 09:38:17 +03:00
Slavi Pantaleev 8a7b3d5bd0
Make instructions simpler and safer
Changes to the original are:
- it tells people to stop and disable services, so that:
   - services won't be running while you are copying files
   - services won't accidentally start again later
- it does the file-copying in 1 step
- it does copying before running `--tags=setup-all`, so that existing files (SSL certificates, etc.) can be reused. Otherwise, the playbook starts from a blank slate, retrieves them anew, generates new signing keys anew, etc. Only to have those replaced by your own old backup later.
- it mentions DNS changes
- combines `--tags=setup-all,start` into a single step, thanks to the files being already copied
2019-06-12 09:36:19 +03:00
Slavi Pantaleev d8afb241ca
Merge pull request #201 from aaronraimist/default-room-version
Allow default room version to be configured
2019-06-12 09:17:45 +03:00
Slavi Pantaleev f4574961c7
Prevent double-quotes around default room version
Using `|to_json` on a string is expected to correctly wrap it in quotes (e.g. `"4"`).
Wrapping it explicitly in double-quotes results in undesirable double-quoting (`""4""`).
2019-06-12 09:17:35 +03:00