Commit graph

206 commits

Author SHA1 Message Date
Slavi Pantaleev 0f59c4056e Set up well-known when invoked with the setup-dendrite tag 2022-01-07 16:00:51 +02:00
Slavi Pantaleev 139c574cdb Move checks from unused validate_config.yml file elsewhere 2022-01-07 16:00:51 +02:00
Slavi Pantaleev 05b4572fab Fix matrix_dimension_homeserver_federationUrl for Dendrite 2022-01-07 16:00:51 +02:00
Slavi Pantaleev 965890bf75 Derive secrets from matrix_homeserver_generic_secret_key, not matrix_synapse_macaroon_secret_key
We're trying to move away from implementation-specific variables,
hoping for a clean (implementation-neutral) examples/vars.yml file.
2022-01-07 16:00:42 +02:00
Slavi Pantaleev 1dfe21944f Make matrix_homeserver_implementation influence matrix_IMPLEMENTATION_enabled, not the other way around
Doing this seems more reasonable and simpler.
2022-01-07 15:59:35 +02:00
Slavi Pantaleev 2bd33e5cf2 Make --tags=register-user work for both Dendrite/Synapse
Also get rid of `--tags=update-user-password` in the
`matrix-dendrite` role, as what we had doesn't work.

We may be able to do it with some Ansible helper or something else.
For now, we'll omit this feature.
2022-01-07 15:59:35 +02:00
Slavi Pantaleev 3cf9f87097 Add matrix_homeserver_implementation, tracking the current homeserver implementation
The goal is to have a single variable which tells us which homeserver
software is in use. Much simpler than having if/elif/elif checks for
variables like (`matrix_synapse_enabled` and `matrix_dendrite_enabled`, etc.)
everywhere.
2022-01-07 15:59:35 +02:00
rakshazi 5788a16a2e
added matrix-client-cinny 2022-01-05 18:33:21 +02:00
Slavi Pantaleev 61391647e9 Make /.well-known/matrix/client and /.well-known/matrix/server customizable
We recently had someone need to inject additional configuration into
`/.well-known/matrix/client` as described here:
22b245bbd1/docs/bigbluebutton.md (have-dimension-create-meetings-with-elements-video-call-button)

There may be other use cases as well.
2021-11-26 15:28:03 +02:00
boris runakov d3a9ec98de refactoring 2021-11-16 21:03:21 +02:00
boris runakov 1ec67f49b0 replaced 8008 where possible 2021-11-15 22:43:05 +02:00
Samonitari 6f99f95aa2 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into add-support-for-suse-linux 2021-10-08 10:27:32 +02:00
Slavi Pantaleev b4b14539a7 Use ntp (instead of systemd-timesyncd) on Ubuntu 18.04
Seems like Ubuntu 18.04 does not have a dedicated `systemd-timesyncd` package, nor
does it include the `systemd-timesyncd` binary in the main `systemd` package.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1302

Regression since https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1192
2021-09-28 13:38:27 +03:00
Jan 0ed585baa7
Archlinux: remove package systemd-timesyncd
#1192 lead to the following error for me on Archlinux:
`TASK [matrix-base : Install host dependencies] *******************************************************************************************************************************
fatal: [matrix.***.de]: FAILED! => changed=false 
  msg: |-
    failed to install systemd-timesyncd: error: target not found: systemd-timesyncd`

There is no package called `systemd-timesyncd` on Archlinux. The service is installed with the [`systemd`](https://archlinux.org/packages/core/x86_64/systemd/) package itself.

I suggest removing the `systemd-timesyncd` from 2453876eb9/roles/matrix-base/tasks/server_base/setup_archlinux.yml (L7)
2021-09-26 11:48:03 +02:00
Slavi Pantaleev 4f841a7001
Merge pull request #1192 from sakkiii/patch-1
migrate from ntp to systemd-timesyncd for ubuntu & Archlinux
2021-09-25 10:15:40 +03:00
Krisztian Szegi f364fba182 Fix tripping on timesync setup 2021-09-14 08:35:20 +02:00
sakkiii 2453876eb9
Update main.yml 2021-08-31 16:24:26 +05:30
sakkiii 087a5d62f1
systemd-timesyncd for any archlinux version 2021-08-31 15:53:59 +05:30
Dan Arnfield df82ec13b2 docker-ce is now available for Debian Bullseye 2021-08-16 08:44:02 -05:00
sakkiii 4a2b169fc9
systemd-timesyncd for ubuntu 2021-07-22 23:42:53 +05:30
sakkiii 7f0b8fef0a
Merge branch 'spantaleev:master' into patch-1 2021-07-21 23:50:19 +05:30
sakkiii 5209a17da1
migrate from ntp to chrony 2021-07-19 23:11:30 +05:30
oxmie 5df4d68829 Make federation domain customizable 2021-06-30 23:02:27 +02:00
Blaž Tomažič 72bc9b5cfc Add support for CentOS (Stream) 8 2021-06-12 10:49:38 +02:00
Aaron Raimist ca361af616
Add Hydrogen 2021-05-15 04:23:36 -05:00
Aaron Raimist 3d2142f88b
Add sanity check for server architecture 2021-04-10 16:14:32 -05:00
Slavi Pantaleev 93960b70be Do not fail if _matrix-identity DNS SRV record missing
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/963

This also simplifies Prerequisites, which is great.

It'd be nice if we were doing these checks in some optional manner
and reporting them as helpful messages (using
`matrix_playbook_runtime_results`), but that's more complicated.
I'd rather drop these checks completely.
2021-03-30 11:24:04 +03:00
Slavi Pantaleev 9a0222fa47 Add Sygnal support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
2021-03-20 13:32:22 +02:00
Yannick Goossens 51e2547484 Added support for the Go-NEB bot 2021-03-11 19:23:01 +01:00
Slavi Pantaleev 5cfeae806b Merge branch 'master' into synapse-workers 2021-02-14 13:00:57 +02:00
Slavi Pantaleev 85a260daaf Make --tags=setup-prometheus not break, relying on matrix-base facts 2021-02-12 11:59:24 +02:00
Peetz0r 144a5e6198 Register docker network info and use it for prometheus-node-exporter
Using the hardcoded IP did break while I was
messing with IPv6 stuff on the other branch
2021-02-10 22:54:42 +01:00
Peetz0r 989100b1c1 Grafana nginx proxy config 2021-02-10 22:54:14 +01:00
Peetz0r e0e459ac0c Fixed missing quotes 2021-01-30 11:58:24 +01:00
Peetz0r 473936065d Use Debian Buster Docker repo on Debian Bullseye
Future maintainer: check on https://docs.docker.com/engine/install/debian/ if Docker for
Debian 11 is released, then undo this commit
2021-01-30 09:02:41 +01:00
Slavi Pantaleev d98a1ceadd Merge branch 'master' into synapse-workers 2021-01-27 10:27:17 +02:00
Slavi Pantaleev 512f42aa76 Do not report docker kill/rm attempts as errors
These are just defensive cleanup tasks that we run.
In the good case, there's nothing to kill or remove, so they trigger an
error like this:

> Error response from daemon: Cannot kill container: something: No such container: something

and:

> Error: No such container: something

People often ask us if this is a problem, so instead of always having to
answer with "no, this is to be expected", we'd rather eliminate it now
and make logs cleaner.

In the event that:
- a container is really stuck and needs cleanup using kill/rm
- and cleanup fails, and we fail to report it because of error
suppression (`2>/dev/null`)

.. we'd still get an error when launching ("container name already in use .."),
so it shouldn't be too hard to investigate.
2021-01-27 10:22:46 +02:00
Slavi Pantaleev 70dcdd41a7 Simplify matrix-remove-all
We don't have instantiated services anymore, nor
/etc/systemd/system/matrix-synapse.service.wants/ stuff.
2021-01-25 14:02:30 +02:00
Slavi Pantaleev d3ecc6f017 Fix bridges failing to upload media when Synapse workers are enabled 2021-01-25 13:55:08 +02:00
Slavi Pantaleev c05d3d09bd Disable systemd services while stopping them
This removes some `multi-target.wants` symlinks as well, etc.

But despite systemd saying:

> Removed symlink /etc/systemd/system/matrix-synapse.service.wants/matrix-synapse-worker@appservice:0.service

.. I still see such symlinks tehre for me for some reason, so keeping the
code (below) to find & delete them still seems like a good idea.
2021-01-25 08:58:23 +02:00
Slavi Pantaleev 92ee3d78a0 Fix matrix-remove-all for when Synapse workers are enabled 2021-01-24 19:42:32 +02:00
Slavi Pantaleev 1692a28fe4 Work around annoying Docker warning about undefined $HOME
> WARNING: Error loading config file: .dockercfg: $HOME is not defined

.. which appeared in Docker 20.10.
2021-01-15 00:23:01 +02:00
Slavi Pantaleev e1690722f7 Replace cronjobs with systemd timers
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/756

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/737

I feel like timers are somewhat more complicated and dirty (compared to
cronjobs), but they come with these benefits:

- log output goes to journald
- on newer systemd distros, you can see when the timer fired, when it
will fire, etc.
- we don't need to rely on cron (reducing our dependencies to just
systemd + Docker)

Cronjobs work well, but it's one more dependency that needs to be
installed. We were even asking people to install it manually
(in `docs/prerequisites.md`), which could have gone unnoticed.

Once in a while someone says "my SSL certificates didn't renew"
and it's likely because they forgot to install a cron daemon.

Switching to systemd timers means that installation is simpler
and more unified.
2021-01-14 23:35:50 +02:00
Slavi Pantaleev 6cce5383bc Fix Ansible 2.9.6 check
Fixup for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/769
2021-01-03 08:55:30 +02:00
Slavi Pantaleev 2c09111a3a Actually enforce that we run on Ansible >= 2.7.1
Related to 6e652e10ad
2021-01-03 08:54:17 +02:00
Slavi Pantaleev 8710883064
Merge pull request #743 from pushytoxin/docker_network
Drop the old workaround for an Ansible bug that has been fixed three years ago
2021-01-03 08:49:09 +02:00
Aaron Raimist 8827a49e21
Check equality properly 2020-12-26 20:20:00 -06:00
Aaron Raimist 3dd0517f04
Check for buggy version of Ansible that Ubuntu 20.04 provides 2020-12-26 20:13:49 -06:00
Slavi Pantaleev 8748f3d443 Move python{,3}-docker installation to another task
This also adds support for installing python3-docker (not python-docker)
in systems that run Python 3.
2020-12-17 11:49:56 +02:00
Slavi Pantaleev 349fbb6434 Do not hardcode armhf for Raspbian
Raspbian doesn't seem to support arm64, so this is somewhat pointless
right now.

However, they might in the future. Doing this should also unify us
some more with `setup_debian.yml` with the ultimate goal of
eliminating `setup_raspbian.yml`.
2020-12-17 11:47:34 +02:00
Slavi Pantaleev a09ed58892 Ensure gnupg installed on Raspbian
It's likely installed by default, but it doesn't hurt to specify it.
It also makes us more the same with `setup_debian.yml`.
2020-12-17 11:45:32 +02:00
Slavi Pantaleev f545de53f7 Do not hardcode "ubuntu" for the Docker APT key URL
Well, `ubuntu` or `debian`, the same key is served right now,
so it doesn't really matter.

This seems cleaner and less prone to breakage though.
2020-12-17 11:39:18 +02:00
Slavi Pantaleev 55f252a6ed Do not hardcode amd64 in setup_debian.yml
Until now, we've only supported non-amd64 on Raspbian.

Seems like there are now people running Debian/Ubuntu on ARM,
so we were forcing them into amd64 Docker packages.

I've gotten a report that this change fixes support
for Ubuntu Server 20.04 on RPi 4B.
2020-12-17 11:37:30 +02:00
Slavi Pantaleev ed159cc742 Move matrix_architecture to matrix-base
We were only defining this in `group_vars/matrix_servers`, which is
inconsistent with how we normally do things.
2020-12-17 11:33:18 +02:00
Slavi Pantaleev 47613e5a27 Remove synapse-janitor support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/746
2020-12-11 23:24:42 +02:00
Slavi Pantaleev d556aa943f Update docker-ce.repo to not hardcode $releasever=7
This keeps it in line with https://download.docker.com/linux/centos/docker-ce.repo

Whether or not Docker works well on CentOS 8 for our purposes
hasn't been verified yet.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300
2020-12-07 07:20:47 +02:00
Béla Becker 6921ec4b8a Revert "Work around buggy docker_network sometimes failing to work"
The docker_network bug was fixed two years ago
This reverts commit 36658addcd.
2020-12-05 19:02:10 +01:00
Slavi Pantaleev 27c9014cb8 Improve uninstallation instructions
Also switches to using `docker system prune -a` for a less invasive
cleanup of Docker images and related resources.
2020-11-24 09:38:17 +02:00
Tobias Küchel 1cf5b1d80f e2ee_backup: rename variables to be consistent with naming scheme 2020-10-16 09:24:50 +02:00
Tobias Küchel 5158fa4df9 e2ee_backup_methods: rather leave the default empty, so that the system default may apply 2020-10-16 08:50:16 +02:00
Tobias Küchel 8f7e21892d fix indentation, updated to proposed changes from Slavi: no more ifdef 2020-10-16 08:47:37 +02:00
Tobias Küchel 4cfa112755 update default backup_methods as proposed by the system anyway 2020-10-16 08:44:04 +02:00
Tobias Küchel 6599204334 fix commata not being set when secure_backup_required false 2020-10-16 08:20:22 +02:00
Tobias Küchel 48f929dc91 add variables for secure_backup_required and secure_backup_setup_methods 2020-10-16 00:32:00 +02:00
Slavi Pantaleev 23daec748c Require Ansible v2.7 or newer (because of items2dict and dict2items)
Interestingly, no one has reported this failure before #662 (Github
Issue).

It doesn't make sense to keep saying that we support such old Ansible
versions, when we're not even testing on anything close to those.

Time is also passing and such versions are getting more and more
ancient. It's time we bumped our requirements to something that is more
likely to work.
2020-10-02 11:53:19 +03:00
Slavi Pantaleev 43c5f3ec6e Do not create /home/matrix when creating the matrix user 2020-09-29 18:14:37 +03:00
Slavi Pantaleev 7eb8192a51 Comlain about version requirement on Ansible v1
I don't believe Ansible v1 would even go as far as executing this
sanity check, but.. Adding an extra defensive check for completeness.
2020-09-29 12:37:39 +03:00
Slavi Pantaleev 3d702fe03b Avoid set_fact with error message to prevent confusion 2020-09-29 12:23:39 +03:00
Chris van Dijk b9c8d059d0 Support both the im.vector.riot and io.element variants in client .well-known
According to the docs, "e2ee" is already under "io.element":
  https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md#disabling-encryption-by-default
however "jitsi" is still under "im.vector.riot":
  https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server

For now let's just maintain backward and forward compatibility for both
settings since the client version is out of the control of this
playbook.
2020-09-26 16:57:02 +00:00
Chris van Dijk f6b0f0a477 Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element 2020-09-26 16:24:09 +00:00
Slavi Pantaleev 3c285bc6f5 Install lsb-release on Debian distros if unavailable
Certain more-minimal Debian installations may not have
lsb-release installed, which makes the playbook fail.

We need lsb-release on Debian, so that ansible_lsb
could tell us if this is Debian or Raspbian.
2020-08-27 13:58:35 +03:00
Slavi Pantaleev daf13107a0 Add support for rust-synapse-compress-state 2020-08-21 13:53:39 +03:00
merklaw fa6d85636f Add note about installing 'docker' Python package if Docker installation is disabled 2020-08-05 17:35:25 +02:00
merklaw 87df15441c Add note about installilng 'docker' Python package if Docker installation is disabled 2020-08-05 17:31:16 +02:00
vractal 9b61fef271 Replace gpg dependency for gnupg for better debian compatibility 2020-07-28 15:26:16 -04:00
hungrymonkey d093b9b148 Added gpg as base dependency for Debian 10
AWS Debian marketplace image does not have gpg preinstalled

https://aws.amazon.com/marketplace/pp/B0859NK4HC?ref=cns_srchrow

TASK [matrix-base : Ensure Docker's APT key is trusted] *******************************************************************************************************************************************************
fatal: [matrix.domain.com]: FAILED! => {"changed": false, "msg": "Failed to find required executable gpg in paths: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"}

Closes #590
2020-07-18 07:56:30 -07:00
Slavi Pantaleev c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00
shadow ddfc945fcf Remove unused validate_config.yml, since it causes ansible warnings 2020-07-11 00:40:12 +03:00
Slavi Pantaleev 227f1a28e3 Allow matrix_user_uid/matrix_user_gid to be specified manually 2020-07-06 11:05:34 +03:00
Slavi Pantaleev de545f9c5f Update docs on self-building and remove useless variable
`matrix_container_images_self_build` was not really doing anything
anymore. It previously was influencing `matrix_*_self_build` variables,
but it's no longer the case since some time ago.

Individual `matrix_*_self_build` variables are still available.
People that would like to toggle self-building for a specific component
ought to use those.

These variables are also controlled automatically (via
`group_vars/matrix_servers`) depending on `matrix_architecture`.

In other words, self-building is being done automatically for
all components when they don't have a prebuilt image for the specified
architecture. Some components only support `amd64`, while others also
have images for other architectures.
2020-06-29 14:58:03 +03:00
Slavi Pantaleev 5c5f1c6ab9 Add support for telling Riot to not default to E2EE
Related to https://github.com/vector-im/riot-web/pull/13914
2020-06-24 11:39:51 +03:00
Slavi Pantaleev 7729511a84 Make vars.yml snapshotting optional and more configurable
Certain people organize their inventory in a different way
and we'd like to accommodate them.

Related to #542 (Github Issue).
2020-06-14 10:01:22 +03:00
Slavi Pantaleev 67ab7e7a1b Preserve vars.yml on the server for easily restoring
Fixes #542 (Github Issues).
2020-06-13 07:52:01 +03:00
Slavi Pantaleev 10b3ceff72 Make Matrix federation port configurable
Fixes #523 (Github Issue).
2020-06-09 08:29:03 +03:00
Chris van Dijk 74df10633a Remove hardcoded command paths in playbook cron usage 2020-05-27 23:14:58 +02:00
Chris van Dijk 6e3b877dc2 Remove hardcoded command paths in playbook shell usage 2020-05-27 23:14:56 +02:00
Chris van Dijk 6334f6c1ea Remove hardcoded command paths in systemd unit files
Depending on the distro, common commands like sleep and chown may either
be located in /bin or /usr/bin.

Systemd added path lookup to ExecStart in v239, allowing only the
command name to be put in unit files and not the full path as
historically required. At least Ubuntu 18.04 LTS is however still on
v237 so we should maintain portability for a while longer.
2020-05-27 23:14:54 +02:00
Dan Arnfield 787f12e70d Fix typo in validation 2020-05-08 13:56:31 -05:00
Slavi Pantaleev c1c8b8e62c Warn about matrix_user_uid/matrix_user_gid
We don't really need to fail in such a spectactular way,
but it's probably good to do. It will only happen for people
who are defining their own user/group id, which is rare.

It seems like a good idea to tell them that this doesn't work
as they expect anymore and to ask them to remove these variables,
which otherwise give them a fake sense of hope.

Related to #486 (Github Pull Request).
2020-05-06 10:17:19 +03:00
Slavi Pantaleev 36c61b5b4e Introduce a separate group variable (matrix_user_groupname)
Related to #485 (Github Pull Request).
2020-05-06 10:02:47 +03:00
Slavi Pantaleev ccc7aaf0ce Fix "Migrating to a new server" flow due to dynamic user/group creation 2020-05-06 09:55:40 +03:00
Slavi Pantaleev 8fea6f5130 Make sure matrix_user_uid and matrix_user_gid are always set
If one runs the playbook with `--tags=setup-all`, it would have been
fine.

But running with a specific tag (e.g. `--tags=setup-riot-web`) would
have made that initialization be skipped, and the `matrix-riot-web` role
would fail, due to missing variables.
2020-05-06 09:43:30 +03:00
Fanch a1c5a197a9 remove default UID/GID 2020-05-04 21:43:54 +02:00
Chris van Dijk 7585bcc4ac Allow the matrix user username and groupname to be configured separately
No migration steps should be required.
2020-05-01 19:59:32 +02:00
Slavi Pantaleev 9a43cc02e0 Only install docker-python if matrix_docker_installation_enabled
Should help with #300 (Github Issue).
2020-04-17 09:45:35 +03:00
Slavi Pantaleev 7035af87d8 Add support for Jitsi discovery for Riot via /.well-known/matrix/client
This will not work yet, as no version of Riot currently supports it.
It's expected to land in riot-web v1.5.16 via matrix-org/matrix-react-sdk#4348.
2020-04-09 09:58:35 +03:00
Alin Trăistaru 604e581a97 add ntpd defaults 2020-04-05 10:00:09 +03:00
Marcel Partap 874e2e1fc0 Rename variables (s/mxisd/ma1sd/) and adapt roles 2020-04-02 11:31:38 +02:00
Slavi Pantaleev 26b73e3a4b Do not install unnecessary bash-completion 2020-03-30 17:00:20 +03:00
Christian Wolf 8c9b5ea6dd Removed a few syntax bugs in Archlinux configuration 2020-03-28 13:00:01 +01:00