Commit graph

624 commits

Author SHA1 Message Date
Julian-Samuel Gebühr 5825a0c919
Cactus comments (#2089)
* Add construct for cactus comments role

* Adjust config files

* Add docker self build to defaults

* Adjust tasks

* Fix smaller syntax errors

* Fix env argument

* Add tmp path to allow container writing there

Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir

* Change port back to 5000 as not configurable in container

* Try to add appservice config file for synapse to use

* Inject appservice file

* Correct copied variable name

* Comment out unused app service file injection

would need mounting the appservice file to the synapse container i guess

* Move role before synapse to be able to inject during runtime

* Remove unused parts

* Change default user id to mirror official docs

* Add docs

* Update roles/matrix-cactus-comments/tasks/setup_install.yml

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Generate secrets if necessary, adjust docs

* Rename cactusbot userid

* Shorten salt strings

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Use tmpfs instead of persistent mount

* Remove proxy option as it is nonsense

* Add download and serving of cc-client files

* Add documentation on client

* Clarify docs a bit

* Add nginx proxy to required services

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Use container address

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Correct comment of user id

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Use releases or local distributed client

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Move homeserver url to defaults

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Correct truth value

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Add documentation of variables

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Tabs vs. spaces

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Make nginx root configurable

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Complete ake nginx root configurable

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Fix file permission

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

* Fix lint errors

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>

Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-09-09 14:37:52 +03:00
Aine 692a7af36a
postmoogle feedback 2022-09-09 13:19:25 +03:00
Aine b92ff748e4
Update Postmoogle 0.9.0 -> 0.9.1 2022-09-09 10:47:00 +03:00
Shaleen Jain 0300c0e96e Update dendrite 0.9.5 -> 0.9.6
Remove appservice database setup/config as the latest update no longer requires it.
2022-09-02 09:31:17 +05:30
Slavi Pantaleev 8e0e9fa878 Deprecate matrix_synapse_account_threepid_delegates_email before Synapse v1.66.0
This is done in anticipation of this option's removal in the
upcoming Synapse v1.66.0 release (likely tomorrow).

See: https://matrix-org.github.io/synapse/v1.66/upgrade.html#delegation-of-email-validation-no-longer-supported
2022-08-30 18:51:35 +03:00
Shaleen Jain f674afe5e8
appservice: add and use homeserver_container_* vars (#2045)
* appservice: add and use matrix_homeserver_* vars

* appservice: use the new vars

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-08-24 08:38:12 +03:00
Slavi Pantaleev 447b9313d7
Merge pull request #2043 from etkecc/add-postmoogle
add postmoogle
2022-08-23 13:58:39 +03:00
Aine e764ab165f
Update group_vars/matrix_servers
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-08-23 10:25:32 +00:00
Aine 9c2a8addee
add postmoogle 2022-08-22 20:10:35 +03:00
Slavi Pantaleev 04f224e634
Merge branch 'master' into conduit 2022-08-09 10:46:03 +03:00
ganyuke 5023660f3a
Use arm64 images for Cinny
Cinny now builds arm64 docker images since [v2.0.4](https://hub.docker.com/layers/cinny/ajbura/cinny/v2.0.4/images/sha256-a7202136f8568eb0397a3d644725a8fb7dca230e08bcfc42040238bda0382057?context=explore).
2022-08-08 03:20:13 +00:00
Julian-Samuel Gebühr 32430de812
Fix bug that prevented user with external nginx from launch (#2003)
* Fix bug that prevented user with external nginx from launch

The backslash was missing and prevented users from starting the bot

* Add necessary config for ext nginx to docs

* Add automatic config for ext nginx, adjust docs

* Remove unneeded and possibly puzzeling documentation
2022-08-05 20:02:01 +03:00
Charles Wright dffa91ec8e
Suggested fix from spantaleev
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-08-05 09:01:59 -05:00
Charles Wright 20767b5149 Fixes to enable Conduit in setup-all 2022-08-04 14:35:41 -05:00
krassle 4461fdfc39
Use prebuilt ARM images for Element
* element-web arm64 builds available since 2022-08-03 v.1.11.2 [vectorim/element-web:v1.11.2](https://hub.docker.com/layers/element-web/vectorim/element-web/v1.11.2/images/sha256-776f82281936226d91cc1b3b587f4aa28fd46934b8045427ced7c72668eda223?context=explore)
2022-08-03 23:30:00 +02:00
Slavi Pantaleev cf6e38a586 Use pre-built image for go-skype-bridge on amd64 and arm64
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1992
- https://github.com/kelaresg/go-skype-bridge/pull/17
2022-08-02 07:48:19 +03:00
Slavi Pantaleev 429d0b323b
Merge pull request #1974 from MdotAmaan/master
Add Mautrix Discord Bridge
2022-07-29 08:05:52 +03:00
MdotAmaan 6fb961eb12 Make changes according to feedback
Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Update group_vars/matrix_servers

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Remove old data migration tasks

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Update roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

Redo bridge permissions
2022-07-29 00:28:44 +04:00
Slavi Pantaleev e46ba5deba Add matrix-appservice-kakaotalk support
Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk

This is pretty similar to
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977
which just appeared, but has mostly been done independently.

I've taken some inspiration and did some fixups based on that PR.
Thanks to https://github.com/hnarjis for taking the time to contribute!

Notable differences between this branch compared to that PR:

- better naming and documentation around the "configuration" variables
- no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service`
- stores configuration in `config/`, not in `data/`
- passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it
- starts containers more securely - with `matrix:matrix` user:group (not `root`) and
  reduced capabilities (`--cap-drop=ALL`)
- uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets)
- `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.)
- `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`)
- less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well.
- configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`)
- logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`)
- somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`)
- removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
2022-07-25 16:01:15 +03:00
MdotAmaan 8621ff1379 Add Mautrix Discord Bridge 2022-07-22 18:55:44 +04:00
Slavi Pantaleev 1f2d100d91
Merge pull request #1894 from moan0s/maubot_moanos
Maubot moanos
2022-07-20 10:10:14 +03:00
Slavi Pantaleev d073c7ecb3 More ansible-lint fixes 2022-07-18 13:01:19 +03:00
Slavi Pantaleev e94ec75e1a Remove matrix-bridge-mx-puppet-skype role 2022-07-14 18:09:19 +03:00
Julian-Samuel Gebühr 135096e53a Add defaults 2022-07-09 11:55:49 +02:00
Julian-Samuel Gebühr 9ee5785704 Add postgres to service dependencies 2022-07-09 11:44:11 +02:00
Julian Foad 25b343c8c8 matrix-ntfy: without nginx, bind to 127.0.0.1:2586 2022-07-08 12:02:06 +01:00
Julian Foad ec9f8e2931 Add a role to install 'ntfy' push-notification server.
This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with
simple configuration, and plumbing to add the role to the playbook.

TODO: documentation, self-check, database persistence.
2022-07-04 15:31:29 +01:00
Slavi Pantaleev 2e4fad6194 Use 127.0.0.1 instead of localhost for federation API when nginx disabled
`localhost` may resolve to `::1` on some IPv6-enabled systems, which will
not work, because we only potentially expose container ports on
`127.0.0.1` when nginx is disabled (`matrix_nginx_proxy_enabled: false`),
not on `::1`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1914
2022-07-02 15:02:35 +03:00
Julian-Samuel Gebühr 90447a2839 Use correct registration secret 2022-06-24 18:19:23 +02:00
Julian-Samuel Gebühr 8e9d165787 Another rename to matrix-bot-maubot
No functionality changed
2022-06-24 18:06:06 +02:00
Julian-Samuel Gebühr 1316656998 Rename to bot_maubot and fix permission error 2022-06-23 21:58:03 +02:00
Julian-Samuel Gebühr eb25d54246 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into node_postgres_reverse_proxy 2022-06-23 20:45:13 +02:00
Julian-Samuel Gebühr d24cb7db6f Initial maubot commit 2022-06-23 20:24:52 +02:00
Slavi Pantaleev ba51997f7b (BC Break) Redo how metrics are exposed to external Prometheus servers 2022-06-23 17:55:07 +03:00
krassle fff4b9116c
Use prebuilt ARM images for coturn / synapse-admin
* synapse-admin arm64 builds available since 2021-12-17 v.0.8.4 [awesometechnologies/synapse-admin:0.8.5](https://hub.docker.com/layers/synapse-admin/awesometechnologies/synapse-admin/0.8.5/images/sha256-eb54b8660c4641641b8acd08fd2dfc94ecc3fc604860f9e8b286a38008e3f3b6?context=explore)

* coturn arm32/arm64 builds available since 2021-04-15 v.4.5.2-r0-alpine [coturn/coturn:4.5.2-r12](https://hub.docker.com/layers/coturn/coturn/coturn/4.5.2-r12/images/sha256-94887581bb1093085033be0494c3a651bd40034afba1867ddc78b8ba32dc2faf?context=explore)
2022-06-22 10:10:41 +02:00
Vladimir Panteleev a3d19ad318
Add Go Skype Bridge
Based on mautrix-whatsapp, as that's what the bridge software is based on.
2022-06-12 21:29:43 +00:00
Julian-Samuel Gebühr 8ecdfc3ed6
Automatically enable admin api access via nginx (#1830) 2022-05-16 10:26:15 +03:00
Devin Dooley cbb924dec7 Support ansible vault strings for homeserver secret key 2022-04-25 19:17:40 -07:00
Slavi Pantaleev 49da9c76ac
Merge pull request #1782 from etkecc/matrix-bot-buscarron
add matrix-bot-buscarron
2022-04-25 09:44:35 +03:00
Slavi Pantaleev 47e5bab784
Fix self-building if condition 2022-04-25 09:22:01 +03:00
Matthew Cengia c83c70ac35 Don't self-build signald image on arm64, as upstream image exists 2022-04-25 10:25:05 +10:00
Aine 290754371a
add matrix-bot-buscarron 2022-04-23 16:19:24 +03:00
Julian-Samuel Gebühr 90a142439a
Add matrix-registration-bot (#1771)
* Add matrix-registration-bot

This adds an install and uninstall task plus helpers. The bot is disabled by default.
This commit does not include documentation, yet. In short, the bot can be enabled by adding
matrix_bot_matrix_registration_bot_enabled: true
matrix_bot_matrix_registration_bot_matrix_user_password: "verysecret"
matrix_bot_matrix_registration_bot_matrix_admin_token: "supersecret"
to the host_vars

* Change bot username to bot.matrix-registration-bot following convention

* Address smaller remarks, fix local docker build

* Switch to an env file

* Add environment variables extension for additional config

* Add documentation for the matrix-registration-bot

* Add screenshot on how to obtain admin access token

* Use bot as admin to only have one access token (bot and admin api)

* Use cleaner setting of matrix_synapse_registration_requires_token

* Use config file for cleaner more secure usage

* Delete unneeded env

* Rename vars to make usage clear

* Fix typos/wording and add notice about logging out

* Convert configuration to use |to_json

* Reorder role includes

Nothing should be after `matrix-common-after`.

`matrix-bot-matrix-registration-bot` can probably be anywhere, but it makes sense to put it next to the other `matrix-bot-*` roles.

* Minor group_vars/matrix_servers touchups

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-04-21 11:07:47 +03:00
Aine d5f4c17146
matrix-backup-borg: integrate postgres backups, add extended borgmatic configuration 2022-04-14 18:06:54 +03:00
HarHarLinks a9e6538ef8 Upgrade Hookshot (1.3.0 -> 1.4.0)
https://github.com/matrix-org/matrix-hookshot/releases/tag/1.4.0
2022-04-11 18:55:02 +02:00
HarHarLinks ceb2f54970 Make hookshot hardcoded public URLs dynamic 2022-04-11 16:45:33 +02:00
Hefty Zauk 03d2dcc996
Move into coturn defaults 2022-04-11 11:20:09 +00:00
heftyzauk 268b079374
Revert Coturn Address Change, add new Addresses var (#2) 2022-04-11 11:50:41 +01:00
heftyzauk 29847627f1
Multi-IP coturn
Add support for multiple external turn IP addresses, this allows for better comptability with dualstack ipv4/ipv6 hosts, and is supported as per the documentation (point 6 here: https://matrix-org.github.io/synapse/latest/turn-howto.html#configuration)
2022-04-10 21:51:03 +01:00
PC-Admin ab3e02c7fd Remove matrix-awx sections 2022-04-09 08:48:02 +08:00
Slavi Pantaleev db4b6efb5d Force self-building of matrix-hookshot on arm64
The `halfshot/matrix-hookshot` container images published to Docker Hub
(as of 2022-04-05, at least) are only available for `amd64`, not for
`arm64`. Self-building on arm64 is necessary.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1728

It should be noted that a `roiarthurb/matrix-hookshot` container image is available,
which is available for the arm64 platform, but that's non-official and doesn't
contain an amd64 build, so it's of limited use.
2022-04-05 16:08:11 +03:00
Aine a5a3769ca9
add borg backup (#1727)
* add borg backup

* lint fix

* add exlclude patterns

* missed in the #1726 fix for honoroit

* feedback

* Fix indentation

* feedback

* feedback

* feedback

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-04-05 14:37:27 +03:00
Slavi Pantaleev b9d6f8b90f
Merge pull request #1728 from RoiArthurB/hookshot-arm64
Add hookshot self build for arm64 and amd64
2022-04-05 09:58:26 +03:00
SaltireSoul e7978dbdca Dendrite 0.7.0 2022-04-05 03:40:37 +01:00
Arthur Brugière 1ce891fc70
Revert group_var wrong part reindent 2022-04-03 23:42:29 +07:00
RoiArthurB b38c7371a9 [STEAM] Move docker source from icewind1991 to tilosp fixed repo 2022-04-03 17:34:27 +07:00
Arthur Brugière b3176957c3
Add hookshot self build for arm64 and amd64 2022-04-03 17:10:46 +07:00
Slavi Pantaleev 958d089b68 Do not install the ma1sd identity server by default
As mentioned in the changelog, this is a breaking change.
2022-03-17 18:00:09 +02:00
Slavi Pantaleev 1df3e2a967
Merge pull request #1694 from HarHarLinks/master
add default for matrix_prometheus_scraper_hookshot_enabled
2022-03-15 17:01:08 +02:00
Slavi Pantaleev 5eb514b08b
Use |default instead of merely casting to bool 2022-03-15 17:01:00 +02:00
Kim Brose 9c58f2a98a
default matrix_prometheus_scraper_hookshot_enabled 2022-03-14 14:07:06 +01:00
László Várady 9de677942d bridge-mautrix-facebook: add support for web-based login 2022-03-12 16:30:29 +01:00
Slavi Pantaleev 69d2da4d44 Fix whitespace inconsistency 2022-03-10 11:41:41 +02:00
Slavi Pantaleev 1895b01810 Move matrix_container_global_registry_prefix to matrix-base
Various roles depend on this. It makes sense to make it part
of the `matrix-base` role.
2022-03-10 11:28:25 +02:00
Slavi Pantaleev 8c25ade9fb Rework matrix_mautrix_twitter_database_* variables a bit
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1682

Previously, when matrix-postgres was disabled, we were setting
`matrix_mautrix_twitter_database_engine` to an invalid empty value.

Now, we always hardcode `matrix_mautrix_twitter_database_engine: postgres`,
but set/unset the database hostname and password values instead.
2022-03-08 08:10:40 +02:00
Kim Brose 648001875e
Fix for old jinja versions
Co-authored-by: Procuria <37988494+Procuria@users.noreply.github.com>
2022-03-03 20:49:57 +01:00
HarHarLinks d556952bb6 update hookshot to respect protocol and custom ports 2022-02-16 20:10:01 +01:00
Marko Weltzer 8e8bf55e15 fix: missing spaces on closing } 2022-02-09 08:52:53 +01:00
Marko Weltzer 819574b8ba
Merge branch 'spantaleev:master' into master 2022-02-05 21:37:53 +01:00
Marko Weltzer 7e5b88c3b7 fix: all praise the allmighty yamllinter 2022-02-05 21:32:54 +01:00
Slavi Pantaleev ccb85b31a4 Upgrade devture/email2matrix (1.0.1 -> 1.0.2) and disable self-building on ARM32/ARM64
1.0.2 is the first container image tag that is available as a multi-arch image
with support for linux/amd64, linux/arm64/v8 (arm64) and linux/arm/v7 (arm32),
so self-building is no longer necessary on all these platforms.
2022-02-05 11:14:20 +02:00
Slavi Pantaleev 1099ccab43 Upgrade devture/exim-relay (4.95-r0 -> 4.95-r0-1) and disable self-building on ARM32/ARM64
4.95-r0-1 is the first container image tag that is available as a multi-arch image
with support for linux/amd64, linux/arm64/v8 (arm64) and linux/arm/v7 (arm32),
so self-building is no longer necessary on all these platforms.
2022-02-01 17:23:07 +02:00
Slavi Pantaleev e295c90d0b
Merge pull request #1505 from HarHarLinks/hookshot
add matrix-hookshot
2022-02-01 13:45:48 +02:00
Slavi Pantaleev 4a4d718f7c Upgrade matrix-corporal (2.2.2 -> 2.2.3) and disable self-building on ARM32/ARM64
2.2.3 is the first container image tag that is available as a multi-arch image
with support for linux/amd64, linux/arm64/v8 (arm64) and linux/arm/v7 (arm32),
so self-building is no longer necessary on all these platforms.
2022-01-31 16:52:49 +02:00
HarHarLinks 39d9ef43e9 fixup! update hookshot config to generic hs variables 2022-01-30 19:32:09 +01:00
HarHarLinks 2a91a43b32 Merge remote-tracking branch 'origin/master' into hookshot 2022-01-30 17:50:50 +01:00
HarHarLinks 54d8d0ec38 simplify hookshot conditional for readability 2022-01-30 17:43:29 +01:00
HarHarLinks c264d670e8 update hookshot config to generic hs variables 2022-01-30 17:41:51 +01:00
Kim Brose 44ae8d3b92
refine etherpad in nginx wanted services condition 2022-01-23 14:28:11 +01:00
Kim Brose a9dd397771
add etherpad to nginx wanted services
it's required if enabled by the dimension config here:
6eb8fb8392/roles/matrix-etherpad/tasks/init.yml (L42-L49)

see also #1517
2022-01-22 18:59:16 +01:00
HarHarLinks 321ed9b609 Merge remote-tracking branch 'origin/master' into hookshot 2022-01-14 19:26:31 +01:00
HarHarLinks 08fe38cf40 add hookshot to nginx wanted services
related 0fb881deb5
2022-01-12 13:09:13 +01:00
HarHarLinks 224633df1d fix condition for matrix_hookshot_container_http_host_bind_ports 2022-01-12 01:31:46 +01:00
HarHarLinks 2b97ab9a51 fix matrix_hookshot_container_http_host_bind_ports 2022-01-12 01:22:54 +01:00
HarHarLinks 3a766d4ba5 proxy hookshot metrics when proxying synapse metrics
see also #1527
2022-01-11 22:39:57 +01:00
Slavi Pantaleev 0fb881deb5 Update the "wanted systemd services" list for matrix-nginx-proxy/matrix-grafana
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1517
2022-01-11 08:29:38 +02:00
HarHarLinks 87871040df add hookshot metrics to internal prometheus 2022-01-11 00:56:51 +01:00
HarHarLinks 1987cc4839 refine hookshot role 2022-01-11 00:19:29 +01:00
Aine a83b880f72
matrix-bot-honoroit: feedback 2022-01-09 18:49:41 +02:00
Aine 4377c348c5
matrix-bot-honoroit: disable self-build by default, update to v0.9.1 2022-01-09 17:46:47 +02:00
HarHarLinks e0f2aa9de8 refactor matrix_hookshot_container_http_host_bind_ports 2022-01-08 17:16:53 +01:00
Slavi Pantaleev 7b093c5ae0 Move some variables to a more appropriate location 2022-01-08 09:11:22 +02:00
Slavi Pantaleev 19b5a50805 Derive Honoroit database password from matrix_homeserver_generic_secret_key
Related to the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/818
2022-01-08 09:08:55 +02:00
Slavi Pantaleev 5c3c0d0d58 Set Dendrite's real_ip_header correctly 2022-01-07 16:00:51 +02:00
Slavi Pantaleev 05b4572fab Fix matrix_dimension_homeserver_federationUrl for Dendrite 2022-01-07 16:00:51 +02:00
Slavi Pantaleev de49cc5271 Fix matrix_registration_shared_secret for Dendrite 2022-01-07 16:00:51 +02:00
Slavi Pantaleev 593fc2fa85 Replace matrix-synapse.service references with more homeserver-neutral references 2022-01-07 16:00:51 +02:00
Slavi Pantaleev 38ad152c03 Add Dendrite-awareness to matrix_homeserver_container_url when matrix-nginx-proxy disabled 2022-01-07 16:00:51 +02:00
Slavi Pantaleev bbbfc0708f Derive matrix_coturn_turn_static_auth_secret from matrix_homeserver_generic_secret_key
Doing this further simplifies examples/vars.yml.
2022-01-07 16:00:51 +02:00
Slavi Pantaleev 965890bf75 Derive secrets from matrix_homeserver_generic_secret_key, not matrix_synapse_macaroon_secret_key
We're trying to move away from implementation-specific variables,
hoping for a clean (implementation-neutral) examples/vars.yml file.
2022-01-07 16:00:42 +02:00
Slavi Pantaleev 1dfe21944f Make matrix_homeserver_implementation influence matrix_IMPLEMENTATION_enabled, not the other way around
Doing this seems more reasonable and simpler.
2022-01-07 15:59:35 +02:00
Slavi Pantaleev 4139290cc9 Rename some variables for consistency 2022-01-07 15:59:35 +02:00
Slavi Pantaleev 32bbcf5ed6 Fix incorrect definition 2022-01-07 15:59:35 +02:00
Slavi Pantaleev 38ec546b8b Only trust own identity server in Dendrite config, if ma1sd enabled 2022-01-07 15:59:35 +02:00
Slavi Pantaleev ecc237bbad Initial work on getting nginx reverse proxying working with Dendrite 2022-01-07 15:59:35 +02:00
Slavi Pantaleev 3cf9f87097 Add matrix_homeserver_implementation, tracking the current homeserver implementation
The goal is to have a single variable which tells us which homeserver
software is in use. Much simpler than having if/elif/elif checks for
variables like (`matrix_synapse_enabled` and `matrix_dendrite_enabled`, etc.)
everywhere.
2022-01-07 15:59:35 +02:00
Slavi Pantaleev 5b148921a0 Upgrade Dendrite (0.3.11 -> 0.5.0) and update configuration
This brings dendrite.yaml up to date and cleans things up a bit.
2022-01-07 15:59:35 +02:00
Jip J. Dekker 07af05690c Add initial role for Dendrite as alternative Matrix server 2022-01-07 15:59:35 +02:00
rakshazi d9dd524db3
self-build consistency: rename vars everywhere 2022-01-07 12:18:45 +02:00
Slavi Pantaleev b0c801a497 Rename variable for consistency (matrix_bot_honoroit_container_self_build -> matrix_bot_honoroit_container_image_self_build)
Discussed in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1514
2022-01-07 11:53:24 +02:00
rakshazi 407e8c4940
added honoroit 2022-01-06 20:30:10 +02:00
rakshazi 490f11ba0d
matrix-client-cinny: self_build feedback" 2022-01-06 09:11:28 +02:00
rakshazi 5788a16a2e
added matrix-client-cinny 2022-01-05 18:33:21 +02:00
HarHarLinks 621251c1e5 hookshot role groundwork 2022-01-03 21:25:03 +01:00
Slavi Pantaleev dcab14d9a8 Add self-building support to Beeper LinkedIn bridge
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1480

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1242
2021-12-23 13:04:09 +02:00
Shreyas Ajjarapu 25ced724ac
Update matrix_servers 2021-12-20 23:38:54 -06:00
Matthew Cengia 0f49ce0638 Set up vars for mautrix-twitter playbook
* Copy/update mautrix_facebook group_vars to mautrix_twitter
* Replace facebook -> twitter, fb -> twt, remove presence var
* Enable playbook in setup.yml
2021-12-14 22:36:23 +11:00
Slavi Pantaleev fc55df9318 Make some appservices reach the homeserver via nginx
This is useful when Synapse is using a worker setup. In that case,
we don't want appservices to connect to `matrix-synapse:8008`, because
not all APIs are exposed there.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1449
2021-12-10 08:29:57 +02:00
John M 286871b9b5 Add self-build for Dimension
Add a self-build option for the Dimension Dockerfile.
 - This helps further support arm64 hosts (i.e. A1.Flex w/Oracle)
2021-12-08 04:48:59 -08:00
Christos Karamolegkos ab60238518
Support encrypted matrix_synapse_macaroon_secret_key
This change forces ansible to decrypt the variable with ansible-vault if encrypted, to avoid the error '{"msg": "Unexpected templating type error occurred on ({{ matrix_synapse_macaroon_secret_key | password_hash('sha512') }}): secret must be unicode or bytes, not ansible.parsing.yaml.objects.AnsibleVaultEncryptedUnicode"}'
Every other variable in the playbook was found to have no problems with encryption.
The change has no negative impact on non-encrypted matrix_synapse_macaroon_secret_key.
2021-11-26 19:51:05 +02:00
Slavi Pantaleev b4fb819481
Merge pull request #1403 from borisrunakov/rename-matrix-ma1sd-default-port
remove default from variable name
2021-11-17 10:35:54 +02:00
boris runakov 394ecb0acc remove default from variable name 2021-11-16 21:14:28 +02:00
boris runakov d3a9ec98de refactoring 2021-11-16 21:03:21 +02:00
boris runakov 1ec67f49b0 replaced 8008 where possible 2021-11-15 22:43:05 +02:00
Slavi Pantaleev c1bc7b9f93 Rename variables to prevent confusion
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1397
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1399
2021-11-15 14:56:11 +02:00
b 07496069c8 rellocating variables for consistency 2021-11-15 12:07:54 +02:00
b 7756cc4c8e replace port 8048 with matrix_synapse_container_default_federation_port 2021-11-14 20:30:13 +02:00
borisrunakov 9688d071a8
fix matrix_synapse_account_threepid_delegates_email and matrix_synapse_account_threepid_delegates_msisdn (#1370)
* fix for string concatenation on matrix_synapse_account_threepid_delegates_email and matrix_synapse_account_threepid_delegates_msisdn

* .editorconfig should not be ignored

* Restore .gitignore

Co-authored-by: b <b@b>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2021-11-01 12:02:02 +02:00
b dcda17595a change port 8090 to matrix_ma1sd_default_port 2021-10-31 21:06:22 +02:00
Slavi Pantaleev 06bcdcf9d2
Merge pull request #1311 from HarHarLinks/master
add auto proxy synapse worker metrics
2021-10-25 09:21:11 +03:00
HarHarLinks 4209c4208c add own variable for worker metrics
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1311#issuecomment-945718866
2021-10-20 12:51:00 +02:00
Slavi Pantaleev 6937a2c0a9
Ensure password_hash salt is less than 16 chars
Also fixes the appservice and homeserver tokens for the Googlechat bridge,
so that they're not the same as the ones for the Hangouts bridge.
2021-10-13 07:48:59 +03:00
Luke 1dac525e63 Added Mautrix Google Chat 2021-10-12 11:45:04 +00:00
Slavi Pantaleev fb709152f3 Add self-building support for mautrix-whatsapp
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1322
2021-10-12 10:02:07 +03:00
Slavi Pantaleev b5d8444764 Add self-building support to matrix-bridge-appservice-webhooks 2021-10-01 16:37:37 +03:00
Slavi Pantaleev 2ec06b7477
Merge pull request #1242 from apmechev/add_beeper_linkedin_bridge
Add beeper LinkedIn bridge
2021-08-23 15:15:35 +03:00
Slavi Pantaleev 603ad7c52b Remove (non-working) SQLite support from beeper-linkedin bridge
This bridge doesn't support SQLite anyway, so it's not necessary
to carry around configuration fields and code for migration from SQLite
to Postgres. There's nothing to migrate.
2021-08-23 15:12:19 +03:00
Slavi Pantaleev 13e660bffd
Add missing section separator 2021-08-23 15:02:28 +03:00
Alexandar Mechev b13cf1871f add code for LinkedIn Bridge 2021-08-21 17:32:45 +02:00
Slavi Pantaleev 9860fb4675 Upgrade Sygnal (v0.9.0 -> v0.10.1) 2021-08-20 17:48:24 +03:00
Slavi Pantaleev 46340fdf63
Simplify if condition 2021-08-15 08:45:21 +03:00
Michael Collins 4d57a41b3f remove matrix_awx_enabled from these 2021-08-11 17:18:57 +08:00
Michael Collins 2e30802b87 use group variables instead 2021-08-11 15:21:09 +08:00
Slavi Pantaleev 421f85defa Add self-building support to matrix-email2matrix 2021-08-04 15:03:45 +03:00
Slavi Pantaleev dfa7b6e4fd
Merge pull request #1171 from BackInBash/patch-1
Updating to ma1sd v2.5.0
2021-07-28 11:09:39 +03:00
Slavi Pantaleev 676101e999 Minor fixups for ma1sd 2.5.0
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1171
2021-07-28 11:08:50 +03:00
Nate f5d6b01b9f Updated group_vars to update self_build based on matrix_architecture 2021-07-25 14:24:38 -07:00
Slavi Pantaleev 31244e7fcc
Merge pull request #1180 from Toorero/master
Fixed self-build functionality for mautrix-signal
2021-07-21 15:17:57 +03:00
Toorero ead4b00c09 Reverted back to manual self-build detection 2021-07-21 14:05:21 +02:00
Toorero 3a28100131 Renamed matrix_lottieconverter to matrix_telegram_lottieconverter 2021-07-17 14:05:13 +02:00
Toorero 7f15787d54 Fixed mautrix-telegram selfbuild not working on non amd64 platforms 2021-07-16 18:58:55 +02:00
Toorero f933ba14ae Fixed self-build functionality for mautrix-signal and added self-build functionality for signald 2021-07-16 13:27:36 +02:00
Toorero aa6398a948 Autoset self-build for mautrix-signal bridge 2021-07-14 22:46:17 +02:00
Slavi Pantaleev b4d7ab0b53
Merge pull request #1153 from Cadair/worker_prom
Add worker metrics to prometheus exporter
2021-07-05 10:30:02 +03:00
Stuart Mumford 2aa457efcc Use a prom variable and not a synapse role variable 2021-07-02 15:41:36 +00:00
Slavi Pantaleev 3777334778 Do not try to use TURNS when TLS disabled for Coturn
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
2021-07-02 17:05:08 +03:00
Slavi Pantaleev 8b146f083e Disable turns when Let's Encrypt is used
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1145
2021-07-02 17:00:40 +03:00
Aaron Raimist 19ed8d1d17
Upgrade mjolnir (0.1.17 -> 0.1.18) and implement self building 2021-07-02 00:10:59 -05:00
Raymond Coetzee 4e2780ff88 Add support for a prometheus postgres exporter
This commit introduces a new role that downloads and installs the
prometheus community postgres exporter  https://github.com/prometheus-community/postgres_exporter.
A new credential is added to matrix_postgres_additional_databases that
allows the exporter access to the database to gather statistics.
A new dashboard was added to the grafana role, with some refactoring
to enable the dashboard only if the new role is enabled.
I've included some basic instructions for how to enable the role in
the Docs section.

In terms of testing, I've tested enabling the role, and disabling
it to make sure it cleans up the container and systemd role.
2021-05-27 20:13:29 +01:00
ewang 409cd2b9a3 Source port binding from group vars in line other components 2021-05-23 14:06:18 +02:00
Aaron Raimist 04548f8df2
Merge branch 'master' into hydrogen 2021-05-21 04:09:18 -05:00
Aaron Raimist 9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53 2021-05-21 03:45:21 -05:00
Slavi Pantaleev 9a8a81fdb0 Disable OCSP stapling when self-signed certificates are used
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1073
2021-05-21 08:38:20 +03:00
Toni Spets 544915ff76 Add Heisenbridge 2021-05-19 10:42:21 +03:00
Aaron Raimist ca361af616
Add Hydrogen 2021-05-15 04:23:36 -05:00
Slavi Pantaleev f03adc83f1 Fix matrix_ma1sd_dns_overwrite_homeserver_client_value when not matrix_nginx_proxy_enabled
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1047
2021-05-11 08:50:04 +03:00
Slavi Pantaleev e3fa3e12bc Upgrade Synapse (1.31 -> 1.32.2) 2021-04-22 14:22:07 +03:00
Slavi Pantaleev 378fabf177 Revert "Upgrade Synapse (1.31 -> 1.32.1)"
This reverts commit 1fb54a37cb.

Seems like it's been pulled or something. It used to exist, but not
anymore. Not sure what's going on.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1017

Related to
https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-21 23:36:58 +03:00
Slavi Pantaleev 1fb54a37cb Upgrade Synapse (1.31 -> 1.32.1)
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-21 18:47:15 +03:00
Slavi Pantaleev ca786cc343 Revert "Upgrade Synapse (1.31 -> 1.32)"
This reverts commit f825c7c263.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-20 23:40:55 +03:00
Slavi Pantaleev f825c7c263 Upgrade Synapse (1.31 -> 1.32) 2021-04-20 17:47:34 +03:00
Slavi Pantaleev adcecaffaf Fix connectivity between prometheus and prometheus-node-exporter
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008

This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)

A better patch is certainly welcome.
2021-04-19 18:29:03 +03:00
Slavi Pantaleev 8da8979a24 Do not override matrix_prometheus_node_exporter_container_http_host_bind_port when matrix-nginx-proxy disabled
Not sure why this had been done in the first place.
It doesn't make any sense.

There's no relation between matrix-nginx-proxy and
prometheus-node-exporter.
2021-04-19 17:45:27 +03:00
Ahmad Haghighi 126fbbc0cc fix typo 2021-04-12 17:23:55 +04:30
Ahmad Haghighi f52a8b6484 use custom docker registry 2021-04-12 17:23:55 +04:30
Slavi Pantaleev a1a0d91604 Make prometheus-node-exporter not overlap with Synapse metrics port
This was causing a port conflict when `matrix_nginx_proxy_enabled: false`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/983
2021-04-06 12:23:43 +03:00
Slavi Pantaleev 1b55766927 Do not redefine matrix-postgres role vars in matrix-postgres-backup
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
2021-04-05 11:32:19 +03:00
Slavi Pantaleev 0a107dc0ce
Merge pull request #868 from foxcris/postgres-backup
- Added a postgres-backup role
2021-04-05 10:53:04 +03:00
foxcris 14b8e3a3ab - fixed error with generator function 2021-04-05 09:31:32 +02:00
foxcris 2178f3612f - matrix_postgres_backup_databases now uses more simple structure 2021-04-05 09:05:41 +02:00
Slavi Pantaleev 995c483856
Merge pull request #962 from aaronraimist/mjolnir
Add mjolnir
2021-04-03 10:45:29 +03:00
Aaron Raimist 1ecee625d5
Depend on more services, add a delay 2021-04-02 17:07:24 -05:00
Slavi Pantaleev 59699e0d98 Try to make Dimension wait for Synapse
Some people have reported Dimension failing to contact
matrix-nginx-proxy/Synapse on startup. This attempts to
delay Dimension startup some more.
2021-03-29 12:35:02 +03:00
Slavi Pantaleev 59ac8a5921 Make Dimension require matrix-nginx-proxy, if enabled
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/966
2021-03-25 11:56:34 +02:00
Slavi Pantaleev 5b7dbe8275 Make matrix-synapse wanted by matrix-nginx-proxy only if enabled 2021-03-25 08:51:26 +02:00
Slavi Pantaleev 5a4ea5f866 Make AWX enabling/disabling consistent with other playbook roles
That is:
- enabled in the role by default
- disabled in the compilation (playbook), if considered an optional
component
2021-03-24 14:02:53 +02:00
Slavi Pantaleev b89936afba Make bridges depend on matrix-nginx-proxy
We don't point them straight to Synapse anymore, but rather
to matrix-nginx-proxy, which forwards to Synapse (or something else).
2021-03-24 14:00:41 +02:00
Aaron Raimist bab8b950ca
Add mjolnir 2021-03-23 22:46:08 -05:00
Slavi Pantaleev 06c74728eb Move matrix_nginx_proxy_proxy_synapse_federation_api_enabled definition to the role
This variable was previously undefined in the role and was only getting
defined via `group_vars/matrix_servers`.

We now properly initialize it (and its good default value) in the role
itself.
2021-03-23 10:28:32 +02:00
Slavi Pantaleev 9a0222fa47 Add Sygnal support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
2021-03-20 13:32:22 +02:00
foxcris 11cd1cb0fa - removed matrix_postgres_backup_db_list variable
- add matrix_postgres_backup_databases to be build on top of matrix_postgres_additional_databases
- POSTGRES_DB is now directly set from matrix_postgres_backup_databases while building the templates/env-postgres-backup.j2
2021-03-16 11:40:16 +01:00
foxcris 43f7d9afb6 - removed dynamic building of the postgres db list an reused matrix_postgres_additional_databases in group_vars/matrix_servers as source for the list
- adjusted env-postgres-backup.j2 to use the new role specific variables
2021-03-16 10:49:04 +01:00
foxcris ecc6bdb3ca - changed variables names to use role specific one and redefine them using group_vars/matrix_servers 2021-03-16 10:18:26 +01:00
Slavi Pantaleev 011e95c1d2
Merge pull request #893 from GoMatrixHosting/master
matrix-awx - the GoMatrixHosting v0.3.0 initial PR
2021-03-16 08:40:15 +02:00
Yannick Goossens 20c6bd686e Added the matrix_bot_go_neb_container_http_host_bind_port variable to allow the container to expose its listen port 2021-03-12 11:10:00 +01:00
Yannick Goossens 51e2547484 Added support for the Go-NEB bot 2021-03-11 19:23:01 +01:00
Slavi Pantaleev a25b8135b8 Fix point overlap between matrix-domain and Jitsi
Mostly affects people who disable the integrated `matrix-nginx-proxy`.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456
and more specifically 4d62a75f6f.
2021-03-01 20:27:45 +02:00
Michael 33ec5710d9 0.2.1 revision 2021-02-28 22:21:40 +08:00
Slavi Pantaleev 1ef683d366 Make nginx proxy config (when disabled) obey matrix_federation_public_port
People who were disabling matrix-nginx-proxy (in favor of their own
nginx webserver) and also overriding `matrix_federation_public_port`,
found that the generated nginx configuration still hardcoded `8448`,
which forced their nginx server to use that, regardless of the fact
that `matrix_federation_public_port` was pointing elsewhere.

We now allow for the in-container federation port to be configurable,
and also automatically wire things properly.
2021-02-24 08:19:20 +02:00
Marcus Proest 2ca8211184 Merge remote-tracking branch 'upstream/master' 2021-02-19 19:02:48 +01:00
Marcus Proest b99372a3c5 initial commit of mautrix-instagram role 2021-02-19 17:20:26 +01:00
Slavi Pantaleev 91c987ca7d
Merge pull request #872 from xangelix/add-mx-puppet-groupme-gh
Add mx-puppet-groupme support
2021-02-19 11:42:41 +02:00
Slavi Pantaleev d94d0e2ca5
Merge pull request #456 from eMPee584/synapse-workers
Synapse workers
2021-02-19 11:40:36 +02:00
Slavi Pantaleev 217b4a8808 Release Synapse v1.27.0 to ARM32 via self-building
Related to: https://matrix.org/blog/2021/02/18/synapse-1-27-0-released#dropping-armv7-docker-images
2021-02-19 09:10:16 +02:00
Béla Becker 005f4d57f9 Remove mention of sqlite3 support for Etherpad
The official Etherpad Docker image has no support for sqlite3 databases.
2021-02-18 17:39:36 +01:00
Cody Neiman c4e1209452
Merge branch 'master' into add-mx-puppet-groupme-gh 2021-02-17 13:52:37 -05:00
Slavi Pantaleev daae74b074 Merge branch 'master' into synapse-workers 2021-02-16 17:31:40 +02:00
Marc Leuser 1434c371bd safer port binding of etherpad docker container
don't bind to any host port if nginx_proxy is used
only bind to localhost if it's not used
2021-02-15 10:46:23 +01:00
Cody Neiman e510481e84
Merge branch 'master' into add-mx-puppet-groupme-gh 2021-02-14 13:41:16 -05:00
Cody Neiman c15d5a58a9
Make mx-puppet-groupme tokens unique 2021-02-14 13:37:12 -05:00
Slavi Pantaleev 5cfeae806b Merge branch 'master' into synapse-workers 2021-02-14 13:00:57 +02:00
Slavi Pantaleev 894679750e
Merge pull request #862 from s-thom/nginx-additional
Add additional domains for Let's Encrypt certificates to be obtained
2021-02-14 11:05:25 +02:00
Cody Neiman b900a4a3ba
Add groupme postgres 2021-02-13 00:50:00 -05:00
Cody Neiman 5a70a56ff0
Initial implementation 2021-02-12 23:13:30 -05:00
Slavi Pantaleev 2b47258c6c Do not auto-expose metrics on matrix.DOMAIN/_synapse/metrics
.. and other documentation improvements.
2021-02-12 13:47:53 +02:00
Slavi Pantaleev c8ab200cb1 Break dependency between matrix-prometheus and (matrix-prometheus-node-exporter, matrix-synapse) 2021-02-12 11:59:24 +02:00
Slavi Pantaleev 18e31526a8 Rename some variables 2021-02-12 11:59:24 +02:00
Peetz0r 989100b1c1 Grafana nginx proxy config 2021-02-10 22:54:14 +01:00
Peetz0r eb5aa93e8a Grafana
Also includes the dashboards for Synapse and for Node Exporter.

Again has only been tested on debian amd64 so far, but the grafana docker image is available for arm64 and arm32. Nice.
2021-02-10 22:54:14 +01:00
Peetz0r e525970b39 Prometheus Node Exporter
Basic system stats, to show stuff the synapse metrics
can't show such as resource usage by bridges, etc

Seems to work fine as well.

This too has only been tested on debian amd64 so far
2021-02-10 22:54:14 +01:00
Peetz0r 13ef9e85cf Prometheus
Initial attempt. Seems to work fine.

Only tested on debian amd64 so far
2021-02-10 22:54:14 +01:00
Stuart Thomson 064b2e533c Add variable for extra domains to get LE certs for
I felt that adding another variable was probably going to be the easiest way to do this. I may end up adding another variable to enable this feature, for consistency with some of the other things.
2021-02-06 20:02:39 +13:00
Béla Becker 38bf1eda70 Etherpad Jitsi integration 2021-01-26 05:04:47 +01:00
Béla Becker 4b451ff782 Etherpad role 2021-01-26 05:04:47 +01:00
Slavi Pantaleev d3ecc6f017 Fix bridges failing to upload media when Synapse workers are enabled 2021-01-25 13:55:08 +02:00
Slavi Pantaleev 4d62a75f6f Get matrix-corporal to play nicely with a Synapse worker setup
We do this by creating one more layer of indirection.

First we reach some generic vhost handling matrix.DOMAIN.
A bunch of override rules are added there (capturing traffic to send to
ma1sd, etc). nginx-status and similar generic things also live there.

We then proxy to the homeserver on some other vhost (only Synapse being
available right now, but repointing this to Dendrite or other will be
possible in the future).
Then that homeserver-specific vhost does its thing to proxy to the
homeserver. It may or may not use workers, etc.

Without matrix-corporal, the flow is now:
1. matrix.DOMAIN (matrix-nginx-proxy/matrix-domain.conf)
2. matrix-nginx-proxy/matrix-synapse.conf
3. matrix-synapse

With matrix-corporal enabled, it becomes:
1. matrix.DOMAIN (matrix-nginx-proxy/matrix-domain.conf)
2. matrix-corporal
3. matrix-nginx-proxy/matrix-synapse.conf
4. matrix-synapse

(matrix-corporal gets injected at step 2).
2021-01-25 09:46:41 +02:00
Slavi Pantaleev 63301b0ef1 Improvements around Synapse worker/metrics ports exposure
There was a `matrix_nginx_proxy_enabled|default(False)` check, but:
- it didn't seem to work reliably for some reason (hmm)
- referring to a `matrix_nginx_proxy_*` variable from within the
  `matrix-synapse` role is not ideal
- exposing always happened on `127.0.0.1`, which may not be good enough
  for some rarer setups (where the own webserver is external to the host)
2021-01-25 08:25:43 +02:00
Slavi Pantaleev 5ca68210cd Do not handle /_matrix/federation on client-server port, nor /_matrix/client stuff on federation port
I guess it didn't hurt to do it until now, but it's not great serving
federation APIs on the client-server API port, etc.

matrix-corporal doesn't work yet (still something to be solved in the
future), but its firewalling operations will also be sabotaged
by Client-Server APIs being served on the federation port (it's a way to get around its firewalling).
2021-01-24 22:22:57 +02:00
Marcel Partap 183adec3d8 Merge remote-tracking branch 'origin/master' into synapse-workers 2021-01-23 15:04:11 +01:00
Panagiotis Georgiadis f10e3fef0d
Merge branch 'master' into irc 2021-01-22 20:30:24 +00:00
Panagiotis Georgiadis e502ee33da
Selfbuild appservice-irc bridge 2021-01-22 21:28:53 +01:00
Slavi Pantaleev f9c1d62435 Fix Postgres database (-alpine) failing to start on ARM32 2021-01-22 13:52:55 +02:00
Slavi Pantaleev 95346f3117 Reorganize Postgres access (breaking change)
In short, this makes Synapse a 2nd class citizen,
preparing for a future where it's just one-of-many homeserver software
options.

We also no longer have a default Postgres superuser password,
which improves security.

The changelog explains more as to why this was done
and how to proceed from here.
2021-01-22 13:26:12 +02:00
Slavi Pantaleev 024a23ed17 Upgrade mautrix-facebook to the new Postgres-only version
I had intentionally held it back in 39ea3496a4
until:
- it received more testing (there were a few bugs during the
migration, but now it seems OK)
- this migration guide was written
2021-01-20 10:12:51 +02:00
Slavi Pantaleev 28d86e3aaa Initial work on support for matrix-corporal v2 2021-01-16 23:47:14 +02:00
Panagiotis Georgiadis a66a604e53
Selfbuild appservice-slack bridge 2021-01-14 01:29:11 +01:00
Slavi Pantaleev 48b6487d41 Use ready-made image for mautrix-telegram on arm64
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/793
2021-01-13 22:40:47 +02:00
Slavi Pantaleev 105354a052
Remove useless comment 2021-01-13 17:56:10 +02:00
Panagiotis Georgiadis fd540d8592
Enable Telegram self-building 2021-01-13 16:51:45 +01:00
Marcel Partap cd8100544b Merge remote-tracking branch 'origin/master' into synapse-workers
Sync with upstream
2021-01-08 20:58:50 +01:00
teutat3s a2f6adbeaf
Fix appservice-slack default db: nedb 2021-01-06 22:00:49 +01:00
Slavi Pantaleev 6b1e25d843 Do not create matrix_bridge_sms Postgres database
That bridge only supports its own file-based database,
so preparing a Postgres database for it is pointless.
2021-01-03 10:21:59 +02:00
Slavi Pantaleev df8d9cfd34 Remove some TODOs
The answer to these is: it's good to have them in both places.
The role defines the obvious things it depends on (not knowing
what setup it will find itself into), and then
`group_vars/matrix_servers` "extends" it based on everything else it
knows (the homeserver being Synapse, whether or not the internal
Postgres server is being used, etc.)
2021-01-03 07:46:55 +02:00
Sabine Laszakovits ffb837d4bc made the bridge use the default postgres db 2021-01-02 00:39:11 +01:00
Sabine Laszakovits a06c58c753 Merge branch 'master' into signal 2021-01-01 21:05:00 +01:00
David Gnedt befffa926b Fix concatenation of additional databases
Otherwise the postgres upgrade fails with the following error:

Unexpected templating type error occurred on ({{
  [matrix_postgres_connection_username]
  +
  matrix_postgres_additional_databases|map(attribute='username')
}}
): can only concatenate list (not "generator") to list
2020-12-23 19:24:45 +01:00
Slavi Pantaleev ea804f2f9f Do not use underscore in salts passed to sha512
Some Ansible installations choke on it, it seems.
Similar to 9f00970c90
2020-12-23 12:59:48 +02:00
Slavi Pantaleev 9f00970c90 Do not use salts longer than 16 characters
We've hit this problem before as well. Certain Ansible installations
choke on it.
2020-12-23 12:31:52 +02:00
Slavi Pantaleev f19b29846d
Merge pull request #740 from jdreichmann/postgres-per-default
postgres: create databases for all services
2020-12-23 11:00:41 +02:00
Slavi Pantaleev ad1425eee4 Add pgloader self-building support (for ARM) 2020-12-23 09:08:54 +02:00