Commit graph

202 commits

Author SHA1 Message Date
Chris van Dijk 3f4bc9b881 Move config supprt for unfederated dimension into group_vars 2020-04-22 19:23:56 +02:00
Horvath Gergely b5844d2395 shortening line based on @spantaleev 's comment 2020-04-19 13:31:36 +02:00
Horvath Gergely bd61598faf add experimental(?) architecture support for arm32 and arm64
the changes are necessary because certbot images are tagged, so docker does not recognize the necessary architecture
2020-04-18 22:55:19 +02:00
Slavi Pantaleev 515160f0d7 Fix STUN server URL for jitsi/web (turns -> stun)
Discussed in #446 (Github Pull Request).
2020-04-09 19:09:04 +03:00
Rodrigo Belem 64de103dff Add global var to control skype image self build 2020-04-09 11:03:06 -04:00
Slavi Pantaleev 2f601a4aee
Merge pull request #446 from skoal/master
Jitsi related firewall and port changes
2020-04-09 16:14:06 +03:00
Slavi Pantaleev e6ebfbf8cc Prevent conflict between Whatsapp and Skype bridge tokens
Fixes an error like this:

> synapse.config._base.ConfigError: Cannot reuse as_token across application services
2020-04-09 16:07:36 +03:00
skoal 0713570e2f
Update matrix_servers
turn tls port update
2020-04-09 14:40:32 +02:00
Slavi Pantaleev 7035af87d8 Add support for Jitsi discovery for Riot via /.well-known/matrix/client
This will not work yet, as no version of Riot currently supports it.
It's expected to land in riot-web v1.5.16 via matrix-org/matrix-react-sdk#4348.
2020-04-09 09:58:35 +03:00
Slavi Pantaleev 59d05ad72c
Merge pull request #441 from Jozian/skype
Initial mx-puppet-skype bridge role
2020-04-09 09:24:11 +03:00
Slavi Pantaleev 67a5ef97ba Fix missing "stun:" prefix for jitsi/web STUN server URLs
Hopefully fixes an error like this (which I haven't been able to
reproduce, but..):

> [modules/xmpp/strophe.util.js] <Object.i.Strophe.log>:  Strophe: Error: Failed to construct 'RTCPeerConnection': 'matrix.DOMAIN' is not one of the supported URL schemes 'stun', 'turn' or 'turns'.
2020-04-09 09:16:10 +03:00
Rodrigo Belem 1107207147 Initial mx-puppet-skype bridge role 2020-04-08 19:25:21 -04:00
Slavi Pantaleev 61fffa169c Use Jitsi STUN servers instead of Google ones
These are some new defaults that we switch to, to follow upstream
changes:

- https://github.com/jitsi/docker-jitsi-meet/commit/264df04
- 3121494d4b
2020-04-08 19:08:15 +03:00
Slavi Pantaleev 845f5f007b Make Synapse use ma1sd (if enabled) for threepid registration 2020-04-03 10:08:37 +03:00
Marcel Partap 874e2e1fc0 Rename variables (s/mxisd/ma1sd/) and adapt roles 2020-04-02 11:31:38 +02:00
Slavi Pantaleev e06ac41db1 Do not try to obtain jitsi.DOMAIN certificate if Jitsi is disabled 2020-03-24 16:21:26 +02:00
Slavi Pantaleev d605b219a2 Manage Jitsi configuration by ourselves for most components
We do this for 2 reasons:

- so we can control things which are not controllable using environment
variables (for example `stunServers` in jitsi/web, since we don't wish
to use the hardcoded Google STUN servers if our own Coturn is enabled)

- so playbook variable changes will properly rebuild the configuration.
When using Jitsi environment variables, the configuration is only built
once (the first time) and never rebuilt again. This is not the
consistent with the rest of the playbook and with how Ansible operates.
We're not perfect at it (yet), because we still let the Jitsi containers
generate some files on their own, but we are closer and it should be
good enough for most things.

Related to #415 (Github Pull Request).
2020-03-24 09:35:21 +02:00
Slavi Pantaleev cdd9ee1962 Add Jitsi support 2020-03-23 17:19:15 +02:00
Slavi Pantaleev 2b85fde103 Rename some variables for consistency 2020-03-15 10:15:27 +02:00
Slavi Pantaleev 8fe97abe7d Wire matrix_container_images_self_build to self_build variables via group_vars/matrix_servers
This keeps the roles cleaner and more independent of matrix-base,
which may be important for people building their own playbook
out of the individual roles and not using the matrix-base role.
2020-03-15 10:10:41 +02:00
Horvath Gergely 310aa685f9 refactor based on Slavi's requests 2020-03-08 00:24:00 +01:00
Horvath Gergely d53d63ab07 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into raspberry-pi 2020-03-07 13:57:44 +01:00
Slavi Pantaleev 4a06e52660 Fix matrix-appservice-slack configuration when matrix-nginx-proxy is disabled 2020-03-03 17:48:51 +02:00
Slavi Pantaleev be6c048abe Remove useless matrix_appservice_webhooks_webhooks_port
In relation to #392 (Github Issue)
2020-03-03 12:38:26 +02:00
Horvath Gergely a096eafb45 add possibility to install synapse on raspberry pi 2020-02-17 21:48:48 +01:00
teutates 2c4eef72c3
fix slack bridge: salt too large, sha512_crypt requires <= 16 chars 2020-02-10 02:47:26 +01:00
joao-p-marques a0b313b3d1 fix invalid password salt on slack bridge 2020-02-06 00:25:26 +00:00
Zach Mertes e0defd4d4c
Fix invalid password salts for slack webhooks 2020-01-24 05:06:36 -05:00
Slavi Pantaleev 2c04384e8e Synchronize config with the one from Synapse 1.9.0
Related to #355.
2020-01-23 15:47:53 +02:00
Björn Marten 50bf8c8dd7 Add matrix-appservice-webhooks role. 2020-01-13 17:20:49 +01:00
Slavi Pantaleev bd38861179 Add support for automatic Double Puppeting for all Mautrix bridges 2020-01-12 20:28:36 +02:00
Aaron Raimist 2ea507e2ea
Don't make it Dimension specific 2019-12-09 22:23:56 -06:00
Aaron Raimist 79d1576648
Allow Synapse manhole to be enabled
Can you double check that the way I have this set only exposes it locally? It is important that the manhole is not available to the outside world since it is quite powerful and the password is hard coded.
2019-12-05 00:07:15 -06:00
Slavi Pantaleev 65da600426
Merge branch 'master' into master 2019-08-21 07:34:20 +03:00
Slavi Pantaleev c8a4d59a81
Merge pull request #251 from Munfred/master
Add mautrix-hangouts bridge role and documentation
2019-08-21 07:15:14 +03:00
Slavi Pantaleev e4b67fdb6b
Fix typo 2019-08-20 09:07:54 +03:00
microchipster 0585889d5a add hangouts bridge by copying facebook bridge and find-replacing 2019-08-06 05:27:40 +00:00
Slavi Pantaleev 4be35822dd Add Email2Matrix support 2019-08-05 13:09:49 +03:00
kingoftheconnors 177ec295b4 Fixed matrix-appservice-slack docker command problems 2019-07-27 14:25:13 -04:00
kingoftheconnors 49766c5dac Added Slack role 2019-07-26 21:37:21 -04:00
Slavi Pantaleev 8529efcd1c Make Discord bridge configuration playbook-managed
Well, `config.yaml` has been playbook-managed for a long time.
It's now extended to match the default sample config of the Discord
bridge.

With this patch, we also make `registration.yaml` playbook-managed,
which leads us to consistency with all other bridges.

Along with that, we introduce `./config` and `./data` separation,
like we do for the other bridges.
2019-06-26 10:35:00 +03:00
Slavi Pantaleev 782356d421 Use password_hash salts that obey passlib requirements
According to
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha512_crypt.html:

> salt (str) – Optional salt string. If not specified, one will be autogenerated (this is recommended).
> If specified, it must be 0-16 characters, drawn from the regexp range [./0-9A-Za-z].

Until now, we were using invalid characters (like `-`). We were also
going over the requested length limit of 16 characters.

This is most likely what was causing `ValueError` exceptions for some people,
as reported in #209 (Github Issue).
Ansible's source code (`lib/ansible/utils/encrypt.py`) shows that Ansible tries
to use passlib if available and falls back to Python's `crypt` module if not.
For Mac, `crypt.crypt` doesn't seem to work, so Ansible always requires passlib.

Looks like crypt is forgiving when length or character requirements are
not obeyed. It would auto-trim a salt string to make it work, which means
that we could end up with the same hash if we call it with salts which aer only
different after their 16th character.

For these reasons (crypt autotriming and passlib downright complaining),
we're now using shorter and more diverse salts.
2019-06-26 09:37:02 +03:00
Thomas Kuehne 4797469383 Make WhatsApp bridge configuration playbook-managed
- following spantaleev transition of the telegram brigde
- adding a validate_config task
2019-06-24 00:16:04 +02:00
Slavi Pantaleev 174a6fcd1b Make IRC bridge configuration entirely managed by the playbook 2019-06-19 12:29:44 +03:00
Slavi Pantaleev deeb5a96d5 Disable IRC bridge presence if Synapse presence is disabled 2019-06-19 09:31:09 +03:00
Slavi Pantaleev 4e8543ce21 Make Telegram bridge configuration playbook-managed 2019-06-15 09:43:43 +03:00
Slavi Pantaleev 2902b53267 Minor fixes for consistency 2019-06-15 09:42:40 +03:00
Slavi Pantaleev 3956b300ed Disable riot-web's welcome bot
I've not found this welcome bot to work at all in my previous attempts.
It would simply not reply, even though federation works.

It seems like this is also a potential privacy issue, as per
https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
2019-06-14 07:49:46 +03:00
Slavi Pantaleev 330648a3e0 Make Facebook bridge configuration playbook-managed
Related to #193, but for the Facebook bridge.
(other bridges can be changed to do the same later).

This patch makes the bridge configuration entirely managed by the
Ansible playbook. The bridge's `config.yaml` and `registration.yaml`
configuration files are regenerated every time the playbook runs.

This allows us to apply updates to those files and to avoid
people having to manage the configuration files manually on the server.

-------------------------------------------------------------

A deficiency of the current approach to dumping YAML configuration in
`config.yaml` is that we strip all comments from it.
Later on, when the bridge actually starts, it will load and redump
(this time with comments), which will make the `config.yaml` file
change.

Subsequent playbook runs will report "changed" for the
"Ensure mautrix-facebook config.yaml installed" task, which is a little
strange.

We might wish to improve this in the future, if possible.

Still, it's better to have a (usually) somewhat meaningless "changed"
task than to what we had -- never rebuilding the configuration.
2019-06-07 14:05:53 +03:00
Slavi Pantaleev 7379968a3c Fix Telegram bridge HTTP proxying when not using matrix-nginx-proxy
From what I see, this was never implemented to begin with.

Fixes #189 (Github Issue).
2019-05-26 20:50:52 +03:00
Slavi Pantaleev ab59cc50bd Add support for more flexible container port exposing
Fixes #171 (Github Issue).
2019-05-25 07:41:08 +09:00
Dan Arnfield 093859d926 Fix TRANSFORM_INVALID_GROUP_CHARS deprecation warning 2019-05-21 10:39:33 -05:00
Renamed from group_vars/matrix-servers (Browse further)